{"id":72190,"date":"2020-10-29T21:37:33","date_gmt":"2020-10-29T20:37:33","guid":{"rendered":"https:\/\/www.lexxion.eu\/dpi\/data-protection-insider-issue-34\/"},"modified":"2020-10-29T21:37:33","modified_gmt":"2020-10-29T20:37:33","slug":"data-protection-insider-issue-34","status":"publish","type":"dpi","link":"https:\/\/www.lexxion.eu\/en\/dpi\/data-protection-insider-issue-34\/","title":{"rendered":"Data Protection Insider, Issue 34"},"content":{"rendered":"
\n

\n

– ECtHR Rules on Archival Research and Privacy<\/strong>\u00a0–<\/strong><\/span><\/a><\/p>\n

\n

On 13th<\/sup> October the ECtHR handed down its decision in Gafiuc v. Romania<\/em>. The case concerned a journalist who had been granted accreditation to conduct research in the Romanian Securitate archives \u2013 the archives of the Romanian Secret Police under the Communist Regime. Such access is granted only provided an individual is conducting research into the historical truth about the period. The journalist then went on to publish a series of articles including information on individuals who had collaborated with the regime in informing on sportspersons who had been under state surveillance. The journalist\u2019s accreditation was subsequently withdrawn on the ground that they had illegitimately violated individuals\u2019 privacy and that they had not acted in line with the original purposes of their research. The journalist appealed to the Court claiming the removal of accreditation illegitimately interfered with their Article 10 right to freedom of expression. The Court decided there was no infringement<\/a>. In particular, the Court highlighted that the information published included information relating to the private sphere of sportspersons, which did not concern their athletic performance, which had not been published by the sportspersons concerned themselves, which was in general inaccessible to the public, which could not be effectively assessed and which could not be considered to serve the public interest. In this regard, the Court considered that the privacy interests involved outweighed the journalist\u2019s Article 10 rights and that the removal of accreditation was legitimate. Whilst not ostensibly about the Article 8 right to privacy, the case is significant in relation to data protection in terms of its consideration of the privacy interests tied up with state archives. In this regard, the case takes its place among the range of case law dealing with the legitimate limitations on the access and use of Communist period archives.<\/span><\/p>\n

 <\/p>\n<\/div>\n

\n

Maris v Romania<\/em>: Rectification Requests Not Always Recognised<\/strong><\/span>\u00a0–<\/strong><\/span><\/a><\/p>\n

\n

On 22nd<\/sup> October the ECtHR declared Maris\u2019s application alleging a breach of Article 9 ECHR on freedom of religion inadmissible. Superficially, the case does not look relevant for data protection. When one looks deeper however, a different picture appears. According to the facts of the case, the applicant is a prisoner whose prison records indicate his religion to be \u201corthodox Christian.\u201d Whilst he had requested that the records be amended to indicate his religion to be \u201cJewish\u201d, the prison authorities had failed to correct the records. Accordingly, the applicant claimed a violation of his freedom of religion rights. The ECtHR concluded that the complaint was inadmissible, mainly because the applicant was never prevented from manifesting his religion or exercising and practising it. From a data protection perspective, it is interesting that the Court did not consider the relevance of the fact that the prisoner\u2019s data had not been updated despite an explicit request. It seems the Court did not feel that the right to have one\u2019s religion accurately reflected in official records related in any meaningful way to the ability to manifest one\u2019s religion<\/a>. This conclusion seems at least debatable given the very real form of manifestation of religion implied by state recording and recognition of one\u2019s religious identity. It is also interesting that the case dealt with issues concerning rights to access and rectification whilst the case did not deal directly with Article 8. The data protection community tends to look at the Article 8 right to privacy as the locus for evaluating the ECtHR\u2019s elaboration of fundamental rights connected to personal data processing. This case highlights that the locus of the ECtHR\u2019s data protection thinking may, on occasion, lie elsewhere. It is possible, for example, that there are considerably more cases dealing with data access and rectification than those traditionally discussed, simply by virtue of the fact that these are not raised under Article 8. Finally, if a similar question would be raised under the GDPR\/LED, it would be interesting to know what the courts and data protection supervisory authorities would deem to be adequate evidence of change of religious identity when requesting a rectification such as that in the Maris case.<\/span><\/p>\n

 <\/p>\n<\/div>\n

\n

–\u00a0<\/strong><\/span>EDPB Holds 40th<\/sup> Plenary Session –<\/strong><\/span><\/a><\/p>\n

\n

On 20th<\/sup> October the EDPB held its 40th<\/sup> Plenary Session<\/a>. During the Session, the EDPB decided to establish a Coordinated Enforcement Framework (CEF), which provides \u201ca structure for coordinating recurring annual activities by EDPB Supervisory Authorities (SAs).\u201d The framework will ensure the coordination and flexibility of joint actions across the wide range of tasks and powers of the SAs \u2013 from awareness raising through investigations to enforcement actions. The EDPB also adopted the following documents:<\/span><\/p>\n

\n