https://usancen.lawthek.eu/en/blog/lawthek/gdpr-ecj-clarifies-scope-of-right-to-information-b92bb98f/
European Law 

GDPR: ECJ Clarifies Scope of Right to Information

Benn-Ibler Rechtsanwälte

ECJ  Scope of right to Information  european law  All tags

The European Court of Justice (ECJ) has clarified the scope of the right to information under Article 15 of the General Data Protection Regulation (GDPR). Specifically, it was unclear whether the identity of employees of the controller is also covered by the right to information.

The plaintiff in the original case had been both an employee and a customer of a Finnish bank. In 2013, his customer data was repeatedly requested by the bank’s employees. After the GDPR came into force, the plaintiff requested information from the bank about the identity of the persons who had requested his data, as well as the exact time and purpose of the processing of his data, under the right to information (Article 15 GDPR).

The bank refused the request. The Office of the Finnish Data Protection Officer did not uphold an appeal against this decision because the identity of the persons requesting information was personal data that did not relate to the data subject (the plaintiff).

First, the ECJ clarified that a request for information under Article 15 of the DPA is admissible even if it relates to processing operations that took place before the DPA entered into force.

With regard to the content of the request for information, the ECJ ruled that ‘Article 15 of the GDPR also includes the right to request information on the timing and purposes of the processing.’ In the original case, the data concerned were log files.

However, Article 15 of the GDPR does not automatically give rise to the right to request the identity of the employees of the data controller who have carried out the specific processing under their supervision and direction. However, in individual cases, this information must also be provided if it is indispensable for the data subject to be able to exercise his or her rights under the GDPR. This requires that the rights and freedoms of these employees are taken into account in a balancing of interests.

ECJ C-579/21 (22 June 2023)

 

 



More Services

LawThek Efficient Legal Information LawThek uses cutting-edge technologies like graph databases and AI to make legal information accessible. (opens in new tab) JobThek Legal Jobs The job board for legal professionals – find your next career opportunity in the legal sector. (opens in new tab) LegalNetics Innovative LegalTech Solutions Transform your legal documents into connected knowledge with LegalNetics. (opens in new tab)