EUROPEAN COMMISSION
Brussels, 15.6.2020
C(2020) 4106 final
Mr Nikolaj Nielsen
EU Observer
Avenue d'Auderghem 150
1040 Brussels
DECISION OF THE EUROPEAN COMMISSION PURSUANT TO ARTICLE 4 OF THE
IMPLEMENTING RULES TO REGULATION (EC) N° 1049/20011
Subject:
Your confirmatory application for access to documents under
Regulation (EC) No 1049/2001 - Gestdem 2020/485
Dear Mr Nielsen,
I refer to your email of 3 April 2020, registered on 15 April 2020, in which you submit a
confirmatory application in accordance with Article 7(2) of Regulation (EC) No
1049/2001 regarding public access to European Parliament, Council and Commission
documents2 (hereafter: ‘Regulation (EC) No 1049/2001’).
1.
SCOPE OF YOUR REQUEST
On 23 January 2020, you submitted the initial application for access to, I quote, ‘[…]
documents, which contain the following information:
On 3 [May] 2016 a cabinet member [responsible for Directorate-General for Human
Resources and Security] a meeting with [the company] G4S to discuss "recent Brussels
attacks and G4S role therein and G4S performance overall."’.
1
Official Journal L 345 of 29.12.2001, p. 94.
2
Official Journal L 145 of 31.5.2001, p. 43.
Commission européenne/Europese Commissie, 1049 Bruxelles/Brussel, BELGIQUE/BELGIË - Tel. +32 22991111
http://ec.europa.eu/dgs/secretariat_general/
E-mail
: xxxxxxxxxx@xx.xxxxxx.xx
You explained that, I quote, ‘[you are] seeking all documents, emails, minutes and or
reports detailing that meeting as well as the final assessment of G4S overall
performance’.
Your initial application was attributed to the Directorate-General for Human Resources
and Security for handling and reply. It identified the following documents as falling
under the scope of your application:
- Briefing for the meeting between the European Commission and G4S on 3 May
2016, reference Ares(2020)1212129 (hereafter, ‘document 1a’)
- six annexes attached to the briefing:
1) curriculum vitae,
2) letter from the European Commission to G4S, dated 29 March 2016, reference
Ares(2016)1746784,
3) letter from G4S to the European Commission, dated 20 April 2016, reference
Ares(2016)1921982,
4) email from a citizen to he European Commission, dated 25 January 2016,
5) letter from G4S to the European Commission, dated 9 December 2015,
6) letter from the European Commission to a citizen, dated 15 April 2016,
reference: Ares(2016)812752.
All six annexes are included in one document (hereafter: ‘document 1b’),
- Email from G4S to the European Commission as follow-up of the meeting on 3
May 2016, reference: Ares(2020)1212173, (hereafter, ‘document 2’).
In its initial reply of 24 March 2020, the Directorate-General for Human Resources and
Security granted:
- partial access to documents 1a and 1b with the relevant parts redacted, based on
the exceptions in Article 4(1)(a), first indent, of Regulation (EC) No 1049/2001
(protection of the public interest as regard public security) and Article 4(1)(b) of
that regulation (protection of privacy and the integrity of the individual).
- wide partial access to documents 2, with the relevant parts redacted, based on the
exception Article 4(1)(b) of Regulation (EC) No 1049/2001.
In your confirmatory application, you request a review of this position.
2.
ASSESSMENT AND CONCLUSIONS UNDER REGULATION (EC) NO 1049/2001
When assessing a confirmatory application for access to documents submitted pursuant
to Regulation (EC) No 1049/2001, the Secretariat-General conducts a fresh review of the
reply given by the Directorate-General concerned at the initial stage.
Following this review, I inform you that with regard to document 1a, further partial
access is granted to the document concerned. The withheld parts of that document require
protection under the exceptions in Article 4(1)(a), first indent, of Regulation (EC) No
2
1049/2001 (protection of the public interest as regard public security) and Article 4(1)(b)
of that regulation (protection of privacy and the integrity of the individual).
Further partial access is granted to documents 1b and 2. With regard to document 1b, the
redactions made in the documents were modified, in order to better present the context
and type of information withheld.
The undisclosed parts of this document are protected by virtue of the above-mentioned
exception in Article 4(1)(b) of Regulation (EC) No 1049/2001 and the exception in
Article 4(2), first indent, of the said regulation (protection of commercial interests of a
natural of legal person).
As regards document 2, the redactions made were modified, in order to better present the
context and type of information withheld. In addition, the undisclosed parts of this
document contain information requiring the protection under the exception in Article
4(1)(b) of Regulation (EC) No 1049/2001.
The detailed reasons are set out below.
2.1 Protection of privacy and the integrity of the individual
Article 4(1)(b) of Regulation (EC) No 1049/2001 provides that ‘the institutions shall
refuse access to a document where disclosure would undermine the protection of […]
privacy and the integrity of the individual, in particular in accordance with Community
legislation regarding the protection of personal data’.
In its judgment in Case C-28/08 P
(Bavarian Lager)3, the Court of Justice ruled that
when an application is made for access to documents containing personal data,
Regulation (EC) No 45/2001 of the European Parliament and of the Council of 18
December 2000 on the protection of individuals with regard to the processing of personal
data by the Community institutions and bodies and on the free movement of such data4
(‘Regulation (EC) No 45/2001’) becomes fully applicable.
As from 11 December 2018, Regulation (EC) No 45/2001 has been repealed by
Regulation (EU) No 2018/1725 of the European Parliament and of the Council of 23
October 2018 on the protection of natural persons with regard to the processing of
personal data by the Union institutions, bodies, offices and agencies and on the free
movement of such data, and repealing Regulation (EC) No 45/2001 and Decision No
1247/2002/EC5 (‘Regulation (EU) No 2018/1725’).
However, the case-law issued with regard to Regulation (EC) No 45/2001 remains
relevant for the interpretation of Regulation (EU) No 2018/1725.
3 Judgment of the Court of Justice of 29 June 2010,
European Commission v The Bavarian Lager Co.
Ltd (hereafter referred to as
‘European Commission v
The Bavarian Lager judgment’), C-28/08 P,
EU:C:2010:378, paragraph 59.
4 Official Journal L 8 of 12.1.2001, p. 1.
5 Official Journal L 205 of 21.11.2018, p. 39.
3
In the above-mentioned judgment the Court stated that Article 4(1)(b) of Regulation (EC)
No 1049/2001 ‘requires that any undermining of privacy and the integrity of the
individual must always be examined and assessed in conformity with the legislation of
the Union concerning the protection of personal data, and in particular with […] [the
Data Protection] Regulation’.6
Article 3(1) of Regulation (EU) No 2018/1725 provides that
personal data ‘means any
information relating to an identified or identifiable natural person […]’.
As the Court of Justice confirmed in Case C-465/00 (
Rechnungshof), ‘there is no reason
of principle to justify excluding activities of a professional […] nature from the notion of
private life’.7
The relevant parts of documents 1a, 1b and 2 contain the names, functions and contact
details (telephone numbers) of the staff members of the European Commission who do
not hold any senior management position. They also include the names of third parties
(representatives and employees of the Ministries of the Member States and of companies,
as well as of a citizen). The documents contain also the handwritten signatures of the
staff members of the European Commission and of the third parties.
The names8 of the persons concerned as well as other data from which their identity can
be deduced constitute personal data in the meaning of Article 2(a) of Regulation (EU) No
2018/1725.
Pursuant to Article 9(1)(b) of Regulation (EU) No 2018/1725, ‘personal data shall only
be transmitted to recipients established in the Union other than Union institutions and
bodies if ‘[t]he recipient establishes that it is necessary to have the data transmitted for a
specific purpose in the public interest and the controller, where there is any reason to
assume that the data subject’s legitimate interests might be prejudiced, establishes that it
is proportionate to transmit the personal data for that specific purpose after having
demonstrably weighed the various competing interests’.
Only if these conditions are fulfilled and the processing constitutes lawful processing in
accordance with the requirements of Article 5 of Regulation (EU) No 2018/1725, can the
transmission of personal data occur.
In Case C-615/13 P
(ClientEarth), the Court of Justice ruled that the institution does not
have to examine of its own motion the existence of a need for transferring personal data.9
6
European Commission v
The Bavarian Lager judgment quoted above, paragraph 59.
7 Judgment of the Court of Justice of 20 May 2003, preliminary rulings in proceedings between
Rechnungshof and Österreichischer Rundfunk, Joined Cases C-465/00, C-138/01 and C-139/01,
EU:C:2003:294, paragraph 73.
8
European Commission v The Bavarian Lager judgment quoted above, paragraph 68.
9 Judgment of the Court of Justice of 16 July 2015,
ClientEarth v European Food Safety Agency,
C-615/13 P,
EU:C:2015:489, paragraph 47.
4
This is also clear from Article 9(1)(b) of Regulation (EU) No 2018/1725, which requires
that the necessity to have the personal data transmitted must be established by the
recipient.
According to Article 9(1)(b) of Regulation (EU) No 2018/1725, the European
Commission has to examine the further conditions for a lawful processing of personal
data only if the first condition is fulfilled, namely if the recipient establishes that it is
necessary to have the data transmitted for a specific purpose in the public interest. It is
only in this case that the European Commission has to examine whether there is a reason
to assume that the data subject’s legitimate interests might be prejudiced and, in the
affirmative, establish the proportionality of the transmission of the personal data for that
specific purpose after having demonstrably weighted the various competing interests.
Neither in your initial, nor in your confirmatory application, have you established the
necessity of disclosing any of the above-mentioned personal data.
Consequently, I consider that the necessity for the transfer of personal data (through its
public disclosure) included in the documents concerned has not been established.
Therefore, the European Commission does not have to examine whether there is a reason
to assume that the data subject’s legitimate interests might be prejudiced.
Notwithstanding the above, there are reasons to assume that the legitimate interests of the
data subjects concerned would be prejudiced by disclosure of the personal data reflected
in the documents, as there is a real and non-hypothetical risk that such public disclosure
would harm their privacy and subject them to unsolicited external contacts.
Consequently, I conclude that, pursuant to Article 4(1)(b) of Regulation (EC) No
1049/2001, access cannot be granted to the personal data, as the need to obtain access
thereto for a purpose in the public interest has not been substantiated and there is no
reason to think that the legitimate interests of the individuals concerned would not be
prejudiced by disclosure of the personal data concerned.
2.2 Protection of the public interest as regards public security
Article 4(1)(a), first indent, of Regulation (EC) No 1049/2001 provides that ‘[t]he
institutions shall refuse access to a document where disclosure would undermine the
protection of the public interest as regards public security’.
The Court of Justice has confirmed that it ‘is clear from the wording of Article 4(1)(a) of
Regulation No 1049/2001 that, as regards the exceptions to the right of access provided
for by that provision, refusal of access by the institution is mandatory where disclosure of
a document to the public would undermine the interests which that provision protects,
without the need, in such a case and in contrast to the provisions, in particular, of Article
5
4(2), to balance the requirements connected to the protection of those interests against
those which stem from other interests.’10
The General Court has acknowledged that ‘the institutions enjoy a wide discretion when
considering whether access to a document may undermine the public interest and,
consequently, […] the Courts review of the legality of the institutions' decisions refusing
access to documents on the basis of the mandatory exceptions relating to the public
interest must be limited to verifying whether the procedural rules and the duty to state
reasons have been complied with, the facts have been accurately stated, and whether
there has been a manifest error of assessment of the facts or a misuse of powers’11.
Indeed, the undisclosed parts of document 1a contain sensitive security-related
information, concerning the various aspects of the policy of the physical access to the
European Commission premises. This includes information regarding the organization of the
guard services, together with the information on planning for their distribution, quality of X-
ray controls, as well as the reference to the areas where action for improvement is needed.
The document 1a contains also the information about the security aspect of the access policy
applied by other EU Institutions.
The relevant undisclosed parts of document 1a contains information about the operational
and technical aspects of the services provided by G4S. This includes the detailed information
regarding the security equipment used, together with the description of the type of facilities
where it is used.
If publicly disclosed, the above-mentioned information, could be instrumentally used to
circumvent the security measures applied and in consequence the access policy would be
compromised.
In the light of the above-mentioned the use of the exception under Article 4(1)(a), first
indent (protection of the public interest as regards public security) of Regulation (EC) No
1049/2001 is justified concerning the relevant undisclosed information included in
document 1a and that access thereto must be refused on that basis.
2.3 Protection of commercial interests of a natural or legal person
Article 4(2), first indent, of Regulation (EC) No 1049/2001 provides that ‘[t]he
institutions shall refuse access to a document where disclosure would undermine the
protection of commercial interests of a natural or legal person, including intellectual
property, […] unless there is an overriding public interest in disclosure’.
10 Judgement of the Court of Justice of 1 February 2007, C-266/05 P,
Sison v
Council, EU:C:2007:75
paragraph 46.
11 Judgment of the General Court of 25 April 2007, T-264/04,
WWF European Policy Programme v
Council, EU:T:2007:114, paragraph 40.
6
The limited undisclosed parts of document 1b contain information regarding the
allegations against G4S. There is reasonably foreseeable risk that public disclosure of this
information could be misinterpreted and in consequence instrumentally used against the
reputation of the company. That in turn, would have an negative impact on its market
position and would clearly undermine its commercial interests.
The withheld part of the above-mentioned document contains also the information
relating to customers of G4S. This information require protection, in order to preserve
customer confidentiality.
I conclude, therefore, that access to the relevant undisclosed parts of document 1b must
be denied on the basis of the exception laid down in the first indent of Article 4(2) of
Regulation (EC) No 1049/2001.
3.
OVERRIDING PUBLIC INTEREST IN DISCLOSURE
The exceptions in Article 4(1)(a) and Article 4(1)(b) of Regulation (EC) No 1049/2001
do not need to be balanced against overriding public interest in disclosure.
The exception laid down in Article 4(2) of Regulation (EC) No 1049/2001 must be
waived if there is an overriding public interest in disclosure. Such an interest must,
firstly, be public (as opposed to any possible private interests of the applicant) and,
secondly, overriding, it must outweigh the harm caused by disclosure.
In your confirmatory application, you do not put forward any reasoning pointing to an
overriding public interest in disclosing the documents requested.
Nor have I been able to identify any public interest capable of overriding the public and
private interests protected by the first indent of Article 4(2) (protection of commercial
interests of a natural or legal person) of Regulation (EC) No 1049/2001.
4.
PARTIAL ACCESS
(Wide) partial access is granted to the documents concerned.
5.
5. MEANS OF REDRESS
Finally, I draw your attention to the means of redress available against this decision. You
may either bring proceedings before the General Court or file a complaint with the
European Ombudsman under the conditions specified respectively in Articles 263 and
228 of the Treaty on the Functioning of the European Union.
Yours sincerely,
For the Commission
Ilze Juhansone
Secretary-General
7
Document Outline