https://usancen.lawthek.eu/en/blog/lawthek/cjeu-disclosure-of-personal-data-by-public-authorities-7e25eeb1/
European Law 

CJEU: Disclosure of Personal Data by Public Authorities

Benn-Ibler Rechtsanwälte

GDPR  data protection  legal entities  official information  transparency 

The processing of personal data in the context of official documents frequently raises questions about the scope of the General Data Protection Regulation (GDPR). The CJEU once again had the opportunity to clarify the conditions and limits of lawful data disclosure in the public interest.

Case Background

In the case at hand, a Czech citizen had requested information from the Ministry of Health regarding individuals who had signed contracts on behalf of legal entities regarding the Coronavirus (Covid-19) tests. The Ministry refused to provide complete information, citing data protection under the GDPR and redacting the names, signatures, and contact details of the individuals concerned. The plaintiff prevailed in court. The Czech Supreme Administrative Court has now referred several questions to the CJEU for a preliminary ruling.

Relevant GDPR Provisions

Art. 4(1) of the GDPR defines personal data as any information relating to an identifiable natural person. Art. 6(1)(c) and (e) of the GDPR permit the processing of personal data for the fulfilment of a legal obligation or for the performance of a task carried out in the public interest. Art. 86 GDPR allows for the disclosure of data in official documents for reasons of public interest.

Disclosure in a Professional Context Still Constitutes Processing

Disclosing the name, signature, and contact details of a natural person representing a legal entity constitutes processing personal data under the GDPR. This also applies if the data is used solely for identification purposes in a professional context. The purpose of the disclosure (e.g. transparency regarding contractual relationships) does not change this classification.

Provided that it is proportionate, national legislation or case law requiring prior information and consultation with data subjects before disclosure is compatible with Articles 6 and 86 of the GDPR. While such requirements may promote transparency and lawfulness in processing, they must not render the right to public information impossible in practice.

Disclosing personal data, such as the names, signatures, and contact details of individuals representing legal entities, constitutes data processing under the GDPR. National regulations requiring notification and information prior to data transfer are compatible with the GDPR, provided they remain proportionate and do not unduly restrict access to information.

ECJ C-710/23 (3 April 2025)



More Services

LawThek Efficient Legal Information LawThek uses cutting-edge technologies like graph databases and AI to make legal information accessible. (opens in new tab) JobThek Legal Jobs The job board for legal professionals – find your next career opportunity in the legal sector. (opens in new tab) LegalNetics Innovative LegalTech Solutions Transform your legal documents into connected knowledge with LegalNetics. (opens in new tab)