1. By three separate orders, of 12 December 2000 and 14 and 28 February 2001, the Verfassungsgerichtshof and the Oberster Gerichtshof
(the Constitutional Court and the Supreme Court), Austria, have referred to the Court of Justice a number of questions for
a preliminary ruling on the interpretation of the provisions of Directive 95/46/EC on the protection of individuals with regard
to the processing of personal data and on the free movement of such data (hereinafter
Directive 95/46 or, simply,
and of the general principles of Community law regarding privacy. Briefly, the Austrian courts ask whether those provisions
and principles preclude national rules which require the collection of data on the income of certain employees of public entities
and companies to be included, naming the individuals concerned, in a report by a State body (Court of Auditors) intended to
The European Convention for the Protection of Human Rights and Fundamental Freedoms
2. In reconstructing the legal context relevant to the present cases, attention should be drawn first of all to Article 8 of
the European Convention on Human Rights and Fundamental Freedoms (hereinafter, the
ECHR), expressly invoked in certain questions, which provides:
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with
the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being
of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of
the rights and freedoms of others
3. Of importance at the Community level is Directive 95/46, adopted on the basis of Article 100a of the EC Treaty (now Article 95 EC)
to encourage the free movement of personal data by the harmonisation of the laws, regulations and administrative provisions
of the Member States on the protection of individuals with regard to the processing of such data.
4. Underlying the Directive is the idea that
the difference in levels of protection of the rights and freedoms of individuals, notably the right to privacy, with regard
to the processing of personal data afforded in the Member States may prevent the transmission of such data from the territory
of one Member State to that of another Member State [and that] this difference may therefore constitute an obstacle to the
pursuit of a number of economic activities at Community level, distort competition and impede authorities in the discharge
of their responsibilities under Community law (seventh recital). The Community legislature therefore considered that,
in order to remove the obstacles to flows of personal data, the level of protection of the rights and freedoms of individuals
with regard to the processing of such data must be equivalent in all Member States. To do that, it considered that a harmonising measure was necessary at Community level, since the objective of free movement
of personal data,
[was] vital to the internal market but [could not] be achieved by the Member States alone, especially in view of the scale
of the divergences [existing] between the relevant laws in the Member States and the need to coordinate the laws of the Member
States so as to ensure that the cross-border flow of personal data [was] regulated in a consistent manner ... in keeping with
the objective of the internal market as provided for in Article 7a of the Treaty (eighth recital). Following the adoption of a harmonising measure, however, given the equivalent protection resulting from
the approximation of national laws, the Member States [would] no longer be able to inhibit the free movement between them
of personal data on grounds relating to protection of the rights and freedoms of individuals, and in particular the right
to privacy (ninth recital).
5. That having been said, the Community legislature considered that, in establishing a level of protection
equivalent in all Member States, it was not possible to leave out of consideration the requirement that
the fundamental rights of individuals should be safeguarded (third recital). To that effect, it considered that
the object of the national laws on the processing of personal data is to protect fundamental rights and freedoms, notably
the right to privacy, which is recognised both in Article 8 of the European Convention for the Protection of Human Rights
and Fundamental Freedoms and in the general principles of Community law. On that basis, it considered that
the approximation of those laws must not result in any lessening of the protection they afford but must, on the contrary,
seek to ensure a high level of protection in the Community (10th recital).
6. Article 1 of the Directive should therefore be read in the light of those assumptions and reasons; it defines the object of
the Directive as follows:
1. In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and
in particular their right to privacy with respect to the processing of personal data.
2. Member States shall neither restrict nor prohibit the free flow of personal data between Member States for reasons connected
with the protection afforded under paragraph 1
7. As regards the principal definitions given in Article 2 of the Directive, it should be noted for present purposes that:
(a) personal data means
any information relating to an identified or identifiable natural person (
data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification
number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;
(b) processing of personal data (
any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection,
recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination
or otherwise making available, alignment or combination, blocking, erasure or destruction;
(c) controller means the
natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes
and means of the processing of personal data.
8. Article 3 defines the scope of the Directive, stating in paragraph 1 that its provisions
shall apply to the processing of personal data wholly or partly by automatic means, and to the processing otherwise than by
automatic means of personal data which form part of a filing system or are intended to form part of a filing system. Under paragraph 2, however, the scope of the Directive does not include the processing of personal data:
in the course of an activity which falls outside the scope of Community law, such as those provided for by Titles V and VI
of the Treaty on European Union and in any case to processing operations concerning public security, defence, State security
(including the economic well-being of the State when the processing operation relates to State security matters) and the activities
of the State in areas of criminal law;
by a natural person in the course of a purely personal or household activity.
9. For present purposes, certain provisions of Chapter II,
General Rules on the Lawfulness of the Processing of Personal Data (Articles 5 to 21), should also be noted. It should be pointed out in particular that, according to Article 6(1),
Member States shall provide that personal data must be:
(a) processed fairly and lawfully;
(b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes.
Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided
that Member States provide appropriate safeguards;
(c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed;
10. Article 7 identifies those cases where
personal data may be processed and provides, so far as we are concerned here, that processing is permitted where it is necessary
for compliance with a legal obligation to which the controller is subject or
for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
or in a third party to whom the data are disclosed.
11. It should also be noted that Article 13 authorises Member States to derogate from certain provisions of the Directive and,
in particular, from Article 6(1), where it is necessary to safeguard, among other things,
an important economic or financial interest of a Member State or of the European Union, including monetary, budgetary and
taxation matters [subparagraph (e)]; or
a monitoring, inspection or regulatory function connected, even occasionally, with the exercise of official authority in specific cases, including one as described in subparagraph (e) [subparagraph (f)].
12. Lastly Article 22 should be noted, according to which
Member States shall provide for the right of every person to a judicial remedy for any breach of the rights guaranteed him
by the national law applicable to the processing in question.
The Austrian legislation
13. Paragraphs 126b, 126c, 127, 127a and 127b of the Bundesverfassungsgesetz (the Austrian Constitution; hereinafter
B VG) govern the powers of the Rechnungshof (the Austrian Court of Auditors), making the following subject to audit by it: the
Länder ; major communes and ─ where a reasoned request has been made by a government of a
Land ─ communes with fewer than 20 000 inhabitants; associations of communes; social security institutions; statutory bodies representing
professional interests; entities, funds and foundations managed by organs of the Federation or
Länder or by persons appointed for that purpose by organs of the Federation or
Länder ; and undertakings managed by the Federal Government, a
Land or commune or (alone or jointly with other legal entities subject to audit by the Rechnungshof) controlled through a shareholding
of not less than 50%. Furthermore, Paragraph 31a(1) of the Rundfunkgesetz (Law on broadcasting)
provides that Österreichische Rundfunk (Austrian National Radio; hereinafter:
ÖRF) also is subject to audit by the Rechnungshof.
14. Pursuant to Paragraph 8 of the Bundesverfassungsgesetz über die Begrenzung von Bezügen öffentlicher Funktionäre (Federal constitutional
law on the limitation of income of public officials; hereinafter
1. Entities subject to audit by the Rechnungshof must, within the first three months of each second calendar year, inform the
Rechnungshof of the salaries or pensions of persons which in at least one of the two previous calendar years, were greater
in that year than 14 times 80% of the monthly reference amount under Section 1 [meaning, for 2000, salaries or pensions 14
times greater than EUR 5 887.87]. The entities must also inform the Rechnungshof of salaries and pensions of persons who receive
an additional sum or pension from an entity subject to audit by the Rechnungshof. ... If entities do not comply with that
duty of disclosure, the Rechnungshof shall inspect the relevant documents and draw up its report on the basis thereof....
3. The Rechnungshof shall summarise that information ─ for each year ─ in a report. The report shall include all persons whose
total yearly salary and pensions from entities subject to audit by the Rechnungshof exceed the amount referred to in subsection
(1) above. The report shall be sent to the Nationalrat, the Bundestrat and the Landtage of the
15. From the preparatory documents for the law we see that the above report must show the name of the employee and the amount
of salary received; the report must then be made available to the public so as to ensure
full information for Austrian citizens on salaries received in public entities.
Facts and Proceedings
Facts and questions referred in Case C-465/00
16. The origin of Case C-465/00 lies in a dispute over the interpretation of Paragraph 8 of the BezBegrBVG between the Rechnungshof
and a number of bodies subject to its audit: certain regional or local authorities (
Land Niederösterreich, the City of Wiener Neustadt and the Commune of Kaltenleutgeben); Österreichische Nationalbank (the Austrian
central bank); a statutory body representing its members' interests (Wirtschaftskammer Steiermark); a public undertaking responsible
for the performances of tasks relating to the public interest (ÖRF) and a public undertaking managed according to economic
in competition with other national and foreign undertakings not subject to audit by the Rechnungshof (Austrian Airlines Österreichische LuftverkehrsAktiengesellschaft; hereinafter simply
17. More specifically, at the time of the audit relating to pensions and salaries paid in the years 1998 to 1999, those entities
merely provided the data on the incomes of their employees in anonymous form, with the exception of Wirtschaftskammer Steiermark,
which provided no data. When the Rechnungshof subsequently attempted to conduct a direct examination of the accounting documents,
those entities did not agree to the audit or made it subject to the condition (which the Rechnungshof considered unacceptable)
of rendering the data anonymous.
18. The Rechnungshof then applied to the Verfassungsgerichtshof, seeking confirmation of its power to conduct the examination
on the premises of the entities cited, for the purpose of drawing up the report on incomes specified in Paragraph 8 of the
BezBegrBVG. The defendant entities opposed the claim of the Rechnungshof, seeking a declaration that it is unlawful for the
report to show the names and functions of the persons concerned. Among other points, they claimed that disclosure of the names
and functions of the employees concerned was contrary to the provisions of the Directive and to the Community principles on
the protection of privacy and would create an unlawful impediment to the free movement of workers.
19. Seised of those applications, the Verfassungsgerichtshof considered it necessary to refer to the Court of Justice, pursuant
to Article 234 EC, the following questions:
1. Are the provisions of Community law, in particular those on data protection, to be interpreted as precluding national rules
which require a State body to collect and pass on data on income for the purpose of publishing the names and income of employees
(a) a regional or local authority,
(b) a broadcasting organisation governed by public law,
(c) a national central bank,
(d) a statutory body representing its members' interests,
(e) a partially State-controlled undertaking?
2. If the answer to at least part of the above question is in the affirmative:Are the provisions precluding the abovementioned national rules directly applicable, in the sense that persons obliged to
disclose data may rely on them in order to prevent the application of conflicting national rules?
Facts and questions submitted in Cases C-138/01 and C-139/01
20. Ms Christa Neukomm and Mr Josef Lauermann are employees of ÖRF, which pays them a salary above the threshold set in Paragraph 8
of the BezBegrBVG. Under that provision, ÖRF is therefore required to give the Rechnungshof the data relating to their pay.
21. Ms Neukomm and Mr Lauermann both applied, separately, to the Arbeits- und Sozialgericht, Vienna, and to the Landesgericht,
St Pölten, seeking emergency measures to prevent ÖRF from passing on their data with their names. In support of their applications,
so far as concerns this case, the applicants alleged breach of their fundamental rights (in particular the right to respect
for private life as laid down in Article 8 of the ECHR) and of the provisions of the Directive. In the course of the two proceedings,
the ÖRF ─ although asking for the applications to be dimissed, ─ declared that it took the same standpoint as its own employees.
22. The two courts dismissed the applicants' claims by decisions that were subsequently upheld on appeal by the Oberlandesgericht,
Vienna. The applicants then appealed in cassation against the decisions at second instance to the Oberster Gerichtshof which
─ referring to the questions already put by the Verfassungsgerichtshof ─ decided to stay proceedings and refer to the Court
the following questions for a preliminary ruling:
1. Are the provisions of Community law, in particular those on data protection [Articles 1, 2, 6, 7 and 22 of Directive 95/46/EC
in conjunction with Article 6 (ex Article F) of the EU Treaty and with Article 8 of the European Convention for the Protection
of Human Rights], to be interpreted as precluding national rules which require a broadcasting organisation governed by public
law acting as an entity recognised by law to pass on data concerning the incomes of its employees and a State body to collect
and to pass on such data for the purpose of publishing the names and incomes of those employees.
2. If the Court of Justice of the European Communities answers the question put in the affirmative: are the provisions precluding
national rules as described above directly applicable, in the sense that the entity obliged to disclose data may rely on them
in order to prevent the application of conflicting national rules and therefore may not rely upon an obligation imposed by
national law as regards the employees concerned by the disclosure
Proceedings before the Court
23. In Case C-465/00, observations were submitted by the parties to the main proceedings, the Commission and the Governments of
Austria, Denmark, Finland, Italy, the Netherlands, Sweden and the United Kingdom whilst, in Cases C-138/01 and C-139/01, joined
by order of 17 May 2001, observations were submitted by the Commission and the Governments of Austria, Italy, the Netherlands,
Sweden and the United Kingdom.
24. A joint hearing in the three cases was held on 18 June 2002, in which the Commune of Kaltenleutgeben, the
Land Niederösterreich, the Österreichische Nationalbank, Austrian Airlines, ÖRF, the Commission and the Governments of Austria,
Finland, Italy, the Netherlands and Sweden participated.
25. As has been seen, essentially the same questions are put to the Court in all three cases: a question on the compatibility
of rules such as those of Austria with the provisions of the Directive and with the general principles of Community law regarding
privacy; and a second, alternative, question on the direct effect of the Community provisions with which, in the analysis
of the first question, those rules may be found to be incompatible.
26. In answering the questions set out in the three orders for reference (which I shall of course discuss together), it is therefore
necessary to consider, first, whether national rules such as those at issue are compatible with the provisions of the Directive
and, second, whether such rules infringe the general principles of Community law regarding privacy. Then, if it is found that
those rules do infringe the provisions of the Directive or the principles concerning privacy, it will then be necessary to
consider also whether those provisions and principles are directly applicable.
Compatibility of national rules such as those at issue with the provisions of the Directive
27. As I have said, the national courts ask, first, whether rules such as those at issue require personal-data processing in breach
of the requirements of the Directive. Of course, the answer to that question assumes that the Directive applies to the case
in point, and this is by no means to be taken for granted and indeed has been openly disputed by several parties.
28. I note here that, under Article 3, the provisions of the Directive do not apply to all
processing of personal data; for present purposes, in particular, they do not apply to processing
in the course of an activity which falls outside the scope of Community law (first indent of Article 3(2)). Assuming that the various operations prescribed in Paragraph 8 of the BezBegrBVG (collection
of data on salaries and pensions, provision of data to the Rechnungshof, inclusion in the report, submission of the report
to the competent bodies and publication of the report) entail
processing of personal data, almost all of the participants in the proceedings before the Court, and the referring courts themselves, have therefore
dwelt at length on the question whether or not the activities for which that processing has been effected do fall
outside the scope of Community law, within the meaning of the first indent of Article 3(2). Only if they do fall within its scope can it be held that such processing
is covered by the provisions of the Directive.
29. It therefore seems clear to me that for present purposes the question whether the Directive is applicable must be considered
as an inescapable preliminary point, since, if it were not, there would clearly be no reason to consider the compatibility
of rules such as those at issue. First of all, therefore, I shall examine that point.
Considerations put forward by the national courts and the arguments of the parties
30. Although they recognise that the point is disputed, the national courts appear inclined to hold that the Directive also covers
processing of the type in point, since it effected full harmonisation in this area in order to ensure full
protect[ion of] the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect
to the processing of personal data (Article 1(1)). They further observe that the Rechnungshof's audit activities, for which the processing now under consideration
is effected, may fall within the scope of Community law because it may have an effect on freedom of movement for workers (Article 39 EC),
particularly since such an audit is required even of a public company which is in competition with (national and foreign)
operators which are not required to make public the data on their employees' salaries.
31. Naturally, the entities which are defendants before the Verfassunggerichtshof think likewise. Essentially, albeit with minor
variations, they consider that the Rechnungshof's audit activities fall within the scope of Community law because, as they
affect the working conditions of the employees of the entities concerned, they touch on aspects governed in part by Community
provisions on social matters
and also, primarily, because they may impair the free movement of workers, in breach of Article 39 EC.
32. With particular reference to the latter aspect, it is maintained that, on the one hand, audit by the Rechnungshof adversely
affects the possibility for the employees of the entities concerned to seek work in another Member State (presumably because
publication of their salaries would restrict their negotiating power
vis-à-vis foreign companies) and, on the other hand, it discourages citizens of other Member States wishing to move to Austria to work
for the entities subject to audit by the Rechnungshof.
33. More specifically, then, the Austrian Central Bank claims that the impairment of free movement of workers is aggravated by
the fact that the audit also relates to the branches of the entities concerned located in other Member States, whilst Austrian
Airlines claims that that impairment is of particular importance to it, since it is in competition with airlines of other
Member States that are not subject to any similar audit.
34. Lastly, ÖRF contends that the Rechnungshof's activities fall within the scope of Community law (and hence that the processing
concerned is subject to the provisions of the Directive) because Paragraph 8 of the BezBegrBVG must be regarded as a provision
implementing the Directive.
35. On the other hand, the observations submitted by the Rechnungshof and by Austria and Italy are to the opposite effect. For
them, the audit activity prescribed by Paragraph 8 of the BezBegrBVG is the expression of an autonomous power of the State,
clearly intended for the pursuit of objectives of general interest in the field of public accounts and thus does not fall
within any aspect of Community law. These parties add that the Directive, adopted under Article 100a of the EC Treaty, essentially
pursues the objective of realisation of the internal market, in relation to which protection of the right to privacy is merely
incidental. They further contend that that audit is not such as to hinder the free movement of workers, because it does not
prevent the employees of the entities concerned from moving to work in another Member State, or workers from other Member
States from becoming employees of those entities.
36. For its part, the Commission has not taken a clear and unambiguous position on this point, for the written observations which
it has submitted in the three cases are not entirely the same and subsequently, at the hearing, it modified the conclusions
37. In its written observations submitted in Case C-465/00, the Commission maintained that the Directive does not apply to processing
such as that at issue, because it is effected in the course of an audit of accounts which falls outside the scope of Community
law. That audit activity is concerned with national budgetary policy which, apart from certain restrictions laid down in
the context of the economic and monetary union, is not regulated at Community level and therefore remains essentially within
the competence of the Member States. Furthermore, the Commission continues, there is no question either of the activity concerned
falling within the scope of Community law as a result of its possible effect on the functioning of the internal market. This
is so, in particular, because (i) the report on incomes and publication thereof involves no cross-frontier processing of data;
(ii) the assumed competitive disadvantage for undertakings subject to audit by the Rechnungshof is in any case negligible;
and (iii) the influence of the legislation at issue on the choices made by workers is too indirect and uncertain for it actually
to represent a barrier to their movement within the Community.
38. In its written observations submitted later in Joined Cases C-138/01 and C-139/01, the Commission essentially repeats the
view that the Rechnungshof's activities fall outside the scope of Community law. However, it added that the processing effected
by the entities subject to audit by the Rechnungshof by means of collecting the data on their employees' salaries is actually
carried out in the course of two separate activities: the first is the payment of those salaries and falls within the scope
of Community law because it may have an effect on free movement of workers and on the principle of equal pay for male and
female workers (Article 141 EC); the other is the passing on of the data concerned to the Rechnungshof for writing of the
report referred to in Paragraph 8 of the BezBegrBVG ─ and that activity, as maintained earlier, falls outside the scope of
Community law. Since the former activity is
obscured by the accounts-audit activity (for which subsequent processing is effected by the Rechnungshof), the Commission submitted
that the collection of data on incomes likewise is not processing covered by the provisions of the Directive.
39. However, at the hearing, the Commission modified that submission and took the view that the Directive is applicable. In particular,
it began by noting that Paragraph 8 of the BezBegrBVG essentially prescribes five processes: collection of data by the entities
subject to audit; passing those data to the Rechnungshof; the Rechnungshof's inclusion of them in its report; the sending
of the report to the Parliament and publication of the report. The four latter processes are not covered by the provisions
of the Directive, in the sense contemplated in Article 3(2), as they are carried out in the course of an accounting-audit
activity outside the scope of Community law. However, departing from what it had maintained earlier, at the hearing the Commission
observed that the first of the processes, where the entities subject to audit collect the data, does fall under the provisions
of the Directive. The reason for that is that it is carried out (only) for the payment of salaries and, thus, for an activity
which falls within the scope of Community law, firstly because it may have an effect on the free movement of workers and,
secondly, because it is relevant to the implementation of various Community provisions on social matters (in particular Article 141
EC). But if such data are re-used also for the accounting-audit activity, they would then be
further processed within the meaning of Article 6(1)(b) of the Directive and the lawfulness of that processing must be considered in the light
of the derogations set out in Article 13.
40. Turning now to an assessment of the various submissions, I would first of all agree with the Commission that Paragraph 8 of
the BezBegrBVG essentially prescribes five forms of processing: collection of data on salaries and pensions by the entities
concerned; passing those data to the Rechnungshof; the Rechnungshof's inclusion of these in its report; the sending of the
report to the Parliament and the other competent bodies and publication of the report. However, I do not agree with the Commission's
contention in its second set of written observations, and at the hearing, as regards the first of those forms of processing
(collection of data by the entities subject to audit by the Rechnungshof); that is to say, I do not believe that the entities
concerned effect this form of processing for the payment of salaries to their employees or, as a result, for an activity which,
in the Commission's view, falls within
the scope of Community law for the purposes of Article 3(2) of the Directive ─ unlike the activity for which the four other processes are intended.
41. It seems to me that Paragraph 8 of the BezBegrBVG does impose on the entities subject to Rechnungshof audit a processing which
different and additional to that which they normally carry out in the management of their accounts, for the purpose of paying salaries to their employees:
the first of the forms of processing required in that provision in effect involves the selection and extrapolation, from all
the data to be found in those entities' accounts, of the data relating to the salaries and pensions
of persons which in at least one of the two previous calendar years were greater in that year than 14 times 80% of the monthly
reference amount, taking account also of any other salaries and pensions received from other entities subject to audit by the Rechnungshof.
This is therefore a special processing of the data held by those entities and assuredly it must not be confused with other
forms of processing which those entities must normally carry out in managing their accounts and in paying salaries to all
employees. And that is because, unlike those forms of processing, this is a form of processing for a particular purpose, specifically
and exclusively intended to permit the accounting-audit activity prescribed in Paragraph 8.
42. That having been made clear, in order to establish whether the five forms of processing required by Paragraph 8 of the BezBegrBVG
are covered by the provisions of the Directive, it is now necessary to inquire whether the Rechnungshof's audit activity for
which they are intended falls within
the scope of Community law within the meaning of Article 3(2) of the Directive.
43. I believe that that question must be answered in the negative. The Rechnungshof undertakes this activity for the purpose
full information for Austrian citizens on salaries received in public entities and so to encourage proper management of public resources. It is therefore, as the Rechnungshof itself, the Commission and
the Austrian and Italian Governments have observed, a public-audit activity prescribed and regulated by the Austrian authorities
(and in fact in a constitutional law) on the basis of a choice of a policy and institutional nature made by them autonomously
and not intended to give effect to a Community obligation. Since it is not the subject of any specific Community legislation,
that activity can only fall within the competence of the Member States.
44. Nor do I think that this conclusion is affected by the opposing arguments raised in an attempt to bring the activity of the
Rechnungshof within the scope of Community law. To that end, as we have seen, particular emphasis has been placed on the alleged
relevance of that activity for certain provisions of the Treaty and of secondary law, but I do not think that any of the hypotheses
invoked are well founded.
45. First of all, apart from making a general reference, no-one has really been able to explain what relevance that activity can
have from the standpoint of Article 141 EC. Given that the activity relates without distinction to the data on workers of
either sex, it is, specifically, not possible to see in what way the audit by the Rechnungshof might affect application of
the principle of equal pay enshrined in that provision. Nor can I understand what relationship there can be between the audit
and the other Community provisions in the social field referred to by some of the participants in these proceedings, that
is to say, with Articles 136 EC and 137 EC on social policy, Directive 76/207 on the implementation of the principle of equal
treatment for men and women as regards access to employment, vocational training and promotion, and working conditions,
and with Regulation No 1408/71 on the application of social security schemes to employed persons and their families moving
within the Community.
Furthermore, those reference are made without any explanation and, in any event, try as I may, I am unable to perceive the
link with the Rechnungshof's audit activity.
46. Next, I find that the attempt to bring that activity within the scope of Community law by invoking its possible effect on
the freedom of movement for workers, guaranteed by Article 39 EC, is strained and in any event not convincing. I would observe,
as a preliminary point, that the orders for reference reveal no cross-border elements which might justify applying that article to
the cases in the main proceedings except, at most, on a hypothetical basis: but that is in conflict with the case-law of the
Court according to which
[a] purely hypothetical prospect of employment in another Member State does not establish a sufficient connection with Community
law to justify the application of Article 48 of the Treaty [now Article 39 EC].
47. But even leaving that point aside, I believe that the rules at issue here also cannot properly be described as an obstacle
to freedom of movement for workers. Given that they relate equally to national and to foreign workers, it seems to me that
any possible influence on workers' decisions that they may have is too uncertain and indirect for it really to constitute
an obstacle to workers' movement for the purposes of Article 39 EC. In that connection, I would recall that the case-law
of the Court, while accepting that
[p]rovisions which, even if they are applicable without distinction, preclude or deter a national of a Member State from leaving
his country of origin in order to exercise his right to freedom of movement ... constitute an obstacle to that freedom, has made it clear, however, that,
in order to be capable of constituting such an obstacle, [such provisions] must affect access of workers to the labour market.
Accordingly, as observed in particular by the Austrian Government, even if audit by the Rechnungshof may perhaps rank among
the factors taken into consideration by some workers in making their professional decisions, it clearly does not affect either
access by workers from other Member States in Austria to employment with the entities concerned nor access by the employees
of those entities to the employment market in the other Member States.
48. Lastly, equally unfounded, it seems to me, and not very clear either, is the argument of the ÖRF to the effect that the Rechnungshof's
audit activity falls within the scope of Community law because Paragraph 8 of the BezBegrBVG must be characterised as a provision
implementing the Directive. In reality, that provision does not lay down rules of a general nature on processing of personal
data, for the purpose of transposing the provisions of the Directive; it only requires specific forms of processing which
are strictly necessary for the carrying out of the audit activity of the Rechnungshof. If one is not to engage in a circular
argument and in any case contradict the underlying objective of Article 3(2), one cannot regard as a provision transposing
the Directive any national provision whatever which requires the processing of personal data and then, from that premiss,
infer that every form of processing prescribed by a national provision is covered by the provisions of the Directive because,
by definition, it is carried out in the course of an activity that falls within
the scope of Community law.
49. All of the considerations set out above lead me therefore to consider that the forms of data processing of the type prescribed
in Paragraph 8 of the BezBegrBVG are not covered by the provisions of the Directive, because they are effected in the course
of a public activity of audit of accounts which falls outside the scope of Community law within the meaning of Article 3(2)
of the Directive.
50. Nor, moreover, do I believe that it can be objected here, as the national courts appear to do, that the Directive must also
be applied in similar cases because it is intended to guarantee
[protection of] the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect
to the processing of personal data (Article 1(1)).
51. As I have observed before, in my Opinion in Case C-101/01,
Lindqvist , the Directive was adopted on the basis of Article 100a of the Treaty in order to encourage the free movement of personal
data by the harmonisation of the laws, regulations and administrative provisions of the Member States on the protection of
natural persons with regard to the processing of such data. In particular, the Community legislature sought to establish a
level of protection
equivalent in all Member States, in order to remove the obstacles to flows of personal data deriving from the difference in levels of protection of the rights
and freedoms of individuals, notably the right to privacy, ... afforded in the Member States (seventh and eighth recitals).
The intention here was that, following adoption of the harmonisation directive,
given the equivalent protection resulting from the approximation of national laws, the Member States [would] no longer be
able to inhibit the free movement between them of personal data on grounds relating to protection of the rights and freedoms
of individuals, and in particular the right to privacy (ninth recital).
52. It is indeed true that, in determining that level of protection
equivalent in all Member States, the legislature took account of the need to safeguard
the fundamental rights of individuals (second and third recitals), with the aim of ensuring a
high level of protection (tenth recital). But the context and the purpose of all this was still the attainment of the principal objective
of the Directive, that is the intention of encouraging the free movement of personal data, since that was considered to be
vital to the internal market (eighth recital).
53. The safeguarding of fundamental rights constitutes therefore an important value and a requirement taken into account by the
Community legislature in delineating the harmonised system needed for the establishment and functioning of the internal market,
but it is not an
independent objective of the Directive. If it were, it would have to be accepted that the Directive is intended to protect individuals
with respect to the processing of personal data even quite apart from the objective of encouraging the free movement of such
data, with the incongruous result that even forms of processing carried out in the course of activities entirely unrelated
to the establishment and functioning of the internal market would also be brought within its scope.
54. If, furthermore, over and above the purpose of encouraging the free movement of personal data within the internal market,
one also attached to the Directive the additional, independent objective of guaranteeing the protection of fundamental rights
(in particular the right to privacy), there would be a danger of compromising the validity of the Directive itself, because,
in such a case, its legal basis would clearly be inappropriate. Article 100a could not be invoked as a basis for measures
going beyond the specific purposes stated in that provision, that is to say, for measures not justified by the objective of
the establishment and functioning of the internal market.
55. On that point, I would note that recently, in its judgment annulling Directive 98/43/EC
as having no legal basis, the Court had occasion to explain that
the measures referred to in Article 100a(1) of the Treaty are intended to improve the conditions for the establishment and
functioning of the internal market. To construe that article as meaning that it vests in the Community legislature a general
power to regulate the internal market would not only be contrary to the express wording of the provisions cited above but
would also be incompatible with the principle embodied in Article 3b of the EC Treaty (now Article 5 EC) that the powers of
the Community are limited to those specifically conferred on it.
And, with specific reference to the protection of fundamental rights, I would note that, in Opinion 2/94, which followed
the adoption of the Directive, the Court expressly stated that
no provision of the Treaty [gave] the Community institutions, in general terms, the power of legislating on human rights.
56. In the light of all the foregoing considerations, I therefore consider that forms of processing of personal data prescribed
in legislation such as that at issue are not covered by the provisions of the Directive, since they are carried out
in the course of an activity which falls outside the scope of Community law within the meaning of Article 3(2) of the Directive. Consequently, such legislation cannot be held to be incompatible with
the provisions of the Directive.
Compatibility of national legislation such as that at issue with the general principles of Community law regarding privacy
57. Now that it has been shown that the Directive is not applicable in the present cases, it still remains to be considered whether
legislation such as that at issue is compatible with the general principles of Community law regarding privacy, among which
should be mentioned specifically the right to respect for private life as laid down in Article 8 of the ECHR,
expressly referred to in the orders for reference.
58. On this point, I must observe that where
national legislation falls within the field of application of Community law the Court, in a reference for a preliminary ruling,
must give the national court all the guidance as to interpretation necessary to enable it to assess the compatibility of that
legislation with the fundamental rights ... whose observance the Court ensures. However, the Court has no such jurisdiction
with regard to national legislation lying outside the scope of Community law.
59. Since, as I have said, I consider that the audit activity prescribed by the national legislation at issue falls outside the
scope of Community law, I therefore believe that the Court does not have jurisdiction to rule whether that legislation is
compatible with the general principles of Community law on privacy.
The questions on the direct applicability of the provisions of the Directive and of the general principles of Community law
60. Having regard to the conclusions which I have reached in the foregoing paragraphs, I consider that there is no need to discuss
the questions on direct applicability of the provisions of the Directive and of the general principles of Community law on
In the light of the considerations set out above, I therefore propose that the answer to the questions referred by the Verfassungsgerichtshof
and the Oberster Gerichtshof should be that forms of processing of personal data prescribed by legislation such as that at
issue are not covered by the provisions of the Directive, since they are carried out
in the course of an activity which falls outside the scope of Community law within the meaning of Article 3(2) of the Directive. The Court does not have jurisdiction to rule on whether that legislation
is compatible with the general principles of Community law on privacy.
This provision is repeated by Article 7 of the Charter of Fundamental Rights of the European Union, which provides that
[e]veryone has the right to respect for his or her private and family life, home and communications. Referring specifically to the protection of personal data, Article 8 of the Charter then states:
1. Everyone has the right to the protection of personal data concerning him or her.
2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some
other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him
or her, and the right to have it rectified.
3. Compliance with these rules shall be subject to control by an independent authority
In this connection, reference was made in particular to Articles 136 EC, 137 EC and 141 EC, to Council Directive 76/207/EEC
of 9 February 1976 on the implementation of the principle of equal treatment for men and women as regards access to employment,
vocational training and promotion, and working conditions (OJ 1976 L 39, p. 40) and Regulation (EEC) No 1408/71 of the Council
of 14 June 1971 on the application of social security schemes to employed persons and their families moving within the Community
(OJ, English Special Edition 1971 (II), p. 416 ).
Judgment in Case 180/83
Moser  ECR 2539, paragraph 18. On this, see also the judgments in Case 175/78
Saunders  ECR 1129; in Case C-332/90
Steen  ECR I-341; and in Joined Cases C-64/96 and C-65/96
Uecker and Jacquet  ECR I-3171.
Directive 98/43/EC of the European Parliament and of the Council of 6 July 1998 on the approximation of the laws, regulations
and administrative provisions of the Member States relating to the advertising and sponsorship of tobacco products (OJ 1998
L 213, p. 9).
As we know,
according to settled case-law, fundamental rights form an integral part of the general principles of law, whose observance
the Court ensures. For that purpose, the Court draws inspiration from the constitutional traditions common to the Member States
and from the guidelines supplied by international treaties for the protection of human rights on which the Member States have
collaborated or to which they are signatories. The ECHR has special significance in that respect (judgment of the Court in Case C-274/99 P
Commission  ECR I-1611, paragraph 37). To the same effect, see also Article 6(2) EU, according to which
[t]he Union shall respect fundamental rights, as guaranteed by the European Convention for the Protection of Human Rights
and Fundamental Freedoms signed in Rome on 4 November 1950 and as they result from the constitutional traditions common to
the Member States, as general principles of Community law.
Judgment in Case C-299/95
Kremzow  ECR I-2629, paragraph 15. To the same effect see also the judgment in Case C-159/90
Society for the Protection of Unborn Children Ireland v
Grogan and Others  ECR I-4685, paragraph 31, that in Case C-309/96
Annibaldi  ECR I-7493, paragraph 13, and the order in Case C-361/97
Nour  ECR I-3101, paragraph 19.