OPINION OF ADVOCATE GENERAL

Sharpston

delivered on 15 October 2009 (1)

Case C‑28/08 P

Commission of the European Communities

v

The Bavarian Lager Co. Ltd

(Appeal – Access to documents of Community institutions – Document relating to a meeting held in proceedings for failure to fulfil obligations)

Table of contents

I –  Introduction

II –  Legal background

A – Relevant provisions of the Treaties and other international instruments

B – Secondary Community law

1. Regulation (EC) No 45/2001 

2. The Community legislation on the right of access to documents

III –  The facts in the proceedings before the Court of First Instance

IV –  Proceedings before the Court of First Instance and the judgment under appeal

V –  The proceedings before the Court of Justice and the parties’ grounds of appeal

VI –  Summary of the positions of the parties and the interveners

A – The appeal

B – The observations of Bavarian Lager and the interveners

VII –  Analysis of the appeal

A – The solution proposed for the first and second grounds of appeal

1. Comparison of the two regulations at issue

a) The travaux préparatoires for Regulation No 45/2001

b) The case-law

c) Further objections

2. The consequences of reconciling the two regulations in this way

a) Examining the problem in general terms

b) Consequences

c) The correct interpretation of Article 4(1)(b) of Regulation No 1049/2001

d) The modus operandi of this interpretation: three examples

3. Outcome

B – The third ground of appeal

C – Alternative solution to the first and second grounds of appeal

VIII –  Costs

IX –  Conclusion

I –  Introduction

1.        A democratic society governed by the rule of law has a fundamental interest both in wide public access to documents and in ensuring the protection of individual privacy and integrity. Both public access to documents and the protection of privacy are fundamental rights duly recognised under European Union law.

2.        The present appeal brings into sharp focus the relationship between those two rights. Is there an essential, operational conflict between the provisions of the secondary legislation adopted by the European Union, in the form of the regulations concerning, respectively, access to documents and the protection of personal data? Or are the regulations capable of being harmoniously reconciled – and, if so, how precisely is this to be achieved?

3.        Framed in those terms, the problem has much in common with the conundrum inherent in the question posed by Isaac Asimov: ‘What would happen if an irresistible force met an immovable object?’ (2) Replace ‘irresistible force’ by the right of access to documents and ‘immovable object’ by the right to protection of personal data and we have a vivid illustration of the intrinsic complexity of the appeal brought by the Commission before the Court of Justice. (3)

4.        But the biggest surprise is not that questions like those encountered in scientific fields can arise in jurisprudence but rather that, as we shall see, the answer to be given also appears to be inspired by Asimov’s. After analysing the concepts of ‘irresistible force’ and ‘immovable object’, Asimov takes the view, essentially, that no universe with such inherent contradictions can exist, so that the question is meaningless and should not be answered. The solution that I suggest to the Court of Justice for this appeal also starts from the necessity adequately to define the legal concepts embodying the rights that allegedly collide. The clash will then be seen to be more apparent than real.

II –  Legal background

A –    Relevant provisions of the Treaties and other international instruments

5.        Given that the dispute between the Commission and Bavarian Lager concerns fundamental human rights, it is appropriate to begin with Article 6 EU:

‘1.      The Union is founded on the principles of liberty, democracy, respect for human rights and fundamental freedoms, and the rule of law, principles which are common to the Member States.

2.      The Union shall respect fundamental rights, as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms [‘ECHR’] (4) and as they result from the constitutional traditions common to the Member States, as general principles of Community law.

…’

6.        Regarding the fundamental right to privacy, Article 8 of the ECHR provides:

‘1.      Everyone has the right to respect for his private and family life, his home and his correspondence.

2.      There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.’

7.        Supplementing that provision, the Council of Europe approved on 28 January 1981 the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (‘Convention No 108’), which the Commission describes in its appeal as having influenced the relevant Community legislation. The second recital to that convention states ‘… it is desirable to extend the safeguards for everyone’s rights and fundamental freedoms, and in particular the right to the respect for privacy, taking account of the increasing flow across frontiers of personal data undergoing automatic processing’.

8.        Article 1 of Convention No 108 describes the aim and purpose of the convention in the following terms:

‘The purpose of this convention is to secure … for every individual … respect for his rights and fundamental freedoms, and in particular his right to privacy, with regard to automatic processing of personal data relating to him.’

9.        In the context of the EC Treaty, the right of access to documents of the Community institutions was embodied, following the Treaty of Amsterdam, in Article 255:

‘1.      Any citizen of the Union, and any natural or legal person residing or having its registered office in a Member State, shall have a right of access to European Parliament, Council and Commission documents, subject to the principles and the conditions to be defined in accordance with paragraphs 2 and 3.

…’

10.      As regards the right to the protection of personal data, Article 286(1) EC provides that Community acts concerning the processing and free movement of such data are to apply to the Community institutions and bodies. (5)

11.      The Charter of Fundamental Rights of the European Union (‘the Charter’) (6) also recognises the fundamental importance both of the protection of personal data and of the right of access to documents. Thus, Article 8(1) and (2) provide as follows:

‘1.      Everyone has the right to the protection of personal data concerning him or her.

2.      Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.’

12.      Article 42 deals with access to documents in the following terms:

‘Any citizen of the Union, and any natural or legal person residing or having its registered office in a Member State, has a right of access to European Parliament, Council and Commission documents.’

13.      Article 7 of the Charter, under the heading ‘Respect for private and family life’, partially reproduces Article 8 of the ECHR, stating that:

‘Everyone has the right to respect for his or her private and family life, home and communications.’

14.      Finally, Declaration No 17 annexed to the Final Act of the Maastricht Treaty states that transparency of the decision-making process strengthens the democratic nature of the institutions and the public’s confidence in the administration, and calls on the Commission to submit measures designed to improve public access to the information available to the institutions.

B –    Secondary Community law

1.      Regulation (EC) No 45/2001 (7)

15.      Adopted on the basis of Article 286 EC, this regulation is the main instrument protecting personal data when they are processed in any way by Community institutions. It is one of a package of legislative measures, together with Directives 95/46/EC (8) and 97/66/EC, (9) which make up the acquis communautaire in relation to the protection of personal data.

16.      In this appeal, it is appropriate first to focus on certain parts of its preamble. Thus, recital 8 provides that ‘[t]he principles of data protection should apply to any information concerning an identified or identifiable person’.

17.      Recital 14 states that the Community provisions should apply ‘to all processing of personal data by all Community institutions and bodies in so far as such processing is carried out in the exercise of activities all or part of which fall within the scope of Community law’.

18.      Next, recital 15 clearly and explicitly states that ‘[a]ccess to documents, including conditions for access to documents containing personal data, is governed by the rules adopted on the basis of Article 255 [EC] ... the scope of which includes Titles V and VI of the [EU] Treaty …’.

19.      Finally, recital 22 states that ‘[t]he rights accorded the data subject and the exercise thereof should not affect the obligations placed on the controller’.

20.      The main purpose of Regulation No 45/2001 is then set out in Article 1(1):

‘The institutions and bodies set up by, or on the basis of, the Treaties establishing the European Communities, hereinafter referred to as “Community institutions or bodies”, shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data …’, laying emphasis on compliance with the legal framework adopted under Directive 95/46/EC.’

21.      Article 2 gives a number of definitions, (10) among which the following are noteworthy:

‘(a)      “personal data” shall mean any information relating to an identified or identifiable natural person …; an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his or her physical, physiological, mental, economic, cultural or social identity;

(b)      “processing of personal data” … shall mean any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as … disclosure by transmission, dissemination or otherwise making [them] available …;

(c)      “personal data filing system” … shall mean any structured set of personal data which are accessible according to specific criteria, whether centralised, decentralised or dispersed on a functional or geographical basis;

…’

22.      Article 3(1) and (2) are concerned with the scope (11) of Regulation No 45/2001, and provide as follows:

‘1.      This Regulation shall apply to the processing of personal data by all Community institutions and bodies in so far as such processing is carried out in the exercise of activities all or part of which fall within the scope of Community law.

2.      This Regulation shall apply to the processing of personal data wholly or partly by automatic means, and to the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system.’

23.      As regards data quality, Article 4 essentially provides that personal data must be processed fairly and lawfully, be collected for specified, explicit and legitimate purposes and not be further processed in a way incompatible with those purposes. (12)

24.      In laying down the principles governing the management of personal data by the Community institutions, Article 5 focuses on the need for the processing to be lawful, so that data may be processed only if:

‘(a)      processing is necessary for the performance of a task carried out in the public interest … or

(b)      processing is necessary for compliance with a legal obligation to which the controller is subject, or

…

(d)      the data subject has unambiguously given his or her consent,

…’

25.      The rules on the transfer of personal data to recipients other than Community institutions and bodies subject to Directive 95/46 are contained – without prejudice to Articles 4, 5, 6 and 10 – in Article 8 of Regulation No 45/2001, which limits such transfer in the following terms:

‘…

(a)      if the recipient establishes that the data are necessary for the performance of a task carried out in the public interest or subject to the exercise of public authority, or

(b)      if the recipient establishes the necessity of having the data transferred and if there is no reason to assume that the data subject’s legitimate interests might be prejudiced.’

26.      Article 18 sets out the data subject’s right to object. (13) The following elements are pertinent:

‘The data subject shall have the right:

(a)      to object at any time, on compelling legitimate grounds relating to his or her particular situation, to the processing of data relating to him or her, except in the cases covered by Article 5(b), (c) and (d). Where there is a justified objection, the processing in question may no longer involve those data;

…’

27.      Finally, Directive 95/46 is important for interpretative purposes, since it is expressly referred to in Article 1(1) of Regulation No 45/2001. That directive requires Member States to ensure the protection of the fundamental rights and freedoms of natural persons and, in particular, their right to privacy in relation to the processing of personal data, in order to ensure the free movement of personal data in the Community.

2.      The Community legislation on the right of access to documents

28.      The Code of Conduct concerning public access to Council and Commission documents (14) (‘the Code of Conduct’) contained a number of rules to deal with conflicts between access to documents and protection of privacy. In particular, under the heading ‘Exceptions’, it provided:

‘The institutions will refuse access to any document where disclosure could undermine:

–        the protection of the public interest (public security), international relations, monetary stability, court proceedings, inspections and investigations),

–        the protection of the individual and of privacy,

…’

29.      In May 2001, Regulation (EC) No 1049/2001 regarding public access to European Parliament, Council and Commission documents was adopted. (15) That Regulation, which entered into force on 3 December 2001, defined the principles, conditions and limits governing the right of access to the documents of certain institutions referred to in Article 255 EC.

30.      By Decision 2001/937/EC, ECSC, Euratom, (16) Decision 94/90 was repealed and the provisions of Regulation No 1049/2001 were added as an annex to the Commission’s rules of procedure. (17) In that way, the Commission made its practice subject to the guidelines of Regulation No 1049/2001.

31.      In recitals 1, 2 and 3 to Regulation No 1049/2001, reference is made to the principles of openness and transparency, which derive directly from Article 1 EU, with a view to bringing the decision-making process closer to citizens and increasing their participation in that process in a more open manner. The stated aim is thus to achieve greater legitimacy, efficiency and responsibility on the part of the administration vis-à-vis citizens, enhancing the principles of democracy and respect for fundamental rights provided for in Article 6 EU and in the Charter. Regulation No 1049/2001 is intended to consolidate the initiatives taken earlier by the institutions with a view to making the decision-making process more transparent.

32.      Recitals 4 and 11 to Regulation No 1049/2001 state as follows:

‘(4)      The purpose of this Regulation is to give the fullest possible effect to the right of public access to documents and to lay down the general principles and limits on such access in accordance with Article 255(2) ... EC.

…

(11)      In principle, all documents of the institutions should be accessible to the public. However, certain public and private interests should be protected by way of exceptions. The institutions should be entitled to protect their internal consultations and deliberations where necessary to safeguard their ability to carry out their tasks. In assessing the exceptions, the institutions should take account of the principles in Community legislation concerning the protection of personal data, in all areas of Union activities.’

33.      Under the heading ‘Purpose’, Article 1 of Regulation No 1049/2001 provides as follows:

‘The purpose of this Regulation is:

(a)       to define the principles, conditions and limits on grounds of public or private interest governing the right of access to … Commission … documents … in such a way as to ensure the widest possible access to documents,

(b)       to establish rules ensuring the easiest possible exercise of this right, and

(c)      to promote good administrative practice on access to documents.’

34.      Article 2, under the heading ‘Beneficiaries and scope’, provides as follows:

‘1.      Any citizen of the Union, and any natural or legal person residing or having its registered office in a Member State, has a right of access to documents of the institutions, subject to … this Regulation.

2.      The institutions may … grant access to documents to any natural or legal person not residing or not having its registered office in a Member State.

3.      This Regulation shall apply to all documents held by an institution[;] … documents drawn up or received by it and in its possession, in all areas of activity of the European Union.’

35.      Article 3 gives certain definitions for the application of Regulation No 1049/2001, of which the following is pertinent:

‘For the purpose of this Regulation:

(a)      “document” shall mean any content whatever its medium (written on paper or stored in electronic form or as a sound, visual or audiovisual recording) concerning a matter relating to the policies, activities and decisions falling within the institution’s sphere of responsibility;

…’

36.      According to Article 4 of Regulation No 1049/2001, concerning exceptions to the right to access:

‘1.      The institutions shall refuse access to a document where disclosure would undermine the protection of:

…

(b)      privacy and the integrity of the individual, in particular in accordance with Community legislation regarding the protection of personal data.

2.      The institutions shall refuse access to a document where disclosure would undermine the protection of:

…

–      the purpose of inspections, investigations and audits,

unless there is an overriding public interest in disclosure.

3.      Access to a document, drawn up by an institution for internal use … which relates to a matter where the decision has not been taken by the institution, shall be refused if disclosure of the document would seriously undermine the institution’s decision-making process, unless there is an overriding public interest in disclosure.

…

6.      If only parts of the requested document are covered by any of the exceptions, the remaining parts of the document shall be released.

…’

37.      By virtue of Article 6(1) of Regulation No 1049/2001, an applicant is not obliged to state his reasons for requesting a document. (18)

III –  The facts in the proceedings before the Court of First Instance

38.      The Bavarian Lager Co. Ltd (‘Bavarian Lager’) was established in 1992 to import bottled German beer for public houses and bars in the United Kingdom, primarily in the north of England. However, the applicant was not able readily to sell its products, since a large number of such establishments were tied by exclusive purchasing contracts obliging them to obtain their supplies of beer from certain breweries.

39.      By virtue of a statutory instrument, (19) United Kingdom brewers with rights in more than 2 000 pubs were required to allow the managers of those establishments to buy beer from another brewery, provided that it was conditioned in a cask and had an alcohol content exceeding 1.2% by volume (Article 7(2)(a) of the order). That provision was commonly known as the ‘Guest Beer Provision’ (‘the GBP’).

40.      However, in reality, most beers produced outside the United Kingdom were conditioned and marketed in bottles. They could not be regarded as ‘cask-conditioned beers’ within the meaning of the GBP and thus did not fall within its scope. Taking the view that the GBP constituted a measure having an effect equivalent to a quantitative restriction on imports and was therefore incompatible with Article 28 EC, Bavarian Lager lodged a complaint with the Commission in April 1993. (20)

41.      The Treaty infringement proceedings initiated by the Commission against the United Kingdom in April 1995 under Article 226 EC reached the stage where the Commission announced its intention to issue a reasoned opinion to the United Kingdom Government. During the administrative procedure, a meeting was held on 11 October 1996 (‘the October 1996 meeting’) between representatives of the Community and United Kingdom administrative authorities and the Confédération des Brasseurs du Marché Commun (‘CBMC’). Bavarian Lager had asked to take part, but the Commission did not allow it do to so.

42.      The United Kingdom authorities informed the Commission that the GBP was to be amended, so as to allow bottle-conditioned beer to be sold as a guest beer as well as cask-conditioned beer. Thereupon, the Commission told Bavarian Lager that the Treaty infringement proceedings were to be suspended. Once the amended version of the GBP came into force on 22 August 1997, the Commission shelved the case.

43.      By fax of 21 March 1997, Bavarian Lager asked the Commission, under the Code of Conduct, for a copy of the reasoned opinion (which had never been sent). Both that and further requests were refused. The subsequent application to the Court of First Instance for the annulment of that decision was also unsuccessful. The Court of First Instance held that safeguarding the objective in question, namely allowing a Member State to comply of its own accord with the requirements of the Treaty or, if appropriate, to give it the opportunity to justify its position, warranted, under the heading of protection of the public interest, refusing access to a preparatory document relating to the investigation stage of the procedure under Article 226 EC. (21)

44.      In May 1998, Bavarian Lager sought access under the Code of Conduct to all the documents in the Treaty infringement file lodged by 11 named companies and organisations and three specified categories of persons or undertakings. Arguing that it was not the author of the documents in question, the Commission rejected Bavarian Lager’s repeated requests in reliance on the authorship rule in the Code of Conduct. (22)

45.      In a complaint to the European Ombudsman, Bavarian Lager stated that it wished to obtain the names of the CBMC delegates who had attended the October 1996 meeting and those of the companies and persons included in the 14 categories it had identified in its initial request for access to the documents, who had submitted comments to the Commission regarding the infringement.

46.      As a result of the European Ombudsman’s intervention, after an extensive exchange of letters (23) Bavarian Lager initially obtained from the Commission the names and the addresses of those persons who had agreed to have their names disclosed. Following its request for complete disclosure, Bavarian Lager was subsequently sent the names of 25 other persons who had not responded to the Commission’s request for authorisation on the ground that, in the absence of a reply, the interests and fundamental rights and freedoms of the persons concerned did not prevail and their names had to be disclosed.

47.      In November 2000, the Ombudsman presented his Special Report to the European Parliament, following the draft recommendation addressed to the Commission concerning Bavarian Lager’s complaint. (24) He concluded that no fundamental right prevented, in absolute terms, the disclosure of information given to an administrative authority and that Directive 95/46 did not require the Commission to keep secret the names of persons who submitted views or information to it concerning the exercise of its functions. On that basis, the Parliament adopted a resolution on the Special Report, calling on the Commission to provide the information requested. (25)

48.      The Ombudsman also wrote to the President of the Commission, at that time Mr Prodi, expressing concern that the data-protection rules were being misinterpreted as implying the existence of a general right to participate anonymously in public activities, contrary to the principle of transparency and the right of public access to documents, both at Union level and in the Member States.

49.      By e-mail of 5 December 2003, Bavarian Lager requested, this time on the basis of Regulation No 1049/2001 (which had meanwhile come into force), access to the documents described in point 44 of this Opinion. The Commission, by letter of 27 January 2004, agreed to disclose certain documents concerning the October 1996 meeting, but blanked out five names in the minutes of that meeting because two people had expressly objected to any disclosure of their identity and the Commission had not been able to contact the other three.

50.      By a further e-mail of 9 February 2004, Bavarian Lager made a confirmatory application within the meaning of Article 7(2) of Regulation No 1049/2001, seeking a copy of the full minutes of the October 1996 meeting, including the names of all participants.

51.      By letter of 18 March 2004, the Commission rejected the confirmatory application, contending that Regulation No 45/2001 applied. In particular, since Bavarian Lager had not established an express and legitimate purpose or need for such disclosure, the conditions set out in Article 8 of that regulation had not been met and the exception provided for in Article 4(1)(b) of Regulation No 1049/2001 was triggered. The Commission added that, even if the rules on the protection of personal data did not apply, it could nevertheless refuse to disclose the remaining names under the third indent of Article 4(2) of Regulation No 1049/2001, so as not to compromise its ability to conduct inquiries.

IV –  Proceedings before the Court of First Instance and the judgment under appeal

52.      Bavarian Lager lodged an application at the Registry of the Court of First Instance on 27 May 2004 alleging that it was illegal for the Commission to have discontinued the Treaty infringement proceedings against the United Kingdom and seeking annulment of the decision refusing to disclose the names of certain attenders at the October 1996 meeting. On the latter point, it was supported by the European Data Protection Supervisor (‘the EDPS’), who intervened in the proceedings.

53.      The Commission contended that the application should be dismissed.

54.      The Court of First Instance first declared inadmissible the claim that the Commission’s decision to discontinue the proceedings was illegal, referring to well-established case-law concerning the discretionary nature of any decision to bring proceedings for failure to fulfil obligations under Article 226 EC. (26) That point is not at issue in the appeal.

55.      The Court of First Instance then addressed the thorny problem of the refusal to provide the names of some attenders at the October 1996 meeting, specifically those who had expressly refused to allow such disclosure.

56.      In doing so, it made a number of preliminary observations in which it focused on the application to this specific case of Regulation No 1049/2001, since Bavarian Lager had requested access to the full document. In that context, the Court of First Instance referred to the basic principles of that regulation, namely that applicants for access to documents are not obliged to state the reasons for their requests and that in principle access should be as wide as possible, a decision to refuse access being valid only if based on one of the exceptions envisaged, in particular, in Article 4 of the regulation. It also referred to settled case-law according to which exceptions must be construed and applied restrictively. (27)

57.      Next, the Court of First Instance examined the relationship between Regulations No 1049/2001 and No 45/2001, starting from the premiss that the exception under Article 4(1)(b) of Regulation No 1049/2001 concerns cases in which the disclosure of personal data undermines the protection of privacy and the integrity of the individual, in particular under the Community legislation on the protection of personal data.

58.      After referring to the distinct purposes of the two regulations, the Court of First Instance inferred from recital 15 to Regulation No 45/2001 that access to documents containing personal data is governed by Regulation No 1049/2001, under which the exception concerning disclosure detrimental to the protection of the privacy and integrity of the individual nevertheless implied that the provisions of the Personal Data Regulation should be taken into consideration. (28)

59.      The judgment under appeal then reviewed the most important aspects of Regulation No 45/2001, such as the concept of personal data, the definition of processing, the legality of processing, demonstrating the need to transfer data under Article 8(b) and the data subject’s right to object under Article 18, which it held not to be available in the present case, since access to those documents constituted a legal obligation for the purposes of either Article 5(a) or Article 5(b) of Regulation No 1049/2001 and both limbs fell within the exceptions to the right to object. (29)

60.      Consequently, the Court of First Instance narrowed down the debate to the question whether disclosure of the names of the attenders at the October 1996 meeting would undermine protection of their privacy and integrity, so as to trigger Article 4(1)(b) of Regulation No 1049/2001. Here, it took account of the interpretative guidelines of the European Court of Human Rights regarding the right to privacy, in particular the concept of ‘interference’ affecting the privacy of the data subject within the meaning of Article 8 ECHR. (30)

61.      The Court of First Instance then examined whether public access to the names of the participants in that meeting actually and specifically undermined the protection of their privacy and integrity.

62.               Although it established that the list of participants in that meeting contained personal data within the meaning of Article 2(a) of Regulation No 45/2001 (since it identified those present), the Court of First Instance concluded that those persons’ privacy was not adversely affected, since they had attended as representatives of the CBMC and not in a personal capacity. It also pointed out that the minutes contained no individual opinion attributable to those persons, but merely positions attributable to the bodies they represented.

63.      The Court of First Instance therefore found that the mere inclusion of the names of persons on the list of participants in a meeting, acting on behalf of the bodies they represented, did not adversely affect or jeopardise their privacy and integrity. It rejected the view that the mere fact of disclosing the participation of a natural person, acting in a professional capacity as the representative of a collective body at a meeting held with a Community institution where the personal opinion expressed by that person on that occasion could not be identified, could be regarded as interference with that person’s private life, (31) thus distinguishing the case before it from Österreichischer Rundfunk and Others. (32)

64.      Since there was thus no interference with the privacy of the individuals concerned, the Court of First Instance held that the Commission had erred in deciding that the exception provided for in Article 4(1)(b) of Regulation No 1049/2001 should apply in the present case. The fact that there was no interference likewise undermined any right to object.

65.      The Court of First Instance also noted that the Commission had not given any commitment to guarantee the anonymity of the attenders at the meeting and that the latter could not expect views they expressed in connection with an action for failure to fulfil obligations to be kept secret, quite apart from the fact that Regulation No 45/2001 does not require the Commission to keep secret the names of persons who communicate opinions or information to it concerning the exercise of its functions. (33)

66.      The Court of First Instance further held that the Commission had erred in finding, in the decision withholding the names, that Bavarian Lager had not established either an express and legitimate purpose or any need to obtain the names of the persons participating in the meeting who, after that meeting, objected to disclosure of their identity. In the view of the Court of First Instance, disclosure gave effect to Article 2 of Regulation No 1049/2001 and did not fall within the exception provided for in Article 4(1)(b) of that regulation. The applicant was therefore under no obligation to prove the necessity of such data transfer within the meaning of Article 8(b) of Regulation No 45/2001. (34)

67.      Finally, the judgment under appeal examined the exception concerning protection of the purpose of inspections, investigations and audits, as provided for in the third indent of Article 4(2) of Regulation No 1049/2001 (relied on in the alternative by the Commission to refuse access to the data in question). (35)

68.      In the Court of First Instance’s view, the Commission was not entitled to invoke that exception for three reasons. First, when the contested decision was adopted, no investigation was under way whose purpose could have been jeopardised by disclosure of the full minutes including the names. Second, the Commission had expressed views in the abstract on the harm which disclosure of the document in question might cause to its investigation, without proving to a sufficient legal standard that publication of that document would actually and specifically affect protection of the purposes of the investigative activity. Finally, proceedings for failure by a Member State to fulfil obligations do not provide for confidential treatment for persons participating in the investigation, with the exception of the complainant.

69.      For all those reasons, the Court of First Instance annulled the decision withholding the names and ordered the Commission to pay the costs.

V –  The proceedings before the Court of Justice and the parties’ grounds of appeal

70.      The appeal was lodged at the Registry of the Court of Justice on 24 January 2008. The Commission asks the Court to annul the judgment of the Court of First Instance in Case T‑194/04 and to order Bavarian Lager to pay the costs in their entirety.

71.      In its response, received at the Court Registry on 15 April 2008, Bavarian Lager contends that the appeal should be dismissed and that the Commission should be ordered to pay the costs.

72.      On 11 April 2008, the EDPS lodged his statement in intervention, supporting Bavarian Lager, as he had done at first instance.

73.      By order of 13 June 2008, the President of the Court of Justice granted leave to the Council of the European Union and the United Kingdom of Great Britain and Northern Ireland to intervene in support of the Commission; the Kingdom of Sweden and the Republic of Finland to intervene in support of Bavarian Lager; and the Kingdom of Denmark to intervene in support of Bavarian Lager and the EDPS.

74.      There was no reply or rejoinder. However, the Commission responded to the observations of those governments and the Council in a document received at the Court Registry on 31 December 2008. The EDPS’s response to the Council’s observations was received on the same day.

75.      At the joint hearing of the present case with Case C‑139/07 P Technische Glaswerke Ilmenau and Joined Cases C‑514/07 P, C‑528/07 P and C‑532/07 P Sweden and API v Commission, held on 16 June 2009, all those who had lodged written pleadings attended to present oral argument and answer questions from the Court.

VI –  Summary of the positions of the parties and the interveners

A –    The appeal

76.      In support of its appeal, the Commission relies on three grounds.

77.      First, it criticises the judgment under appeal for failing to apply certain key provisions of Regulation No 45/2001 on data protection, in particular Article 8(b), which requires the person to whom personal data is to be transferred to demonstrate that the transfer is necessary.

78.      Second, it contends that the Court of First Instance erred in law by interpreting restrictively the condition in Article 4(1)(b) of Regulation No 1049/2001 so as to exclude from its scope the Community legislation on protection of personal data contained in a document.

79.      Third, it alleges that the Court of First Instance misinterpreted the exception concerning protection of the purpose of investigations in the third indent of Article 4(2) of Regulation No 1049/2001.

80.      The Commission also challenges the order that it pay all the costs. It submits that, of the four pleas of nullity put forward at first instance by Bavarian Lager, three were declared inadmissible, as the Commission had contended they should be. Moreover, it considers that its refusal to disclose the five names in question was based on a reasonable interpretation of the data-protection legislation. From those two factors it infers that the order for costs was wrong in law.

81.      Leaving to one side for the moment the order for costs, which in any event depends on my overall conclusion and which I shall therefore consider at the end of this Opinion, I think the first and second grounds of appeal should be examined together. The error of law attributed to the judgment under appeal in the first ground may essentially derive from a misinterpretation of Article 4(1)(b) of Regulation No 1049/2001, which is put forward as the second ground. The only point made in the first ground of appeal may thus merely be a further consequence of the argument put forward by the Commission in its second ground of appeal.

82.      It is therefore appropriate to deal with the Commission’s first two grounds of appeal together. The third, on the other hand, merits separate consideration.

83.      That said, the particular features of this case raise a number of concerns as to how it should be decided. These lead me to set out a series of elements as a structured preliminary analysis, after summarising briefly the positions taken by Bavarian Lager and the interveners, before turning to examine the grounds of appeal.

B –    The observations of Bavarian Lager and the interveners

84.      The positions espoused before the Court of Justice may in essence be summarised as follows.

85.      The Council, intervening in support of the Commission, likewise criticises the Court of First Instance, alleging errors of law in the judgment under appeal, particularly regarding the interpretation of Articles 2, 5 and 9 of Regulation No 45/2001 and recital 15 in its preamble. It also objects to that Court’s interpretation of fundamental rights, in particular Article 8 ECHR. It considers that respect for private life must be interpreted broadly, so as to encompass professional relations, and that the ECHR and the provisions on protection of personal data do not overlap entirely, so that the latter must be applied to matters not falling within the scope attributed to personal data by Article 8 ECHR. Finally, the Council considers that the Court of First Instance’s interpretation of Article 4(1)(b) of Regulation No 1049/2001 was partial, divesting the second phrase of any legal value, thus depriving that provision of its useful effect.

86.      The United Kingdom Government supports the positions taken by the Commission and the Council. In particular, it considers that there is no justification for equating the concept of private life in Article 8 ECHR with that of privacy in Article 4(1)(b) of Regulation No 1049/2001. It contends that the protection provided by Regulation No 45/2001 is wider than that provided by the ECHR, relying on recital 9 to that regulation and on an interpretation of Directive 95/46. In its view, any application for documents containing personal data must comply with the provisions of Regulation No 45/2001.

87.      Both Bavarian Lager and the EDPS call on the Court of Justice to uphold the judgment of the Court of First Instance, fully supporting the analysis it sets out.

88.      Bavarian Lager unreservedly supports the interpretation of Article 4(1)(b) of Regulation No 1049/2001 adopted by the Court of First Instance. Although it doubts that, in the present proceedings, the data concerned may be regarded as ‘personal data’ as defined by Regulation No 45/2001, it states that, even if that were the case, that legislation would not affect the disclosure of such data. In its view, the lack of specific interference with private life in the present case means that the exception in Article 4(1)(b) of Regulation No 1049/2001 is not triggered, since the second part of that provision, concerning the protection of personal data, is merely ancillary. It also criticises the Commission’s proposal for reconciling the two regulations at issue, which it contends is complex, unworkable and wrong in law. Finally, it regards the Commission’s position in its third ground of appeal as contrary to the principle of sound administration.

89.      The EDPS focuses on the balance between the two regulations at issue in this appeal. Taking as a starting point the widest possible access to documents, he rejects the view that Article 8(b) of Regulation No 45/2001 obliges an applicant seeking to obtain documents containing data of the kind at issue in this case to give reasons for his application. He considers that the protection of personal data is assured by a system of checks and balances which calls for a nuanced interpretation of Regulation No 45/2001. He supports Bavarian Lager’s contention that the second phrase of Article 4(1)(b) of Regulation No 1049/2001 performs the ancillary function of helping the Community institutions to judge whether there has been interference with an individual’s private life. Finally, he gives his views on the interpretation of Articles 5, 8 and 18 of Regulation No 45/2001.

90.      The Danish, Finnish and Swedish Governments likewise support the judgment under appeal, which they consider to be entirely correct.

91.      Those three Member States emphasise the importance of access to documents as a way of guaranteeing transparency, openness, democratic legitimacy and public confidence. They stress that it is private life, rather than mere personal data, which deserves protection and consider that the disclosure of the names of persons participating in a Commission meeting by virtue of their professional status cannot actually and specifically harm the privacy or integrity of such persons. For that reason, they consider that in this case the exception in Article 4(1)(b) of Regulation No 1049/2001 does not apply and that the Commission was therefore under an obligation to disclose in full the minutes of the October 1996 meeting.

92.      Finally, they state that the Commission’s interpretation would mean that all personal data in all areas of the Community institutions’ competence could be declared confidential under the personal data-protection rules or, at least, that such data would only be transferred to applicants who could prove the need for such disclosure after a long and laborious procedure. Such a result would greatly reduce transparency and would run counter to the objective pursued by the Access to Documents Regulation.

VII –  Analysis of the appeal

A –    The solution proposed for the first and second grounds of appeal

1.      Comparison of the two regulations at issue

93.      First, the Court is here dealing with two Community regulations, adopted close in time to one another, protecting two fundamental rights of equal value. It is inconceivable that the Community legislator, in adopting the Access to Documents Regulation, was unaware of the detailed provisions that he had laid down barely six months previously in the Personal Data Regulation. On the contrary, recital 15 to Regulation No 45/2001 together with the provisions of Article 4(1)(b) of Regulation No 1049/2001 make it clear beyond doubt that the legislator wished appropriate protection of privacy, having regard to the principles laid down in the Community data-protection legislation, to form an integral part of the arrangements governing access to documents.

94.      It is likewise inconceivable that the legislator wished the earlier regulation to undermine and render ineffective the provisions on access to documents. Indeed, recital 15 to the Personal Data Regulation specifically states that ‘[a]ccess to documents, including conditions for access to documents containing personal data, is governed by the rules adopted on the basis of Article 255 [EC]’ (emphasis added). Furthermore, although when the Personal Data Regulation entered into force the Access to Documents Regulation had not yet formally been adopted, the principles concerning access to documents dated back to the Code of Conduct; and the Commission’s proposal for what became Regulation No 1049/2001 had been published towards the end of June 2000, (36) nearly six months previously.

95.      Second, because the two fundamental rights at issue are of equal importance, there can be no question of ignoring one right in order to give priority to the other right. The Court of Justice has previously pointed out that, in circumstances in which fundamental rights collide, the conflicting interests must be weighed in order to seek a fair balance between those interests and the fundamental rights at stake. (37) However, the ideal solution is clearly one that avoids making an invidious choice between two such rights.

96.      Third, as has been pointed out by a number of parties, the two regulations pursue different objectives.

97.      Before delving into the detailed text of the two regulations, I should point out that the two fundamental rights to which each separately gives effect have emerged in Community law only recently, in comparison with other rights that are of a much earlier vintage.

98.      Thus, access to documents was not part of the Community legal order until the adoption of Declaration No 17, annexed to the Treaty on European Union, which was subsequently implemented in the Code of Conduct. (38)

99.      The Access to Documents Regulation aspires ‘to ensure the widest possible access to documents’, according to Article 1(a). The documents that it targets are, according to Article 3(a), those containing ‘any content … concerning a matter relating to the policies, activities and decisions falling within the institution’s sphere of responsibility’. The right of access extends, under Article 2(3), to all documents in the possession of an institution, both those which it has drawn up itself and those which it has received from elsewhere. That constitutes a further advance towards openness, superseding as it does the so-called ‘authorship rule’ on the basis of which institutions refused to disclose documents that they had not themselves drawn up, referring the applicant instead to the document’s author. (39) Thus, it seems clear to me that the thinking behind the Community legislation on access to documents has evolved steadily towards ever-increasing access, openness and transparency.

100. Although the fundamental right to the protection of private life is a traditional element of national constitutions and declarations of human rights, its extension to the protection of personal data came about only with technical advances and the generalised use of computers. Convention No 108 made a pioneering contribution to the protection of this aspect of private life, entering the Community legal order through the common constitutional traditions of the Member States. (40)

101. The purpose of the Personal Data Regulation is to ensure that Community institutions and associated and equivalent bodies ‘protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data’ (Article 1(1)). The regulation protects any ‘processing’ of ‘personal data’ (both broadly defined, in Article 2(b) and (a) respectively) (41) and applies ‘to the processing of personal data wholly or partly by automatic means, and to the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system’ (Article 3(2)). (42)Other forms of data processing, for example to grant access to documents, are not included in that definition.

102. Let me pause there to take stock.

103. The Access to Documents Regulation is concerned with transparency and open government and requires disclosure to the public (43) of documents whose substance concerns ‘the policies, activities and decisions’ of the Community institutions. The Personal Data Regulation protects data processed automatically or semi-automatically, and data contained, or intended to be contained, in filing systems, from inappropriate processing. It is about what to do with data, not about what to do with documents.

104. It seems to me that not only do these two regulations pursue different objectives, but that – properly construed – there is no reason to assume that their provisions necessarily collide.

105. The cornerstone of the solution that I propose for reconciling Regulation No 45/2001 and Regulation No 1049/2001 is – as will be evident – the way in which I read Article 3(2) of Regulation No 45/2001. Neither the Court of First Instance nor the parties have approached the case in this way. Before turning to examine in more detail the consequences of my approach, I must therefore ask myself whether there is any obvious flaw in my reasoning.

106. The principal objection that might be raised is that I am reading too much into Article 3(2) as compared with Article 3(1). The argument runs as follows. Article 3(1) is what really defines the scope of Regulation No 45/2001. Article 3(2) merely provides additional clarification. If one takes Article 3(1) as the ‘lead provision’ and treats Article 3(2) as ancillary to it, Article 3(1) is indeed sufficiently broad in scope to lead to a clash with Regulation No 1049/2001 (since disclosure of documents under the latter is, unquestionably, something that is ‘carried out in the exercise of activities all or part of which fall within the scope of Community law’ and the definitions of ‘personal data’ and ‘processing’ in Article 2(a) and (b) respectively are so broad that they encompass such disclosure).

107. Let me examine that objection by reference to (a) the travaux préparatoires for Regulation No 45/2001 and (b) the existing case-law on the scope of both Directive 95/46 and Regulation No 45/2001. Following that analysis, I shall consider two other possible objections to my approach.

a)      The travaux préparatoires for Regulation No 45/2001

108. The explanatory memorandum to the Commission proposal for Regulation No 45/2001 (44) (‘the EM’) opens with the following passage: ‘Community institutions and bodies, and the Commission in particular, handle personal data as part of their everyday work. The Commission exchanges personal data with Member States in implementing the common agricultural policy and the Structural Funds, in administering the customs union and in pursuing other Community policies. In order that data protection might be seamless, the Commission, when it proposed Directive 95/46/EC in 1990, declared that it too would observe the principles that it contained.’ (45)

109. The EM goes on to note that, when Directive 95/46 was adopted, ‘the Commission and the Council undertook, in a public declaration, to comply with the Directive, and called upon the other Community institutions and bodies to do likewise’. (46) After referring to the insertion, into the EC Treaty, of what is now Article 286 EC by the Treaty of Amsterdam, the EM summarises the text of that article, which provides that Community institutions and bodies will have to apply the Community rules on the protection of personal data and that the application of those rules will have to be monitored by an independent supervisory body. The EM concludes with the words, ‘[t]he present proposal for a Regulation is designed to attain this twin objective’.

110. The EM has – self-evidently – no legally binding effect. It is nevertheless helpful in understanding why Regulation No 45/2001 came about. It suggests strongly that the legislator was only concerned to ensure that the considerable volume of personal data handled by the Community institutions on a day-to-day basis, as a necessary part of implementing and administering Community policies, would be treated in an appropriate way. Such data will, typically, be processed wholly or partly by automatic means. Where they are processed other than by automatic means, they will be data that form, or are intended to form, part of a filing system or database. That is, precisely, the scope given to the ensuing regulation by Article 3(2).

111. Against that background, what does the proposal for a regulation itself yield by way of further guidance?

112. First, the comments on Article 1 (the object of the regulation) are illuminating. They indicate that, ‘[t]he protection afforded [by Article 1] extends not only to the processing of data on employees of the institutions or on any other person working on behalf of the institutions, but also to the processing of data on any natural person external to the institutions, such as suppliers or persons in receipt of monies from Community funds. Personal information transmitted by the Member States to the Commission in connection with the management or monitoring of the payment of Community subsidies is, in particular, protected under this Regulation’. Thus, ‘the object of the present Regulation is different from that of [Directive 95/46]’. (47) Later in the same section, the Commission explains that the regulation ‘will clearly have the effect ... of ensuring that personal data transmitted, for the purpose of the performance of their duties, to Community institutions and bodies will be dealt with under conditions ensuring respect for the fundamental rights and freedoms of data subjects ...’. (48)

113. All this is a far cry from the incidental inclusion of personal data in a document recording a working meeting convened by a Community institution.

114. Second, the comment to Article 3(1) explains that ‘the Regulation applies to the processing of personal data by all Community institutions and bodies’ and goes on to list those institutions and to draw a careful distinction between ‘activities carried out under the EC Treaty, the ECSC Treaty or the Euratom Treaty, or even, where appropriate, under Title VI of the Union Treaty’ (which are all covered) and ‘the processing of personal data by bodies set up under Title VI of the Union Treaty, such as Europol’ (which is not). (49)

115. Third, the commentary to Article 3(2) is under the heading: ‘Processing subject to the regulation’ (the implication being that other processing is not subject to the regulation). It states: ‘This paragraph reproduces Article 3(1) … [of] Directive [95/46]’ and then merely repeats, verbatim, the actual wording of Article 3(2) (which appears to have remained unchanged from the proposal for the Regulation as adopted). (50)

116. Simple examination of the texts of Article 3 of Directive 95/46 and Article 3 of Regulation No 45/2001 reveals that the Community legislator wrote the two clauses defining scope opposite ways round in the regulation and in the directive. Thus, Directive 95/46 ‘leads’ with an Article 3(1) that defines what processing is subject to the directive (matching Article 3(2) of Regulation No 45/2001) and then goes on to specify, in its Article 3(2), the context in which such processing is regulated (corresponding to Article 3(1) of Regulation No 45/2001).

117. Against that background, it seems to me safe to conclude that, within Regulation No 45/2001, Article 3(2) should not be read as subordinate or ancillary to Article 3(1). The two limbs of Article 3 simply correspond to different aspects of defining the ‘scope’ of the measure. One deals with what is regulated (automatic and semi-automatic data processing and non-automatic processing of data from, or destined for inclusion in, databases (or, as the regulation describes them, ‘filing systems’)). The other deals with when it is regulated (that is, when the data controller is engaged in various categories of activity). The Community legislator was clearly indifferent as to whether he dealt first with ‘what does this cover?’ and then with ‘when does this apply?’, or whether he treated these two aspects in reverse order. What is important is that, together, the answers to these two questions determine the scope of the Community measure, be it regulation or directive.

b)      The case-law

118. Although there are not many cases dealing with the interpretation of Article 3 of Directive 95/46, Österreichischer Rundfunk and Others, (51)Lindqvist (52) and Satakunnan Markkinapörssi and Satamedia (53) are noteworthy. In the analysis that follows, it is important to bear in mind that Article 3(1) of Directive 95/46 is the equivalent provision to Article 3(2) of Regulation No 45/2001, whereas Article 3(2) of the directive corresponds (roughly, and with exceptions) to Article 3(1) of the regulation.

119. In Österreichischer Rundfunk and Others, the Court was dealing with the Austrian legislation under which bodies subject to control by the Rechnungshof (Court of Auditors) were required to inform it of the salaries or pensions of persons receiving more than a specified reference amount. It seems clear from the case report that that material was (necessarily) drawn from the payroll and pensions records of the bodies concerned, by applying appropriate search criteria. The material was then summarised by the Rechnungshof in a report transmitted to the Nationalrat, the Bundesrat and the Landtage (the lower and upper chambers of the Federal Parliament and the provincial assemblies). The report was also made available to the general public. The case proceeded on the basis that the Rechnungshof’s report had to give the names of the persons concerned and, against each name, the amount of annual remuneration received. (54)

120. Much of the Court’s judgment was spent in examining whether the Rechnungshof’s activities fell outside the scope of Article 3(2) of Directive 95/46 because they involved no link with free movement. Having decided that the directive did apply, the Court proceeded to interpret it. It therefore seems that the Court must have been satisfied that the extraction and transmission of the material in question involved (at the least) ‘the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system’ within Article 3(1) of that directive. On the facts, that seems an eminently reasonable approach.

121. Lindqvist concerned a volunteer catechist with the Swedish Church who, as part of a data-processing course she was taking, had to set up a homepage on the internet. She therefore set up internet pages on her personal computer at home (pages which, at her request, were linked to the Swedish Church’s website). In those pages, in order to allow parishioners preparing for their confirmation to obtain information that they might need, she gave details about herself and 18 colleagues in the parish. The details given were unquestionably ‘personal data’. (55) The Court held that the operation of loading personal data on an internet page must be considered to be ‘processing’ within the definition in Article 2(b) of Directive 95/46 (which mirrors that in Article 2(b) of Regulation No 45/2001).

122. It remained to be determined whether such processing came within Article 3(1) of Directive 95/46. The Court ruled that, ‘... placing information on an internet page entails, under current technical and computer procedures, the operation of loading that page onto a server and the operations necessary to make that page accessible to people who are connected to the internet. Such operations are performed, at least in part, automatically’. (56)

123. For that reason, the answer to the first question referred was that the operation in question constituted ‘the processing of personal data wholly or partly by automatic means’ within the meaning of Article 3(1) of Directive 95/46. The Court therefore did not need to consider whether that operation was ‘the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system’ (the final element within Article 3(1) of the directive). Accordingly, the judgment gives no guidance as to what such a filing system entails.

124. As with Österreichischer Rundfunk and Others, the Court then went on to consider whether Mrs Lindqvist’s activities fell outside the scope of Article 3(2) of Directive 95/46 and, having held that the directive did apply, to rule on its interpretation.

125. The clear implication of Lindqvist is that, as soon as processing of personal data is automatic or partly automatic, it falls within the scope of the data-protection legislation (be that Directive 95/46 or Regulation No 45/2001). However, a request for disclosure of documents made under Regulation No 1049/2001 is not – as I understand it – treated in that way. Rather, it is examined individually and manually. (57)

126. Finally, in Satakunnan Markkinapörssi and Satamedia, the Court had to examine dissemination by Satakunnan Markkinapörssi Oy (‘Satakunnan’) and Satamedia Oy (‘Satamedia’) of tax data concerning some 1.2 million natural persons lawfully obtained from the Finnish tax authorities. The Tietosuojavaltuutettu (Finnish Data Protection Ombudsman) had applied to the national court for orders prohibiting collection and dissemination of such data. Satakunnan and Satamedia pleaded that what they were doing was the processing of data carried out solely for journalistic purposes.

127. The Court in its judgment proceeded directly from finding that the data were personal data within the meaning of Article 2(a) of Directive 95/46, and that the activity in question was ‘processing of personal data’ within the definition in Article 2(b) of the directive, to concluding that the activities in which Satakunnan was engaged were the ‘processing of personal data’ within the meaning of Article 3(1) of the directive. (58) The Court then examined the exceptions in Article 3(2) of the directive, held that they did not apply and went on to construe Article 9 of the directive (on processing of personal data carried out solely for journalistic purposes).

128. Advocate General Kokott did, however, pause to examine whether the activities in question fell within the precise wording of Article 3(1) of Directive 95/46. (59) She dealt with the essence of that issue succinctly but clearly in the following terms: ‘It is probable that the operations referred to by the national court are carried out at least partly by automatic means [leaving aside disclosure by CD-ROM]. However, the automation of disclosure requires no further explanation because the publication of tax data on paper constitutes a filing system and disclosure in the form of a text-messaging service presupposes the consultation of a filing system. Consequently, all the abovementioned activities, including disclosure of data by means of CD-ROM, involve the processing of data which form part of, or are intended to form part of, a filing system.’ (60) Accordingly, she concluded that the activities in question fell within Article 3(1) of the directive.

129. That analysis parallels my analysis in the present case.

130. I should also briefly mention Nicolaou v Commission (61) (the only case, to my knowledge, on Article 3 of Regulation No 45/2001). That case concerned the ‘leak’ to the press of material relating to an investigation involving a former member of the Court of Auditors. The Court of First Instance confined itself to examining the terms of Article 3(1) of Regulation No 45/2001, the definitions of ‘personal data’ and ‘processing’ in Article 2(a) and (b) respectively and what constitutes lawful processing within the meaning of Article 5. It did not examine Article 3(2) at all.

131. It seems to me that none of those cases presents an insuperable obstacle to reading Article 3(2) of Regulation No 45/2001 as I have suggested.

c)      Further objections

132. I should, however, examine two further possible objections to the position that I am espousing.

133. First, suppose that a person requests and receives a document from a Community institution, without having to justify that request, by virtue of Article 6(1) of Regulation No 1049/2001. Suppose that person then makes use of modern technology to scan the document and applies automatic or partly automatic processing to the resulting electronic version (for example, in order to e-mail everyone whose name appears in that document). Would that not circumvent the strict data-protection regime of Regulation No 45/2001?

134. I do not believe that it does. The document is obtained under the access to documents rules. However, any further use of the document so obtained that involved automatic or partly automatic processing – or that involved putting (or intending to put) the document, together with others, onto a database – would fall within the scope of Article 3(1) of Directive 95/46. It would therefore, from that point onwards, be subject to the data-protection regime through the national rules implementing that directive.

135.          Second, it is common knowledge that the search function in many types of computer software can be used to find and retrieve particular items by applying specified criteria. With increasing frequency, surely, material is stored electronically. That function must therefore routinely be applied in order to find and retrieve a particular document, access to which has been requested under Regulation No 1049/2001 (and which incidentally contains personal data such as the names of attenders at a meeting). Is that not either ‘the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system’ or, indeed, ‘the processing of personal data ... partly by automatic means’?

136. To answer this twofold objection, my starting point is (and, I think, must be) to accept that minutes of various meetings indeed tend to be stored and/or classified together; that such storage may well be in electronic form; and that a person dealing with a request for a document under Regulation No 1049/2001 might very reasonably use a search function on a computer in order to locate the document requested.

137. In essence, the answer to the first part of this objection is that the ‘filing system’ in question is not a ‘structured set of personal data which are accessible according to specific criteria’, as defined by Article 2(c) of Regulation No 45/2001. The essence of what is being stored is the record of each meeting, not the incidental personal data to be found in the names of the attenders.

138. That may be contrasted with (for example) a filing system containing the records of all applications for payments in the milk sector of the common agricultural policy during the current calendar year. Here, although what is stored is again ‘each record’, the name of the claimant is in no sense ‘incidental’. It seems very likely that the software to help with the processing of such claims would be set up so that ‘search by name’ was an easily performed (and frequently performed) operation.

139. In contrast, in dealing with a request for access to documents, the act of searching is typically performed on the document using various search criteria (‘meeting of [date]’, ‘committee [reference number]’, and so forth) that have nothing to do with personal data like the names of attenders at a meeting. The personal data as such will not serve as a standard search criterion. It follows that this is document processing, not data processing.

140. I accept that the use of a search function systematically to retrieve the minutes of all meetings in which Mr X took part would raise very awkward issues. It might be argued that what was being processed was still the minutes rather than the personal data; and that the operation was not being performed on a ‘structured set of personal data’ (Article 2(c) of Regulation No 45/2001). At the same time, it is clear that the search would be, specifically, ‘an operation … which is performed upon personal data’ (and hence processing within the definition in Article 2(b) of Regulation No 45/2001). Indeed, its whole raison d’être would be to identify and track Mr X’s participation in meetings.

141. Given the aims and purpose of Regulation No 45/2001, it seems to me that at that stage the focus would have shifted sufficiently away from the minutes and towards the personal data being processed for Regulation No 45/2001 to apply. A request for ‘all minutes of meetings involving Mr X’ (even if lodged under Regulation No 1049/2001) is, on closer inspection, a request to process information about Mr X (the search by name being used to group together all the information of a particular type that is about that specific individual). Such a request is therefore, in reality, a disguised request for information about Mr X and his activities rather than a request for documents that happen, incidentally, to mention Mr X. It should be dealt with as what it truly is: a request involving the processing of personal data. (62)

142. Normally, however, using a search function on a computer in order to locate a document requested under the Access to Documents Regulation would not constitute ‘the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system’.

143. That said, the difficulty still remains that in Lindqvist the Court held that, once processing is automatic or partly automatic, it is caught by the data-protection rules – the way in which the data are held becomes irrelevant. I must therefore now address the second part of the objection: the question whether the mere use of a search function constitutes ‘the processing of personal data ... partly by automatic means’.

144. It seems to me that the answer lies in the fact that the search function merely replicates something that could (much more laboriously) be done manually, just as an electric drill bores a hole more swiftly and effectively than a brace and bit. (63) Human intervention is first needed to read and analyse the request for a document, and to consider whether, for example, the request involves a ‘sensitive document’ under Article 9 of Regulation No 1049/2001. The guiding mind of the operator is still essential in order to specify the initial search criteria and, if necessary, to refine the search. Once the document has been located, man must again take over from machine in order to review the document and determine whether access should be granted in full, whether one of the exceptions in Article 4 of the regulation applies, and to work out how – if so – to give access to the remainder of the document as required by Article 4(6).

145. In dealing with a request for access to documents, the official handling the request thus decides whether, and to what extent, he needs to use a search function, and also determines what the search term(s) should be. A human brain is still directing the technology, just as the handyman still manipulates the electric drill that has replaced the brace and bit.

146. In my view, such a sequence of operations, in which the individual human element plays such a preponderant part and retains control throughout, should not be considered to be ‘the processing of personal data ... partly by automatic means’ within the meaning of Article 3(2) of Regulation No 45/2001. (64) In particular, it can be distinguished from the loading of internet pages (as in Lindqvist) where part of the operation is intrinsically automated.

147. I accept that it is possible to argue that the Community legislator intended, in Regulation No 45/2001, to ‘cast the net wide’ (as evidenced by the breadth of the definitions of ‘personal data’ and ‘processing’ in Article 2(a) and (b) respectively) and that, applying the same principle, the concept of what is automatic or semi-automatic processing in Article 3(2) should also be given the widest possible meaning.

148. My answer to that is twofold.

149. First, defining the scope of a Community instrument is not the same as defining the meaning of terms to be construed within that scope. Second, such a broad reading of the scope of Regulation No 45/2001 reduces the effectiveness of Regulation No 1049/2001 to an unacceptable degree. A significant proportion of documents contain – somewhere or other – a reference to a name or other personal data. When the Community legislator says, in recital 15 to Regulation No 45/2001, that ‘access to documents, including conditions for access to documents containing personal data [emphasis added], is governed by the rules adopted on the basis of Article 255 [EC], the scope of which includes Titles V and VI of the [EU] Treaty [now, therefore, by Regulation No 1049/2001]’, it seems to me that we should take him at his word.

150. Accordingly, I remain of the view that the Court should construe Article 3(2) of Regulation No 45/2001 as defining the circumstances in which that regulation applies (‘the processing of personal data wholly or partly by automatic means and ... the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system’). Such processing of personal data by all Community institutions is then (applying Article 3(1) of the regulation) covered in so far as it is ‘carried out in the exercise of activities all or part of which fall within the scope of Community law’. Other circumstances are not covered by Regulation No 45/2001. They fall to be dealt with under the applicable rules – in particular, where requests are made to Community institutions for access to documents, under Regulation No 1049/2001.

2.      The consequences of reconciling the two regulations in this way

151. Let me first stress certain facts specific to this case, which will shape my reasoning. We are concerned with an application made to obtain a specific document: the full minutes of a meeting. The application was made under Regulation No 1049/2001, Article 6 of which specifically provides that an applicant is not required to give reasons for his application.

152. Since, on receiving this application, the Community institution will observe that the document requested contains personal data, it must first assess whether the disclosure of such data infringes the privacy and integrity of the data subject, since Article 4(1)(b) of Regulation No 1049/2001 provides for protection of the right to private life, as formulated by the ECHR. If disclosure constitutes potential interference, to use the ECHR terminology, the Commission will then have to consider whether that encroachment is justified under the parameters set by Article 8(2) ECHR. (65)

153. In that context, I consider that the Court of First Instance erred in holding that the disclosure to third parties of the names of those present at the October 1996 meeting did not amount to a potential interference with private life. The interpretation of the concept of ‘interference’ adopted by the ECHR Court is very broad. (66) The names identify the persons. In principle, therefore their disclosure (even in the context of business relations) constitutes potential interference of that kind. (67)

154. Accordingly, the issue is whether such potential interference, in that form and in that particular context, is justifiable. It seems to me that it would have been sufficient then to apply the usual test for justification of interference in private life in accordance with the criteria laid down in Article 8(2) ECHR – namely that the measure must be in accordance with the law, the measure must be necessary in a democratic society and it must be proportionate to the aims pursued – in order to conclude that any potential interference was justified. That course of action, moreover, aligns the decision of the Community Courts on the human rights issues in this appeal with the case-law and methodology of the ECHR Court. In the light of Bosphorus, (68) that is not only desirable but essential.

155. The Court of First Instance’s error in considering that there was no potential interference with the right to private life (69) would be a sufficient basis for setting aside the judgment under appeal. However, that would still leave unresolved the problem of how to reconcile the two regulations. I shall now therefore take the liberty of moving away from the facts of this dispute and re-examine that question in general terms.

156. Let us start again at the beginning.

157. What are the guiding principles which must be applied analytically to a request to a Community institution for a document, before that institution can decide whether it must publish or disclose personal data?

a)      Examining the problem in general terms

158. When a Community institution receives a request for documents, its first step will be to ascertain whether the application refers to documents that contain no personal data (hypothesis (a)) or documents that do include such data (hypothesis (b)). (70) Hypothesis (a) poses no difficulty. The institution must disclose the document to the applicant by direct operation of Regulation No 1049/2001, unless another of the exceptions provided for in that regulation applies. In contrast, hypothesis (b) requires more careful consideration. What precisely is being sought?

159. Within hypothesis (b), it is in fact necessary to distinguish between two distinct subcategories of documents. The first (‘b‑1’) comprises ordinary documents that contain an incidental mention of personal data, where the primary purpose of compiling the document has little to do with personal data as such (for example, the record of a meeting). The raison d’être of such documents is to store information in which the personal data are of minimal importance. Documents in the second subcategory (‘b‑2’) essentially contain a large quantity of personal data (for example, a list of persons and their characteristics). The raison d’être of b‑2 documents is, precisely, to gather together such personal data.

160. Once the Community institution has ascertained the content of the document requested, the second step will be to classify the application correctly. A request for a b‑1 document is to be regarded simply as a request for access to a public document. An application for a b‑2 document may have been submitted as a request for public documents covered by Regulation No 1049/2001. In reality, however, it constitutes a ‘disguised’ request for disclosure of personal data, since the document’s content is such that access to personal data is really what is being sought. Given the very broad definition of ‘document’ in Article 3(a) of Regulation No 1049/2001, it is easy for a covert or indirect request for personal data, within the meaning of Regulation No 45/2001, to look like a request for ‘documents’ within the meaning of Regulation No 1049/2001. (71) (72) Consequently, the potential for (initial) confusion of this kind is real.

161. The third step follows directly from the classification made, namely to determine which regulation applies. Applications for b‑1 documents will be handled under Regulation No 1049/2001, because that is the general legislative instrument governing access to documents. Applications for such documents fall outside the scope of Article 3(2) of Regulation No 45/2001, since they do not constitute automatic or semi-automatic processing of personal data, nor is there processing of data intended for a filing system. (73) Precisely the opposite will happen with b‑2 documents. Their raison d’être is the storage of personal data. That will bring them within the scope of Regulation No 45/2001, by virtue of Article 3(2) thereof.

162. The fourth step will be to enquire, in the light of that analysis, whether or not reasons must be given for the application. Pursuant to the last sentence of Article 6(1) of Regulation No 1049/2001, requests for b‑1 documents clearly do not require reasons. In contrast, requests for b‑2 documents will have to demonstrate the need for the transfer of data, in accordance with Article 8(b) of Regulation No 45/2001.

163. Fifth, the procedure to be followed in disclosing the documents will also be different for each of the two subcategories.

164. Thus, for b‑1 documents, the procedure established in Regulation No 1049/2001 will be followed. However, because they also contain personal data, it will be necessary to apply the Article 8 ECHR test on a precautionary basis in order to assess whether access to the full, unexpurgated text of the document should be refused because such unrestricted disclosure would violate the data subject’s privacy. The obligation to apply that test derives from Article 4(1)(b) of the Access to Documents Regulation, which requires account to be taken of the privacy and integrity of the data subject.

165. Requests for b‑2 documents, on the other hand, will be subject in their entirety to the procedure outlined in Regulation No 45/2001. Consequently, (a) the processing will have to be ‘lawful’ within the meaning of Article 5 thereof; (b) the applicant will have to give reasons, in accordance with Article 8; (c) where appropriate, the provisions governing applications from non-member countries or non-Community international organisations will come into operation, in accordance with Article 9; (d) if sensitive data are involved, particular attention will have to be given to Article 10; and, finally, (e) Article 18 requires the Community institution to inform the data subject that he can object to processing, except in the cases covered by Article 5(b), (c) and (d).

166. Finally, what are the consequences, in terms of disclosure? Subcategory b‑1 documents will normally have to be disclosed to the applicant. If any part of a document is found to be covered by the exception in Article 4(1)(b) of Regulation No 1049/2001, a redacted version of the document will have to be released, in accordance with Article 4(6). The disclosure will be erga omnes. In the case of subcategory b‑2 documents, disclosure may only be made on a case-by-case basis and not erga omnes, since the personal data will be disclosed only to an applicant who has given due reasons for his application.

b)      Consequences

167. So far as ordinary documents belonging to sub-category b‑1 are concerned, the institutions must keep in force provisions to protect privacy and bring such provisions to the notice of those concerned. The normal consequence of an application for access to a document of this kind will be full disclosure, thereby giving effect to the principle of transparency.

168. Nevertheless, in the case of personal data mentioned incidentally in b‑1 documents, the institutions must continue to apply Article 8 ECHR as a guiding principle in order to verify whether the exception in Article 4(1)(b) of the Access to Documents Regulation is triggered, so that only partial access should be given, in accordance with Article 4(6) of that regulation. Disclosure of the document (whether or not it includes such personal data) will then be erga omnes, so that the institution will not be able to refuse its disclosure to other applicants.

169. The implications for documents that essentially contain personal data (b‑2 documents) are very different. Such applications will have to be dealt with in strict compliance with the procedure described in Regulation No 45/2001, following the instructions there set out to the letter. Disclosure will never be erga omnes.

170. In short, the key to the solution to problems like the one raised by the judgment under appeal is that the institutions must put in place a system that enables them to identify such applications correctly: in other words, to distinguish those relating to subcategory b‑1 documents from those that in reality seek documents corresponding to subcategory b‑2. Only if they are equipped to ascertain to which of those two subcategories any particular document requested belongs will the Community institutions know how to react, applying the appropriate legislation.

c)      The correct interpretation of Article 4(1)(b) of Regulation No 1049/2001

171. As the Commission emphasised in its appeal, the exception in Article 4(1)(b) comprises two elements, not one.

172. The first part of the exception grants general protection for the privacy and integrity of individuals. Thus, even in the case of an ordinary type b‑1 document it will always be necessary to ascertain whether the interference with the individual’s right to privacy would be such that complete disclosure of the document in question should be refused. In such cases, the principle of transparency will be satisfied by partial disclosure of such a document, in accordance with Article 4(6) of Regulation No 1049/2001. More usually, however, disclosure will be full and complete.

173. The second part of the exception will only come into operation where the Community institution, when classifying the application, finds that it is in reality an application which falls within the scope of Article 3(2) of Regulation No 45/2001, that is, one seeking access to subcategory b‑2 documents containing personal data in, or intended for, filing systems. (74) In such a case, the Community institution will have to process the application in accordance with the Community legislation on the protection of personal data, in particular Regulation No 45/2001, instead of doing so under the transparency regime of Regulation No 1049/2001.

174. In short, therefore, as with Asimov’s answer to his scientific conundrum, no conflict arises since an application for the processing of documents containing personal data will never constitute an application for a document relating to ‘the policies, activities and decisions’ falling within the institution’s sphere of responsibility under the rules on access to documents.

d)      The modus operandi of this interpretation: three examples

175. I have set out an interpretation of Article 4(1)(b) of Regulation No 1049/2001 that differs significantly from that adopted by the Court of First Instance, which the Commission challenges in its appeal. There is, perhaps, a risk that my analysis might be criticised as theoretical. Let me therefore illustrate its application with examples that cannot be seen as being confined to the realm of academic theory and thus demonstrate its value.

176. I shall take three examples of documents that might very well be prepared by any of the Community institutions. The first (‘document X’) contains the minutes of a meeting within one of the spheres of competence of the European Union. The second (‘document Y’) is the file opened in an internal investigation into allegations of sexual harassment in an administrative department of a Community institution, in which two officials are expressly referred to by name. The third (‘document Z’) is a list of the members of a particular department of one of the institutions and gives personal details about each of the officials.

177. All three are obviously documents within the usual meaning of the word. Document X clearly refers to ‘policies, activities and decisions’ of a Community institution. The same may be said of document Y, inasmuch as the manner in which the Community institutions deal with cases of alleged sexual harassment is a matter of valid public interest. The requests for both document X and document Y are both true requests for documents within the meaning of Article 3(a) of Regulation No 1049/2001. Although access to document Z may have been requested under Article 6(1) of that regulation, more detailed examination reveals that it is in fact a request for the processing of personal data that is held in a filing system. As such, it falls within the scope of Article 3(2) of Regulation No 45/2001.

178. How is the application for each document – X, Y and Z – to be handled?

179. The application for access to document X should be processed in accordance with Regulation No 1049/2001. The Community institution in question will have to apply the test under Article 4(1)(b) of that regulation in conjunction with Article 8 ECHR. There is no real interference with the privacy of individuals. (75) Full disclosure will therefore be made of the document, erga omnes.

180. The request for document Y will likewise have to be processed in accordance with Regulation No 1049/2001. However, since an obvious problem arises involving the privacy of the persons mentioned in the records of a sexual harassment case, the exception in Article 4(1)(b) will apply, and the institution will disclose a redacted version of document Y, in accordance with Article 4(6) (thereby respecting both the privacy of the two officials involved and the principle of transparency). Disclosure will likewise be erga omnes.

181. The request for access to document Z, on the other hand, will have to be processed in accordance with Regulation No 45/2001, since that document clearly forms part of a filing system containing personal data. Consequently, it may be disclosed only on lawful grounds and disclosure will be on an individual basis; in other words it will be disclosed only to the applicant, not erga omnes.

182. I hope that these three examples help to explain clearly how the boundary between the two regulations at issue in these proceedings operates in practice.

3.      Outcome

183. In the light of my analysis thus far, I conclude that the interpretation of Article 4(1)(b) of Regulation No 1049/2001 adopted by the Court of First Instance in the judgment under appeal is incorrect.

184. In my view, the Court of First Instance failed to pay sufficient attention to the second part of Article 4(1)(b), under which regard must be had to the Community legislation on protection of personal data. As the Commission and the Council observe, that error caused the Court of First Instance to reach a result that, ultimately, wholly sacrificed the fundamental right to data protection in the interests of transparency. In reality, however, the inference to be drawn from a proper reading of the two regulations is that no such conflict need exist.

185. The Court of First Instance also erred in considering that disclosure of the names of the five participants in the October 1996 meeting who objected or who could not be contacted did not constitute a potential interference with their right to privacy within the meaning of Article 8(1) ECHR. It therefore failed to go on to apply the test for justification in Article 8(2) ECHR.

186. Consequently, my analysis, albeit based on arguments that differ radically from those put forward by the Commission and the Council, supports their diagnosis that Article 4(1)(b) of Regulation No 1049/2001 was interpreted incorrectly. However, although I am, like them, critical of the Court of First Instance’s interpretation of Article 4(1)(b) of Regulation No 1049/2001, it is for different reasons; and consequently I disagree with the conclusion which they invite the Court of Justice to draw in deciding this appeal.

187. According to settled case-law, if the reasoning of a judgment of the Court of First Instance discloses an infringement of Community law but its operative part appears well founded on other grounds, the appeal itself must be dismissed. (76)

188. The document requested by Bavarian Lager in its confirmatory request (the full text of the minutes of the October 1996 meeting) contained incidental mention of personal data. Specifically, it contained the names of those attending the meeting, as minutes usually do. It was also unquestionably concerned with ‘the policies, activities and decisions’ of a Community institution.

189. In my view, Bavarian Lager’s request for that document was not, on proper examination, a disguised request for personal data. It was a request for an ordinary official document. The document requested was of type b‑1, closely resembling document X in my example.

190. The request did not involve ‘the processing of personal data wholly or partly by automatic means’ or ‘the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system’. Therefore, it did not fall within the scope of Article 3(2) of Regulation No 45/2001 and the procedures and provisions of that regulation were not triggered. The request fell to be handled solely and exclusively on the basis of Regulation No 1049/2001.

191. The Commission was therefore required to ask itself, applying Article 4(1)(b) of Regulation No 1049/2001, whether disclosure ‘would undermine the protection of … privacy and the integrity of the individual, in particular in accordance with Community legislation regarding the protection of personal data’.

192. Although the disclosure of minutes of a meeting mentioning the participants’ names was a potential interference with their right to a private life under Article 8(1) ECHR, the context (an official meeting involving representatives of an industry group acting as spokesmen for their employers, and thus purely in a professional capacity), taken together with the principle of transparency, provided ample justification for such interference under the test laid down in Article 8(2) ECHR.

193. Because the exception from disclosure contained in Article 4(1)(b) of Regulation No 1049/2001 was not applicable, it was impermissible for the Commission to provide only a redacted version of the minutes in application of Article 4(6) of that regulation. The Commission was required to disclose the minutes in full. The contested decision refusing such disclosure was therefore unlawful.

194. Consequently, in the present case it would be sufficient to draw attention to the errors of law in the Court of First Instance’s reasoning without allowing the appeal and reversing the decision below, given that it was proper that the Commission’s decision to withhold disclosure of the full document should be annulled.

B –    The third ground of appeal

195. By its third ground of appeal, the Commission alleges that the Court of First Instance erred in law by misinterpreting the exception concerning protection of the purpose of investigations, contained in the third indent of Article 4(2) of Regulation No 1049/2001.

196. In summary, the Commission argues that the interpretation in the judgment under appeal takes no account of the need for the Community institution to guarantee, in certain circumstances, confidentiality for persons providing it with information in the course of its investigative activities. Without that power to cloak its sources of information with secrecy, the Commission risks losing an essential working tool for conducting its inquiries and investigations.

197. I do not agree.

198. First, the Commission is curiously silent on the question of timing, although that was one of the principal arguments relied on by the Court of First Instance in ruling that the exception in the third indent of Article 4(2) of Regulation No 1049/2001 did not apply in this case. (77)

199. The Commission does not dispute the fact that, in these proceedings, the requests for access to documents were submitted when the Treaty infringement proceedings against the United Kingdom had already been shelved. No investigation was pending or, indeed, even recently concluded. (78) It is therefore quite unclear to me how the disclosure of the names of the participants in the October 1996 meeting might jeopardise the Commission’s investigation. The investigation was long since over. The Commission has put forward no convincing argument to overturn that finding of the judgment under appeal.

200. Second, it is perfectly comprehensible why the Commission often uses advice and information from third parties. However, it is appropriate to distinguish at least two categories of such sources. On the one hand, there are the ‘outside interlocutors’ (if I may call them that) on whom the Commission frequently relies for general assistance through meetings of a professional nature. They represent the larger category of sources of information, since the Commission routinely organises many such meetings in all areas of its competence. However, the principle of transparency requires that the Commission should inform such outside interlocutors that their presence at any particular meeting will be made public to the extent to which documents are disclosed in accordance with Regulation No 1049/2001. It cannot invoke a supposed ‘presumption of confidentiality’ (to which the Commission baldly refers in its appeal) in order never to disclose their names.

201. That said, I appreciate the Commission’s need, as an authority entrusted with the conduct of delicate proceedings, to be able sometimes to have recourse to information of another kind, which in general can only be obtained from people – let us call them ‘informants’ – whose willingness to cooperate is ensured solely through the grant of anonymity. I therefore accept that, in certain very specific circumstances, the Commission must be able to grant such protection. The best example of such exceptional circumstances is the unfortunate Adams saga. (79) But that right comes into play only in very specific factual circumstances, in exceptional cases. It would be incumbent on the Commission to demonstrate that the circumstances were indeed exceptional, as claimed. (80)

202. However, in the present dispute between the Commission and Bavarian Lager, the circumstances of those called on to advise the Commission were not in any way exceptional. The October 1996 meeting was a routine meeting organised by the Commission in the exercise of its powers in Treaty infringement proceedings against a Member State. Moreover, the meeting was not with the complainant (Bavarian Lager) but with representatives of, among others, an industry pressure group, namely CBMC. Indeed, Bavarian Lager had wanted to attend that meeting, but its request to do so was turned down. That rather explains its persistent curiosity to ascertain exactly who was present.

203. In short, I find no error of law in the Court of First Instance’s argument. I therefore propose that the third ground of appeal be rejected.

C –    Alternative solution to the first and second grounds of appeal

204. I have already expressed my preference for an interpretation of Regulations No 1049/2001 and No 45/2001 which is more harmonious than that adopted by the Court of First Instance. However, should the Court prefer to deal with the appeal concerning Article 4(1)(b) of Regulation No 1049/2001 within the parameters set by the judgment of the Court of First Instance and by the way the various parties have presented the appeal, I shall set out below, briefly and in the alternative, certain observations as to how the appeal should then be determined.

205. I emphasise, however, that the alternative solution that I now outline is not my preferred solution.

206. First, my starting point remains that the Court of First Instance was wrong to decide that there was no potential interference, within the meaning of Article 8(1) ECHR, with the privacy of the persons present at the October 1996 meeting who had objected to disclosure of their names. Mere disclosure to a third party (particularly when it is then disclosure erga omnes) is sufficient to have repercussions on the private lives of such persons. The Court of First Instance’s judgment is therefore wrong in law. This Court should, however, now proceed to give a decision on the substance, since it has before it the material necessary for it to do so.

207. Second, if the appeal is analysed in the manner proposed by the Commission, the starting point must be Article 6 of Regulation No 1049/2001. That provision exempts an applicant for access to public documents of the Community institutions from any obligation to state reasons for his application.

208. Third, Article 4(1)(b) of Regulation No 1049/2001 requires the Commission to assess, in each specific case, whether the application submitted to it represents an actual and certain threat to privacy, thus triggering the mechanism to protect the fundamental right to the protection of private life enshrined in Article 8(1) ECHR.

209. In my view, disclosure of the names of the participants in the October 1996 meeting constitutes such a potential interference within the meaning of that provision. (81)

210. Having concluded that there is potential interference, the Court would then apply the justification test, under Article 8(2) ECHR, to which I have already referred. (82) I have little doubt that all three requirements are satisfied in the present case.

211. Thus, the presence of Regulation No 1049/2001 means that acceding to the request for disclosure of those names in the circumstances of the present case would be according to law. The question of the legality of the specific aim pursued by Bavarian Lager in seeking disclosure does not undermine the validity of its application in the light of Article 8(2) ECHR. Bavarian Lager had, by its complaint, prompted the Commission to instigate the pre-litigation phase of the Treaty infringement proceedings against the United Kingdom. Bavarian Lager had, moreover, been refused the right to participate in the October 1996 meeting. Although it cannot be said with certainty whether Bavarian Lager’s aims in seeking disclosure of the full minutes of the meeting were legitimate, there can be no presumption that they were not.

212. The same principles as those that inspired the legislation on access to documents allow fulfilment of the second requirement of the Article 8(2) ECHR test. Few things would appear to be more necessary in a democratic society than transparency and close involvement of citizens in the decision-making process.

213. Finally, disclosure of the names of those attending a business meeting in a representative capacity is a fairly minimal interference with their private life. In my view, it is fully proportionate as a means of achieving the aim pursued, thus satisfying the third element of the Article 8(2) test.

214. The consequence of applying the test would therefore have been that the potential interference was – to use the terminology of Article 8(2) ECHR – justified and proportionate. The Commission would therefore have had to disclose even the names of those attenders who had objected to disclosure of the list of participants. Since it did not do so, the Commission’s decision refusing full disclosure of the minutes of the October 1996 meeting should have been annulled.

215. Fourth, once the application for access to the documents had been analysed in that way, the processing of the data would become ‘lawful’ within the meaning of Article 5(b) of Regulation No 45/2001. Applying Article 18(a) of that regulation, the data subject’s consent to disclosure would no longer be required. The process of examining whether Article 4(1)(b) of Regulation No 1049/2001 requires the Community institution to refuse to disclose the full document and instead to issue a redacted version in accordance with Article 4(6) thereof breaks the circularity of the reasoning followed by the Court of First Instance in that regard, which was properly criticised by the United Kingdom Government.

216. In any event, even if one takes the view that Article 5 of Regulation No 45/2001 is inapplicable, so that data subjects retain their right of objection under Article 18 of the regulation, the Commission did not produce any evidence before the Court of First Instance that any of the data subjects had advanced ‘compelling legitimate grounds relating to his or her particular situation’ to make good their objection to processing their data, as required by Article 18(a). From the answer to the question that I put to the Commission’s representatives at the hearing, I infer that that institution did not make any particular attempt to obtain from the data subjects concerned such specific reasons for objecting to disclosure.

217. The right, under Article 18 of Regulation No 45/2001, to object so as to safeguard one’s personal data is not an absolute right. Rather, it is a right whose exercise first requires reasons to be given to justify objecting to processing. Mere objection does not oblige the Community institution to uphold the data subject’s refusal. On the contrary, the Community institution must weigh up the reasons put forward by the data subject for objecting, on the one hand, and the public interest in disclosure of the document, on the other hand, having regard to all the circumstances of the case. (83) In the absence of any reasons for non-disclosure, there is (to put it bluntly) nothing to put in the balance, under Article 18, against the public interest in transparency and the widest possible access to documents. The Commission should therefore have opted for disclosure.

218. I therefore conclude that, in the circumstances of this case, the Commission had no alternative but to disclose the full minutes of the meeting. Accordingly, the Court of First Instance was right to annul the contested decision refusing to disclose the names of the participants in the October 1996 meeting, including the names of those who objected to disclosure.

219. The reasoning of the judgment under appeal is therefore legally flawed. Having regard to the case-law cited in point 187 of this Opinion, the appeal should however be dismissed.

VIII –  Costs

220. In its appeal, the Commission also contests the order for costs made against it by the Court of First Instance. The Commission argues that the Court of First Instance upheld only one plea in law in the application brought by Bavarian Lager, declaring the other three pleas inadmissible. Moreover, the Commission considers that its legal position in the proceedings was based on a reasonable interpretation of the legislation in force.

221. The Commission thus considers that, even if it is unsuccessful in this appeal, it should be ordered to pay only one half of the costs incurred by Bavarian Lager at first instance.

222. I do not agree.

223. As regards the costs below, the Commission was unsuccessful at first instance, where the fundamental issue in this case was dealt with. The general rule, laid down in Article 87(2) of the Rules of Procedure of the Court of First Instance, is that costs are borne by the unsuccessful party, whenever the successful party has asked for costs (as Bavarian Lager has done). I do not consider that the reasons put forward by the Commission warrant departing from that general principle.

224. As regards the appeal, since the Commission complied with the judgment under appeal by disclosing the names in question to Bavarian Lager, the Commission’s appeal essentially pursued a public interest. It sought clarification of the questions of principle regarding the interpretation of Regulation No 45/2001 and Regulation No 1049/2001. It did not seek any substantive change to the Court of First Instance’s decision, which in any event is now irreversible. Consequently, the appeal in practice relates to a new matter, which is of interest, relevance and importance to the Commission, but not to Bavarian Lager. The concerns that prompted Bavarian Lager to bring proceedings have already been satisfied.

225. Consequently, I propose that the Court of Justice uphold the order for costs made in Case T‑194/04 and order the Commission to pay the costs of the appeal. Costs should follow the event in this Court in application of Article 69(2) of the Rules of Procedure, and in my view the appeal should be dismissed. For the reasons that I have given, I am moreover of the view that that should remain the order on costs, even if the Court were to find in the Commission’s favour in the appeal.

IX –  Conclusion

226. In view of the foregoing, I therefore propose that the Court of Justice:

(1)      dismiss the Commission’s appeal against the judgment of the Court of First Instance of 8 November 2007 in Case T‑194/04 Bavarian Lager v Commission;

(2)      order the Commission to pay Bavarian Lager’s costs on appeal and before the Court of First Instance;

(3)      order the European Data Protection Supervisor to bear his own costs;

(4)      order the Kingdom of Denmark, the Republic of Finland, the Kingdom of Sweden, the United Kingdom of Great Britain and Northern Ireland and the Council each to bear its own costs.

---

1 – Original language: Spanish.

---

2 – Asimov, I., Please Explain, Editorial Houghton Mifflin Company 1973, eighth question.

---

3 – The appeal is against the judgment of the Court of First Instance of 8 November 2007 in Case T‑194/04 Bavarian Lager v Commission [2007] ECR II‑4523 (‘the judgment under appeal’).

---

4 –      Signed in Rome on 4 November 1950.

---

5 – This article was introduced by the Treaty of Amsterdam, in force since 1 May 1999.

---

6 – Proclaimed in Nice on 7 December 2000 (OJ 2000 C 364, p. 1), in the version approved by the European Parliament on 29 November 2007, after removal of the references to the ill-fated European Constitution (OJ 2007 C 303, p. 1).

---

7 – Regulation of the European Parliament and of the Council of 18 December 2000 on the protection of individuals with regard to the processing of personal data by the Community institutions and bodies and on the free movement of such data (OJ 2001 L 8, p. 1) (‘Regulation No 45/2001’ or ‘the Personal Data Regulation’).

---

8 – Directive of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (OJ 1995 L 281, p. 31).

---

9 – Directive of the European Parliament and of the Council of 15 December 1997 concerning the processing of personal data and the protection of privacy in the telecommunications sector (OJ 1998 L 24, p. 1).

---

10 – See also Article 2 (Definitions) of Convention No 108.

---

11 – See also Article 3 (Scope) of Convention No 108.

---

12 – See, for comparison, Article 5 (Quality of data) of Convention No 108.

---

13 – Regarding the rights of data subjects, see Article 8 (Personal safeguards for the data subject) of Convention No 108, which does not, however, expressly provide for a right to object.

---

14 – Formally adopted as regards the Council by Decision 93/731/EC of 20 December 1993 on public access to Council documents (OJ 1993 L 340, p. 4), most recently amended by Council Decision 2000/525/EC of 14 August 2000 (OJ 2000 L 212, p. 9); formally adopted as regards the Commission by Decision 94/90/ECSC, EC, Euratom of 8 February 1994 on public access to Commission documents (OJ 1994 L 46, p. 58) (‘Decision 94/90’), as amended by Commission Decision 96/567/Euratom, ECSC, EC of 19 September 1996 (OJ 1996 L 247, p. 45).

---

15 – Regulation of the European Parliament and of the Council of 30 May 2001 regarding public access to European Parliament, Council and Commission documents (OJ 2001 L 145, p. 43) (‘Regulation No 1049/2001’ or ‘the Access to Documents Regulation’). At the time of presenting this Opinion, there is much discussion as to whether Regulation No 1049/2001 should be modified and, if so, in precisely what way. I have deliberately put those discussions to one side in considering this appeal, as must the Court.

---

16 – Commission decision of 5 December 2001 amending its rules of procedure (OJ 2001 L 345, p. 94).

---

17 – Article 1 of Decision 2001/937.

---

18 – The superseded provision in Decision 94/90 likewise did not require reasons to be given for requests to the Commission for public documents. It merely required that the application be made in writing and give the necessary information for the document in question to be identified. See Case T‑174/95 Svenska Journalistförbundet v Council [1998] ECR II‑2289, paragraph 65.

---

19 – Supply of Beer (Tied Estate) Order 1989 SI 1989/2390.

---

20 – Registered under number P/93/4490/UK.

---

21 – Case T‑309/97 Bavarian Lager v Commission [1999] ECR II‑3217, paragraphs 45 and 46. That judgment emphasises that adequate protection exists for all matters that, for legitimate reasons, are not required to be made public.

---

22 – The so-called ‘authorship rule’ was repealed by Regulation No 1049/2001; see point 99 of this Opinion.

---

23 – Paragraphs 27 to 33 of the judgment under appeal.

---

24 – Special Report from the European Ombudsman to the European Parliament following the draft recommendation to the European Commission in complaint 713/98/IJH, available at http://www.ombudsman.europa.eu/cases/specialreport.faces/en/380/html.bookmark.

---

25 – European Parliament resolution on the Special Report to the European Parliament following the draft recommendation to the European Commission in complaint 713/98/IJH (made in accordance with Article 3(7) of the Statute of the European Ombudsman) (C5 0463/2001 2001/2194(COS) available at http://www.ombudsman.europa.eu/cases/correspondence.faces/en/3535/html.bookmark.

---

26 – Paragraphs 49 to 59 of the judgment under appeal.

---

27 – The Court of First Instance here relied on the judgments in Joined Cases C-174/98 P and C‑189/98 P Netherlands and van der Wal v Commission [2000] ECR I‑1, paragraph 27; Case T‑211/00 Kuijer v Council [2002] ECR II‑485, paragraph 55; and Joined Cases T‑391/03 and T‑70/04 Franchet and Byk v Commission [2006] ECR II‑2023, paragraph 84.

---

28 – Paragraphs 98 to 102 of the judgment under appeal.

---

29 – Paragraphs 103 to 109 of the judgment under appeal.

---

30 – Paragraphs 110 to 120 of the judgment under appeal.

---

31 – Paragraphs 121 to 128 of the judgment under appeal.

---

32 – Joined Cases C-465/00, C-138/01 and C-139/01 [2003] ECR I-4989, paragraphs 74 and 75.

---

33 – Paragraphs 134 to 137 of the judgment under appeal.

---

34 – Paragraphs 138 and 139 of the judgment under appeal.

---

35 – Paragraphs 141 to 154 of the judgment under appeal.

---

36 – OJ 2000 C 177E, p. 70.

---

37 – Case C‑112/00 Schmidberger [2003] ECR I‑5659, paragraphs 80 and 81, and Case C‑275/06 Promusicae [2008] ECR I‑271, paragraph 70. Regarding the principle of constitutional interpretation of German origin – praktische Konkordanz – referred to by the Commission in its appeal, see, for example, Hesse, K., Grundzüge des Verfassungsrechts der Bundesrepublik Deutschland, ed. C.F. Müller, 20th edition, Heidelberg, 1999, p. 28.

---

38 – Regarding the development of this right of access to documents of Community institutions, see the Opinion of Advocate General Léger in Case C‑353/99 P Council v Hautala [2001] ECR I‑9565, point 47 et seq. and the Opinion of Advocate General Poiares Maduro in Case C‑64/05 P Sweden v Commission and Others [2007] ECR I‑11389, points 37 to 40. By way of comparison, the Swedish Government pointed out at the hearing that this principle is included in its national Constitution and has been applied for more than 200 years. The judgment in Case C‑58/94 Netherlands v Council [1996] ECR I‑2169, paragraph 34, states that the principle of access to documents is enshrined in the legislation of most Member States; see also the Opinion of Advocate General Tesauro in that case, points 14 and 15. Most recently, a new Council of Europe Convention on Access to Official Documents (Convention No 205) has been drawn up and was opened for signature on 18 June 2009: see http://conventions.coe.int/Reports/EN/Treaties/Html/205.htm.

---

39 – See my Opinion of 10 April 2008 in Case C‑345/06 Heinrich [2009] ECR I‑0000, point 123.

---

40 – As to the evolution of the right to private life and the protection of data in Directive 95/46 (one of the measures in the legislative package referred to in point 15 of this Opinion), see the Opinion of Advocate General Ruiz-Jarabo Colomer of 22 December 2008 in Case C‑553/07 Rijkeboer [2009] ECR I‑0000, point 18 et seq.

---

41 – The Court of Justice has similarly acknowledged the broad scope of Directive 95/46: see Rijkeboer, cited in footnote 40 above, paragraph 59.

---

42 – For the definition of ‘filing system’, see Article 2(c) of Regulation No 45/2001.

---

43 – The judgment in Case C‑266/05 P Sisón v Council [2007] ECR I‑1233, paragraphs 43 and 44, lays emphasis on openness, deriving from the lack of any requirement that citizens demonstrate an interest in obtaining access to documents.

---

44 – Proposal for a regulation of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data by the institutions and bodies of the Community and on the free movement of such data (COM(1999) 337 final (14.7.1999)).

---

45 – At p. 2.

---

46 – Ibid.

---

47 – At p. 36.

---

48 – At p. 37.

---

49 – At pp. 37 and 38.

---

50 – At p. 38.

---

51 – Cited in footnote 32 above.

---

52 – Case C‑101/01 [2003] ECR I‑12971.

---

53 – Case C‑73/07 [2008] ECR I‑0000.

---

54 – See paragraphs 3 to 5 of the judgment.

---

55 – The pages ‘sometimes [included] their full names and in other cases only their first names. Mrs Lindqvist also described, in a mildly humorous manner, the jobs held by her colleagues and their hobbies. In many cases family circumstances and telephone numbers and other matters were mentioned’ (paragraph 13). Indeed, the Court further found that Mrs Lindqvist’s additional statement that one of her colleagues had injured her foot and was on half-time on medical grounds was ‘personal data concerning health’ within the meaning of Article 8(1) of Directive 95/46 that could not be processed (paragraphs 49 to 51).

---

56 – Paragraph 26, emphasis added.

---

57 – I consider below, in point 135 et seq., the possibility that the use of a computer search function might nevertheless bring such an exercise within the concept of ‘processing … partly by automatic means’.

---

58 – See paragraphs 35 to 37.

---

59 – In points 33 to 35 of her Opinion.

---

60 – In point 34.

---

61 – Judgment of the Court of First Instance of 12 September 2007 in Case T‑259/03.

---

62 – See further points 158 to 166 of this Opinion. Fortunately, the present case does not concern quite such a thorny issue, even if it seems that Bavarian Lager was indeed interested in ascertaining precisely who had attended the October 1996 meeting.

---

63 – An old-fashioned revolving tool for boring holes.

---

64 – I deliberately leave aside the question whether it would be possible, by the application of artificial intelligence (‘AI’), to replace any/some/most/all of the functions currently performed manually. From what the Court has been told, the facts appear to be as I have described them here. Furthermore, it seems a little unlikely that the Community legislator had AI potential in mind when framing Regulation No 1049/2001.

---

65 – This is the procedure followed by the European Court of Human Rights (‘the ECHR Court’) (see, for example, its judgments of 16 February 2000 in Amann v. Switzerland [GC], no. 27798/95, ECHR 2000-II, § 65, and of 4 May 2000 in Rotaru v.Rumania [GC], no. 28341/95, ECHR 2000-V, § 65), which the Court of Justice adopts in considering potential human rights infringements; see Österreichischer Rundfunk and Others, cited in footnote 32 above, paragraphs 73 to 90.

---

66 – See, for example, the judgments of the ECHR Court of 24 April 1990 Huvig v.France, Series A no. 176-B, §§ 8 and 25; of 16 December 1992 Niemietz v.Germany, Series A no. 251-B, § 29; and of 28 April 2003 Peck v. the United Kingdom, no. 44647/98, ECHR 2003-I, § 57.

---

67 – Regarding protection of names by the ECHR Court, see the judgments of 22 February 1994 in Burghartz v.Switzerland, Series A no. 280-B, p. 28, § 24; of 25 November 1994 in Stjerna v.Finland, Series A no. 299-B, p. 60, § 37; of 11 September 2007 in Bulgakov v.Ukraine, no. 59894/00, § 43, and the case-law there cited. In Community law, with regard to names, see in particular the Opinion of Advocate General Jacobs in Case C‑168/91 Konstantinidis [1993] ECR I‑1191, point 40, where he states: ‘A person’s right to his name is fundamental in every sense of the word. After all, what are we without our name? It is our name that distinguishes each of us from the rest of humanity. It is our name that gives us a sense of identity, dignity and self esteem. To strip a person of his rightful name is the ultimate degradation, as is evidenced by the common practice of repressive penal regimes which consists in substituting a number for the prisoner’s name. In the case of Mr Konstantinidis the violation of his moral rights, if he is compelled to bear the name “Hréstos” instead of “Christos”, is particularly great; not only is his ethnic origin disguised, since “Hréstos” does not look or sound like a Greek name and has a vaguely Slavonic flavour, but in addition his religious sentiments are offended, since the Christian character of his name is destroyed. At the hearing Mr Konstantinidis pointed out that he owes his name to his date of birth (25 December), Christos being the Greek name for the founder of the “Christian” – not “Hréstian” – religion.’ See also Case C‑148/02 García Avello [2003] ECR I‑11613, paragraph 25, and Case C‑353/06 Grunkin and Paul [2008] ECR I‑0000, paragraph 22 et seq., together with my Opinion in that case and the Opinion of Advocate General Jacobs in Case C‑96/04 Standesamt Stadt Niebüll [2006] ECR I‑3561.

---

68 – Judgment of the ECHR Court of 30 June 2005 in Bosphorus Hava Yolları Turizm ve Ticaret Anonim Şirketiv.Ireland [GC], no. 45036/98, ECHR 2005-VI, in particular §§ 159 to 165.

---

69 – I deal with this question more fully below: see points 206 to 210 of this Opinion.

---

70 – In its judgment in Joined Cases C-39/05 and C-52/05 Sweden and Turco v Council and Others [2008] ECR I-4723, paragraph 33 et seq., the Court of Justice also begins by calling on the Council to satisfy itself as to the precise nature of the document whose disclosure is sought: in that case, the document requested did indeed relate to legal advice (see, in particular, paragraph 38 of that judgment).

---

71 – In points 140 and 141 of this Opinion, I examined the exceptional situation where each document individually contains only an incidental mention of personal data but a single item of personal data is specifically used as a search criterion in order to locate and bring together all the documents that contain it. A request for access to a number of documents for which the ‘search criterion’ is by its nature a personal detail (such as a name), will probably turn out to be a disguised request for personal data. It would therefore have to be assimilated to a subcategory b‑2 request and be dealt with accordingly.

---

72 – See the examples of documents given in point 176 of this Opinion. It may be helpful to recall that the EDPS has issued informal guidance aimed at assisting institutions in ‘policing’ the boundary between data protection and access to documents. See Public access to documents and data protection, EDPS, available at http://www.edps.europa.eu/EDPSWEB/edps/Home/EDPS/Publications/Papers.

---

73 – With regard to Article 3 of Directive 95/46 (the counterpart of Article 3 of Regulation No 45/2001), see Dammann, U. and Simitis, S., EG‑Datenschutzrichtlinie – Kommentar, ed. Nomos, Baden‑Baden, 1997, p. 121; see also Ehmann, E. and Helfrich, M, EG-Datenschutzrichtlinie Kurzkommentar, ed. Dr. Otto Schmidt, Cologne, 1999, p. 92.

---

74 – Only rarely would a request for a document be easily confused with ‘the processing of personal data wholly or partly by automatic means’ (the first two elements of Article 3(2) of Regulation No 45/2001). I have already examined the exception to this general rule in points 140 and 141 of this Opinion. The fundamental question that every institution will normally have to ask is thus: ‘Does the application cover documents that involve “processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system”, so that it comes within Article 3(2) of Regulation No 45/2001 and should be handled under the data-protection rules rather than the access to documents rules?’ If the answer to that question is ‘no’, it is the Access to Documents Regulation alone that is applicable.

---

75 – As I have indicated, interference contrary to Article 8(1) ECHR will theoretically occur, but justification for it under paragraph 2 of that article does not raise significant difficulties; see points 152 to 154 and points 208 to 212 of this Opinion.

---

76 – Case C‑30/91 P Lestelle v Commission [1992] ECR I‑3755, paragraph 28; Case C‑210/98 P Salzgitter v Commission [2000] ECR I‑5843, paragraph 58; Case C‑312/00 P Commission v Camar and Tico [2002] ECR I‑11355, paragraph 57; Case C‑164/01 P van den Berg v Council and Commission [2004] ECR I‑10225, paragraph 95; Case C‑226/03 P José Martí Peix v Commission [2004] ECR I‑11421, paragraph 29; and Case C‑167/04 P JCB Service v Commission [2006] ECR I‑8935, paragraph 186.

---

77 – See paragraph 149 of the judgment under appeal.

---

78 – Although Bavarian Lager attempted to obtain a copy of the Commission’s reasoned opinion in March 1997, before the Treaty infringement proceedings were shelved in summer 1997, its first application for other documents from that investigation was not made until May 1998. The actual applications for access to those documents under Regulation No 1049/2001, which the Commission rejected in the contested decision, were lodged on 5 December 2003 (original application) and on 9 February 2004 (confirmatory application). By then, the proceedings under Article 226 EC had already been closed for more than six years (see points 41 to 51 of this Opinion for the full history). Documents relating to an investigation which is under way, but in which no decision has yet been adopted, enjoy separate protection under Article 4(3) of Regulation No 1049/2001.

---

79 – Case 145/83 Adams v Commission [1985] ECR 3539.

---

80 – The Danish Government proposes a reversal of the burden of proof in the context of the third indent of Article 4(2) of Regulation No 1049/2001, so that it would be for the Commission to demonstrate the need not to disclose a document or a name. I endorse that suggestion.

---

81 – See point 153 of this Opinion.

---

82 – See point 154 of this Opinion.

---

83 – In relation to Directive 95/46, see Ehmann, E. and Helfrich, M., op. cit., pp. 211 and 212. The observation seems to me to be fully transposable to the context of Regulation No 45/2001. See also the case-law cited in footnote 37 to this Opinion.