Public Sector Information & Data Protection: A Plea for Personal Privacy Settings for the Re-use of PSI

• Autore: Bart Van Der Sloot
• Carica: Researcher at the Institute for Information Law, University of Amsterdam, specialized in privacy.
• Pagine: 219-236

Public Sector Information & Data Protection: A Plea for

Personal Privacy Settings for the Re-use of PSI

BART VAN D ER SLOOT∗

SUMM ARY:1. Introduction – 2. Data Protection Directive – 2.1. Applicability –

2.2. Legitimate Purpose – 2.3. Safeguards – 2.4. Transparency & Rights – 3. Solutions –

3.1. Radical Solutions – 3.2. Anonymization – 3.3. Personal Privacy Settings – 4. Con-

clusion

1. INT RODU CTI ON

Already in the year 2000, the total value of the European public sector

information (PSI) was estimated to be around 68 billion euro annually1. To

ensure that at least a part of this potential is utilized, the re-use of public

sector information is encouraged in Europe through the PSI Directive of

20032, although it has to be said that it does not entail any obligation for

public sector organizations to disseminate such information. It is important

to distinguish between the right of access to governmental information and

the right to re-use3. The ratio behind rules ensuring access to governmental

information is mainly linked to democracy and control on governmental

power; re-use is primarily important for commercial interest4.

With regard to the re-use of PSI, three conceptsare important: (1) it must

regard re-use, (2) of information (3) in the hands of the public sector. All

three concepts are def‌ined broadly in the PSI Directive regarding re-use of

public sector information. A public sector body means the state, regional

or local authorities, bodies governed by public law and associations formed

by one or several such authorities or one or several such bodies governed by

∗The Author is Researcher at the Institute for Information Law, University of

Amsterdam, specialized in privacy.

1EUROP EAN COMMISSION,Commercial Exploitation of Europe’s Public Sector Informa-

tion, 20 September 2000, p. 6.

2Directive 2003/98/EC of the European Parliamentand of the Council of 17 November

2003 on the re-use of public sector information (PSI Directive).

3J. PAS, B. DE VUY ST,The Use and Re-use of Government Information from an EU Per-

spective, Proceedings of the 37th Hawaii Int. Conf. on System Sciences, 2004, p. 2.

4D. GOEN S,The Exploitation of Business Register Data from a Public Sector Information

and Data Protection Perspective: A Case Study, in “Computer Law & Security Review”, 2010,

n. 26, p. 399.

220 Informatica e diritto /Il quadro giuridico

public law. If they are not f‌inanced by a public authority, then they may still

qualify as a body governed by public lawif they are subject to supervision by

those bodies5. A public sector document refers to any content or any part of

such content whatever its medium6. Finally, ‘re-use’ is characterized as the

use by persons or legal entities of documents held by public sector bodies,

for commercial or non-commercial purposes other than the initial purpose

within the public task for which the documents were produced7.

Thus, the scope of the PSI Directive is very broad8. Since public sector

information also contains personal data, the distribution of the information

for re-use may trigger the applicability of the Data Protection Directive9.

The PSI Directive makes explicit reference to the Data Protection Direc-

tive when it states that it will leave intact and in no way affects the level of

protection of individuals with regard to the processing of personal data un-

der the provisions of Community and national law and in particular does

not alter the obligations and rights set out in Data Protection Directive10.

National legislators should implement and apply the PSI Directive in full

compliance with the principles relating to the protection of personal data in

accordance with the Data Protection Directive11. Finally, the PSI Directive

does not contain a def‌inition of personal data, but refers to that of the Data

Protection Directive12. Both the Commission’s Green Paper13 and the re-

cent communication on the review of the PSI Directive14 conf‌irm the full

applicability of the Data Protection Directive.

5See art. 2, par. 1 and 2, PSI Directive.

6See art. 2, par. 3, PSI Directive.

7See art. 2, par. 4, PSI Directive.

8See art. 1, par. 2, PSI Directive; art. 3, PSI Directive enumerates some exceptions.

9Directive 95/46/EC of the European Parliamentand of the Council of 24 October 1995

on the protection of individuals with regard to the processing of personal data and on the

free movement of such data. (Data Protection Directive).

10 See art. 1, par. 4, PSI Directive.

11 See Recital 21, PSI Directive.

12 See art. 2, par. 5, PSI Directive.

13 EUROP EAN COMMISSION,Public Sector Information: A Key Resource for Europe. Green

Paper on Public Sector Information in the Information Society, (COM), 1998, 585, p. 16.

14 COMM ISSI ON O F THE EU ROPEA N COMM UNI TIES ,Communication from the Com-

mission to the European Parliament, the Council, The European Economic and Social Commit-

tee and the Committee of the Regions. Re-use of Public Sector Information – Review of Directive

2003/98/EC, in “SEC”, 2009, n. 597, p. 8; C. COR BIN,EC Communication on the PSI

Directive: PSI Re-use Stakeholder Reaction, European PSI Platform, Topic Report n. 3.