“46 In that regard, it must be recalled, first, that Article 13(c) of Regulation No 45/2001 provides that ‘the data subject shall have the right to obtain, without constraint, at any time within three months from the receipt of the request and free of charge from the controller […] communication in an intelligible form of the data undergoing processing […]’. It follows from that provision, which allows the data subject to access his personal data ‘at any time’, that that person had a continuous and permanent right of access to those data.
47 Second, while Article 20(1) of Regulation No 45/2001 provides for exemptions and restrictions to the right for the data subject to access his personal data, that provision specifies that the institutions cannot restrict the application of Article 13 of that regulation except ‘where such restriction constitutes a necessary measure’. It follows that the exemptions and restrictions laid down in Article 20(1) of that regulation are applicable only in the period during which they remain necessary.
48 In addition, it should be noted that the protection of personal data resulting from the explicit obligation laid down in Article 8(1) of the Charter of Fundamental Rights of the European Union is especially important for the right to respect for private life enshrined in Article 7 of that charter (judgment of 8 April 2014, Digital Rights Ireland and Others, C 293/12 and C 594/12, EU:C:2014:238, paragraph 53).
49 Thus, the Court has favoured an interpretation of EU law conducive to a high level of protection of personal data. It has taken into account, among other things, the fact that, in the context of the processing of personal data, the factual and legal situation of the data subject is, by its nature, liable to change over time, since the mere passage of time is capable of rendering the processing of data, which was initially lawful, unnecessary or even unlawful (see, to that effect and by analogy, judgment of 13 May 2014, Google Spain and Google, C 131/12, EU:C:2014:317, paragraphs 92 and 93).
50 It follows that, under Regulation No 45/2001, a person may, at any time, make a new request for access to personal data to which access had previously been refused. Such a request requires the institution concerned to examine whether the earlier refusal of access remains justified.
51 Therefore, a fresh examination seeking to verify whether a previously-adopted refusal to grant access to personal data remains justified having regard to Articles 13 and 20 of Regulation No 45/2001 leads to the adoption of an act which is not purely confirmatory of the earlier act, but constitutes an act that may be the subject of an action for annulment under Article 263 TFEU.
………..
69 However, it has already been observed in paragraph 46 above that, in the context of Regulation No 45/2001, the data subject has a continuous and permanent right of access to his personal data. That right enables him, among other things, to make a request for access to personal data, including where the data subject has already been able to access all or part of those data in order, for example, to satisfy himself that all of the personal data held by an institution had in fact been identified and communicated, or to know whether the data in question was still being processed by the institution and, if so, whether they had been altered or not”.
"I say I know one thing: that I know nothing.
That, indeed makes me more knowledgeable than anybody else"
- Socrates -
Contact
+32-2-231 57 04
T-903/16: The right of access to personal data is a continuous and permanent right of access to those data. The non-applicability of the case-law on purely confirmatory measures in relation to personal data.
Pappas & Associates
- Pappas & Associates, Rue Stevin 49-51, 1000 Brussels, Belgium
- contact@pappaslaw.eu
- +32-2-231 57 04
- +32-2-231 57 08
Recent cases
European Court of Human Rights : ECHR 46862/14, ECHR 46819/14, ECHR 30287/14, ECHR 23544/14, ECHR 5485/14, ECHR76530/13, ECHR 68918/13, ECHR 59003/13, ECHR 57424/13, ECHR 39173/13, ECHR 39165/13, ECHR 32194/13, ECHR 23542/13, ECHR 53601/12, ECHR 48499/12, ECHR 18096/12, CHR 1317/07, ECHR 3735/06
European Commission (Competition) : C 2015/078217, C 2015/071997, SA.39119 (2014-CP), SA. 32060 (2014/NN), SA 35191 (20121CP), C(2011)3504, C 16/10 (ex NN 22/10, ex CP 318/09), COMP/B1-39826/2010
Conseil d’Etat and Symvoulio tis Epikrateias : ΣτΕ 469/2012, Conseil d’Etat, arrêt nº 221.250 du 30 octobre 2012, ΣτΕ (ΕΑ) 259/2012, ΣτΕ (ΕΑ) 256-257/2012, ΣτΕ (ΕΑ) 254/2012, Conseil d’Etat arrêt nº 211.866 du 9 mars 2011, ΣτΕ 1786/2010
Court of Justice of the European Union : C-131/15 P, T-484/15, T-351/15, T-306/15, T-104/15, F-68/15, Τ-791/14, T-787/14 P, F-93/14, F-77/14, F-69/14, F-35/14, F-34/14, C-673/13 P, T-653/13, T-338/13, T-73/13, T-58/13, T-57/13, T-44/13, T-29/13, F-117/13, T-403/12, T-296/12, -192/12, T-36/12, T-14/12, F-137-138-139/12, F-26/12, T-635/11, T-422/11, T-419/11, T-317/11 P, T-59/11, F-124/11, F-87/11, F-24/10 RA, C-362/09 P, T-164/09, T-384/08, T-43/07 P, F-143/07, F-128-129/07, C-521/06 P, T-94/05 RENV II, T-94/05, F-100/05, T-471/04
T-358/20, Net Technologies Finland Oy v. REA: Seventh Framework Programme for research, technological development and demonstration activities (2007-2013) – The FP7 Guide is not a source of the applicable law but merely a policy instrument, which, in accordance with the principle of performing contracts in good faith, has to be taken into account – Relationship between the participants in a Consortium – Probative value of emails – Eligibility of the costs for the consultants of the subcontractor; criteria of working in the beneficiary’s premises and of remuneration based on working hours; derogation by FP7 from the conditions laid down in the general conditions of the FP
Staff Regulations: the rule of correspondence between the complaint and the application
AMD Fusion APU Era Begins
The Reform of the data protection legal framework
The Netherlands Dances the Two-Step With Its New Telecom Law : Net-Neutrality and Online Advertisers Learn the Steps
Second Assessment of the Implementation of the Safer Networking Principles
Education and Employment Under the Europe 2020 Strategy
Google and the credibility of EU data protection laws
Is Microsoft ruling an example of European protectionism ?
A law with unintended consequences