Case C‑25/17
Proceedings against Tietosuojavaltuutettu
(Request for a preliminary ruling from the Korkein hallinto-oikeus)
(Reference for a preliminary ruling — Protection of individuals with regard to the processing of personal data — Directive 95/46/EC — Scope of the directive — Article 3 — Data collected and processed by the members of a religious community in the course of their door-to-door preaching — Article 2(c) — Definition of a ‘personal data filing system’ — Article 2(d) — Definition of a ‘controller’ of the processing of personal data — Article 10(1) of the Charter of Fundamental Rights of the European Union)
Summary — Judgment of the Court (Grand Chamber), 10 July 2018
Judicial proceedings — Oral part of the procedure — Reopening — Facts mentioned in the observations submitted by the parties in preliminary reference proceedings or in the Advocate General’s Opinion — Justification for the re-opening of the oral procedure — None
(Art. 267 TFEU; Statute of the Court of Justice, Art. 23; Rules of Procedure of the Court of Justice, Art. 83)
Fundamental rights — Charter of Fundamental Rights of the European Union — Right to freedom of thought, conscience and religion — Concept of religion — Scope
(Charter of Fundamental Rights of the European Union, Art. 10(1))
Approximation of laws — Protection of individuals with regard to the processing of personal data — Directive 95/46 — Scope — Processing of personal data in the course of the exercise of activities falling outside the scope of EU law or carried out by a natural person in the exercise of activities which are exclusively personal or domestic — Not included — Applicability to the collection of personal data by members of a religious community in the course of their door-to-door preaching — None
(Charter of Fundamental Rights of the European Union, Art. 10(1); European Parliament and Council Directive 9595/46, Art. 3(2))
Approximation of laws — Protection of individuals with regard to the processing of personal data — Directive 95/46 — Scope — Personal data filing system — Concept — Set of personal data collected in in the course of door-to-door preaching and structured in order to facilitate their later use — Included
(European Parliament and Council Directive 95/46, Art. 2(c))
Approximation of laws — Protection of individuals with regard to the processing of personal data — Directive 95/46 — Controller — Collection of personal data by the members of a religious community in the course of their door-to-door preaching — Attribution of responsibility for the processing to the community — Interference in the organisational autonomy of — None
(Art. 17 TFEU; Charter of Fundamental Rights of the European Union, Art. 10(1); European Parliament and Council Directive 9595/46, Art. 2(d))
See the text of the decision.
(see paras 26, 28)
See the text of the decision.
(see para. 47)
Article 3(2) of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, read in the light of Article 10(1) of the Charter of Fundamental Rights of the European Union, must be interpreted as meaning that the collection of personal data by members of a religious community in the course of door-to-door preaching and the subsequent processing of those data does not constitute either the processing of personal data for the purpose of activities referred to in Article 3(2), first indent, of that directive or the processing of personal data carried out by a natural person in the course of a purely personal or household activity, within the meaning of Article 3(2), second indent, thereof.
(see para. 51, operative part 1)
Article 2(c) of Directive 95/46 must be interpreted as meaning that the concept of a ‘filing system’, referred to by that provision, covers a set of personal data collected in the course of door-to-door preaching, consisting of the names and addresses and other information concerning the persons contacted, if those data are structured according to specific criteria which, in practice, enable them to be easily retrieved for subsequent use. In order for such a set of data to fall within that concept, it is not necessary that they include data sheets, specific lists or other search methods.
(see para. 62, operative part 2)
Article 2(d) of Directive 95/46, read in the light of Article 10(1) of the Charter of Fundamental Rights, must be interpreted as meaning that it supports the finding that a religious community is a controller, jointly with its members who engage in preaching, for the processing of personal data carried out by the latter in the context of door-to-door preaching organised, coordinated and encouraged by that community, without it being necessary that the community has access to those data, or to establish that that community has given its members written guidelines or instructions in relation to the data processing.
That finding cannot be called into question by the principle of organisational autonomy of religious communities which derives from Article 17 TFEU. The obligation for every person to comply with the rules of EU law on the protection of personal data cannot be regarded as an interference in the organisational autonomy of those communities (see, to that effect, judgment of 17 April 2018, Egenberger, C‑414/16, EU:C:2018:257, paragraph 58).
(see paras 74, 75, operative part 3)