Confidentiality of decision-making and personal data: a new and curious reference

The fact that it's about you
doesn't mean you can read it ...
From time to time the IPKat posts items on data processing and personal data, but perhaps not as often as he should. However, he has received an interesting note from Stephen Vousden, who has spotted another interesting and potentially important reference to the Court of Justice for the European Union on that legally difficult and politically sensitive area of exceptions to the principle that an individual should have a right to access personal information concerning that person. As Stephen explains:
"X v IND

In 2009 an individual applied for asylum in The Netherlands. Within six months, the Dutch Immigration Service had refused that application. That decision however was withdrawn in 2010, and a fresh decision was taken three months later, the Immigration Service again refusing the applicant's asylum application.

The applicant for asylum then requested to see the so-called minuut (this is the document which had formed the basis of the Immigration Service's 2010 decision). The minuut often contains information about the origin of the applicant, the applicant's file history, the evidence submitted, declarations and details, and the legal provisions applicable to an individual's application. The minuut also contains an assessment of the data in the light of the applicable provisions.

Before July 2009 the Immigration Service used to provide asylum seekers with a copy of the minuut when this was requested. However, the Service changed its policy and subsequently described the minuut as 'legal analysis'. Accordingly, the Immigration Service refused this particular failed asylum seeker's request for a copy of the minuut. Since the refusal constituted a decision, the failed asylum seeker could, and did, appeal the Service's decision to the Service. The Service held the appeal to be without foundation.

On a further appeal, the matter was heard by an administrative law judge at the Middelburg District Court. That judge noted that Dutch public law appeared contradictory. On the one hand, the Dutch Supreme Court had taken a broad approach to the right of inspecting files because people should be able to check the accuracy of the information held about them. On the other hand, the Dutch Council of State had ruled that the minuut did not fall within the concept of personal data and not every document needed to be copied.

The Middelburg District Court judge noted that either party might appeal the eventual judgment and that the competent institution to the hear the appeal would be the Council of State. However, the judge was concerned that the Council of State's rulings about the legal status of the minuut might not be correct: the judge found the rulings difficult to square with the approach of the EU's Article 29 Data Protection Working Party in Opinion 4/2007 on the concept of personal data. For the sake of ensuring coherence in the legal order, therefore, the administrative law judge decided to refer a number of questions to the CJEU:
1. Is the data about the data subject which is contained in the minuut and which is of concern to them, personal data within the meaning of Article 2(a) of the Data Processing Directive
2. Is the legal analysis included in the minuut personal data within the meaning of that provision? 
3. If the Court confirms that the data described above is personal data, should the controller/government body grant the right of access to this personal data as a result of Article 12 of the Data Processing Directive and Article 8(2) EU Charter
4. Can the data subject in this instance also rely directly on Article 41(2)(b) of the EU Charter and, if so, should the words 'while respecting the legitimate interests of the confidentiality of decision-making' be so interpreted that the right to inspect the minuut can be refused? 
5. Where the data subject requests an inspection of the minuut, should the controller/government body provide a copy of this document in order to comply with the inspection right?"
This Kat has watched over the years as there has been a gradual drift away from official secrecy and procedural confidentiality, towards greater transparency and freedom of information.  This process has been an essential part of public accountability.  Judicial and quasi-judicial decision-making processes would seem to be the area in which this drift has encountered the greatest resistance. The position which the CJEU takes can accelerate the information flow or staunch it, so its ruling is awaited with great interest,
Confidentiality of decision-making and personal data: a new and curious reference Confidentiality of decision-making and personal data: a new and curious reference Reviewed by Jeremy on Sunday, April 01, 2012 Rating: 5

1 comment:


    Stephen said .. The word 'controller' should have read 'processor'. And the official English translation of the questions is now on the Curia website under C-141/12, Y.S v Minister voor Immigratie, Integratie en Asiel'


All comments must be moderated by a member of the IPKat team before they appear on the blog. Comments will not be allowed if the contravene the IPKat policy that readers' comments should not be obscene or defamatory; they should not consist of ad hominem attacks on members of the blog team or other comment-posters and they should make a constructive contribution to the discussion of the post on which they purport to comment.

It is also the IPKat policy that comments should not be made completely anonymously, and users should use a consistent name or pseudonym (which should not itself be defamatory or obscene, or that of another real person), either in the "identity" field, or at the beginning of the comment. Current practice is to, however, allow a limited number of comments that contravene this policy, provided that the comment has a high degree of relevance and the comment chain does not become too difficult to follow.

Learn more here:

Powered by Blogger.