The protection of personal data processed by the Court of Justice of the European Union
The Court of Justice of the European Union may find it necessary to process personal data when acting in its judicial capacity, but also when acting in its non-judicial capacity.
Personal data protection has specific characteristics depending on the nature of the functions concerned. When acting in their judicial capacity, the Court of Justice and the General Court are subject to particular requirements that arise from the very nature of those functions and, in particular, from the need to respect the principles of independence and of open courts.
When acting in their judicial capacity, the Court of Justice and the General Court collect and process personal data for the purposes of ensuring the proper conduct of judicial proceedings and, in particular, of ensuring that procedural documents are communicated to the parties to the proceedings.
This processing is also intended to enable relevant information about judicial proceedings, whether pending or closed, to be disseminated, in accordance with the principle of open courts.
The information in question is that provided for, respectively, by the Protocol on the Statute of the Court of Justice of the European Union, by the Rules of Procedure of both courts and by the texts issued under those Rules. Those texts can be viewed on the following dedicated web pages:
Given that information relating to judicial proceedings that is published on the internet may be referenced and then found through the use of search engines, persons taking part in proceedings before one of the constituent courts of the Court of Justice of the European Union are invited to read carefully the following explanations concerning the granting of anonymity in the context of judicial proceedings:
Applications for anonymity in judicial proceedings must be addressed to the relevant court and must comply with the applicable procedural rules.
The various means of contacting the Registry of the court concerned are set out on their respective web pages:
Where the Registrar of the court concerned is responsible for processing data to which an application relates, for example, because of his or her obligations as the person in charge of the publications of the court and, in particular, publication of its judicial decisions, the Registrar will generally decide on that application within a period of two months, after which any failure to reply is deemed to constitute an implied decision rejecting the application.
A complaint in respect of the decision of the Registrar of the Court of Justice or of the Registrar of the General Court may be made, within a period of two months, to a committee established, respectively, within the Court of Justice and the General Court, which is responsible for ensuring that the rules on data protection are complied with.
The circumstances in which an application may be made to the Registrar and a complaint to the competent committee are set out in the following decisions:
- Decision of the Court of Justice of 1 October 2019 establishing an internal supervision mechanism regarding the processing of personal data by the Court of Justice when acting in its judicial capacity
The competent committee has a period of four months to rule on a complaint. Failure of the committee to reply within that period is deemed to constitute implied confirmation of the decision of the Registrar in respect of which the complaint was made.
It is important to make clear that these committees are competent only to rule on decisions adopted by the Registrar of the court concerned when he or she is responsible for the processing at issue. Submission of complaints to those committees does not constitute a legal remedy in respect of a judicial decision adopted by the Court of Justice or the General Court.
The Court of Justice of the European Union may also find it necessary to process personal data when acting in its non-judicial capacity, for example in the context of its administrative activities.
Central record of processing activities
Personal data processing operations are collated in a record maintained by the Data Protection Officer.
This record contains, inter alia, information on the data controller, the purposes of the processing, the data subjects and the data concerned by the processing, the recipients of the data, any data transfers and storage periods.
The record is accessible to the public:
Rights of data subjects
Where personal data are processed by the Court of Justice of the European Union acting in its non-judicial capacity, the persons whose data are processed can exercise the rights conferred on them by Regulation (EU) 2018/1725 and, in particular, the right to request from the data controller access to their data, the right to have the data rectified or erased or the right to the restriction of processing. Under certain conditions, a right to object to such processing is also provided for by that regulation, on grounds relating to the particular situation of the data subject.
The Court of Justice of the European Union may, in exceptional cases, restrict the scope of certain rights. Those restrictions may be applied to the right to information, the right of access, the right to rectification, the right to erasure, the right to restriction of processing, the notification obligation regarding those rights, the obligation to inform a person of a data breach, or the confidentiality of electronic communications.
The framework of those restrictions is set out in the Decision of the Court of Justice of the European Union of 1 October 2019 on internal rules concerning restrictions of certain rights of data subjects in relation to the processing of personal data in the exercise of non-judicial functions of the Court of Justice of the European Union.
Any decision to restrict the rights of data subjects must be necessary and proportionate having regard to the particular case. It may, inter alia, prove to be necessary:
- in connection with various inquiries, investigations, audits or other internal procedures;
- when the Court of Justice of the European Union transmits information to the European Anti-Fraud Office (OLAF);
- in the context of cooperation with the other institutions, bodies, offices and agencies of the European Union, with the authorities of the Member States or of third countries and with international organisations;
- when administrative departments are processing judicial cases to which the Court of Justice of the European Union is itself a party.
Those restrictions are duly monitored and periodically reviewed.
Data Protection Officer
You may contact the Data Protection Officer if you have any questions relating to the processing of personal data in connection with the institution’s non-judicial activities and the exercise of your rights.
Please use the contact form provided and select from the dropdown list of options: ‘My question concerns: the processing of my personal data by the Court of Justice of the EU’.
European Data Protection Supervisor
If a person considers that the processing of his or her personal data does not comply with Regulation (EU) 2018/1725, that person has the right to lodge a complaint with the European Data Protection Supervisor, who is not, however, empowered to monitor the processing of personal data by the Court of Justice of the European Union when the latter is acting in its judicial capacity.