CURIA - Documents

Home > Search form > List of results > Documents

Start printing

PDF format

Language of document : ECLI:EU:C:2002:513

OPINION OF ADVOCATE GENERAL

TIZZANO

delivered on 19 September 2002 (1)

Case C-101/01

Bodil Lindqvist

Åklagarkammaren i Jönköping

(Reference for a preliminary ruling from the Göta Hovrätten)

(Directive 95/46/EC - Scope)

1.

By order of 23 February 2001, the Hovrätten di Götaland (Göta Court of Appeal, Sweden) referred seven questions to the Court for a preliminary ruling on the interpretation of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as Directive 95/46 or simply the Directive). (2) The questions concern, in particular, the scope of the Directive, the transfer of personal data to third countries, whether the Directive is compatible with the general principles of freedom of expression and whether national rules may be introduced that are more restrictive than the Community provisions.

The legal framework

The European Convention for the Protection of Human Rights and Fundamental Freedoms

2.

In order to establish the legal background to the present case, it is essential first to consider Articles 8 and 10 of the European Convention for the Protection of Human Rights and Fundamental Freedoms.

3.

Article 8 provides, in particular:

1. Everyone has the right to respect for his private and family life, his home and his correspondence.

2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.

4.

Article 10, on the other hand, provides:

1. Everyone has the right to freedom of expression. This right shall include freedom to hold opinions and to receive and impart information and ideas without interference by public authority and regardless of frontiers. This article shall not prevent States from requiring the licensing of broadcasting, television or cinema enterprises.

2. The exercise of these freedoms, since it carries with it duties and responsibilities, may be subject to such formalities, conditions, restrictions or penalties as are prescribed by law and are necessary in a democratic society, in the interests of national security, territorial integrity or public safety, for the prevention of disorder or crime, for the protection of health or morals, for the protection of the reputation or rights of others, for preventing the disclosure of information received in confidence, or for maintaining the authority and impartiality of the judiciary.

Directive 95/46

5.

The relevant Community provision is Directive 95/46, adopted on the basis of Article 100a of the EC Treaty (now Article 95 EC) to encourage the free movement of personal data by harmonising the laws, regulations and administrative provisions of the Member States on the protection of individuals with respect to the processing of such data.

6.

The Directive is based on the idea that the difference in levels of protection of the rights and freedoms of individuals, notably the right to privacy, with regard to the processing of personal data afforded in the Member States may prevent the transmission of such data from the territory of one Member State to that of another Member State [and that] this difference may therefore constitute an obstacle to the pursuit of a number of economic activities at Community level, distort competition and impede authorities in the discharge of their responsibilities under Community law (seventh recital in the preamble). The Community legislature therefore considered that in order to remove the obstacles to flows of personal data, the level of protection of the rights and freedoms of individuals with regard to the processing of such data must be equivalent in all Member States. To that end, it considered that a harmonisation measure at Community level was needed inasmuch as the objective of free movement of personal data, is vital to the internal market but cannot be achieved by the Member States alone, especially in view of the scale of the divergences which currently exist between the relevant laws in the Member States and the need to coordinate the laws of the Member States so as to ensure that the cross-border flow of personal data is regulated in a consistent manner that is in keeping with the objective of the internal market as provided for in Article 7 of the Treaty (eighth recital). Following the adoption of a harmonisation measure, on the other hand, given the equivalent protection resulting from the approximation of national laws, the Member States will no longer be able to inhibit the free movement between them of personal data on grounds relating to protection of the rights and freedoms of individuals, and in particular the right to privacy (ninth recital).

7.

That being said, the Community legislature took the view that in determining a level of protection equivalent in all Member States it was essential to take account of the requirement that the fundamental rights of individuals should be safeguarded (third recital). In that light, it considered in particular that the object of the national laws on the processing of personal data is to protect fundamental rights and freedoms, notably the right to privacy, which is recognised both in Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms and in the general principles of Community law. For that reason, it considered that the approximation of those laws must not result in any lessening of the protection they afford but must, on the contrary, seek to ensure a high level of protection in the Community (tenth recital).

8.

Those premisses and grounds must accordingly be borne in mind when interpreting Article 1, which defines the object of the Directive in the following terms:

1. In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data.

2. Member States shall neither restrict nor prohibit the free flow of personal data between Member States for reasons connected with the protection afforded under paragraph 1.

9.

As regards the principal definitions set out in Article 2 of the Directive, it should be borne in mind for present purposes that:

(a) personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

(b) processing of personal data means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

(c) personal data filing system means any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

(d) controller means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.

10.

Article 3 defines the scope of the Directive, specifying in paragraph 1 that it is to apply to the processing of personal data wholly or partly by automatic means, and to the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system. Paragraph 2 provides that it is not to apply to the processing of personal data:

- in the course of an activity which falls outside the scope of Community law, such as those provided for by Titles V and VI of the Treaty on European Union and in any case to processing operations concerning public security, defence, State security (including the economic well-being of the State when the processing operation relates to State security matters) and the activities of the State in areas of criminal law;

- or by a natural person in the course of a purely personal or household activity. (3)

11.

For present purposes, some of the provisions of Chapter II of the Directive (General rules on the lawfulness of the processing of personal data, Articles 5-21), are also important, notably Article 7, which concerns the cases in which personal data may be processed. In that connection, it should be pointed out in particular that Article 7(a) provides that, as in other instances of no relevance to the present case, such data may be processed only if the data subject has unambiguously given his consent.

12.

Article 8, on the other hand, lays down special rules for certain categories of sensitive data. In particular, paragraph 1 provides that, in principle, Member States shall prohibit the processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of data concerning health or sex life. Along with other exceptions that are not relevant here, paragraph 2 provides that that provision is not to apply where the data subject has given his explicit consent to the processing of those data, except where the laws of the Member State provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject's giving his consent.

13.

To reconcile the requirement of protection as regards the processing of personal data with the principle of freedom of expression, Article 9 therefore specifies that Member States shall provide for exemptions or derogations from the provisions of this Chapter, Chapter IV and Chapter VI for the processing of personal data carried out solely for journalistic purposes or the purpose of artistic or literary expression only if they are necessary to reconcile the right to privacy with the rules governing freedom of expression.

14.

Still on the subject of the General rules on the lawfulness of the processing of personal data, it must also be noted for present purposes that under Article 18, with certain exceptions, prior notification of any processing of personal data must be given by the controllers to the appropriate supervisory authorities to be appointed in the Member States.

15.

Lastly, under Article 25 of the Directive, the transfer to a third country of personal data which are undergoing processing or are intended for processing after transfer may take place only if ... the third country in question ensures an adequate level of protection (paragraph 1). The adequacy of the level of protection shall be assessed in the light of all the circumstances surrounding a data transfer operation or set of data transfer operations; particular consideration shall be given to the nature of the data, the purpose and duration of the proposed processing operation or operations, the country of origin and country of final destination, the rules of law, both general and sectoral, in force in the third country in question and the professional rules and security measures which are complied with in that country (paragraph 2).

The relevant Swedish provisions

16.

Sweden implemented Directive 95/46 by means of the Personuppgiftslagen (law on personal data). (4) For present purposes, it is noteworthy that, under Section 49(1)(b) to (d) of that law, the following offences are subject to prosecution in Sweden: failure to notify the competent supervisory authority (the Datainspektionen) of any processing of personal data by automatic means; processing sensitive data, including data relating to health; and transferring processed personal data to a third country without authorisation. It is also clear from the travaux préparatoires for the Personuppgiftslagen that that law is not intended to differ in scope from the Directive.

Facts and procedure

17.

In autumn 1998, in addition to her normal job, Mrs Bodil Lindqvist was carrying out voluntary work as a catechist in the parish of Alseda in Sweden. In the course of her work, to enable the parishioners to obtain easily the information they needed, Mrs Lindqvist set up a home page on the Internet with information about herself, her husband and 16 colleagues in the parish, giving only their first name in some cases and their full name in others. In addition, the home page described, in a mildly humorous manner, her colleagues' jobs and hobbies; and in some cases their family circumstances were outlined, and telephone numbers and other personal information given. One of the various items of interest for present purposes was a report that a colleague was on half-time on medical grounds because she had injured her foot. The home page was also accessible through the Swedish Church's home page, with which a link had been set up at Mrs Lindqvist's request.

18.

Mrs Lindqvist had not told her colleagues about the home page or sought their consent to process their data. The Datainspektionen had not been informed that the home page was being set up, nor had it been notified of any processing of personal data. The home page was short-lived, however, as Mrs Lindqvist quickly took steps to remove it as soon as she became aware that some of her colleagues were unhappy about it.

19.

Although the home page was removed promptly, Mrs Lindqvist was prosecuted in Sweden under Paragraph 49(1)(b) to (d) of the Personuppgiftslagen for setting it up. It was claimed in particular that she had processed data by automatic means without giving prior written notification to the Datainspektionen; that she had processed sensitive data, such as the data relating to her colleague's injury and subsequent half-time employment on medical grounds; and that she had transferred processed personal data to a third country without authorisation.

20.

Mrs Lindqvist accepted that the facts alleged by the prosecutor were true but contended that they did not constitute an offence. Her arguments were, however, rejected by the court hearing the case, which fined her in a ruling which Mrs Lindqvist subsequently appealed before the Hovrätten.

21.

As doubts arose in the course of the proceedings as to whether the Swedish legislation was consistent with the provisions of the Directive and complex issues were raised regarding the interpretation of those provisions, the Hovrätten stayed proceedings in order to refer the following questions to the Court of Justice for a preliminary ruling:

(1) Is the mention of a person - by name or with name and telephone number - on an Internet home page an action which falls within the scope of the Directive? Does it constitute the processing of personal data wholly or partly by automatic means to list on a self-made Internet home page a number of persons with comments and statements about their jobs and hobbies etc?

(2) If the answer to the first question is no, can the act of setting up on an Internet home page separate pages for about 15 people with links between the pages which make it possible to search by first name be considered to constitute the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system within the meaning of Article 3(1)?

If the answer to either of those questions is yes, the Hovrätten also asks the following questions:

(3) Can the act of loading information of the type described about work colleagues onto a private home page which is none the less accessible to anyone who knows its address be regarded as outside the scope of the directive on the ground that it is covered by one of the exceptions in Article 3(2)?

(4) Is information on a home page stating that a named colleague has injured her foot and is on half-time on medical grounds personal data concerning health which, according to Article 8(1), may not be processed?

(5) The Directive prohibits the transfer of personal data to third countries in certain cases. If a person in Sweden uses a computer to load personal data onto a home page stored on a server in Sweden - with the result that personal data become accessible to people in third countries - does that constitute a transfer of data to a third country within the meaning of the Directive? Would the answer be the same even if, as far as known, no one from the third country had in fact accessed the data or if the server in question is actually physically in a third country?

(6) Can the provisions of the Directive, in a case such as the above, be regarded as bringing about a restriction which conflicts with the general principles of freedom of expression or other freedoms and rights, which are applicable within the EU and are enshrined in inter alia Article 10 of the European Convention for the Protection of Human Rights and Fundamental Freedoms?

Lastly, the Hovrätten wishes to ask the following question:

(7) Can a Member State, as regards the issues raised in the above questions, provide more extensive protection for personal data or give it a wider scope than the Directive, even if none of the circumstances described in Article 13 exists?

22.

In the subsequent proceedings before the Court, in addition to Mrs Lindqvist and the Kingdom of Sweden, the Kingdom of the Netherlands, the United Kingdom and the Commission also submitted observations.

Legal analysis

Introduction

23.

As we have seen, the referring court asks the Court a number of questions about the scope of the Directive, the interpretation of Articles 8 and 25, the validity of its provisions with reference to general principles of Community law, and whether Member States may provide a higher level of protection than that afforded by the Directive.

24.

With reference more specifically to the scope of the Directive, the court appears to have no doubt that there was processing of personal data in the present case, nor did any of the intervening parties express any doubt on the subject. Indeed it is clear that:

- first, the information about Mrs Lindqvist's colleagues (first name, surname, telephone number, job, hobbies, etc.) is personal data, given that any information relating to an identified or identifiable natural person falls into that category (Article 2(a)); and

- second, loading that information on a home page of the type at issue gives rise to a processing of personal data since, in that respect too, the Directive contains a particularly wide definition covering any operation or set of operations which is performed upon personal data, whether or not by automatic means such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction (Article 2(b)).

25.

However, not all processing of personal data falls within the scope of the Directive. Article 3(1) provides that the Directive shall apply only to the processing of personal data wholly or partly by automatic means and to the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system. In more general terms, Article 3(2) then provides that the Directive shall not apply to the processing of personal data in the course of an activity which falls outside the scope of Community law (5) (first indent) or by a natural person in the course of a purely personal or household activity (second indent).

26.

As regards the extent to which those provisions limit the scope of the Directive, the referring court therefore seeks, by its first three questions, to ascertain:

(i) whether loading the information in question on the home page constitutes a processing of personal data wholly or partly by automatic means (first question) or processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system (second question);

(ii) whether the processing of personal data of the type at issue is nevertheless outside the scope of the Directive in so far as it is carried out in the course of an activity which falls outside the scope of Community law or by a natural person in the course of a purely personal or household activity (third question).

27.

Notwithstanding the order in which the referring court has put the question, in my view the issues raised in the third question must be resolved first. Since Article 3(2) is more general, it seems to me to be clear that even the processing of personal data wholly or partly by automatic means or processing otherwise than by automatic means of personal data which form part or are intended to form part of a filing system falls outside the scope of the Directive if it is carried out in the course of an activity which falls outside the scope of Community law or by a natural person in the course of a purely personal or household activity. That being so, an affirmative answer to the third question would render examination of the first two questions superfluous. I shall therefore start by examining that question.

The third question

Arguments of the parties

28.

All the intervening parties submitted observations on this question, except for the United Kingdom which confined itself to the fifth and sixth questions.

29.

Mrs Lindqvist contends that the Directive only covers the processing of personal data in the course of economic activity, not processing (as in the present case) that is free of charge and unconnected with any economic activity. Otherwise, according to Mrs Lindqvist, a problem would arise with regard to the validity of the Directive inasmuch as Article 95 EC (on the basis of which the Directive was adopted) does not allow activities that have no connection with the objective of completing the internal market to be regulated at Community level. To regulate such activities by means of a harmonisation Directive adopted on the basis of that Article would in fact entail a breach of the principle enshrined in Article 5 EC that the Community shall act within the limits of the powers conferred upon it by this Treaty.

30.

Not without misgivings, the Swedish Government too appears to consider that loading personal data on a home page set up by a natural person exercising that person's own freedom of expression and having no connection with any professional or commercial activity does not fall within the scope of Community law. However, as regards the scope of the second indent of Article 3(2), that Government considers that the dissemination of personal data via the Internet cannot be described as a purely personal or household activity inasmuch as it entails the transmission of that data to an indefinite number of people.

31.

The Netherlands Government, for its part, does not think the processing at issue is outside the scope of the Directive by virtue of the limits set by the two provisions contained in Article 3(2). In particular, it too considers that the activity in question is not of a purely personal or domestic nature inasmuch as it implies the dissemination of personal data to an unknown and unlimited number of people.

32.

Lastly, according to the Commission, the scope of the Directive must be interpreted broadly as including processing of the type at issue. With reference to the first indent of Article 3(2), the Commission emphasises in particular that Community law is not confined to regulating economic activities and it points out inter alia that Article 6 of the Treaty on European Union requires the Union to respect fundamental rights as general principles of Community law. It adds that it is clear from the preamble to the Directive that it is intended among other things to contribute to the social progress and well-being of individuals and that it cannot be ruled out that it is intended to regulate the free movement of personal data as a social activity in the course of the completion and operation of the internal market. The Commission also considers that the activity at issue falls within the scope of Community law because, in availing herself of services (in particular telecommunications services) connected with the use of the Internet, Mrs Lindqvist is in its view a person for whom ... services are intended (6) within the meaning of Article 49 EC. Lastly, the Commission observes that the activity at issue in the present case is not a purely personal or household activity because, in the first place, a home page is accessible not only to anyone who knows its address but to anyone using a search engine and, in the second place, such activities are by definition concerned only with the private life of the person processing the data.

Assessment

33.

As I have already pointed out more than once, it must be determined here whether the processing of personal data of the type at issue is outside the scope of the Directive within the meaning of Article 3(2) in so far as it is carried out in the course of an activity which falls outside the scope of Community law or by a natural person in the course of a purely personal or household activity.

34.

To begin with the second aspect, I agree with the Commission and the Swedish and Netherlands Governments that processing of the type at issue cannot be regarded as a purely personal or household activity. In my view, only activities such as correspondence and the holding of records of addresses (mentioned as examples in the 12th recital in the preamble) fall into that category, that is to say clearly private and confidential activities that are intended to be confined to the personal or domestic circle of the persons concerned. Consequently, I do not think that an activity with a strong social connotation, such as Mrs Lindqvist's activity as a catechist in the parish community, can be regarded as falling into that category, particularly as the processing carried out by Mrs Lindqvist clearly extended beyond her personal and domestic circle, and even involved loading personal data on a home page accessible by anyone, anywhere in the world, through a specific link on a site well-known to the public (and therefore easy to find with a search engine), namely the Swedish Church's home page.

35.

On the other hand, I agree with Mrs Lindqvist that the processing in question was carried out in the course of an activity which falls outside the scope of Community law.

36.

In that connection, I note that in fact the home page in question was set up by Mrs Lindqvist without any intention of economic gain, solely as an ancillary activity to her voluntary work as a catechist in the parish community and outside the remit of any employment relationship. The processing of the personal data in question was therefore carried out in the course of a non-economic activity which had no connection (or at least no direct connection) with the exercise of the fundamental freedoms protected by the Treaty and is not governed by any specific rules at Community level. In my view, it therefore follows that that processing was carried out in the course of an activity which falls outside the scope of Community law within the meaning of Article 3(2) of the Directive.

37.

I find the Commission's reasoning contrived, when it argues that the activity in question falls within the scope of Community law because in the course of performing it Mrs Lindqvist availed herself of numerous services connected with the use of the Internet (in particular telecommunications services) and thus made use of the rights conferred by Article 49 EC. Apart from the fact that there is nothing in the order for reference or the documents in the case to suggest any cross-border element that could justify the application of Article 49 in the present case, (7) it seems to me to be abundantly clear that Article 3(2) of the Directive would be completely meaningless if all activities, even non-economic activities, for which people used telecommunications or other services were to be regarded as falling within the scope of Community law. On that premiss, the Directive would also have to be extended to cover the activities provided for by Titles V and VI of the Treaty on European Union too, whenever they involve the use of those services, although those activities are expressly mentioned in Article 3(2) as examples of an activity which falls outside the scope of Community law.

38.

The Commission's argument that Mrs Lindqvist's activity falls within the scope of the Directive because the Directive is not confined to pursuing economic objectives but also has objectives connected with social imperatives and the protection of fundamental rights also seems contrived to me.

39.

In that connection, it should be borne in mind that the Directive was adopted on the basis of Article 100a of the Treaty to encourage the free movement of personal data through the harmonisation of the laws, regulations and administrative provisions of the Member States on the protection of individuals with respect to the processing of such data. In particular, the Community legislature wanted to establish a level of protection equivalent in all Member States in order to remove the obstacles to flows of personal data resulting from the difference in levels of protection of the rights and freedoms of individuals, notably the right to privacy, ... afforded in the Member States (seventh and eighth recitals) (8) because, once the harmonisation Directive was adopted, given the equivalent protection resulting from the approximation of national laws, the Member States will no longer be able to inhibit the free movement between them of personal data on grounds relating to protection of the rights and freedoms of individuals, and in particular the right to privacy (ninth recital).

40.

It is of course true that, in determining the level of protection equivalent in all Member States, the legislature took account of the need to contribute to economic and social progress and (above all) to safeguard the fundamental rights of individuals (second and third recitals) in order to ensure a high level of protection of those rights (tenth recital). However, all this was conceived in the course of and with a view to achieving the main objective of the Directive, namely the free movement of personal data inasmuch as it is held to be vital to the internal market (eighth recital).

41.

Contributing to economic and social progress and safeguarding fundamental rights therefore represent important values and imperatives which the Community legislature took into account in framing the harmonised rules required for the establishment and functioning of the internal market but they are not independent objectives of the Directive. Otherwise, it would have to be assumed that the Directive was intended to protect individuals with respect to the processing of personal data to the point of disregarding the objective of encouraging the free movement of such data, with the absurd consequence that the only processing to fall within its scope would be processing for the purpose of activities which had some social significance but no connection with the establishment and functioning of the internal market.

42.

Also, as Mrs Lindqvist has pointed out, if in addition to the aim of encouraging the free movement of personal data in the internal market, the Directive were held to have other, independent, objectives connected with social imperatives and the protection of fundamental rights (in particular the right to privacy), the very validity of the Directive might be called into question, since in that case its legal basis would be manifestly inadequate. Article 100a could not be cited as a basis for measures that went beyond the specific aims mentioned in that provision, that is to say measures that were not justified by the objective of encouraging the establishment and functioning of the internal market.

43.

I note in this connection that quite recently, in the well-known judgment annulling Directive 98/43/EC (9) for lack of legal basis, the Court had occasion to make it clear on this very point that the measures referred to in Article 100a(1) of the Treaty are intended to improve the conditions for the establishment and functioning of the internal market. To construe that article as meaning that it vests in the Community legislature a general power to regulate the internal market would not only be contrary to the express wording of the provisions cited above but would also be incompatible with the principle embodied in Article 3b of the EC Treaty (now Article 5 EC) that the powers of the Community are limited to those specifically conferred on it. (10) With specific reference to the protection of fundamental rights, I would point out that in its noted Opinion 2/94, delivered after the adoption of the Directive, the Court expressly stated that no Treaty provision confers on the Community institutions any general power to enact rules on human rights. (11)

44.

In the light of all the foregoing observations, I therefore propose that the answer to this question should be that, pursuant to the first indent of Article 3(2) of the Directive, processing of personal data which consists of setting up a home page of the type at issue without any intention of economic gain, solely as an ancillary activity to voluntary work as a catechist pursued in the parish community and outside the remit of any employment relationship does not fall within the scope of the Directive.

The other questions

45.

Having come to the conclusion that processing of personal data of the type at issue does not fall within the scope of the Directive, I do not think there is any need to examine the other questions put by the referring court.

Conclusion

46.

In the light of the foregoing, I therefore propose that the following answer be given to the Hovrätten di Götaland:

Pursuant to the first indent of Article 3(2) of Directive 95/46/EC, processing of personal data which consists of setting up a home page of the type at issue without any intention of economic gain, solely as an ancillary activity to voluntary work as a catechist pursued in the parish community and outside the remit of any employment relationship does not fall within the scope of the Directive.

1: - Original language: Italian.

2: - OJ 1995 L 281, p. 31.

3: - As examples of activities which are exclusively personal or domestic, the 12th recital mentions in particular correspondence and the holding of records of addresses.

4: - Personuppgiftslagen, Svensk författningssamling (SFS) 1998:204.

5: - By way of example, the provision in question mentions the activities provided for by Titles V and VI of the Treaty on European Union, adding that in any case processing operations concerning public security, defence, State security (including the economic well-being of the State when the processing operation relates to State security matters) and the activities of the State in areas of criminal law are also excluded.

6: - In this connection, the Commission draws a comparison in particular with the well-known judgments in Joined Cases 286/82 and 26/83 Luisi and Carbone [1984] ECR 377 and Case 186/87 Cowan [1989] ECR 195.

7: - Among many relevant judgments, see most recently those in Case C-108/98 RI.SAN. [1999] ECR I-5219, paragraph 23; Case C-97/98 Jägerskiöld [1999] ECR I-7319, paragraph 42; and Joined Cases C-51/96 and C-191/97 Deliège [2000] ECR I-2549, paragraph 58.

8: - The seventh recital emphasises in particular that this difference may constitute an obstacle to the pursuit of a number of economic activities at Community level, distort competition and impede authorities in the discharge of their responsibilities under Community law.

9: - Directive 98/43/EC of the European Parliament and of the Council of 6 July 1998 on the approximation of the laws, regulations and administrative provisions of the Member States relating to the advertising and sponsorship of tobacco products (OJ 1998 L 213, p. 9).

10: - Judgment in Case C-376/98 Germany v Parliament and Council [2000] ECR I-8419, paragraph 83.

11: - Opinion 2/94 of 28 March 1996 [1996] ECR I-1759, point 27.