Judgments nº T-903/16 of Tribunal General de la Unión Europea, February 14, 2019

Resolution DateFebruary 14, 2019
Issuing OrganizationTribunal General de la Unión Europea
Decision NumberT-903/16

(Personal data - Protection of natural persons with respect to the processing of their data - Right of access to those data - Regulation (EC) No 45/2001 - Refusal to grant access - Actions for annulment - Email referring to an earlier partial refusal of access without carrying out a re-examination - Concept of a challengeable act within the meaning of Article 263 TFEU - Concept of a purely confirmatory act - Applicability to access to personal data - Substantial new facts - Interest in bringing proceedings - Admissibility - Obligation to state reasons)

In Case T-903/16,

RE, represented by S. Pappas, lawyer,

applicant,

v

European Commission, represented by H. Kranenborg and D. Nardi, acting as Agents,

defendant,

APPLICATION pursuant to Article 263 TFEU for annulment of the note of the director of the Security Directorate of the Directorate-General for Human Resources of the Commission of 12 October 2016 in so far as it rejects the applicant’s request for access to some of his personal data,

THE GENERAL COURT (Ninth Chamber, Extended Composition),

composed of S. Gervasoni, President, L. Madise, R. da Silva Passos, K. Kowalik-Bańczyk (Rapporteur) and C. Mac Eochaidh, Judges,

Registrar: N. Schall, Administrator,

having regard to the written part of the procedure and further to the hearing on 20 September 2018,

gives the following

Judgment

Background to the dispute

1 The applicant, RE, holds the position of [confidential] (1) for the Directorate-General for International Cooperation and Development of the European Commission.

2 The applicant was the subject of an administrative investigation (‘the administrative investigation’) undertaken by the Security Directorate of the Directorate-General for Human Resources and Security of the Commission (‘the Security Directorate’). That investigation concerned the alleged participation of the applicant in secret service activities and, in particular, his conduct during a conflict between two third States, the applicant being suspected of having become, on that occasion, too close to one of those States and of having communicated to it certain confidential information without authority.

3 By an email of 5 December 2013, the applicant requested that the Security Directorate, on the basis of Article 13 of Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ 2001 L 8, p. 1), provide him with all the personal and/or professional information and data held about him by the Directorate.

4 In a note of 25 February 2014, the director of the Security Directorate, after observing that some documents had already been given to the applicant on 27 November 2013, refused to grant him access to the remaining personal data relating to him on the ground that it was covered by the exemptions and restrictions laid down in Article 20(1)(a) to (d) of Regulation No 45/2001.

5 Taking the view that that refusal amounted to an infringement of Article 13 and Article 20(1) of Regulation No 45/2001, the applicant lodged a complaint, by letter, on 18 April 2014 with the European Data Protection Supervisor (EDPS) pursuant to Article 32(2) of Regulation No 45/2001.

6 By decision of 26 February 2016, the EDPS concluded that, having regard to the way in which the Security Directorate had applied the exemptions in Article 20(1) of Regulation No 45/2001, the Directorate had failed to process correctly some of the applicant’s personal data.

7 Following the decision of the EDPS, the Security Directorate re-examined the applicant’s request for access to his personal data.

8 At the end of that re-examination, by decision of 8 March 2016 (‘the decision of 8 March 2016’), the director of the Security Directorate partially granted the applicant’s request by giving him access to some of his personal data and by sending him, in addition, eight documents (Document Nos 44, 59 to 62, 67, 69 and 71). Annexed to that decision was a table identifying 71 documents in the possession of the Security Directorate and listing, in respect of each of those documents, its date, subject, the type of personal data it contained, a brief description of the content of the data, the source of the data and, for 35 out of the 71 documents (Document Nos 1, 6 to 9, 11, 12, 14 to 16, 18, 20, 21, 27, 28, 31, 32, 35, 36, 41, 42, 45, 46, 48 to 52, 54 to 57, 66, 68 and 70), the reason or reasons why some of the data could not be disclosed pursuant to Article 20(1)(a) or (c) of Regulation No 45/2001. Among those documents was one numbered 57, entitled ‘Note concerning the “recruitment of [the applicant] as [confidential] in [the Directorate-General for International Cooperation and Development of the European Commission]”’ dated 23 January 2012 (‘Document No 57’).

9 By an email of 29 April 2016 addressed to the Security Directorate, the applicant noted the responses given in the decision of 8 March 2016 and requested access to a ‘limited number of documents [out of those listed in the table annexed to the decision]’. On that occasion, the applicant also asked to be informed of the date on which the administrative investigation would be closed.

10 In the meantime, the applicant lodged a new complaint with the EDPS dated 5 July 2016, arguing that, in the decision of 8 March 2016, the Security Directorate had still not complied with the decision of the EDPS of 26 February 2016 giving a ruling on his earlier claim.

11 By decision of 25 July 2016 (‘the decision of the EDPS of 25 July 2016’), the EDPS concluded that, in the decision of 8 March 2016, the Security Directorate had fully implemented the recommendations made in its decision of 26 February 2016 and, therefore, there was no infringement, in the decision of 8 March 2016, of Article 13 or Article 20(1) of Regulation No 45/2001.

12 On 14 September 2016, the Security Directorate replied to the applicant’s email of 29 April 2016. Working on the basis that it was dealing with an application for access to documents under Regulation (EC) No 1049/2001 of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ 2001 L 145, p. 43), the Security Directorate invited the applicant, on the basis of Article 6(2) of that regulation, to clarify his request so as to enable it to identify which documents he wished to access. In addition, the Directorate informed the applicant that the administrative investigation had been closed on 31 August 2016.

13 By an email of 21 September 2016 addressed to the Security Directorate (‘the request of 21 September 2016’), the applicant requested access to 42 of the 71 documents identified in the decision of 8 March 2016 (Document Nos 1 to 5, 8, 11, 13, 14, 19, 21 to 30, 33, 34, 37 to 43, 47 to 53, 56 to 58, and 63 to 65) or, in any case, to the ‘information’ contained therein, relying on, first, Article 13 of Regulation No 45/2001 and, second, Article 6 of Regulation No 1049/2001. On that occasion, the applicant grouped the documents and information to which he was requesting access into four categories, designated by the parties as Group A (Document Nos 2 to 5, 13, 19, 22 to 26, 29, 30, 33, 34, 37 to 40, 43, 47, 53, 56, 58 and 63), Group B (Document Nos 8, 11, 41, 42, 48, 49 and 51), Group C (Document Nos 48, 49 and 51, already included within Group B) and Group D (Document Nos 1, 14, 21, 27, 28, 50, 52 and 57) and, for each of those categories, set out the reasons why he considered that his request should be granted.

14 On 12 October 2016, the director of the Security Directorate responded to the request of 21 September 2016 by a note (‘the contested note’) worded as follows:

‘1. In your [request of] 21 [September] 2016 you refer to Article 13 of Regulation No 45/2001 in order to request access to a number of documents. With regard to this request I refer to our decision dated 8 [March] 2016 ….

In addition, I refer to the Decision of the [EDPS] dated 25 July 2016 which clearly states that the EDPS has no indications that the Security Directorate has violated your right to access your personal data. I therefore consider that the Security Directorate has complied with your request to access your personal data.

  1. In your [request of 21 September 2016], you also refer to Regulation No 1049/2001 …, requesting to be granted access to specific documents of the file mentioned in [the table annexed to the decision of 8 March 2016]. In this context, I would like to advise you that documents given to you under that Regulation become available to any other requester in the future, thus de facto public, possibly merely expunged of your personal data.

    Please be informed that, in the light of the above, your access-to-documents request will be closed. If your application is introduced for personal purposes, please confirm this to us by indicating your private email and postal address.’

    Procedure and forms of order sought

    15 By application lodged at the Registry of the General Court on 19 December 2016, the applicant brought the present action.

    16 By separate...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT