Data protection at the Court

Judicial functions

When acting in their judicial capacity, the Court of Justice and the General Court collect and process personal data, in order to ensure the proper conduct of judicial proceedings, communicate procedural documents to the parties involved, and publish information about pending or closed cases.

These activities are guided by specific procedural requirements that respect the principles of independence and open courts. You can find detailed information about the procedures of both Courts on the following pages:

• Procedural texts of the Court of Justice 
• Procedural texts of the General Court 

Publication of names and other information in proceedings

Information about judicial proceedings, including names and other information, published online may be referenced, and can be found through search engines. As such, individuals involved in a case should carefully review the Courts’ guidelines on requesting the omission of their data in judicial proceedings

• Granting anonymity in judicial proceedings before the Court of Justice
• Omission of data vis-à-vis the public in judicial proceedings before the General Court

How to make a request to omit data in cases

Applications for the omission of personal data must be submitted to the appropriate Court in line with the relevant procedural rules.

Requests in the context of pending cases must be made following the rules concerning communication with the Registries in the course of proceedings as outlined on the following pages:

• Lodging documents at the Court of Justice 
• Lodging documents at the General Court 

Requests not concerning pending cases can be made by post or by email. Contact details for the Registries of each Court can be found on their respective webpages:

• Registry of the Court of Justice
• Registry of the General Court

Handling applications and complaints

When the Registrar of the Court of Justice or the Registrar of the General Court is responsible for a data processing activity, for example because of their obligations as the person in charge of the Courts’ publications, including judicial decisions, they will decide on a request within two months. A failure to reply within this period is deemed to be an implicit rejection of the application.

A complaint against the Registrar’s decision can be filed within two months to a designated committee within the Court of Justice or the General Court, which is responsible for ensuring that the rules on data protection are followed.

You can find more information on the circumstances in which an application or complaint can be made in

• Decision of the Court of Justice of 1 October 2019 establishing an internal supervision mechanism regarding the processing of personal data by the Court of Justice when acting in its judicial capacity
• Decision of the General Court of 16 October 2019 establishing an internal supervision mechanism regarding the processing of personal data by the General Court when acting in its judicial capacity

The committee must rule on the complaint within four months. If there is no reply after this period, this means that the Registrar’s decision has been confirmed. These committees can only rule on decisions adopted by the registrar of one of the Courts when they are the ones responsible for the processing at issue. Submitting a complaint to a committee does not constitute a legal remedy for a judicial decision made by the Court of Justice or General Court.

Non-judicial functions

The Court may also find it necessary to process personal data when acting in its non-judicial capacity, for example in the context of its administrative activities.

Data Protection Officer

The Data Protection Officer (DPO) ensures that the Court complies with Regulation (EU) 2018/1725 within the field of his competences. This Regulation governs the protection of personal data processed by the EU institutions and agencies. The DPO also advises the Court’s data controllers on their obligations regarding the protection of personal data.

If you have any questions about the processing of personal data related to the institution’s non-judicial activities or using the Court’s website, you can use the contact form to get in touch with the DPO.

Central record of processing activities

The DPO maintains a record of all personal data processing operations. It contains, in particular, information on the data controller, the data subject, and the purpose of the processing.

You can consult the central record of processing activities online.

Rights of data subjects

Data subjects have rights under EU law. In particular, under Regulation (EU) 2018/1725, these rights include

• the right to request access to the data from the data controller
• the right to have the data corrected or erased
• the right to restrict the processing of the data
• under certain conditions, the right to object to data processing based on the data subject’s particular situation

In exceptional cases, the Court might restrict the scope of certain rights. These restrictions are set out in a 2019 decision of the Court of Justice, and are subject to regular monitoring and review. Any decision to restrict the rights of data subjects must be necessary and proportionate having regard to the particular case. Such situations include

• during inquiries, investigations, audits or other internal procedures
• when transmitting information to the European Anti-Fraud Office (OLAF)
• in cooperation with other EU institutions and agencies, with the authorities of Member States or third countries, and with international organisations
• when administrative departments handle judicial cases that involve the Court as a party

European Data Protection Supervisor

The European Data Protection Supervisor (EDPS) is an independent authority that supervises data protection across the EU institutions, with the exception of the Court when it acts in its judicial capacity.

If you believe that your data has been handled incorrectly under Regulation (EU) 2018/1725, you can file a complaint with the EDPS.