Feeds

European Court OKs rich Finns text list

Balances data protection and press freedom

High performance access to file storage

A company that sends text messages revealing the income of Finland's wealthiest citizens is subject to European data protection laws but could be protected by an exemption for journalism, according to a ruling by the European Court of Justice (ECJ).

The processing of personal data made available by Finnish tax authorities may be the subject of a derogation from the EU's data protection regime if it is carried out solely for journalistic purposes, the ECJ ruled.

Unlike in the UK, details of taxes paid by individuals in Finland are made publicly available. For several years, a company called Markkinapörssi has collected public data from the Finnish tax authorities for the purposes of publishing extracts from those data in the regional editions of the newspaper Veropörrsi each year.

The information contained in those publications comprises the surname and given name of approximately 1.2 million persons whose income exceeds certain thresholds as well as the amount, to the nearest €100, of their income and details of the wealth tax levied on them. That information is set out in the form of an alphabetical list and organised according to municipality and income bracket.

Markkinopörssi and Satamedia, an associated company to which CDs containing the data were transferred, signed an agreement with a mobile phone company which put in place, on Satamedia’s behalf, a text-messaging service allowing mobile phone users to receive information published in the Veropörrsi newspaper on their phones for a charge of around €2. On request, personal data are removed from that service.

Following complaints from individuals alleging infringement of their right to privacy, Finland's Data Protection Ombudsman applied for an order prohibiting Markkinapörssi and Satamedia from carrying on the personal data processing activities.

The Supreme Administrative Court, which will rule as the court of last instance on that application, asked the Court of Justice to rule on the correct interpretation of the Data Protection Directive.

The administrative court wanted to know in what circumstances the activities could be considered as data processing undertaken solely for journalistic purposes and may, accordingly, be the subject of derogations and limitations relating to data protection.

In its judgment delivered yesterday, the ECJ ruled that the activities of Markkinapörssi and Satamedia "must be considered as the 'processing of personal data' within the meaning of [the Data Protection Directive]" – even though the files of the public authorities that are used comprise only information that has already been published in the media.

Were the position to be otherwise, the Directive would be undermined, it said.

"A general derogation from the application of the Directive in respect of published information would largely deprive the directive of its effect," said the ruling. "It would be sufficient for the Member States to publish data in order for those data to cease to enjoy the protection afforded by the Directive."

The ECJ said that Member States should, while permitting the free flow of personal data, protect the fundamental rights and freedoms of natural persons and, in particular, their right to privacy, with respect to the processing of those data.

In order to reconcile the protection of privacy and the right to freedom of expression, Member States are required to provide for a number of derogations or limitations in relation to the protection of data and, therefore, in relation to the fundamental right to privacy.

"Those derogations must be made solely for journalistic purposes or the purpose of artistic or literary expression, which fall within the scope of the fundamental right to freedom of expression, in so far as it is apparent that they are necessary in order to reconcile the right to privacy with the rules governing freedom of expression," wrote the judges.

"In order to take account of the importance of the right to freedom of expression in every democratic society, it is necessary, first, to interpret notions relating to that freedom, such as journalism, broadly," they ruled. Secondly, they said, the protection of the fundamental right to privacy requires that the derogations and limitations in relation to the protection of data must apply only insofar as is strictly necessary.

"It follows […] that activities such as those involved in the main proceedings, relating to data from documents which are in the public domain under national legislation, may be classified as 'journalistic activities' if their object is the disclosure to the public of information, opinions or ideas, irrespective of the medium which is used to transmit them," the ECJ ruled. "They are not limited to media undertakings and may be undertaken for profit-making purposes."

The ECJ Finland's Supreme Administrative Court must now determine whether the activities have as their sole object the disclosure to the public of information, opinions or ideas.

See:

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

SANS - Survey on application security programs

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
Skype pimps pro-level broadcast service
Playing Cat and Mouse with the media
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.