menu MENU
arrow_back Back to the list of all Articles
Change country (Currently : Czechia) language
Contact our local member in Czechia mail_outline
Visit the website of Havlik Svorcik & Partners account_balance

arrow_backPrevious Article
Article 85
Next Articlearrow_forward

Processing and freedom of expression and information

Official
Texts Guidelines Caselaw Review of
EU Regulation Review of
Nat. Regulation
Show key term(s) and Article(s) related to article 85 of the Regulation keyboard_arrow_down Hide key term(s) and Article(s) related to article 85 keyboard_arrow_up

Key words related to article 85

Show the recitals of the Regulation related to article 85 keyboard_arrow_down Hide the recitals of the Regulation related to article 85 keyboard_arrow_up

(153) Member States law should reconcile the rules governing freedom of expression and information, including journalistic, academic, artistic and or literary expression with the right to the protection of personal data pursuant to this Regulation. The processing of personal data solely for journalistic purposes, or for the purposes of academic, artistic or literary expression should be subject to derogations or exemptions from certain provisions of this Regulation if necessary to reconcile the right to the protection of personal data with the right to freedom of expression and information, as enshrined in Article 11 of the Charter. This should apply in particular to the processing of personal data in the audiovisual field and in news archives and press libraries. Therefore, Member States should adopt legislative measures which lay down the exemptions and derogations necessary for the purpose of balancing those fundamental rights. Member States should adopt such exemptions and derogations on general principles, the rights of the data subject, the controller and the processor, the transfer of personal data to third countries or international organisations, the independent supervisory authorities, cooperation and consistency, and specific data-processing situations. Where such exemptions or derogations differ from one Member State to another, the law of the Member State to which the controller is subject should apply. In order to take account of the importance of the right to freedom of expression in every democratic society, it is necessary to interpret notions relating to that freedom, such as journalism, broadly.

Show the recitals of the Directive related to article 85 keyboard_arrow_down Hide the recitals of the Directive related to article 85 keyboard_arrow_up

(37)  Whereas the processing of personal data for purposes of journalism or for purposes of literary of artistic expression, in particular in the audiovisual field, should qualify for exemption from the requirements of certain provisions of this Directive in so far as this is necessary to reconcile the fundamental rights of individuals with freedom of information and notably the right to receive and impart information, as guaranteed in particular in Article 10 of the European Convention for the Protection of Human Rights and Fundamental Freedoms; whereas Member States should therefore lay down exemptions and derogations necessary for the purpose of balance between fundamental rights as regards general measures on the legitimacy of data processing, measures on the transfer of data to third countries and the power of the supervisory authority; whereas this should not, however, lead Member States to lay down exemptions from the measures to ensure security of processing; whereas at least the supervisory authority responsible for this sector should also be provided with certain ex-post powers, e.g. to publish a regular report or to refer matters to the judicial authorities;

The GDPR

Article 85 of the Regulation also provides that the Member States shall by law reconcile the right to the protection of personal data pursuant to this Regulation with the freedom of expression and information.

This specifically includes processing of data for journalistic purposes but also for artistic or literary purposes as well as - and this is doubtlessly the innovation element - for academic expression purposes.

The provision “limits” the margin of reconciliation to the provisions of Chapter II (Principles), of Chapter III (Rights of the data subjects), of Chapter IV (Controller and processor), of Chapter V (Transfer of personal data to third countries or international organizations), of Chapter VI (Independent supervisory authorities), of Chapter VII (Cooperation and consistency) and of Chapter IX (Specific processing situations, i.e., this Chapter).

The final version adds a third paragraph to Article 85, pursuant to which each Member State shall notify the Commission of the measures it adopts under paragraph 1, no later than 2 years after the publication of the Regulation, and without delay of any subsequent amendment affecting them.

The Directive

The Directive already allowed Member States to provide for exemptions or derogations for personal data processing carried out solely for journalistic, artistic or literary expression, from the general conditions of lawfulness of processing (Chapter II) , from the conditions of data transfer to third countries (Chapter IV) and from the competence of the supervisory authorities (Chapter VI) only insofar as they are necessary to reconcile the right to privacy with the rules governing freedom of expression.

Potential issues

By deciding to leave to the Member States the possibility to provide for specific derogations in their national laws, the Regulation refuses to unify the appropriate rules to ensure the difficult balance between the freedoms in question and data protection.

The Regulation is perfectly aware of this, providing in its recital 153 that "Where such exemptions or derogations differ from one Member State to another, the law of the Member State to which the controller is subject should apply". It is true that this pursuit may differ from one state to another depending on various factors (cultural, sociological, etc.) and in any event, some harmonization is guaranteed by the rules contained in the Charter of Fundamental Rights of the Union as well as in the European Convention on Human Rights. The control of the Courts of the European Union (Luxembourg) and of the Human Rights (Strasbourg) will remain essential to this matter.

arrow_back Previous ArticleArticle 85Next Article arrow_forward
arrow_back Previous ArticleArticle 85 Next Article arrow_forward
arrow_back Previous Article Article 85 Next Article arrow_forward

Summary

European Union

European Union

CJEU caselaw

C-73/07 (16 December 2008) - Satakunnan Markkinapörssi and Satamedia

1.      Article 3(1) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data is to be interpreted as meaning that an activity in which data on the earned and unearned income and the assets of natural persons are:

–        collected from documents in the public domain held by the tax authorities and processed for publication,

–        published alphabetically in printed form by income bracket and municipality in the form of comprehensive lists,

–        transferred onward on CD-ROM to be used for commercial purposes, and

–        processed for the purposes of a text-messaging service whereby mobile telephone users can, by sending a text message containing details of an individual’s name and municipality of residence to a given number, receive in reply information concerning the earned and unearned income and assets of that person,

must be considered as the ‘processing of personal data’ within the meaning of that provision.

2.      Article 9 of Directive 95/46 is to be interpreted as meaning that the activities referred to at points (a) to (d) of the first question, relating to data from documents which are in the public domain under national legislation, must be considered as activities involving the processing of personal data carried out ‘solely for journalistic purposes’, within the meaning of that provision, if the sole object of those activities is the disclosure to the public of information, opinions or ideas. Whether that is the case is a matter for the national court to determine.

3.      Activities involving the processing of personal data such as those referred to at points (c) and (d) of the first question and relating to personal data files which contain solely, and in unaltered form, material that has already been published in the media, fall within the scope of application of Directive 95/46.

Opinion of Advocate general

Judgment of the Court

C-345/17 (14 February 2019) - Buivids

1.      Article 3 of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data must be interpreted as meaning that the recording of a video of police officers in a police station, while a statement is being made, and the publication of that video on a video website, on which users can send, watch and share videos, are matters which come within the scope of that directive.

2.      Article 9 of Directive 95/46 must be interpreted as meaning that factual circumstances such as those of the case in the main proceedings, that is to say, the video recording of police officers in a police station, while a statement is being made, and the publication of that recorded video on a video website, on which users can send, watch and share videos, may constitute a processing of personal data solely for journalistic purposes, within the meaning of that provision, in so far as it is apparent from that video that the sole object of that recording and publication thereof is the disclosure of information, opinions or ideas to the public, this being a matter which it is for the referring court to determine.

Opinion of Advocate general

Judgment of the Court

Retour au sommaire Retour au sommaire
arrow_back Previous Article Article 85 Next Article arrow_forward
Regulation
1e 2e

Art. 85

1.   Member States shall by law reconcile the right to the protection of personal data pursuant to this Regulation with the right to freedom of expression and information, including processing for journalistic purposes and the purposes of academic, artistic or literary expression.

2.   For processing carried out for journalistic purposes or the purpose of academic artistic or literary expression, Member States shall provide for exemptions or derogations from Chapter II (principles), Chapter III (rights of the data subject), Chapter IV (controller and processor), Chapter V (transfer of personal data to third countries or international organisations), Chapter VI (independent supervisory authorities), Chapter VII (cooperation and consistency) and Chapter IX (specific data processing situations) if they are necessary to reconcile the right to the protection of personal data with the freedom of expression and information.

3.   Each Member State shall notify to the Commission the provisions of its law which it has adopted pursuant to paragraph 2 and, without delay, any subsequent amendment law or amendment affecting them.
1st proposal close

Art. 80

1. Member States shall provide for exemptions or derogations from the provisions on the general principles in Chapter II, the rights of the data subject in Chapter III, on controller and processor in Chapter IV, on the transfer of personal data to third countries and international organisations in Chapter V, the independent supervisory authorities in Chapter VI and on co-operation and consistency in Chapter VII for the processing of personal data carried out solely for journalistic purposes or the purpose of artistic or literary expression in order to reconcile the right to the protection of personal data with the rules governing freedom of expression.

2. Each Member State shall notify to the Commission those provisions of its law which it has adopted pursuant to paragraph 1 by the date specified in Article 91(2) at the latest and, without delay, any subsequent amendment law or amendment affecting them.
2nd proposal close

Art. 80

1. The national law of the Member State shall (…) reconcile the right to the protection of personal data pursuant to this Regulation with the right to freedom of expression and information, including the processing of personal data for journalistic purposes and the purposes of academic, artistic or literary expression.

2. For the processing of personal data carried out for journalistic purposes or the purpose of academic artistic or literary expression, Member States shall provide for exemptions or derogations from the provisions in Chapter II (principles), Chapter III (rights of the data subject), Chapter IV (controller and processor), Chapter V (transfer of personal data to third countries or international organizations), Chapter VI (independent supervisory authorities), Chapter VII (co-operation and consistency) if they are necessary to reconcile the right to the protection of personal data with the freedom of expression and information (…).
Directive close

Art. 9

Member States shall provide for exemptions or derogations from the provisions of this Chapter, Chapter IV and Chapter VI for the processing of personal data carried out solely for journalistic purposes or the purpose of artistic or literary expression only if they are necessary to reconcile the right to privacy with the rules governing freedom of expression.
Czechia
compare_arrows
visibility Old law

Act No. 110/2019 Coll., on the Processing of Personal Data, as amended

Part 2

Processing of Personal Data for Journalistic Purposes or for the Purposes of Academic, Artistic, or Literary expression

Art. 17

Lawfulness of processing

(1) Personal data may also be processed if such processing serves, in a proportionate manner, journalistic purposes or the purposes of academic, artistic, or literary expression. When assessing proportionality pursuant to the first sentence, consideration shall also be given to whether the processing involves personal data referred to in Article 9(1) or Article 10 of Regulation (EU) 2016/679 of the European Parliament and of the Council.

(2) The processing of personal data for the purposes specified in paragraph 1 is not subject to authorization or approval by the Office and is protected by the right to the protection of sources and the content of information, even in the case of processing personal data in a manner enabling remote access.

Art. 18

Exceptions to the Controller’s Duty to Provide Information

(1) When processing personal data for the purposes specified in Article 17(1), the controller may be exempted from its obligations under Article 12(1) and (2), Article 13(1) to (3), and Article 21(4), and, to the corresponding extent, also from Article 5 of Regulation (EU) 2016/679 of the European Parliament and of the Council, by providing the data subject with any appropriate information regarding the identity of the controller. Information regarding the identity of the controller may also be provided by means of an appropriate indication of the controller’s identity, which may be done through a graphic symbol, orally, or by other appropriate means. Information regarding the identity of the controller is sufficient if the controller’s notice regarding the data subject’s rights and other facts necessary for the protection of those rights, to the extent corresponding to the controller’s usual processing of personal data, is publicly available in a manner allowing remote access.

(2) Information regarding the controller’s identity need not be provided in justified cases, in particular if:

(a) it is not possible or would require disproportionate effort,

(b) the data subject can legitimately expect the processing referred to in Article 17(1),

(c) the data subject already has such information, or

(d) providing such information would jeopardize or frustrate the purpose of the processing of personal data, if such a procedure is necessary to achieve a legitimate purpose of the processing of personal data, particularly in matters of public interest.

Instead of refusing to provide information regarding the controller’s identity, the controller may defer the provision of such information.

Art. 19

Protection of Information Sources and Content

(1) The obligation to provide information pursuant to Article 14(1) through (4) and Article 21(4) of Regulation (EU) 2016/679 of the European Parliament and of the Council, as well as to the extent applicable under Article 5 thereof, and regarding the data subject’s other rights, may also be fulfilled by publishing such information in a manner that allows remote access; in such a case, it is sufficient to provide information regarding the processing of personal data typically carried out by the controller.

(2) The right of access to personal data under Article 15 and, to the extent applicable, also under Article 5 of Regulation (EU) 2016/679 of the European Parliament and of the Council shall not apply where the personal data have not been made public by the controller and are processed solely for the purpose specified in Article 17(1). In other cases, the controller may deny access to personal data in justified cases, in particular if doing so would otherwise jeopardize or frustrate the legitimate purpose of the processing of personal data or would require disproportionate effort.

(3) The provisions of Article 14(2)(f) and Article 15(1)(g) of Regulation (EU) 2016/679 of the European Parliament and of the Council, and, to the extent applicable, Article 5 thereof, shall not apply to the processing of personal data for the purposes specified in Article 17(1).

(4) If the controller is required to notify a personal data breach pursuant to Article 33(1) or Article 34(1) of Regulation (EU) 2016/679 of the European Parliament and of the Council, it need not disclose information that would allow the identification of the source or content of the personal data that has been breached.

Art. 20

Exceptions to the Rights to Rectification, Erasure, and Restriction of Processing of Personal Data

(1) Where the rights to erasure or rectification of personal data processed for the purposes specified in Article 17(1) are exercised, the procedure shall be governed by other legal regulations.

(2) With regard to the processing of personal data for the purposes specified in Article 17(1), the data subject has the right to restrict the processing of personal data pursuant to Article 18 and, to the corresponding extent, also pursuant to Article 5 of Regulation (EU) 2016/679 of the European Parliament and of the Council (EU) 2016/679 only if the controller no longer needs the personal data for the purposes of processing, but the data subject requires such data for the establishment, exercise, or defense of legal claims. This does not apply if it would require disproportionate effort.

Art. 21

Notification of Rectification, Erasure, and Restriction of Processing

(1) If, in connection with the processing of personal data for the purposes specified in Article 17(1), which is also carried out by means of remote access, the controller is required to notify recipients of the rectification, erasure, or restriction of processing of personal data pursuant to Article 17(2) or Article 19, and to the corresponding extent also pursuant to Article 5 of Regulation (EU) 2016/679 of the European Parliament and of the Council, the controller may also fulfill this obligation by providing information regarding the date of the last update of the content in which the personal data are or were included, or by other appropriate means.

(2) Rectification, erasure, or restriction of processing pursuant to Article 19 and, to the extent applicable, also pursuant to Article 5 of Regulation (EU) 2016/679 of the European Parliament and of the Council (EU) 2016/679 shall be communicated to the recipient to whom the controller has disclosed the personal data processed for the purposes specified in Article 17(1), if this is necessary to protect the rights or legitimate interests of the data subject and does not require disproportionate effort.

(3) The controller may inform the data subject only of the categories of recipients if, in connection with the processing of personal data for the purposes specified in Article 17(1), informing the data subject of the recipients pursuant to Article 19 and, to the corresponding extent, also pursuant to Article 5 of Regulation (EU) 2016/679 of the European Parliament and of the Council (EU) 2016/679, or if the legitimate purpose of the processing would be jeopardized or thwarted.

Art. 22

Limitations on the Right to Object

(1) An objection pursuant to Article 21 and, to the corresponding extent, also pursuant to Article 5 of Regulation (EU) 2016/679 of the European Parliament and of the Council may be raised in connection with the processing of personal data for the purposes specified in Article 17(1) only against the specific disclosure or publication of personal data; in which case the data subject shall provide specific reasons indicating that, in the given case, the legitimate interest in the protection of his or her rights and freedoms outweighs the interest in such disclosure or publication.

(2) If an objection has been lodged pursuant to paragraph 1, the controller is obliged to cease such disclosure or publication if it considers that the data subject has demonstrated that, in the given case, the legitimate interest in the protection of his or her rights and freedoms outweighs the interest in such publication. The controller shall inform the data subject without undue delay as to whether the objection has been upheld.

Art. 23

Additional Exceptions for Special Cases

(1) The provisions of Article 18 through 22 and the provisions of Articles 12 through 19, 21, 33, and 34, and, to the corresponding extent, also Article 5 of Regulation (EU) 2016/679 of the European Parliament and of the Council, shall not apply, shall apply mutatis mutandis, or the fulfillment of the obligations of the controller or processor or the exercise of the rights of the data subject set forth therein shall be deferred,

(a) where such a procedure is necessary to fulfill the purpose of processing referred to in Article 17(1), and

(b) where such a procedure is not likely to result in a high risk to the legitimate interests of the data subject.

(2) The provisions of Chapter VII of Regulation (EU) 2016/679 of the European Parliament and of the Council shall not apply to the processing referred to in Article 17(1). The provisions of Articles 20, 22, 56, and 58(1)(a), (b), (e), and (f), and Article 58(2)(d), (f), and (g), as well as Chapters II, IV, V, and IX of Regulation (EU) 2016/679 of the European Parliament and of the Council shall not apply, shall apply mutatis mutandis, or the fulfillment of the controller’s or processor’s obligations or the exercise of the data subject’s rights under those provisions shall be deferred, if necessary to achieve the purpose of processing referred to in Article 17(1).

(3) If the exclusion or restriction of certain rights or obligations under paragraph 2 is likely to result in a high risk to the legitimate interests of the data subject, the controller or processor shall, without undue delay, adopt and document appropriate measures to mitigate such or a similar risk.
Old law close

Act No. 101/2000 Coll., on the Protection of Personal Data and on Amendments to Certain Acts, as amended - repealed as of April 24, 2019

Art. 5

(...)

(3) If the controller processes personal data on the basis of a special Act, he shall be obliged to respect the right to protection of private and personal lives of the data subject.
arrow_back Previous ArticleArticle 85 Next Article arrow_forward
close

2016 - www.itiplaw.eu.