Ref. Ares(2020)1737040 - 24/03/2020
EUROPEAN COMMISSION
DIRECTORATE-GENERAL
HUMAN RESOURCES AND SECURITY
The Director-General
Brussels
Nikolaj NIELSEN
EU Observer
Avenue d'Auderghem 150
1040 Brussels
ask+request-7601-
xxxxxxxx@xxxxxxxx.xxx
Subject:
Your application for access to documents – Ref GestDem No
2020/0485
Dear Sir,
I refer to your email dated 23/01/2020 in which you make a request for access to
documents, registered on 27/01/2020 under the above-mentioned reference number, and
your clarification dated 12/02/2020.
You request access to all documents, emails, minutes and or reports detailing a meeting
of 03/05/2016 between a cabinet member responsible for DG Human Resources with
G4S to discuss the Brussels attacks and G4S role therein and G4S performance overall,
as well as the final assessment of G4S overall performance.
Your application concerns the following documents:
1. Briefing file for the meeting between the European Commission and G4S on
03/05/2016 and annexes 1-6 – Ares(2020)1212129.
2. Email from G4S to the European Commission as follow-up of the meeting on
03/05/2016 – Ares(2020)1212173.
Having examined the documents requested under the provisions of Regulation (EC) No
1049/2001 regarding public access to documents, I have come to the conclusion that they
may be partially disclosed. Some parts of the documents have been blanked out as their
disclosure is prevented by exceptions to the right of access laid down in Article 4 of this
Regulation.
The redacted parts of both of the documents contain information relating to security of the
Commission (Article 4(1)(a) first indent) as well as personal data of individuals (Article
4(1)(b)).
Commission européenne/Europese Commissie, 1049 Bruxelles/Brussel, BELGIQUE/BELGIË - Tel. +32 22991111
xxxxxxx.xxxxxxxx@xx.xxxxxx.xx
With respect to the expunged data falling under the scope of Article 4(1)(a) first indent,
disclosure of these parts would undermine the protection of the public interest as regards
public security, namely the security within the Commission. The objective of security
within the Commission is to enable the Commission to operate in a safe and secure
environment by establishing a coherent, integrated approach as regards its security,
providing appropriate levels of protection for persons, assets and information commensurate
with identified risks, and ensuring efficient and timely delivery of security.
Disclosure of the expunged personal data falling under the scope of Article 4(1)(b) would
undermine privacy and integrity of the individual, in particular in accordance with Union
legislation regarding the protection of personal data.
The latter exception, laid down in Article 4(1)(b) of Regulation (EC) No 1049/2001, applies
unless there is an overriding public interest in disclosure of the documents. I examined
whether there could be an overriding public interest in disclosure, but have not been able to
identify such an interest.
Pursuant to that article, access to a document must be refused if its disclosure would
undermine the protection of privacy and the integrity of the individual, in particular in
accordance with European Union legislation regarding the protection of personal data.
In its judgment in Case C-28/08 P (
Bavarian Lager),1 the Court of Justice of the European
Union ruled that when a request is made for access to documents containing personal data,
the Data Protection Regulation becomes fully applicable.2As referred to above, the
applicable legislation in this field is Regulation (EU) 2018/1725.3
Article 3(1) of Regulation (EU) 2018/1725 provides that personal data “
means any
information relating to an identified or identifiable natural person […]”. The Court of
Justice has specified that
any information, which by reason of its content, purpose or effect,
is linked to a particular person is to be considered as personal data.4
Pursuant to Article 9(1)(b) of Regulation (EU) 2018/1725, “
[…] personal data shall only be
transmitted to recipients […] if […] the recipient establishes that it is necessary to have the
data transmitted for a specific purpose in the public interest and the controller, where there
is any reason to assume that the data subject’s legitimate interests might be prejudiced,
establishes that it is proportionate to transmit the personal data for that specific purpose
after having demonstrably weighed the various competing interests”.
Only if these conditions are fulfilled and the processing constitutes lawful processing in
accordance with the requirements of Article 5 of Regulation (EU) 2018/1725, can the
transmission of personal data occur.
1 Judgment of 29 June 2010 in Case C-28/08 P,
European Commission v The Bavarian Lager Co. Ltd,
ECLI:EU:C:2010:378, paragraph 59.
2 This judgment specifically cited Regulation (EC) No 45/2001, which was repealed by Regulation (EU)
2018/1725. In accordance with Article 99 of that latter Regulation, references to Regulation (EC) No 45/2001
should be construed as references to Regulation (EU) 2018/1725.
3 Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October 2018 on the
protection of natural persons with regard to the processing of personal data by the Union institutions,
bodies, offices and agencies and on the free movement of such data, and repealing Regulation (EC) No
45/2001 and Decision No 1247/2002/EC, Official Journal L 295 of 21.11.2018, p. 39.
4 Judgment of the Court of Justice of the European Union of 20 December 2017 in Case
C-434/16, Peter Nowak v
Data Protection Commissioner, ECLI:EU:C:2017:994, paragraphs 33-35.
2
According to Article 9(1)(b) of Regulation (EU) 2018/1725, the European Commission has
to examine the further conditions for a lawful processing of personal data only if the first
condition is fulfilled, namely if the recipient has established that it is necessary to have the
data transmitted for a specific purpose in the public interest. It is only in this case that the
European Commission has to examine whether there is a reason to assume that the data
subject’s legitimate interests might be prejudiced and, in the affirmative, establish the
proportionality of the transmission of the personal data for that specific purpose after having
demonstrably weighed the various competing interests.
In your request, you do not put forward any arguments to establish the necessity to have the
data transmitted for a specific purpose in the public interest. Therefore, the European
Commission does not have to examine whether there is a reason to assume that the data
subject’s legitimate interests might be prejudiced.
Notwithstanding the above, please note that there are reasons to assume that the legitimate
interests of the data subjects concerned would be prejudiced by the disclosure of the
personal data in some of the requested documents, as there is a real and non-hypothetical
risk that such public disclosure would harm the privacy of the third parties. The European
Commission consulted the third parties who provided the concerned documents, and asked
their opinion on the disclosure of these documents and their personal data.
Consequently, having examined the documents requested under the provisions of
Regulation (EC) No 1049/2001 regarding public access to documents, and in view of the
above analysis, I have come to the conclusion that the two identified documents can be
disclosed after expunging personal data, the disclosure of which is prevented by exceptions
to the right of access laid down in Articles Article 4(1)(a) first indent and 4(1)(b) of
Regulation (EC) No 1049/2001
In accordance with Article 7(2) of Regulation (EC) No 1049/2001, you are entitled to make
a confirmatory application requesting the Commission to review this position.
Such a confirmatory application should be addressed within 15 working days upon receipt
of this letter to the Secretary-General of the Commission at the following address:
European Commission
Secretariat-General
Transparency,
Document
Management
&
Access
to
Documents
(SG.C.1)
BERL 7/076
B-1049 Brussels
or by email to:
xxxxxxxxxx@xx.xxxxxx.xx
Yours sincerely,
Gertrud Ingestad
E-signed
3
Electronically signed on 24/03/2020 12:55 (UTC+01) in accordance with article 4.2 (Validity of electronic documents) of Commission Decision 2004/563