Access To Public Information:
A Key To Commercial Growth And Electronic Democracy

Conference - Stockholm
27/28 June 1996

Flags of 15 EU Member States

Privacy and transparency: how can they be reconciled?

Dr Ulf Brühann

Head of Unit "Free movement of information, Data protection and international aspects" 
DGXV, European Commission

Proceedings ]

'1984' has a double significance to this conference: it not only is the title of a book which describes fears about invasions of privacy through extensive use of information technologies, it was also one of the first years of application of a new law in the Province of Quebec, which combined in a comprehensive way the rights of access to public documents and the right of individuals to privacy. I will indeed argue that both rights are not so much conflicting but two inseparable aspects of the same concept of ensuring conditions in which citizens are able to participate effectively in the communication process which is indispensable in any democratic society.

1. The principle of public access to official information is no longer really unique to Sweden, although it was introduced here more than two hundred years ago. In the meantime it has come to be recognised in the majority of Member States either by Constitutional or legislative provision as a necessary part of the functioning of a democratic society. It was not only felt that openness and transparency corresponded more closely to the modern democratic form of government, and that the way in which administrative affairs are handled should be more visible and understandable for the citizen, but it was also assumed that a more open approach stimulated an informed public debate on public policy issues and allowed, in addition to the traditional parliamentary supervision, new ways to control the proceedings of the administration.

The measures adopted pursuant to that principle included mechanisms to increase the public participation in the administrative decision-making process. Those measures vary from an obligation to pre-consult the public (Green and White papers), the right to call for a public hearing and the granting of a right to the public to propose legislation which the relevant public authority would the be obliged to adopt or to consider. The measures also included the reinforcement of provisions dealing with improved explanation and justification of decisions to the public, the improved publication of final decisions and increased opportunities for appeal against administrative decisions. In some instances, new ways of appeal were created, such as the establishment of an ombudsman.

Finally such mechanisms normally included the establishment of the principle whereby documents held by public authorities are generally open to the public unless such access has been explicitly exempted for a number of specific reasons.

The latter right was provided in different forms:

In the Community, the existence of such access rights has been reaffirmed on various occasions, in particular in the declaration on the right of access to information as annexed (as Declaration Nr. 17) to the Final Act of the Treaty on the European Union, which links it with the democratic nature of the European Institutions. Moreover, the Council and the Commission adopted several measures to implement that right. The European Council in Florence concluded at its meeting on 22 June 1996 that transparency and openness in the Union's work should be fostered. Finally, the European Court of Justice has in a recent judgement of 30 April 1996 accepted that the Council has adopted internal rules on the right of public access, pending binding Community regulation.

Of the Member States in the Community Denmark, France, Greece, the Netherlands and Sweden have statutes establishing general rights of access to government information. Outside the Community, the United States, Canada and Norway have adopted a similar approach.All of these statutes have one thing in common: they provide the public with a right of access to information on request.

2. However, such access rights have never been unrestricted. Although the grounds for exceptions may vary considerably, these generally fall into one of two categories:

Protection of the general interest includes exceptions for reasons as numerous and varied as the security of the State, national security and defence matters, economic and financial interest, investigation of criminal offences and prosecution of offenders, inspection activities, and even interest in the preservation of a species of flora or fauna.

Protection of the individual interest concerns exceptions with regard to the protection of personal privacy and the confidentiality in particular of business information.In countries with a long history of the principle of public access to official documents, the scope and importance of these exceptions have been continuously widened. This is particularly true for Sweden, where important public voices advocate a re-evaluation of the Freedom of the Press Act.The reasons for this are twofold. First, the increased use of modern information technologies in nearly all sectors of administration offer ever increasing possibilities of retrieval and combination of all kind of information including personal data. Traditional practical and economic thresholds for such processing disappear. It is more and more feasible and economically viable to process, match and reuse information, which was previously held in manual data files and therefore impossible to exploit in the same way. As a consequence, the risks to privacy for the individual increase by the mere introduction and expansion of information technologies in all areas of administration.

Second, the uses which can be made from such huge masses of information become more and more unpredictable. It is impossible, to foresee exactly the need for secrecy in future data processing. Intelligent uses of existing information may produce added value information which is worthy of protection but not covered by existing specific and limited exemptions.The Swedish Secrecy Act of 20 March 1980 contains an extensive catalogue of nearly a hundred pages of specific and detailed exemptions to the principle of public access to official documents. Chapter 7 deals with Secrecy with regard primarily to the protection of the personal circumstances of individuals, Chapter 8 with secrecy with regard primarily to the protection of the economic conditions of private subjects, Chapter 9 with Secrecy with regard to the protection of a private subject's personnel as well as economic circumstances. Each of the chapters contain between 26 and 18 sections, some of which limit the right of access in general terms "if it can be assumed that the individual or a person closely related to him would be harmed should the information be disclosed."

3. In spite of all that, arguments have been made that data protection rules would pose a threat to the mere existence of the principle of public access to official information.The European Parliament and Council adopted on 24 October 1995 a directive on the protection of individuals with regard to the processing of personal data and the free movement of such data. This directive provides for principles of processing of personal data, rights for the persons concerned and the establishment of external control.In particular, five principles of the European data protection directive were cited as being incompatible with the open access principle. The areas of conflict were:

I will resist the temptation to demonstrate in detail that the data protection rules do not stand in the way of the application of the principle of public access to official documents. Some of the perceived threats are attributed to principles which existed already in the Convention of the Council of Europe, to which Sweden and most other Member States are parties, (the finality principle, the time limitation principle, and the specific protection of sensitive data, for example). Although trade union membership has been added as a category of sensitive data, Member States have the possibility to regulate exemptions for reasons of important public interest. Information obligations do not necessarily cover individual recipients of data. It is for precisely this reason that the directive in its last recital contains, more as a statement than a rule, that "the directive allows the principle of public access to official documents to be taken into account when implementing its principles".

4. Moreover it can be argued that the supposed dilemma or conflict between the principle of public access to official documents and data protection principles does not even exist. On the contrary both principles can be seen as necessary and complementary elements to serve a more basic constitutive objective of a democratic society: to create the conditions under which the individual is able to fully participate in the democratic process in a given society. In that way data protection can be seen as a necessary part of a more general set of rules on allocation of information in a democratic society.

The Canadian Province of Quebec was the first legislator to adopt on 23 June 1982 an Act linking in a comprehensive way regulations guaranteeing Access to documents held by public bodies and the Protection of Personal Information. In that way it recognised that the process of public communication needs protection in two ways: allowing the individual to provide himself with the necessary information on public policy issues to participate in the public political debate and to put him into the position in which he is not the object but the subject of information in that society. If obligations on information processing and the existence of legal rights do not protect the individual by allowing him to determine who, and under which conditions and for which purposes, may process personal data relating to him and describing parts of his existence, the danger exists that he gradually looses the possibility to participate in the public debate as a citizen and becomes an object of communication by others. Instead of contributing as a responsible citizen to social life, he is expected to respond to social expectations to "optimise" his behaviour, simply following public policy models e.g. on improved crime prevention, cost efficient social security systems and organised consumer behaviour.

A practical example is the right to anonymous access to public documents: it allows for public access while protecting the privacy of the citizen at the same time.

5. If the existence of the public access principle is not at stake, what are the conclusions regarding possible limitations of public access rights?

The first issue to consider concerns the principle of proportionality. Personal data may only be processed where necessary for the purpose being pursued. In this context, two questions need to be raised. The first concerns the extent to which social tasks need to be performed by public authorities. A number of social tasks have already been privatised, e.g. in the telecommunications sector.The second question concerns the extent to which the use of personal data is really necessary for the execution of any task given to a public authority. This question has been at the heart of the well-known census case decided by the German Constitutional court. The examination of payment systems used by public authorities may become an issue in the future.

The real issue however is in my view the secondary uses or the re-use, which is made of public documents after they have left their public sphere. One of the most basic principles of protection of personal data is the principle that such data can only be processed for specified, explicit and legitimate purposes and not further processed in a way incompatible with such purposes.

The underlying rationale of the principle of public access to official documents has been to improve the conditions for the necessary public debate by providing more information to the individual. This certainly includes access by the written and audio-visual media whose traditional function is to pass on information which they consider relevant for such public debate.However, subsequent commercial use of personal data obtained by use of public access may be a key to economic growth, as the title of this Conference suggests, but it also raises questions of a different nature regarding the use of publicly available data.

Some of you may remember that the first Commission proposal for a data protection directive included provisions on the lawfulness of data processing for publicly available data. This idea was not accepted either by Parliament or the Council. The reason was that the risk to privacy of a given processing operation does not depend on whether the source of the data is public or not, but on the purpose and context of the secondary processing.

The issue is real. Secondary uses for different purposes may change the quality of personal data. Data which have been relevant, up to date and complete for one purpose may not qualify in the same way in another context. Moreover, they may have been obtained through obligatory procedures which may limit future use for fairness reasons. In addition, it must be remembered, that public authorities are mandated to cover fields which other parts of society should not be engaged in. May I recall that the principle of public access was never intended to be more than accessibility of information - where not classified as secret - at the premises of the authority. The manual nature of processing was a powerful barrier against secondary uses.

For example, the maintenance of criminal registers is a task normally given to a public authority with a specific purpose and with precise limitations: persons with a certain interest may be allowed access for a specified but limited period of time so that they may be aware of the personal situation of those convicted. How would subsequent commercial use deal with such limitations?

The electoral register has been created mainly for purposes of verification. To use it as a basis for the production of a CD-ROM presenting a nation wide population register including identifiers would raise data protection issues of an entirely different nature. The Equifax experience in America has not been forgotten.

Court proceedings have traditionally been open to the public. But the direct television transmission of such proceedings raises once again other issues, as was demonstrated in the O J Simpson trial.

Consequently there are very good reasons to require that reuse of personal data which are obtained by way of access to public documents must satisfy general data protection rules, in particular the principles of legitimate finality and compatibility of use.This also means that the exercise of public access to personal data requires a legitimate interest, as is specifically spelled out for certain public registers, which could simply be a general interest to be informed - so long as the interests of the data subjects do not override such a general interest.

6. Some of you might protest that the concept of data protection, as laid down in the directive and which I have just applied, is now too old-fashioned and outdated, given that it is derived from the Council of Europe Convention of 1981. But the directive, while building on existing concepts in Member States, has profited from their experience to modernise the different elements so as to create a coherent system of data protection. To cope with Information Society applications it has introduced the dynamic notion of "processing" as the basic object of protection rules. It has found a solution for the problem of applicable law, providing legal security for Internet service providers, for example. It has strengthened the information rights and other rights of the individual.

Last but not least it has strengthened the powers of supervisory authorities, shifting the emphasis from ex ante to ex post control and underlining their consultation role for both operators and individuals as well as in the process of making legislation.

The principles of the directive may be not new - which does not mean that they could no longer be useful in view of the introduction of new information and communication technologies. But there may be a growing need to specify the general principles much more regarding their application to new processing operations flowing from public access to official information. 

Proceedings ]

I*M Europe Home ] [ LAB Home ] [ Help ] [ Frequently Asked Questions (FAQs) ] [ Subject Index ] [ Text Search ]
Discussion forums ] [ Feedback and queries ] [ Europa WWW server ]

Home - Gate - Back - Top - Bruehann - Relevant

©ECSC-EC-EAEC, Brussels-Luxembourg, 1996