OPINION OF ADVOCATE GENERAL
TIZZANO
delivered on 14 November 2002 (1)



Case C-465/00



Rechnungshof
v
Österreichischer Rundfunk and Others


(Reference for a preliminary ruling from the Verfassungsgerichtshof)

and Joined Cases C-138/01 and C-139/01



Neukomm and Lauremann
v
Österreichischer Rundfunk


(Reference for a preliminary ruling from the Oberster Gerichtshof)

((Directive 95/46//EC – Scope))






1. By three separate orders, of 12 December 2000 and 14 and 28 February 2001, the Verfassungsgerichtshof and the Oberster Gerichtshof (the Constitutional Court and the Supreme Court), Austria, have referred to the Court of Justice a number of questions for a preliminary ruling on the interpretation of the provisions of Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter Directive 95/46 or, simply, the Directive)  (2) and of the general principles of Community law regarding privacy. Briefly, the Austrian courts ask whether those provisions and principles preclude national rules which require the collection of data on the income of certain employees of public entities and companies to be included, naming the individuals concerned, in a report by a State body (Court of Auditors) intended to be published.

Relevant provisions

The European Convention for the Protection of Human Rights and Fundamental Freedoms

2. In reconstructing the legal context relevant to the present cases, attention should be drawn first of all to Article 8 of the European Convention on Human Rights and Fundamental Freedoms (hereinafter, the ECHR), expressly invoked in certain questions, which provides:

1. Everyone has the right to respect for his private and family life, his home and his correspondence.

2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others

(3)

Directive 95/46

3. Of importance at the Community level is Directive 95/46, adopted on the basis of Article 100a of the EC Treaty (now Article 95 EC) to encourage the free movement of personal data by the harmonisation of the laws, regulations and administrative provisions of the Member States on the protection of individuals with regard to the processing of such data.

4. Underlying the Directive is the idea that the difference in levels of protection of the rights and freedoms of individuals, notably the right to privacy, with regard to the processing of personal data afforded in the Member States may prevent the transmission of such data from the territory of one Member State to that of another Member State [and that] this difference may therefore constitute an obstacle to the pursuit of a number of economic activities at Community level, distort competition and impede authorities in the discharge of their responsibilities under Community law (seventh recital). The Community legislature therefore considered that, in order to remove the obstacles to flows of personal data, the level of protection of the rights and freedoms of individuals with regard to the processing of such data must be equivalent in all Member States. To do that, it considered that a harmonising measure was necessary at Community level, since the objective of free movement of personal data, [was] vital to the internal market but [could not] be achieved by the Member States alone, especially in view of the scale of the divergences [existing] between the relevant laws in the Member States and the need to coordinate the laws of the Member States so as to ensure that the cross-border flow of personal data [was] regulated in a consistent manner ... in keeping with the objective of the internal market as provided for in Article 7a of the Treaty (eighth recital). Following the adoption of a harmonising measure, however, given the equivalent protection resulting from the approximation of national laws, the Member States [would] no longer be able to inhibit the free movement between them of personal data on grounds relating to protection of the rights and freedoms of individuals, and in particular the right to privacy (ninth recital).

5. That having been said, the Community legislature considered that, in establishing a level of protection equivalent in all Member States, it was not possible to leave out of consideration the requirement that the fundamental rights of individuals should be safeguarded (third recital). To that effect, it considered that the object of the national laws on the processing of personal data is to protect fundamental rights and freedoms, notably the right to privacy, which is recognised both in Article 8 of the European Convention for the Protection of Human Rights and Fundamental Freedoms and in the general principles of Community law. On that basis, it considered that the approximation of those laws must not result in any lessening of the protection they afford but must, on the contrary, seek to ensure a high level of protection in the Community (10th recital).

6. Article 1 of the Directive should therefore be read in the light of those assumptions and reasons; it defines the object of the Directive as follows:

1. In accordance with this Directive, Member States shall protect the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data.

2. Member States shall neither restrict nor prohibit the free flow of personal data between Member States for reasons connected with the protection afforded under paragraph 1

.

7. As regards the principal definitions given in Article 2 of the Directive, it should be noted for present purposes that:

(a) personal data means any information relating to an identified or identifiable natural person ( data subject); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity;

(b) processing of personal data ( processing) means any operation or set of operations which is performed upon personal data, whether or not by automatic means, such as collection, recording, organisation, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

(c) controller means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data.

8. Article 3 defines the scope of the Directive, stating in paragraph 1 that its provisions shall apply to the processing of personal data wholly or partly by automatic means, and to the processing otherwise than by automatic means of personal data which form part of a filing system or are intended to form part of a filing system. Under paragraph 2, however, the scope of the Directive does not include the processing of personal data:

in the course of an activity which falls outside the scope of Community law, such as those provided for by Titles V and VI of the Treaty on European Union and in any case to processing operations concerning public security, defence, State security (including the economic well-being of the State when the processing operation relates to State security matters) and the activities of the State in areas of criminal law;

or
by a natural person in the course of a purely personal or household activity.

9. For present purposes, certain provisions of Chapter II, General Rules on the Lawfulness of the Processing of Personal Data (Articles 5 to 21), should also be noted. It should be pointed out in particular that, according to Article 6(1), Member States shall provide that personal data must be:

(a) processed fairly and lawfully;

(b) collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes. Further processing of data for historical, statistical or scientific purposes shall not be considered as incompatible provided that Member States provide appropriate safeguards;

(c) adequate, relevant and not excessive in relation to the purposes for which they are collected and/or further processed;

...

.

10. Article 7 identifies those cases where personal data may be processed and provides, so far as we are concerned here, that processing is permitted where it is necessary for compliance with a legal obligation to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or in a third party to whom the data are disclosed.

11. It should also be noted that Article 13 authorises Member States to derogate from certain provisions of the Directive and, in particular, from Article 6(1), where it is necessary to safeguard, among other things, an important economic or financial interest of a Member State or of the European Union, including monetary, budgetary and taxation matters [subparagraph (e)]; or a monitoring, inspection or regulatory function connected, even occasionally, with the exercise of official authority in specific cases, including one as described in subparagraph (e) [subparagraph (f)].

12. Lastly Article 22 should be noted, according to which Member States shall provide for the right of every person to a judicial remedy for any breach of the rights guaranteed him by the national law applicable to the processing in question.

The Austrian legislation

13. Paragraphs 126b, 126c, 127, 127a and 127b of the Bundesverfassungsgesetz (the Austrian Constitution; hereinafter B VG) govern the powers of the Rechnungshof (the Austrian Court of Auditors), making the following subject to audit by it: the Federation; the Länder ; major communes and ─ where a reasoned request has been made by a government of a Land ─ communes with fewer than 20 000 inhabitants; associations of communes; social security institutions; statutory bodies representing professional interests; entities, funds and foundations managed by organs of the Federation or Länder or by persons appointed for that purpose by organs of the Federation or Länder ; and undertakings managed by the Federal Government, a Land or commune or (alone or jointly with other legal entities subject to audit by the Rechnungshof) controlled through a shareholding of not less than 50%. Furthermore, Paragraph 31a(1) of the Rundfunkgesetz (Law on broadcasting)  (4) provides that Österreichische Rundfunk (Austrian National Radio; hereinafter: ÖRF) also is subject to audit by the Rechnungshof.

14. Pursuant to Paragraph 8 of the Bundesverfassungsgesetz über die Begrenzung von Bezügen öffentlicher Funktionäre (Federal constitutional law on the limitation of income of public officials; hereinafter BezBegrBVG):  (5)

1. Entities subject to audit by the Rechnungshof must, within the first three months of each second calendar year, inform the Rechnungshof of the salaries or pensions of persons which in at least one of the two previous calendar years, were greater in that year than 14 times 80% of the monthly reference amount under Section 1 [meaning, for 2000, salaries or pensions 14 times greater than EUR 5 887.87]. The entities must also inform the Rechnungshof of salaries and pensions of persons who receive an additional sum or pension from an entity subject to audit by the Rechnungshof. ... If entities do not comply with that duty of disclosure, the Rechnungshof shall inspect the relevant documents and draw up its report on the basis thereof....

3. The Rechnungshof shall summarise that information ─ for each year ─ in a report. The report shall include all persons whose total yearly salary and pensions from entities subject to audit by the Rechnungshof exceed the amount referred to in subsection (1) above. The report shall be sent to the Nationalrat, the Bundestrat and the Landtage of the Länder

.

15. From the preparatory documents for the law we see that the above report must show the name of the employee and the amount of salary received; the report must then be made available to the public so as to ensure full information for Austrian citizens on salaries received in public entities.  (6)

Facts and Proceedings

Facts and questions referred in Case C-465/00

16. The origin of Case C-465/00 lies in a dispute over the interpretation of Paragraph 8 of the BezBegrBVG between the Rechnungshof and a number of bodies subject to its audit: certain regional or local authorities ( Land Niederösterreich, the City of Wiener Neustadt and the Commune of Kaltenleutgeben); Österreichische Nationalbank (the Austrian central bank); a statutory body representing its members' interests (Wirtschaftskammer Steiermark); a public undertaking responsible for the performances of tasks relating to the public interest (ÖRF) and a public undertaking managed according to economic criteria in competition with other national and foreign undertakings not subject to audit by the Rechnungshof (Austrian Airlines Österreichische LuftverkehrsAktiengesellschaft; hereinafter simply Austrian Airlines).

17. More specifically, at the time of the audit relating to pensions and salaries paid in the years 1998 to 1999, those entities merely provided the data on the incomes of their employees in anonymous form, with the exception of Wirtschaftskammer Steiermark, which provided no data. When the Rechnungshof subsequently attempted to conduct a direct examination of the accounting documents, those entities did not agree to the audit or made it subject to the condition (which the Rechnungshof considered unacceptable) of rendering the data anonymous.

18. The Rechnungshof then applied to the Verfassungsgerichtshof, seeking confirmation of its power to conduct the examination on the premises of the entities cited, for the purpose of drawing up the report on incomes specified in Paragraph 8 of the BezBegrBVG. The defendant entities opposed the claim of the Rechnungshof, seeking a declaration that it is unlawful for the report to show the names and functions of the persons concerned. Among other points, they claimed that disclosure of the names and functions of the employees concerned was contrary to the provisions of the Directive and to the Community principles on the protection of privacy and would create an unlawful impediment to the free movement of workers.

19. Seised of those applications, the Verfassungsgerichtshof considered it necessary to refer to the Court of Justice, pursuant to Article 234 EC, the following questions:

1. Are the provisions of Community law, in particular those on data protection, to be interpreted as precluding national rules which require a State body to collect and pass on data on income for the purpose of publishing the names and income of employees of:

(a) a regional or local authority,

(b) a broadcasting organisation governed by public law,

(c) a national central bank,

(d) a statutory body representing its members' interests,

(e) a partially State-controlled undertaking?

2. If the answer to at least part of the above question is in the affirmative:Are the provisions precluding the abovementioned national rules directly applicable, in the sense that persons obliged to disclose data may rely on them in order to prevent the application of conflicting national rules?

Facts and questions submitted in Cases C-138/01 and C-139/01

20. Ms Christa Neukomm and Mr Josef Lauermann are employees of ÖRF, which pays them a salary above the threshold set in Paragraph 8 of the BezBegrBVG. Under that provision, ÖRF is therefore required to give the Rechnungshof the data relating to their pay.

21. Ms Neukomm and Mr Lauermann both applied, separately, to the Arbeits- und Sozialgericht, Vienna, and to the Landesgericht, St Pölten, seeking emergency measures to prevent ÖRF from passing on their data with their names. In support of their applications, so far as concerns this case, the applicants alleged breach of their fundamental rights (in particular the right to respect for private life as laid down in Article 8 of the ECHR) and of the provisions of the Directive. In the course of the two proceedings, the ÖRF ─ although asking for the applications to be dimissed, ─ declared that it took the same standpoint as its own employees.

22. The two courts dismissed the applicants' claims by decisions that were subsequently upheld on appeal by the Oberlandesgericht, Vienna. The applicants then appealed in cassation against the decisions at second instance to the Oberster Gerichtshof which ─ referring to the questions already put by the Verfassungsgerichtshof ─ decided to stay proceedings and refer to the Court the following questions for a preliminary ruling:

1. Are the provisions of Community law, in particular those on data protection [Articles 1, 2, 6, 7 and 22 of Directive 95/46/EC in conjunction with Article 6 (ex Article F) of the EU Treaty and with Article 8 of the European Convention for the Protection of Human Rights], to be interpreted as precluding national rules which require a broadcasting organisation governed by public law acting as an entity recognised by law to pass on data concerning the incomes of its employees and a State body to collect and to pass on such data for the purpose of publishing the names and incomes of those employees.

2. If the Court of Justice of the European Communities answers the question put in the affirmative: are the provisions precluding national rules as described above directly applicable, in the sense that the entity obliged to disclose data may rely on them in order to prevent the application of conflicting national rules and therefore may not rely upon an obligation imposed by national law as regards the employees concerned by the disclosure

.

Proceedings before the Court

23. In Case C-465/00, observations were submitted by the parties to the main proceedings, the Commission and the Governments of Austria, Denmark, Finland, Italy, the Netherlands, Sweden and the United Kingdom whilst, in Cases C-138/01 and C-139/01, joined by order of 17 May 2001, observations were submitted by the Commission and the Governments of Austria, Italy, the Netherlands, Sweden and the United Kingdom.

24. A joint hearing in the three cases was held on 18 June 2002, in which the Commune of Kaltenleutgeben, the Land Niederösterreich, the Österreichische Nationalbank, Austrian Airlines, ÖRF, the Commission and the Governments of Austria, Finland, Italy, the Netherlands and Sweden participated.

Legal analysis

25. As has been seen, essentially the same questions are put to the Court in all three cases: a question on the compatibility of rules such as those of Austria with the provisions of the Directive and with the general principles of Community law regarding privacy; and a second, alternative, question on the direct effect of the Community provisions with which, in the analysis of the first question, those rules may be found to be incompatible.

26. In answering the questions set out in the three orders for reference (which I shall of course discuss together), it is therefore necessary to consider, first, whether national rules such as those at issue are compatible with the provisions of the Directive and, second, whether such rules infringe the general principles of Community law regarding privacy. Then, if it is found that those rules do infringe the provisions of the Directive or the principles concerning privacy, it will then be necessary to consider also whether those provisions and principles are directly applicable.

Compatibility of national rules such as those at issue with the provisions of the Directive

Introduction

27. As I have said, the national courts ask, first, whether rules such as those at issue require personal-data processing in breach of the requirements of the Directive. Of course, the answer to that question assumes that the Directive applies to the case in point, and this is by no means to be taken for granted and indeed has been openly disputed by several parties.

28. I note here that, under Article 3, the provisions of the Directive do not apply to all processing of personal data; for present purposes, in particular, they do not apply to processing in the course of an activity which falls outside the scope of Community law (first indent of Article 3(2)). Assuming that the various operations prescribed in Paragraph 8 of the BezBegrBVG (collection of data on salaries and pensions, provision of data to the Rechnungshof, inclusion in the report, submission of the report to the competent bodies and publication of the report) entail processing of personal data, almost all of the participants in the proceedings before the Court, and the referring courts themselves, have therefore dwelt at length on the question whether or not the activities for which that processing has been effected do fall outside the scope of Community law, within the meaning of the first indent of Article 3(2). Only if they do fall within its scope can it be held that such processing is covered by the provisions of the Directive.

29. It therefore seems clear to me that for present purposes the question whether the Directive is applicable must be considered as an inescapable preliminary point, since, if it were not, there would clearly be no reason to consider the compatibility of rules such as those at issue. First of all, therefore, I shall examine that point.

Considerations put forward by the national courts and the arguments of the parties

30. Although they recognise that the point is disputed, the national courts appear inclined to hold that the Directive also covers processing of the type in point, since it effected full harmonisation in this area in order to ensure full protect[ion of] the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data (Article 1(1)). They further observe that the Rechnungshof's audit activities, for which the processing now under consideration is effected, may fall within the scope of Community law because it may have an effect on freedom of movement for workers (Article 39 EC), particularly since such an audit is required even of a public company which is in competition with (national and foreign) operators which are not required to make public the data on their employees' salaries.

31. Naturally, the entities which are defendants before the Verfassunggerichtshof think likewise. Essentially, albeit with minor variations, they consider that the Rechnungshof's audit activities fall within the scope of Community law because, as they affect the working conditions of the employees of the entities concerned, they touch on aspects governed in part by Community provisions on social matters  (7) and also, primarily, because they may impair the free movement of workers, in breach of Article 39 EC.

32. With particular reference to the latter aspect, it is maintained that, on the one hand, audit by the Rechnungshof adversely affects the possibility for the employees of the entities concerned to seek work in another Member State (presumably because publication of their salaries would restrict their negotiating power vis-à-vis foreign companies) and, on the other hand, it discourages citizens of other Member States wishing to move to Austria to work for the entities subject to audit by the Rechnungshof.

33. More specifically, then, the Austrian Central Bank claims that the impairment of free movement of workers is aggravated by the fact that the audit also relates to the branches of the entities concerned located in other Member States, whilst Austrian Airlines claims that that impairment is of particular importance to it, since it is in competition with airlines of other Member States that are not subject to any similar audit.

34. Lastly, ÖRF contends that the Rechnungshof's activities fall within the scope of Community law (and hence that the processing concerned is subject to the provisions of the Directive) because Paragraph 8 of the BezBegrBVG must be regarded as a provision implementing the Directive.

35. On the other hand, the observations submitted by the Rechnungshof and by Austria and Italy are to the opposite effect. For them, the audit activity prescribed by Paragraph 8 of the BezBegrBVG is the expression of an autonomous power of the State, clearly intended for the pursuit of objectives of general interest in the field of public accounts and thus does not fall within any aspect of Community law. These parties add that the Directive, adopted under Article 100a of the EC Treaty, essentially pursues the objective of realisation of the internal market, in relation to which protection of the right to privacy is merely incidental. They further contend that that audit is not such as to hinder the free movement of workers, because it does not prevent the employees of the entities concerned from moving to work in another Member State, or workers from other Member States from becoming employees of those entities.

36. For its part, the Commission has not taken a clear and unambiguous position on this point, for the written observations which it has submitted in the three cases are not entirely the same and subsequently, at the hearing, it modified the conclusions reached previously.

37. In its written observations submitted in Case C-465/00, the Commission maintained that the Directive does not apply to processing such as that at issue, because it is effected in the course of an audit of accounts which falls outside the scope of Community law. That audit activity is concerned with national budgetary policy which, apart from certain restrictions laid down in the context of the economic and monetary union, is not regulated at Community level and therefore remains essentially within the competence of the Member States. Furthermore, the Commission continues, there is no question either of the activity concerned falling within the scope of Community law as a result of its possible effect on the functioning of the internal market. This is so, in particular, because (i) the report on incomes and publication thereof involves no cross-frontier processing of data; (ii) the assumed competitive disadvantage for undertakings subject to audit by the Rechnungshof is in any case negligible; and (iii) the influence of the legislation at issue on the choices made by workers is too indirect and uncertain for it actually to represent a barrier to their movement within the Community.

38. In its written observations submitted later in Joined Cases C-138/01 and C-139/01, the Commission essentially repeats the view that the Rechnungshof's activities fall outside the scope of Community law. However, it added that the processing effected by the entities subject to audit by the Rechnungshof by means of collecting the data on their employees' salaries is actually carried out in the course of two separate activities: the first is the payment of those salaries and falls within the scope of Community law because it may have an effect on free movement of workers and on the principle of equal pay for male and female workers (Article 141 EC); the other is the passing on of the data concerned to the Rechnungshof for writing of the report referred to in Paragraph 8 of the BezBegrBVG ─ and that activity, as maintained earlier, falls outside the scope of Community law. Since the former activity is obscured by the accounts-audit activity (for which subsequent processing is effected by the Rechnungshof), the Commission submitted that the collection of data on incomes likewise is not processing covered by the provisions of the Directive.

39. However, at the hearing, the Commission modified that submission and took the view that the Directive is applicable. In particular, it began by noting that Paragraph 8 of the BezBegrBVG essentially prescribes five processes: collection of data by the entities subject to audit; passing those data to the Rechnungshof; the Rechnungshof's inclusion of them in its report; the sending of the report to the Parliament and publication of the report. The four latter processes are not covered by the provisions of the Directive, in the sense contemplated in Article 3(2), as they are carried out in the course of an accounting-audit activity outside the scope of Community law. However, departing from what it had maintained earlier, at the hearing the Commission observed that the first of the processes, where the entities subject to audit collect the data, does fall under the provisions of the Directive. The reason for that is that it is carried out (only) for the payment of salaries and, thus, for an activity which falls within the scope of Community law, firstly because it may have an effect on the free movement of workers and, secondly, because it is relevant to the implementation of various Community provisions on social matters (in particular Article 141 EC). But if such data are re-used also for the accounting-audit activity, they would then be further processed within the meaning of Article 6(1)(b) of the Directive and the lawfulness of that processing must be considered in the light of the derogations set out in Article 13.

Assessment

40. Turning now to an assessment of the various submissions, I would first of all agree with the Commission that Paragraph 8 of the BezBegrBVG essentially prescribes five forms of processing: collection of data on salaries and pensions by the entities concerned; passing those data to the Rechnungshof; the Rechnungshof's inclusion of these in its report; the sending of the report to the Parliament and the other competent bodies and publication of the report. However, I do not agree with the Commission's contention in its second set of written observations, and at the hearing, as regards the first of those forms of processing (collection of data by the entities subject to audit by the Rechnungshof); that is to say, I do not believe that the entities concerned effect this form of processing for the payment of salaries to their employees or, as a result, for an activity which, in the Commission's view, falls within the scope of Community law for the purposes of Article 3(2) of the Directive ─ unlike the activity for which the four other processes are intended.

41. It seems to me that Paragraph 8 of the BezBegrBVG does impose on the entities subject to Rechnungshof audit a processing which is different and additional to that which they normally carry out in the management of their accounts, for the purpose of paying salaries to their employees: the first of the forms of processing required in that provision in effect involves the selection and extrapolation, from all the data to be found in those entities' accounts, of the data relating to the salaries and pensions of persons which in at least one of the two previous calendar years were greater in that year than 14 times 80% of the monthly reference amount, taking account also of any other salaries and pensions received from other entities subject to audit by the Rechnungshof. This is therefore a special processing of the data held by those entities and assuredly it must not be confused with other forms of processing which those entities must normally carry out in managing their accounts and in paying salaries to all employees. And that is because, unlike those forms of processing, this is a form of processing for a particular purpose, specifically and exclusively intended to permit the accounting-audit activity prescribed in Paragraph 8.

42. That having been made clear, in order to establish whether the five forms of processing required by Paragraph 8 of the BezBegrBVG are covered by the provisions of the Directive, it is now necessary to inquire whether the Rechnungshof's audit activity for which they are intended falls within the scope of Community law within the meaning of Article 3(2) of the Directive.

43. I believe that that question must be answered in the negative. The Rechnungshof undertakes this activity for the purpose of ensuring full information for Austrian citizens on salaries received in public entities and so to encourage proper management of public resources. It is therefore, as the Rechnungshof itself, the Commission and the Austrian and Italian Governments have observed, a public-audit activity prescribed and regulated by the Austrian authorities (and in fact in a constitutional law) on the basis of a choice of a policy and institutional nature made by them autonomously and not intended to give effect to a Community obligation. Since it is not the subject of any specific Community legislation, that activity can only fall within the competence of the Member States.

44. Nor do I think that this conclusion is affected by the opposing arguments raised in an attempt to bring the activity of the Rechnungshof within the scope of Community law. To that end, as we have seen, particular emphasis has been placed on the alleged relevance of that activity for certain provisions of the Treaty and of secondary law, but I do not think that any of the hypotheses invoked are well founded.

45. First of all, apart from making a general reference, no-one has really been able to explain what relevance that activity can have from the standpoint of Article 141 EC. Given that the activity relates without distinction to the data on workers of either sex, it is, specifically, not possible to see in what way the audit by the Rechnungshof might affect application of the principle of equal pay enshrined in that provision. Nor can I understand what relationship there can be between the audit and the other Community provisions in the social field referred to by some of the participants in these proceedings, that is to say, with Articles 136 EC and 137 EC on social policy, Directive 76/207 on the implementation of the principle of equal treatment for men and women as regards access to employment, vocational training and promotion, and working conditions,  (8) and with Regulation No 1408/71 on the application of social security schemes to employed persons and their families moving within the Community.  (9) Furthermore, those reference are made without any explanation and, in any event, try as I may, I am unable to perceive the link with the Rechnungshof's audit activity.

46. Next, I find that the attempt to bring that activity within the scope of Community law by invoking its possible effect on the freedom of movement for workers, guaranteed by Article 39 EC, is strained and in any event not convincing. I would observe, as a preliminary point, that the orders for reference reveal no cross-border elements which might justify applying that article to the cases in the main proceedings except, at most, on a hypothetical basis: but that is in conflict with the case-law of the Court according to which [a] purely hypothetical prospect of employment in another Member State does not establish a sufficient connection with Community law to justify the application of Article 48 of the Treaty [now Article 39 EC].  (10)

47. But even leaving that point aside, I believe that the rules at issue here also cannot properly be described as an obstacle to freedom of movement for workers. Given that they relate equally to national and to foreign workers, it seems to me that any possible influence on workers' decisions that they may have is too uncertain and indirect for it really to constitute an obstacle to workers' movement for the purposes of Article 39 EC. In that connection, I would recall that the case-law of the Court, while accepting that [p]rovisions which, even if they are applicable without distinction, preclude or deter a national of a Member State from leaving his country of origin in order to exercise his right to freedom of movement ... constitute an obstacle to that freedom, has made it clear, however, that, in order to be capable of constituting such an obstacle, [such provisions] must affect access of workers to the labour market.  (11) Accordingly, as observed in particular by the Austrian Government, even if audit by the Rechnungshof may perhaps rank among the factors taken into consideration by some workers in making their professional decisions, it clearly does not affect either access by workers from other Member States in Austria to employment with the entities concerned nor access by the employees of those entities to the employment market in the other Member States.

48. Lastly, equally unfounded, it seems to me, and not very clear either, is the argument of the ÖRF to the effect that the Rechnungshof's audit activity falls within the scope of Community law because Paragraph 8 of the BezBegrBVG must be characterised as a provision implementing the Directive. In reality, that provision does not lay down rules of a general nature on processing of personal data, for the purpose of transposing the provisions of the Directive; it only requires specific forms of processing which are strictly necessary for the carrying out of the audit activity of the Rechnungshof. If one is not to engage in a circular argument and in any case contradict the underlying objective of Article 3(2), one cannot regard as a provision transposing the Directive any national provision whatever which requires the processing of personal data and then, from that premiss, infer that every form of processing prescribed by a national provision is covered by the provisions of the Directive because, by definition, it is carried out in the course of an activity that falls within the scope of Community law.

49. All of the considerations set out above lead me therefore to consider that the forms of data processing of the type prescribed in Paragraph 8 of the BezBegrBVG are not covered by the provisions of the Directive, because they are effected in the course of a public activity of audit of accounts which falls outside the scope of Community law within the meaning of Article 3(2) of the Directive.

50. Nor, moreover, do I believe that it can be objected here, as the national courts appear to do, that the Directive must also be applied in similar cases because it is intended to guarantee [protection of] the fundamental rights and freedoms of natural persons, and in particular their right to privacy with respect to the processing of personal data (Article 1(1)).

51. As I have observed before, in my Opinion in Case C-101/01, Lindqvist , the Directive was adopted on the basis of Article 100a of the Treaty in order to encourage the free movement of personal data by the harmonisation of the laws, regulations and administrative provisions of the Member States on the protection of natural persons with regard to the processing of such data. In particular, the Community legislature sought to establish a level of protection equivalent in all Member States, in order to remove the obstacles to flows of personal data deriving from the difference in levels of protection of the rights and freedoms of individuals, notably the right to privacy, ... afforded in the Member States (seventh and eighth recitals). The intention here was that, following adoption of the harmonisation directive, given the equivalent protection resulting from the approximation of national laws, the Member States [would] no longer be able to inhibit the free movement between them of personal data on grounds relating to protection of the rights and freedoms of individuals, and in particular the right to privacy (ninth recital).

52. It is indeed true that, in determining that level of protection equivalent in all Member States, the legislature took account of the need to safeguard the fundamental rights of individuals (second and third recitals), with the aim of ensuring a high level of protection (tenth recital). But the context and the purpose of all this was still the attainment of the principal objective of the Directive, that is the intention of encouraging the free movement of personal data, since that was considered to be vital to the internal market (eighth recital).

53. The safeguarding of fundamental rights constitutes therefore an important value and a requirement taken into account by the Community legislature in delineating the harmonised system needed for the establishment and functioning of the internal market, but it is not an independent objective of the Directive. If it were, it would have to be accepted that the Directive is intended to protect individuals with respect to the processing of personal data even quite apart from the objective of encouraging the free movement of such data, with the incongruous result that even forms of processing carried out in the course of activities entirely unrelated to the establishment and functioning of the internal market would also be brought within its scope.

54. If, furthermore, over and above the purpose of encouraging the free movement of personal data within the internal market, one also attached to the Directive the additional, independent objective of guaranteeing the protection of fundamental rights (in particular the right to privacy), there would be a danger of compromising the validity of the Directive itself, because, in such a case, its legal basis would clearly be inappropriate. Article 100a could not be invoked as a basis for measures going beyond the specific purposes stated in that provision, that is to say, for measures not justified by the objective of encouraging the establishment and functioning of the internal market.

55. On that point, I would note that recently, in its judgment annulling Directive 98/43/EC  (12) as having no legal basis, the Court had occasion to explain that the measures referred to in Article 100a(1) of the Treaty are intended to improve the conditions for the establishment and functioning of the internal market. To construe that article as meaning that it vests in the Community legislature a general power to regulate the internal market would not only be contrary to the express wording of the provisions cited above but would also be incompatible with the principle embodied in Article 3b of the EC Treaty (now Article 5 EC) that the powers of the Community are limited to those specifically conferred on it.  (13) And, with specific reference to the protection of fundamental rights, I would note that, in Opinion 2/94, which followed the adoption of the Directive, the Court expressly stated that no provision of the Treaty [gave] the Community institutions, in general terms, the power of legislating on human rights.  (14)

56. In the light of all the foregoing considerations, I therefore consider that forms of processing of personal data prescribed in legislation such as that at issue are not covered by the provisions of the Directive, since they are carried out in the course of an activity which falls outside the scope of Community law within the meaning of Article 3(2) of the Directive. Consequently, such legislation cannot be held to be incompatible with the provisions of the Directive.

Compatibility of national legislation such as that at issue with the general principles of Community law regarding privacy

57. Now that it has been shown that the Directive is not applicable in the present cases, it still remains to be considered whether legislation such as that at issue is compatible with the general principles of Community law regarding privacy, among which should be mentioned specifically the right to respect for private life as laid down in Article 8 of the ECHR,  (15) expressly referred to in the orders for reference.

58. On this point, I must observe that where national legislation falls within the field of application of Community law the Court, in a reference for a preliminary ruling, must give the national court all the guidance as to interpretation necessary to enable it to assess the compatibility of that legislation with the fundamental rights ... whose observance the Court ensures. However, the Court has no such jurisdiction with regard to national legislation lying outside the scope of Community law.  (16)

59. Since, as I have said, I consider that the audit activity prescribed by the national legislation at issue falls outside the scope of Community law, I therefore believe that the Court does not have jurisdiction to rule whether that legislation is compatible with the general principles of Community law on privacy.

The questions on the direct applicability of the provisions of the Directive and of the general principles of Community law on privacy

60. Having regard to the conclusions which I have reached in the foregoing paragraphs, I consider that there is no need to discuss the questions on direct applicability of the provisions of the Directive and of the general principles of Community law on privacy.

Conclusion

In the light of the considerations set out above, I therefore propose that the answer to the questions referred by the Verfassungsgerichtshof and the Oberster Gerichtshof should be that forms of processing of personal data prescribed by legislation such as that at issue are not covered by the provisions of the Directive, since they are carried out in the course of an activity which falls outside the scope of Community law within the meaning of Article 3(2) of the Directive. The Court does not have jurisdiction to rule on whether that legislation is compatible with the general principles of Community law on privacy.
1
Original language: Italian.


2
Directive of the European Parliament and of the Council of 24 October 1995 (OJ 1995 L 281, p. 31).


3
This provision is repeated by Article 7 of the Charter of Fundamental Rights of the European Union, which provides that [e]veryone has the right to respect for his or her private and family life, home and communications. Referring specifically to the protection of personal data, Article 8 of the Charter then states:

1. Everyone has the right to the protection of personal data concerning him or her.

2. Such data must be processed fairly for specified purposes and on the basis of the consent of the person concerned or some other legitimate basis laid down by law. Everyone has the right of access to data which has been collected concerning him or her, and the right to have it rectified.

3. Compliance with these rules shall be subject to control by an independent authority

.


4
BGBl. 379/1984 (Wv) idF BGBl. I 49/2000.


5
BGBl. I 64/1997.


6
Draft Law and Report from Parliamentary Commission, 453/A and 687 BlgNR, 20. GP.


7
In this connection, reference was made in particular to Articles 136 EC, 137 EC and 141 EC, to Council Directive 76/207/EEC of 9 February 1976 on the implementation of the principle of equal treatment for men and women as regards access to employment, vocational training and promotion, and working conditions (OJ 1976 L 39, p. 40) and Regulation (EEC) No 1408/71 of the Council of 14 June 1971 on the application of social security schemes to employed persons and their families moving within the Community (OJ, English Special Edition 1971 (II), p. 416 ).


8
Council Directive 76/207, cited in footnote 7.


9
Council Regulation No 1408/71, cited at footnote 7.


10
Judgment in Case 180/83 Moser [1984] ECR 2539, paragraph 18. On this, see also the judgments in Case 175/78 Saunders [1979] ECR 1129; in Case C-332/90 Steen [1992] ECR I-341; and in Joined Cases C-64/96 and C-65/96 Uecker and Jacquet [1997] ECR I-3171.


11
Judgment in Case C-190/98 Graf [2000] ECR I-493, paragraph 23.


12
Directive 98/43/EC of the European Parliament and of the Council of 6 July 1998 on the approximation of the laws, regulations and administrative provisions of the Member States relating to the advertising and sponsorship of tobacco products (OJ 1998 L 213, p. 9).


13
Judgment in Case C-376/98 Germany v Parliament and Council [2000] ECR I-8419, paragraph 83.


14
Opinion 2/94 [1996] ECR I-1759, paragraph 27.


15
As we know, according to settled case-law, fundamental rights form an integral part of the general principles of law, whose observance the Court ensures. For that purpose, the Court draws inspiration from the constitutional traditions common to the Member States and from the guidelines supplied by international treaties for the protection of human rights on which the Member States have collaborated or to which they are signatories. The ECHR has special significance in that respect (judgment of the Court in Case C-274/99 P Connolly v Commission [2001] ECR I-1611, paragraph 37). To the same effect, see also Article 6(2) EU, according to which [t]he Union shall respect fundamental rights, as guaranteed by the European Convention for the Protection of Human Rights and Fundamental Freedoms signed in Rome on 4 November 1950 and as they result from the constitutional traditions common to the Member States, as general principles of Community law.


16
Judgment in Case C-299/95 Kremzow [1997] ECR I-2629, paragraph 15. To the same effect see also the judgment in Case C-159/90 Society for the Protection of Unborn Children Ireland v Grogan and Others [1991] ECR I-4685, paragraph 31, that in Case C-309/96 Annibaldi [1997] ECR I-7493, paragraph 13, and the order in Case C-361/97 Nour [1998] ECR I-3101, paragraph 19.