Bodil Lindqvist v.Göta hovrätt
审理法院:欧盟法院大法庭(Grand Chamber)
案号:C-101/01, EU:C:2003:596
判决时间:2003年11月6日
核心问题
第95/46号指令规定的“全部或部分以自动化方式处理个人数据”是否包括在慈善或宗教活动中将他人的相关个人数据在互联网发布的行为?
欧盟法院观点
在互联网网页上提及他人个人数据,并通过姓名或其他方式识别他人身份构成第95/46号指令规定的“全部或部分以自动化方式处理个人数据”。在慈善或宗教活动中对个人数据进行这种处理行为不属于该指令规定的豁免情况。
说明
以下内容由中国人民大学法学院马鹤翻译,原文来自欧盟法院于2021年公布的“个人数据保护情况说明书”(fact sheet),第14-15页,全文详见文末“阅读原文”或回复“c001”。
个人数据处理的概念
Lindqvist女士是瑞典新教一个教区的志愿工作者,其使用其个人电脑上建立一个网站,并在上面发布了与她在教区内一起做志愿工作的人相关个人数据。而Lindqvist女士因此被罚款,因为她没有事先书面通知瑞典电子数据传输保护监督机构(Datainspektion),在未经授权的情况下以自动方式使用个人数据并将其传输到第三国,且对个人敏感数据进行了处理。
Lindqvist女士针对该罚款决定向瑞典上诉法院(Göta hovrätt)提出上诉,瑞典国家法院提请欧盟法院初步裁决,以确定Lindqvist女士的行为是否属于第95/46号指令规定的 “全部或部分以自动化方式处理个人数据”。
欧盟法院认为,在网站上公布他人个人数据,并通过姓名或其他方式识别他人身份,例如说明他们的电话号码或有关其工作条件和爱好的信息,这种行为构成第95/46号指令规定的“全部或部分以自动化方式处理个人数据”(第27段和执行部分1)。在慈善或宗教活动中对个人数据进行这种处理行为不属于该指令规定的豁免情况,因为这既不属于与公共安全相关的活动,也不属于该指令规定范围之外的出纯粹个人或家庭活动类别(第38、43至48段和执行部分2)。
案例原文
Mrs Lindqvist, a voluntary worker in a parish of the Protestant Church in Sweden, had set up, on her personal computer, internet pages on which she published personal data relating to a number of people working with her on a voluntary basis in the parish. Mrs Lindqvist was fined, on the ground that she had used the personal data by automatic means without giving prior written notice to the Swedish Datainspektion (supervisory authority for the protection of electronically transmitted data), that she had transferred the data to a third country without authorisation and that she had processed sensitive personal data.
In the appeal brought before the Göta hovrätt (Court of Appeal, Sweden) by Mrs Lindqvist against that decision, the national court referred questions to the Court for a preliminary ruling in order, in particular, to ascertain whether Mrs Lindqvist had carried out ‘the processing of personal data wholly or partly by automatic means’ within the meaning of Directive 95/46.
The Court held that the act of referring, on an internet page, to various persons and identifying them by name or by other means, for instance by stating their telephone number or information regarding their working conditions and hobbies, constitutes ‘the processing of personal data wholly or partly by automatic means’ within the meaning of that directive (paragraph 27 and operative part 1). Such processing of personal data in the course of charitable or religious activities is not covered by any of the exceptions to the scope of the directive, in so far as it does not fall within the category of activities concerning public security, or the category of a purely personal or household activity, which are outside the scope of the directive (paragraphs 38, 43 to 48 and operative part 2).
编辑:马鹤
指导:黄昊
声明:本文来自网络西东,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。