Directorate C - Transparency, Efficiency & Resources
SG.C.1 - Transparency, Document Management & Access to Documents
Brussels, 16 December 2019
ACCESS TO NAMES AND FUNCTIONS OF COMMISSION STAFF
Commission services receive a large number of requests each year, under Regulation (EC) No
1049/2001, for access to documents (e.g. e-mails1, copies of correspondence, meeting minutes),
which include the names and functions of Commission staff.
This note sets out the approach to follow in such cases.
It aims to strike a fair balance between the right of access to documents2 and the right to personal
data protection3. It also takes into account the fact that, in most cases, applicants are interested in
the substance of the documents rather than in the personal data appearing therein.
This approach consists of granting, in principle, access to the names and functions4 of
Commissioners and their Cabinet members (AD officials) and staff in senior management
positions5, as well as to the Heads of the Commission’s Representations in the Member States of
the EU. This access is exceptionally extended to the names and functions of staff not occupying
any senior management position, if:
the applicant has substantiated the need for such transmission for a specific purpose in the
1 These are only considered documents to the extent that they are registered or should have been registered
in Ares in accordance with the document management rules.
2 As defined in Article 15(3) of the Treaty on the Functioning of the European Union (TFEU) and
Regulation (EC) No 1049/2001 of 30 May 2001 regarding public access to European Parliament,
Council and Commission documents.
3 As defined in Article 16(1) of the TFEU and Regulation (EU) 2018/1725 of 23 October 2018 on the
protection of natural persons with regard to the processing of personal data by the Union institutions,
bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No
45/2001 and Decision No 1247/2002/EC. The Court of Justice has confirmed that ’
there is no reason of
principle to justify excluding activities of a professional [...] nature from the notion of “private life’, see
Judgment of the Court of Justice of 20 May 2003, preliminary rulings in proceedings between Rechnungshof and Österreichischer Rundfunk, Joined Cases C-465/00, C-138/01 and C-139/01,
EU:C:2003:294, paragraph 73.
4 No access should be granted to other personal data, for example, telephone number, office number, e-
mail address part preceding the domain name etc.
5 Secretary-General, Directors-General, Directors. Please note that the Commission Spokesperson forms
part of the senior management.
6 As specified in recital 28 of Regulation (EU) 2018/1725, ‘[t]he specific purpose in the public interest
there are no reasons to assume that the legitimate rights of the individuals concerned
might be prejudiced; or
the institution considers the transmission proportionate for the specific purpose brought
forward by the applicant, after having demonstrably weighed the various competing
2. BASIC PRINCIPLE
: REFUSAL FOR STAFF NOT OCCUPYING ANY SENIOR MANAGEMENT
Both at the initial and at confirmatory stage, no access should, in principle, be granted to the
names and functions7 of staff which do not form part of senior management, unless a need
is established, there are no reasons to assume that the legitimate interests
of the individuals
concerned might be prejudiced, and the transfer is proportionate for the purpose put forward by the
applicant, after having demonstrably weighed the various competing interests.
2.1. How to assess the need for the data transfer
The need to obtain the personal data must be clearly demonstrated by the applicant. It should be
distinguished from a mere interest in obtaining these data8.
For instance, some applicants request access to the names of members of a tender or project
evaluation committee to verify whether there have been any conflicts of interests. However, save
specific circumstances, this will rarely constitute a ‘need’ to obtain the personal data concerned,
given that the Financial Regulation already establish the necessary procedural guarantees to avoid
such conflicts of interests.
The necessity of the data transfer must be demonstrated by express and legitimate justifications or
convincing arguments9, and there must be no less invasive measures available, taking into account
the principle of proportionality10.
2.2. How to assess the absence of any risks to the data subjects’ rights
As regards the possible risks to the legitimate rights of the data subjects concerned, and hence to
the privacy and integrity of these individuals in the meaning of Article 4(1)(b) of Regulation (EC)
No 1049/2001, these can in a limited number of cases be established without a need to consult the
staff members concerned, in particular:
for members of tender or project evaluation committees, for whom there is a real and
non-hypothetical risk of being the subject of unsolicited contacts by unsuccessful, current
or future tenderers or project promoters;
for staff members tasked with investigative functions (e.g. investigative staff working on
antidumping or competition files, auditors, OLAF investigators, etc.);
for staff members forming part of an administrative entity which has been the subject of
could relate to the transparency of Union institutions and bodies.’
7 To the extent that they enable the individual staff members to be identified. If this is not the case, these
functions are not to be considered “personal data”, and access can in principle be granted if no other
exceptions of Article 4 of Regulation (EC) No 1049/2001 are applicable.
8 As required by Article 9(1)(b) of Regulation (EU) 2018/1725.
9 Judgment of the Court of Justice of 29 June 2010 , European Commission
v The Bavarian Lager Co.
Ltd, C-28/08 P,
EU:C:2010:378, paragraphs 77-78.
10 Judgment of the General Court of 23 November 2011, Gert-Jan Dennekamp
v European Parliament
EU:T:2011:688, paragraphs 30-34 and Judgment of the General Court 25 September 2018, Maria
Psara and Others
v European Parliament, T‑ 639/15 to T‑ 666/15 and T‑ 94/16,
targeted physical or verbal attacks or defamatory actions by outside parties.
In those cases, access should normally be denied.
In principle, it is the responsibility of the controller to establish whether the data subject’s interests
might be prejudiced. If the controller concludes that this is the case, he will then have to weigh the
various competing interests and determine whether it is proportionate to transmit the personal data
to the applicant. In case of doubt and if practically possible, the controller can decide to consult the
data subjects concerned to establish the level of prejudice to their rights.
In case of doubt, it is advisable to err on the side of caution, so as to avoid potentially adverse
consequences for the data subject concerned of which it has not been possible to assess the
likelihood and magnitude set off against the purpose of the transfer.
2.3. Practical implications
The applicant should be invited, if he/she wishes to receive the names and/or functions of
Commission staff members who do not occupy any senior management position or are Heads of
the Commission Representations in Member States of the EU, to demonstrate the need for having
these personal data transferred.
Unless it is clearly evident, based on the assessment described above, that the conditions of Article
9(1)(b) of Regulation (EU) 2018/1725 are fulfilled, services are invited to redact the names and
functions11 appearing in the documents to which (full or partial) access is granted, with reference
to Article 4(1)(b) of Regulation (EC) No 1049/2001 read in conjunction with the above-mentioned
provision of Regulation (EU) 2018/1725.
The detailed reasoning should indicate that, based on the information available, the necessity of
disclosing the personal data has not been established, there are reasons to assume that such
disclosure would prejudice the legitimate rights of the persons concerned, and/or the weighing of
the various interests involved led to the conclusion that the transmission of the personal data
would not be proportionate.
As the possible release of staff names and functions of Commission staff members not occupying
any senior management position is conditional upon the prior proof of the necessity of the
transmission by the applicant, the number of cases where a specific risk assessment has to be
made, and hence the resulting administrative burden and the risk of errors, is expected to remain
11 To the extent that these enable the individuals concerned to be identified.