Ref. Ares(2019)4564882 - 15/07/2019
DIRECTORATE-GENERAL FOR MIGRATION AND HOME AFFAIRS
Brussels, By registered letter with
acknowledgment of receipt
Ms Luisa Izuzquiza
Corporate Europe Observatory
Rue d’Édimbourg 26
1050 Bruxelles Advance copy by email : ask+request-6557-
Your application for access to documents – Ref GestDem No
Dear Ms Izuzquiza,
We refer to your letter dated 07/03/2019 in which you make a request for access to
documents, registered on 08/03/2019 under the above mentioned reference number.
You requested a list of lobby meetings between DG HOME and Facebook or its
intermediaries during the period 26 April 2018 to 7 March 2019, the respective minutes
and preparatory documents of these meetings, and all the correspondence exchange
between DG HOME and Facebook.
We refer to the definition of a “lobby meeting” for defining the scope of your request, by
reference to the definition given in Article 2 of the Commission decision on the
publication of information on meetings held between Directors-General of the
Commission and organisations or self-employed individuals (2014/838/EU, Euratom)
and the Commission decision on the publication of information on meetings held
between Members of the Commission and organisations or self-employed individuals (2014/839/EU, Euratom):
As a result, we identified the following meetings:
- Meeting on the 10th December 2018: Meeting with Thomas Myrup Kristensen, the
Head of Facebook’s Brussels office, and Nathaniel Gleicher, the Head of Cybersecurity
Policy, Head of Cabinet King, James Morrison and Member of Cabinet David Knight.
- Meeting on the 6th February 2019: Meeting with Thomas Myrup Kristensen, Facebook
and Marie Frenay (Cabinet Ansip), Ulrik Smed (Cabinet King) and Felix Kartte (EEAS).
Commission européenne/Europese Commissie, 1049 Bruxelles/Brussel, BELGIQUE/BELGIË - Tel. +32 22991111
- Meeting on the 16th February 2019: Meeting with Nathaniel Gleicher, Head of
Cybersecurity Policy, Facebook, and Commissioner Julian King in the margins of the
Munich Security Conference
For the above-mentioned meetings, the following document was identified:
Minutes of the meeting on the 6th February 2019 with Thomas Myrup
Kristensen, Facebook and Marie Frenay (Cabinet Ansip), Ulrik Smed (Cabinet
King) and Felix Kartte (EEAS). Ref. Ares(2019) 2819183
We enclose a copy of the document requested. This document was drawn up for internal
use under the responsibility of the relevant Cabinet of Vice-President ANSIP. It solely
reflects the services’ interpretation of the interventions made and does not set out any
official position of the third parties to which the document refers, which was not
consulted on its content. It does not reflect the position of the Commission and cannot be
quoted as such.
Pursuant to Article 4(1)(b) of Regulation (EC) No 1049/2001, access to a document has to
be refused if its disclosure would undermine the protection of privacy and the integrity of
the individual, in particular in accordance with European Union legislation regarding the
protection of personal data.
The applicable legislation in this field is Regulation (EU) 2018/1725 of the European
Parliament and of the Council of 23 October 2018 on the protection of natural persons
with regard to the processing of personal data by the Union institutions, bodies, offices and
agencies and on the free movement of such data, and repealing Regulation (EC) No 45/2001
and Decision No 1247/2002/EC1 (‘Regulation 2018/1725’).
The document to which you request access contains personal data.
Indeed, Article 3(1) of Regulation 2018/1725 provides that personal data ‘means any
information relating to an identified or identifiable natural person […]’. The Court of
Justice has specified that
any information, which by reason of its content, purpose or effect,
is linked to a particular person is to be considered as personal data.2 Please note in this respect
that the names, signatures, functions, telephone numbers and/or initials pertaining to staff members
of an institution are to be considered personal data.3
In its judgment in Case C-28/08 P (Bavarian Lager
)4, the Court of Justice ruled that when a
request is made for access to documents containing personal data, the Data Protection
Regulation becomes fully applicable5.
1 Official Journal L 205 of 21.11.2018, p. 39.
2 Judgment of the Court of Justice of the European Union of 20 December 2017 in Case C-434/16, Peter
Nowak v Data Protection Commissioner
, request for a preliminary ruling, paragraphs 33-35, ECLI:EU:C:2017:994.
3 Judgment of the General Court of 19 September 2018 in case T-39/17, Port de Brest v Commission
paragraphs 43-44, ECLI:EU:T:2018:560.
4 Judgment of 29 June 2010 in Case C-28/08 P, European Commission v The Bavarian Lager Co. Ltd
EU:C:2010:378, paragraph 59.
5 Whereas this judgment specifically related to Regulation (EC) No 45/2001 of the European Parliament
and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of
personal data by the Community institutions and bodies and on the free movement of such data, the
Pursuant to Article 9(1)(b) of Regulation 2018/1725, ‘personal data shall only be
transmitted to recipients established in the Union other than Union institutions and bodies if
‘[t]he recipient establishes that it is necessary to have the data transmitted for a specific
purpose in the public interest and the controller, where there is any reason to assume that the
data subject’s legitimate interests might be prejudiced, establishes that it is proportionate to
transmit the personal data for that specific purpose after having demonstrably weighed the
various competing interests’. Only if these conditions are fulfilled and the processing
constitutes lawful processing in accordance with the requirements of Article 5 of Regulation
2018/1725, can the transmission of personal data occur.
According to Article 9(1)(b) of Regulation 2018/1725, the European Commission has to
examine the further conditions for a lawful processing of personal data only if the first
condition is fulfilled, namely if the recipient has established that it is necessary to have the
data transmitted for a specific purpose in the public interest. It is only in this case that the
European Commission has to examine whether there is a reason to assume that the data
subject’s legitimate interests might be prejudiced and, in the affirmative, establish the
proportionality of the transmission of the personal data for that specific purpose after having
demonstrably weighed the various competing interests.
In your request, you do not put forward any arguments to establish the necessity to have the
data in question transmitted for a specific purpose in the public interest. Therefore, the
European Commission does not have to examine whether there is a reason to assume that
the data subject’s legitimate interests might be prejudiced.
Notwithstanding the above, please note that there are reasons to assume that the legitimate
interests of the data subjects concerned would be prejudiced by disclosure of the personal
data reflected in the documents, as there is a real and non-hypothetical risk that such public
disclosure would harm their privacy and subject them to unsolicited external contacts.
Consequently, I conclude that, pursuant to Article 4(1)(b) of Regulation (EC) No
1049/2001, access cannot be granted to the personal data in question, as the need to obtain
access thereto for a purpose in the public interest has not been substantiated and there is no
reason to think that the legitimate interests of the individual concerned would not be
prejudiced by disclosure of the personal data.
For the remaining meetings covered by your request, we regret to inform you that the
Commission does not hold any documents related to those meetings, since no briefings,
minutes or any other documents were drafted.
As specified in Article 2(3) of Regulation (EC) No 1049/2001, the right of access as
defined in that regulation applies only to existing documents in the possession of the
institution. Given that no such documents, corresponding to the description given in your
application, are held by the Commission, the Commission is not in a position to fulfil
principles set out therein are also applicable under the new data protection regime established by
In accordance with Article 7(2) of Regulation (EC) No 1049/2001, you are entitled to make
a confirmatory application requesting the Commission to review this position.
Such a confirmatory application should be addressed within 15 working days upon receipt
of this letter to the Secretariat-General of the Commission at the following address:
or by email to: email@example.com
Minutes of the meeting on the 6th February 2019 with Thomas
Myrup Kristensen, Facebook and Marie Frenay (Cabinet Ansip),
Ulrik Smed (Cabinet King) and Felix Kartte (EEAS).
Electronically signed on 15/07/2019 12:38 (UTC+02) in accordance with article 4.2 (Validity of electronic documents) of Commission Decision 2004/563