Feeds

European Court OKs rich Finns text list

Balances data protection and press freedom

Internet Security Threat Report 2014

A company that sends text messages revealing the income of Finland's wealthiest citizens is subject to European data protection laws but could be protected by an exemption for journalism, according to a ruling by the European Court of Justice (ECJ).

The processing of personal data made available by Finnish tax authorities may be the subject of a derogation from the EU's data protection regime if it is carried out solely for journalistic purposes, the ECJ ruled.

Unlike in the UK, details of taxes paid by individuals in Finland are made publicly available. For several years, a company called Markkinapörssi has collected public data from the Finnish tax authorities for the purposes of publishing extracts from those data in the regional editions of the newspaper Veropörrsi each year.

The information contained in those publications comprises the surname and given name of approximately 1.2 million persons whose income exceeds certain thresholds as well as the amount, to the nearest €100, of their income and details of the wealth tax levied on them. That information is set out in the form of an alphabetical list and organised according to municipality and income bracket.

Markkinopörssi and Satamedia, an associated company to which CDs containing the data were transferred, signed an agreement with a mobile phone company which put in place, on Satamedia’s behalf, a text-messaging service allowing mobile phone users to receive information published in the Veropörrsi newspaper on their phones for a charge of around €2. On request, personal data are removed from that service.

Following complaints from individuals alleging infringement of their right to privacy, Finland's Data Protection Ombudsman applied for an order prohibiting Markkinapörssi and Satamedia from carrying on the personal data processing activities.

The Supreme Administrative Court, which will rule as the court of last instance on that application, asked the Court of Justice to rule on the correct interpretation of the Data Protection Directive.

The administrative court wanted to know in what circumstances the activities could be considered as data processing undertaken solely for journalistic purposes and may, accordingly, be the subject of derogations and limitations relating to data protection.

In its judgment delivered yesterday, the ECJ ruled that the activities of Markkinapörssi and Satamedia "must be considered as the 'processing of personal data' within the meaning of [the Data Protection Directive]" – even though the files of the public authorities that are used comprise only information that has already been published in the media.

Were the position to be otherwise, the Directive would be undermined, it said.

"A general derogation from the application of the Directive in respect of published information would largely deprive the directive of its effect," said the ruling. "It would be sufficient for the Member States to publish data in order for those data to cease to enjoy the protection afforded by the Directive."

The ECJ said that Member States should, while permitting the free flow of personal data, protect the fundamental rights and freedoms of natural persons and, in particular, their right to privacy, with respect to the processing of those data.

In order to reconcile the protection of privacy and the right to freedom of expression, Member States are required to provide for a number of derogations or limitations in relation to the protection of data and, therefore, in relation to the fundamental right to privacy.

"Those derogations must be made solely for journalistic purposes or the purpose of artistic or literary expression, which fall within the scope of the fundamental right to freedom of expression, in so far as it is apparent that they are necessary in order to reconcile the right to privacy with the rules governing freedom of expression," wrote the judges.

"In order to take account of the importance of the right to freedom of expression in every democratic society, it is necessary, first, to interpret notions relating to that freedom, such as journalism, broadly," they ruled. Secondly, they said, the protection of the fundamental right to privacy requires that the derogations and limitations in relation to the protection of data must apply only insofar as is strictly necessary.

"It follows […] that activities such as those involved in the main proceedings, relating to data from documents which are in the public domain under national legislation, may be classified as 'journalistic activities' if their object is the disclosure to the public of information, opinions or ideas, irrespective of the medium which is used to transmit them," the ECJ ruled. "They are not limited to media undertakings and may be undertaken for profit-making purposes."

The ECJ Finland's Supreme Administrative Court must now determine whether the activities have as their sole object the disclosure to the public of information, opinions or ideas.

See:

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Security for virtualized datacentres

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.