Feeds

European Court OKs rich Finns text list

Balances data protection and press freedom

The essential guide to IT transformation

A company that sends text messages revealing the income of Finland's wealthiest citizens is subject to European data protection laws but could be protected by an exemption for journalism, according to a ruling by the European Court of Justice (ECJ).

The processing of personal data made available by Finnish tax authorities may be the subject of a derogation from the EU's data protection regime if it is carried out solely for journalistic purposes, the ECJ ruled.

Unlike in the UK, details of taxes paid by individuals in Finland are made publicly available. For several years, a company called Markkinapörssi has collected public data from the Finnish tax authorities for the purposes of publishing extracts from those data in the regional editions of the newspaper Veropörrsi each year.

The information contained in those publications comprises the surname and given name of approximately 1.2 million persons whose income exceeds certain thresholds as well as the amount, to the nearest €100, of their income and details of the wealth tax levied on them. That information is set out in the form of an alphabetical list and organised according to municipality and income bracket.

Markkinopörssi and Satamedia, an associated company to which CDs containing the data were transferred, signed an agreement with a mobile phone company which put in place, on Satamedia’s behalf, a text-messaging service allowing mobile phone users to receive information published in the Veropörrsi newspaper on their phones for a charge of around €2. On request, personal data are removed from that service.

Following complaints from individuals alleging infringement of their right to privacy, Finland's Data Protection Ombudsman applied for an order prohibiting Markkinapörssi and Satamedia from carrying on the personal data processing activities.

The Supreme Administrative Court, which will rule as the court of last instance on that application, asked the Court of Justice to rule on the correct interpretation of the Data Protection Directive.

The administrative court wanted to know in what circumstances the activities could be considered as data processing undertaken solely for journalistic purposes and may, accordingly, be the subject of derogations and limitations relating to data protection.

In its judgment delivered yesterday, the ECJ ruled that the activities of Markkinapörssi and Satamedia "must be considered as the 'processing of personal data' within the meaning of [the Data Protection Directive]" – even though the files of the public authorities that are used comprise only information that has already been published in the media.

Were the position to be otherwise, the Directive would be undermined, it said.

"A general derogation from the application of the Directive in respect of published information would largely deprive the directive of its effect," said the ruling. "It would be sufficient for the Member States to publish data in order for those data to cease to enjoy the protection afforded by the Directive."

The ECJ said that Member States should, while permitting the free flow of personal data, protect the fundamental rights and freedoms of natural persons and, in particular, their right to privacy, with respect to the processing of those data.

In order to reconcile the protection of privacy and the right to freedom of expression, Member States are required to provide for a number of derogations or limitations in relation to the protection of data and, therefore, in relation to the fundamental right to privacy.

"Those derogations must be made solely for journalistic purposes or the purpose of artistic or literary expression, which fall within the scope of the fundamental right to freedom of expression, in so far as it is apparent that they are necessary in order to reconcile the right to privacy with the rules governing freedom of expression," wrote the judges.

"In order to take account of the importance of the right to freedom of expression in every democratic society, it is necessary, first, to interpret notions relating to that freedom, such as journalism, broadly," they ruled. Secondly, they said, the protection of the fundamental right to privacy requires that the derogations and limitations in relation to the protection of data must apply only insofar as is strictly necessary.

"It follows […] that activities such as those involved in the main proceedings, relating to data from documents which are in the public domain under national legislation, may be classified as 'journalistic activities' if their object is the disclosure to the public of information, opinions or ideas, irrespective of the medium which is used to transmit them," the ECJ ruled. "They are not limited to media undertakings and may be undertaken for profit-making purposes."

The ECJ Finland's Supreme Administrative Court must now determine whether the activities have as their sole object the disclosure to the public of information, opinions or ideas.

See:

Copyright © 2008, OUT-LAW.com

OUT-LAW.COM is part of international law firm Pinsent Masons.

Secure remote control for conventional and virtual desktops

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
So, Apple won't sell cheap kit? Prepare the iOS garden wall WRECKING BALL
It can throw the low cost race if it looks to the cloud
Time Warner Cable customers SQUEAL as US network goes offline
A rude awakening: North Americans greeted with outage drama
We need less U.S. in our WWW – Euro digital chief Steelie Neelie
EC moves to shift status quo at Internet Governance Forum
EE fails to apologise for HUGE T-Mobile outage that hit Brits on Friday
Customer: 'Please change your name to occasionally somewhere'
EE plonks 4G in UK Prime Minister's backyard
OK, his constituency. Brace yourself for EXTRA #selfies
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.