Freedom of information was not one of the “four freedoms” which formed the foundations of the European project. The freedoms which a European common market and customs union were intended to herald were simply: the ability freely to ship goods for trade across national boundaries; the freedom of workers to “up sticks” and go and take jobs abroad; the freedom of individuals and companies to offer their economic services and, if so minded, to establish their businesses abroad and the freedom to transfer money across European borders.
However, the ambitions of the EU have long since outgrown the purely functionalist economic free trade area aims which were first set out in the 1957 Treaty of Rome. For example, one the EU’s aims now is to establish a common “area of freedom, security and justice” in which, among other things: a common EU policy on asylum in, and immigration into, the EU may be developed; police action can be co-ordinated; criminal law harmonised; and the judgments of national courts in criminal and in civil matters recognised and given effect to Europe-wide To this end, information on individual might be shared among the public authorities of the Member States.
This official need to share information immediately, of course, brings up the possibility of abuse and hence the need for regulation to ensure that the interests of the individual potentially informed upon or against are duly taken into account. Thus data protection laws can be seen as the necessary corollary in a national or supra-national polity which aspires to respect the principles of the rule of law in this information-age.
A further realisation of the rule of law in the context of the information-age is the ideal of transparency: that members of civil society should be able to ascertain the factual and legal bases on which official decisions are being made. This leads to the need for rules governing the possibility of access by interested parties to information held by public authorities.
Clearly, then there is going to be a constant tension and possibility of conflict between these two information-age rule of law principles: namely the right of individuals as individuals to the protection against misuse of the data held on them by public authorities (“data protection laws”); and the right of individuals as members of civil society to know what information is being used by public authorities in making decisions in the public sphere (“freedom of information” laws). This tension is paralleled by – but does not completely map on to – the tensions already implicit in the law between: the recognition of an individual’s right to privacy against the public’s “right to know” proclaimed by a free press; and between an individual’s legitimate expectation to respect for confidentiality against another’s right to free expression.
These twin principles of freedom of information and of data protection are expressly recognised within the provisions of the Treaty on the Functioning of the European Union (“TFEU”).
Freedom of information and the principle of public transparency
The Grand Chamber of the Court of Justice has noted:
“The principle of transparency is stated in Articles 1 TEU and 10 TEU and in Article 15 TFEU. It enables citizens to participate more closely in the decision-making process and guarantees that the administration enjoys greater legitimacy and is more effective and more accountable to the citizen in a democratic system” (See Joined Cases C‑92/09 and C‑93/09 Volker und Markus Schecke GbR v Land Hessen 9 November 2010 at para 52)
Article 15(1) TFEU (formerly Article 255 EC) sets out the general principle that “in order to promote good governance and ensure the participation of civil society”, the EU institutions “shall conduct their work as openly as possible”, noting, in particular, at Article 15(2) that the European Parliament shall meet in public (as shall the Council when considering and voting on a draft legislative act) and under Article 15(2)(v) TFEU “shall ensure publication of the documents relating to the legislative procedures” – while saying nothing of the need for openness or publication of the workings of the Commission.
Article 15(3) TFEU confirms the right of any EU resident or citizen to have access to EU documents of the EU subject to particular EU regulation on the issue setting out “general principles and limits on grounds of public or private interest”. Consistently with such general EU regulation, each EU body is then required to “ensure that its proceedings are transparent” and to set out in their own particular Rules of Procedure specific provisions regarding access to its documents, although the EU Court and the European Central Bank and the European Investment Bank are said to be subject to this transparency and document access “only when exercising their administrative tasks.”
Data protection and concerns with individual privacy
Article 16(1) TFEU (formerly Article 286 EC) proclaims that “everyone has the right to the protection of personal data concerning them”. Article 16(2) TFEU provides an express Treaty basis for the adoption of EU legislation concerning the data processing on individuals, both by the EU and by the Member States when carrying out activities falling within the scope of EU law. Such EU legislation shall be aimed at protection the individual’s interest in such “personal data” and regulate its free movement. The due compliance with these rules shall be subject to the control of independent authorities.
In the sphere of the EU’s common foreign and security policy Article 39 of the Treaty on European Union (“TEU”) requires the Council to adopt a decision laying down the rules relating to the protection of individuals and free movement of data with regard to the processing of personal data by the Member States when carrying out activities which fall within the scope of this common foreign and security policy. Again compliance with these rules shall be subject to the control of independent authorities. The rules adopted on the basis of this Article 39 TEU are by way of derogation from the general EU rules on data processing adopted on the basis of Article 16 TFEU
Freedom of information
Article 42 of the EU Charter of Fundamental Rights (“the Charter”) provides under the heading of “Right of access to documents” that any citizen of the Union – and any natural or legal person residing or having its registered office in a Member State – has a right of access to documents (whether in hard copies, or in electronic or other form) of the EU’s institutions, bodies, offices and agencies.
Article 42 the Charter echoes the terms of Article 15 TFEU and the EU secondary legislation adopted thereunder (notably Regulation (EC) No 1049/2001. Article 52(2) the Charter provides that “rights recognised by this Charter for which provision is made in the Treaties shall be exercised under the conditions and within the limits defined by those Treaties”.
There is no direct provision in the European Convention on Human Rights guaranteeing a right of access to individual (see Leander v. Sweden (1987) 9 EHRR 433 at paragraph 74) or general information held by public authorities; as distinct from the right guaranteed – under both Article 10 ECHR and Article 11 the Charter – freely to express and to receive and impart information and ideas one already has, without interference by public authority and regardless of frontiers. The European Court of Human Rights has, however, more recently begun to tease out the implications of the right to “receive …. information” set out in Article 10 ECHR. The Strasbourg Court has begun to develop the idea of positive obligation implicit in Article 10 ECHR on the State authorities – for example, in implementation of its responsibility to nurture and further the freedom of the press to carry out its investigative functions in the public interest. This may entail the State actively removing obstacles which exist solely because of the historic fact of public authorities holding a monopoly on information. Thus in Kenedi v. Hungary ( ECHR 31475/05 (Second Section, 26 May 2009)) the Strasbourg Court held that Hungary’s refusal to allow a professional historian access to historical documentation (which access had been authorised by a court order) was incompatible with his rights under Article 10 ECHR given that access to original documentary sources for legitimate historical research was an essential element of the exercise of his the right to freedom of expression.
And in Társaság a Szabadságjogokért v. Hungary ( ECHR 37374/05 (Second Section, 14 April 2009)) the European Court of Human Rights upheld the complaint of the Hungarian Civil Liberties Union that the decisions of the Hungarian courts denying it access to the details of a parliamentarian’s complaint pending before the Constitutional Court had amounted to a breach of its right to have access to information of public interest. In the Strasbourg Court’s view, the submission of an application for an a posteriori abstract review of this legislation – especially by a Member of Parliament – undoubtedly constituted a matter of public interest. Consequently, the European Court of Human Rights found that the applicant – a recognised human rights NGO which the Court considered was properly exercising the function of “social watchdog” and so entitled to similar Convention protection to that afforded to the press – was involved in the legitimate gathering of information on a matter of public importance. In these circumstances the Strasbourg Court considered that the refusal on the part of the Hungarian Constitutional Court to release the requested information “amounted to a form of censorship” contrary to the requirements of Article 10 ECHR.
It is difficult to see how the decision of the Grand Chamber of the Court of Justice of the European Union in Sweden and Association de la Presse Internationale a.s.b.l. (API) (See Joined Case C-514,-528,-532/07P , 21 September 2010) refusing press and public access to the court pleadings lodged before the Court of Justice can, in the light of this decision of the European Court of Human Rights, be said to be Convention compatible.
Finally in Haralambie v. Romania (2009] ECHR 21737/03 (Third Section, 27 October 2009) the Strasbourg Court reiterated the vital interest for individuals who were the subject of personal files held by the public authorities to be able to have access to them. The European Court of Human Rights emphasised that the authorities had a duty to provide an effective procedure for obtaining access to such information and that their failure to provide for an effective and accessible procedure to enable the applicant to obtain access to his personal security files within a reasonable time constituted a violation of Article 8 ECHR.
Article 7 the Charter parallels Article 8 ECHR in setting out the fundamental EU right to respect for private and family life, home and communications. And as the Grand Chamber of the Court of Justice has noted:
“[T]he right to respect for private life with regard to the processing of personal data, recognised by Articles 7 and 8 of the Charter, concerns any information relating to an identified or identifiable individual (see, in particular, European Court of Human Rights, Amann v. Switzerland [GC], no. 27798/95, § 65, ECHR 2000‑II, and Rotaru v. Romania [GC], no. 28341/95, § 43, ECHR 2000‑V) and the limitations which may lawfully be imposed on the right to the protection of personal data correspond to those tolerated in relation to Article 8 of the Convention.” (Joined Cases C‑92/09 and C‑93/09 Volker und Markus Schecke GbR v Land Hessen 9 November 2010 para 52)
In S and Marper v United Kingdom ((2009) 48 EHRR 50) the Grand Chamber of the European Court of Human Rights found that the protection of personal data was of fundamental importance to a person’s enjoyment of, respect for his, or her private and family life under Article 8 ECHR, particularly when such data was the subject of automatic processing and were being used for police purposes.
The Charter also has the following provision, specifically dealing with protection of personal data, which has no direct parallel in the text of the ECHR. Article 8 the Charter provides that:
“1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority.”
Article 8 of the Charter is clearly based on terms of the primary European Treaty provisions of Article 39 TEU and of Article 16 TFEU noted above. It is also based upon on provisions of secondary EU legislation already made under the Treaties – notably the Data Protection Directive 95/46/EC and Regulation (EC) No 45/2001.
But this Charter provision also reflects the terms of the Council of Europe Convention of 28 January 1981 for the Protection of Individuals with regard to Automatic Processing of Personal Data. And in its conjoined judgments in Bouchacourt v. France, Gardel v. France and MB v. France (Fifth Section, 17 December 2009 at paragraph 61) the Court of Human Rights referred to and relied upon the terms of Article 5 of this Council of Europe Data Protection Convention 1981 – and also upon Principles contained in Council of Ministers Recommendation R (87) 15 regulating the use of personal data in the police sector – in determining the Convention compatibility (with respect to private life required under Article 8 ECHR) of the notification requirements of personal details to police which were required under French law of convicted sex offenders.
Thus, these Council of Europe provisions are of relevance in the proper understanding, interpretation and application of the data protection provisions of EU law since Article 52(3) the Charter requires that insofar as the EU Charter contains rights which correspond to rights guaranteed by the ECHR (as it does in this case) the meaning and scope of those EU Charter rights shall be the same as – and EU law may provide no lesser degree of protection – that laid down under and in terms of the ECHR as interpreted by the European Court of Human Rights (Case C-400/10 PPU J. McB. v L.E. 5 October 2010,at paragraph 53)
This is an edited extract from a forthcoming book “EU Law for UK Lawyers” by Aidan O’Neill QC, to be published by Hart in Spring 2011, Aidan O’Neill QC is a Member of Matrix Chambers