Feeds

European Court OKs rich Finns text list

Balances data protection and press freedom

Security for virtualized datacentres

A company that sends text messages revealing the income of Finland's wealthiest citizens is subject to European data protection laws but could be protected by an exemption for journalism, according to a ruling by the European Court of Justice (ECJ).

The processing of personal data made available by Finnish tax authorities may be the subject of a derogation from the EU's data protection regime if it is carried out solely for journalistic purposes, the ECJ ruled.

Unlike in the UK, details of taxes paid by individuals in Finland are made publicly available. For several years, a company called Markkinapörssi has collected public data from the Finnish tax authorities for the purposes of publishing extracts from those data in the regional editions of the newspaper Veropörrsi each year.

The information contained in those publications comprises the surname and given name of approximately 1.2 million persons whose income exceeds certain thresholds as well as the amount, to the nearest €100, of their income and details of the wealth tax levied on them. That information is set out in the form of an alphabetical list and organised according to municipality and income bracket.

Markkinopörssi and Satamedia, an associated company to which CDs containing the data were transferred, signed an agreement with a mobile phone company which put in place, on Satamedia’s behalf, a text-messaging service allowing mobile phone users to receive information published in the Veropörrsi newspaper on their phones for a charge of around €2. On request, personal data are removed from that service.

Following complaints from individuals alleging infringement of their right to privacy, Finland's Data Protection Ombudsman applied for an order prohibiting Markkinapörssi and Satamedia from carrying on the personal data processing activities.

The Supreme Administrative Court, which will rule as the court of last instance on that application, asked the Court of Justice to rule on the correct interpretation of the Data Protection Directive.

The administrative court wanted to know in what circumstances the activities could be considered as data processing undertaken solely for journalistic purposes and may, accordingly, be the subject of derogations and limitations relating to data protection.

In its judgment delivered yesterday, the ECJ ruled that the activities of Markkinapörssi and Satamedia "must be considered as the 'processing of personal data' within the meaning of [the Data Protection Directive]" – even though the files of the public authorities that are used comprise only information that has already been published in the media.

Were the position to be otherwise, the Directive would be undermined, it said.

"A general derogation from the application of the Directive in respect of published information would largely deprive the directive of its effect," said the ruling. "It would be sufficient for the Member States to publish data in order for those data to cease to enjoy the protection afforded by the Directive."

The ECJ said that Member States should, while permitting the free flow of personal data, protect the fundamental rights and freedoms of natural persons and, in particular, their right to privacy, with respect to the processing of those data.

In order to reconcile the protection of privacy and the right to freedom of expression, Member States are required to provide for a number of derogations or limitations in relation to the protection of data and, therefore, in relation to the fundamental right to privacy.

"Those derogations must be made solely for journalistic purposes or the purpose of artistic or literary expression, which fall within the scope of the fundamental right to freedom of expression, in so far as it is apparent that they are necessary in order to reconcile the right to privacy with the rules governing freedom of expression," wrote the judges.

"In order to take account of the importance of the right to freedom of expression in every democratic society, it is necessary, first, to interpret notions relating to that freedom, such as journalism, broadly," they ruled. Secondly, they said, the protection of the fundamental right to privacy requires that the derogations and limitations in relation to the protection of data must apply only insofar as is strictly necessary.

"It follows […] that activities such as those involved in the main proceedings, relating to data from documents which are in the public domain under national legislation, may be classified as 'journalistic activities' if their object is the disclosure to the public of information, opinions or ideas, irrespective of the medium which is used to transmit them," the ECJ ruled. "They are not limited to media undertakings and may be undertaken for profit-making purposes."

The ECJ Finland's Supreme Administrative Court must now determine whether the activities have as their sole object the disclosure to the public of information, opinions or ideas.

See:

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Protecting against web application threats using SSL

More from The Register

next story
Brit telcos warn Scots that voting Yes could lead to HEFTY bills
BT and Co: Independence vote likely to mean 'increased costs'
Phones 4u slips into administration after EE cuts ties with Brit mobe retailer
More than 5,500 jobs could be axed if rescue mission fails
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
Radio hams can encrypt, in emergencies, says Ofcom
Consultation promises new spectrum and hints at relaxed licence conditions
Blockbuster book lays out the first 20 years of the Smartphone Wars
Symbian's David Wood bares all. Not for the faint hearted
Bonking with Apple has POUNDED mobe operators' wallets
... into submission. Weve squeals, ditches payment plans
This flashlight app requires: Your contacts list, identity, access to your camera...
Who us, dodgy? Vast majority of mobile apps fail privacy test
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.