The current EDPS is Peter Hustinx, formerly the President of
Holland's national data protection authority. As EDPS he is
responsible for monitoring the processing of personal data by the
Community institutions and bodies.
"The protection of the privacy of an individual is an important
ground for exception to the right to information. However, this
does not mean that public access should be automatically refused if
a document contains personal data," said Mr Hustinx. "Transparency
and privacy are both fundamental rights and one does not prevail
over the other. A careful consideration of both principles is the
key to an appropriate solution."
Mr Hustinx’s recent publication is the first in a series due to
be published by the regulator.
He recommends that when dealing with public access to documents
containing personal data, it is imperative that the responsible
officials make a concrete and individual examination of the
specific document.
Firstly, says Hustinx, disclosure can only be refused if the
privacy of an individual is at stake, as is generally the case when
the document contains sensitive data, relates to the reputation of
a person, could reveal embarrassing facts, could misrepresent the
individual in some way, or contains information that was given
confidentially.
Secondly, the negative effect of disclosure of someone's
personal data must be substantial – generally involving factual,
and not simply superficial harm.
Thirdly, the request must be examined to see if disclosure is
permitted under data protection laws. For example, is the
disclosure proportionate? Or is it compatible with the purposes for
which the information was originally collected?
According to the EDPS, the paper highlights the background and
importance of both transparency and privacy and guides the reader
through the process of consideration. Examples from the EU
institutions help to make the topic more concrete.
It also includes a checklist for officials.
