For the half-year to 30 June 2014, the IPKat's regular team is supplemented by contributions from guest bloggers Alberto Bellan, Darren Meale and Nadia Zegze.

Two of our regular Kats are currently on blogging sabbaticals. They are David Brophy and Catherine Lee.

Sunday, 1 April 2012

Confidentiality of decision-making and personal data: a new and curious reference

The fact that it's about you
doesn't mean you can read it ...
From time to time the IPKat posts items on data processing and personal data, but perhaps not as often as he should. However, he has received an interesting note from Stephen Vousden, who has spotted another interesting and potentially important reference to the Court of Justice for the European Union on that legally difficult and politically sensitive area of exceptions to the principle that an individual should have a right to access personal information concerning that person. As Stephen explains:
"X v IND

In 2009 an individual applied for asylum in The Netherlands. Within six months, the Dutch Immigration Service had refused that application. That decision however was withdrawn in 2010, and a fresh decision was taken three months later, the Immigration Service again refusing the applicant's asylum application.

The applicant for asylum then requested to see the so-called minuut (this is the document which had formed the basis of the Immigration Service's 2010 decision). The minuut often contains information about the origin of the applicant, the applicant's file history, the evidence submitted, declarations and details, and the legal provisions applicable to an individual's application. The minuut also contains an assessment of the data in the light of the applicable provisions.

Before July 2009 the Immigration Service used to provide asylum seekers with a copy of the minuut when this was requested. However, the Service changed its policy and subsequently described the minuut as 'legal analysis'. Accordingly, the Immigration Service refused this particular failed asylum seeker's request for a copy of the minuut. Since the refusal constituted a decision, the failed asylum seeker could, and did, appeal the Service's decision to the Service. The Service held the appeal to be without foundation.

On a further appeal, the matter was heard by an administrative law judge at the Middelburg District Court. That judge noted that Dutch public law appeared contradictory. On the one hand, the Dutch Supreme Court had taken a broad approach to the right of inspecting files because people should be able to check the accuracy of the information held about them. On the other hand, the Dutch Council of State had ruled that the minuut did not fall within the concept of personal data and not every document needed to be copied.

The Middelburg District Court judge noted that either party might appeal the eventual judgment and that the competent institution to the hear the appeal would be the Council of State. However, the judge was concerned that the Council of State's rulings about the legal status of the minuut might not be correct: the judge found the rulings difficult to square with the approach of the EU's Article 29 Data Protection Working Party in Opinion 4/2007 on the concept of personal data. For the sake of ensuring coherence in the legal order, therefore, the administrative law judge decided to refer a number of questions to the CJEU:
1. Is the data about the data subject which is contained in the minuut and which is of concern to them, personal data within the meaning of Article 2(a) of the Data Processing Directive
2. Is the legal analysis included in the minuut personal data within the meaning of that provision? 
3. If the Court confirms that the data described above is personal data, should the controller/government body grant the right of access to this personal data as a result of Article 12 of the Data Processing Directive and Article 8(2) EU Charter
4. Can the data subject in this instance also rely directly on Article 41(2)(b) of the EU Charter and, if so, should the words 'while respecting the legitimate interests of the confidentiality of decision-making' be so interpreted that the right to inspect the minuut can be refused? 
5. Where the data subject requests an inspection of the minuut, should the controller/government body provide a copy of this document in order to comply with the inspection right?"
This Kat has watched over the years as there has been a gradual drift away from official secrecy and procedural confidentiality, towards greater transparency and freedom of information.  This process has been an essential part of public accountability.  Judicial and quasi-judicial decision-making processes would seem to be the area in which this drift has encountered the greatest resistance. The position which the CJEU takes can accelerate the information flow or staunch it, so its ruling is awaited with great interest,

1 comment:

Jeremy said...

UPDATE

Stephen said .. The word 'controller' should have read 'processor'. And the official English translation of the questions is now on the Curia website under C-141/12, Y.S v Minister voor Immigratie, Integratie en Asiel'

Subscribe to the IPKat's posts by email here

Just pop your email address into the box and click 'Subscribe':