Background to the complaint

1. On 6 March 2017, the complainant, a journalist writing for a Luxembourg newspaper, submitted a request to the Court of Justice of the European Union (the “Court”) for public access to a “mission order” of a former judge who, according to the complainant, had been entrusted by the Court with the task of carrying out an inquiry into, and drawing up a report on, specified present and past staff-management issues at the Court. In her request for access to documents, the journalist identified, by name, the former judge. She also identified, by name, the person in charge of the specific section of the Court where, she stated, the inquiry in question had taken or was taking place (the Ombudsman will refer to this second person as “Person A”). The journalist also provided the Ombudsman with a copy of an article she had already published in which she identified the former judge and stated that the former judge was carrying out an inquiry into staff management issues. While the article did not identify Person A by name, it did mention the position held by Person A at the Court.

2. On 22 March 2017, the Court refused to disclose the document, without confirming whether the requested document actually existed.

3. On 4 April 2017, the complainant submitted a request for review (a so-called “confirmatory application”).

4. On 4 May 2017, the Court rejected the request for review. In its reply to the complainant, the Court explicitly refused to confirm the existence of any such document.

5. Dissatisfied with this reply, the complainant turned to the Ombudsman on 8 November 2017.

The inquiry

6. The Ombudsman opened an inquiry into the following aspects of the complaint:

1) The Court’s refusal to grant public access to the requested document.

2) The Court’s refusal to confirm the existence of the requested document.

7. In the course of the inquiry, the Ombudsman received the Court’s reply on the complaint, which was forwarded to the complainant. The complainant made no comments in relation to that reply.

Failure to provide access to an administrative document and to confirm the existence of the requested document

Arguments presented to the Ombudsman

8. The complainant considered the Court’s refusal to confirm the existence of the document to be excessive. As regards the protection of personal data, she questioned whose privacy and integrity the Court aims to protect.

9. In its reply to the Ombudsman, the Court insisted that the release of any such document, as well as any indication that the specific document existed, would amount to a disclosure of personal data. The Court also argued that the complainant had failed to bring forward any justification or argument that demonstrated the necessity of transferring the personal data to her.

The Ombudsman's assessment

10. The Ombudsman notes that, according to the applicable rules on public access to documents, the protection of the privacy and integrity of a person, specifically regarding the protection of personal data, constitute a justification for refusing to grant public access to a document[1].

11.  “Personal data” comprises any information that relates to an identified or identifiable natural person. An identifiable person is someone who can be identified from the information either directly or indirectly[2].

12. Information confirming that an identified or identifiable person is a person who is the subject of an inquiry is clearly “personal data” of that person.

13. The Court argues that even the confirmation of the existence of the requested document would constitute a disclosure of personal data. The Ombudsman agrees. In the present case, the complainant stated, when making her request for access, that the mission order to which she seeks access relates to an inquiry, by a named former judge, of the staff management issues of a section of the Court managed by another named person, Person A. Thus, in these very specific circumstances, were the Court to confirm even the existence of the document in question, it would be implicitly confirming to the complainant the existence of an inquiry involving Person A. That implicit confirmation of an inquiry involving Person A would constitute a disclosure, to the complainant, of personal data of Person A[3].

14. If even the confirmation of the existence of the requested document would constitute a disclosure of personal data relating to Person A, it is unnecessary to examine the issue of whether a partial disclosure of the requested document is possible.

15. EU rules on the protection of personal data are strict. However, they are not absolute; they do allow for the disclosure of personal data if certain criteria are met. First, the person seeking access must demonstrate that a necessity is served by the disclosure to him or her of the personal data[4]. If the applicant demonstrates such a necessity, the institution must then go on to examine whether the legitimate interests of the data subjects might be prejudiced by the disclosure[5]. In view of the type of document at issue in the present case, a person allegedly subject to an inquiry arguably has a legitimate interest in the protection of his/her reputation at least during the period when any investigation is underway, and perhaps subsequently.

16. The complainant has not explicitly put forward any reasons as to why there is a necessity for her to have the personal data at issue in this case. The Court was therefore not in a position to, and was not obliged to, evaluate the necessity of disclosing the personal data to the complainant. The Court therefore did not need to take the further step of considering the legitimate interests of a person who might be affected by the disclosure.

17. In these circumstances, the Court was correct to refuse to confirm the existence of the document in order to protect the personal data and privacy of an identified or identifiable individual.

18. Given this analysis of the case, it was not necessary for the Ombudsman, on this occasion, to inspect the Court’s files or to confirm if the requested document did or did not in fact exist.

Conclusion

The Ombudsman closes this case with the following conclusion:

There was no maladministration by the Court of Justice of the European Union.

The complainant and the Court will be informed of this decision.

 

Emily O’Reilly

European Ombudsman

Strasbourg, 06/03/2018

 

[1] See Article 3(1)(b) of the Decision of the Court of 11 October 2016.

[2] See Article 2(a) of Regulation 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data, available at:

http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2001:008:0001:0022:en:PDF.

[3] To neither confirm nor deny the existence of a document is an accepted response to requests for public access to documents in jurisdictions around the world. It is often used in national security contexts or in cases of privacy in order to protect an individual’s reputation. See, for example, Section 40(5) of the United Kingdom’s Freedom of Information Act 2000.

[4] See, to that effect, judgment in Dennekamp v Parliament, T‑82/09, EU:T:2011:688, paragraph 34.

[5] See, to that effect, Dennekamp v Parliament, EU:T:2011:688, paragraph 30.