EDPB DPO-Network - assessment of Twitter usage by SAs and the EDPB (ID 192455)Hiermit beantrage ich den Erhalt des Dokuments mit der Bezeichnung „EDPB DPO-Network - assessment of Twitter usage by SAs and the EDPB“ (Datum: 2.2.2021) und der damit in Zusammenhang stehenden Korrespondenzen und etwaig vorhandene Entwurfsversionen und Kopien sowie alle weiteren Ihnen mit dem Dokument im Zusammenhang stehenden verfügbaren Informationen.
Das Dokument liegt der bremische Landesbeauftragte für Datenschutz und Informationsfreiheit vor.
Auf die Konsultation des Europäischen Datenschutzausschusses und des DSO-Network-Teams, die die schleswig-holsteinische Landesbeauftragte für Datenschutz und Informationsfreiheit als diesjährige Vorsitzende der Konferenz der unabhängigen Datenschutzaufsichtsbehörden des Bundes und der Länder (DSK) durchgeführt hat, hat der Europäische Datenschutzausschuss in folgender Weise geantwortet:
**Access to documents on DPO assessment – EDPB reply to applicant (case 2023-17)**
“Full disclosure
The following document can be fully disclosed: Document 1 (Doc 1 corresponds to Annex I)
Please note that the information reflected in Document 1 is not up to date anymore, given that
it was provided more than two years ago. Therefore, it does not reflect the current state of play
as the situation may have changed in several instances.
Partial disclosure
Having examined the documents requested under the provisions of Regulation (EC) No
1049/2001 regarding public access to documents, alongside the scope of your request, I have
come to the conclusion that full disclosure of Document 2 cannot be granted (doc 2 is
Annex II). A reference in the document has been redacted as its disclosure is prevented by the
following exception to the right of access laid down in Article 4 of Regulation 1049/2001:
Exception 4(2), 2nd paragraph (“protection of legal advice”): the document was
elaborated in the context of the provision of legal advice by the data protection officers (DPOs)
of the SAs and of the EDPB in the exercise of their tasks, in accordance with Article 39(1) of
Regulation (EU) 2016/679 [1] and Article 45(1) of Regulation (EU) 2018/1725 [2], respectively.
The redacted part identifies the actor which conducted the testing that was also taken into
consideration in the legal advice provided. Taking this into account, disclosure of that
information would undermine the work that the DPOs of the SAs and of the EDPB carry out in
the context of the EDPB DPO Network. In particular, DPOs must be able to provide advice to
the controller in an independent manner [3]. The attribution of a specific assessment to a
concrete DPO would negatively impact such independence, especially given that the legal
advice provided was not meant to be public. In addition, such disclosure would seriously
undermine the independence of the DPOs of the EDPB DPO Network, as it would negatively
impact their ability to provide frank, objective and comprehensive legal advice [4].
The exceptions laid down in Article 4(2) of Regulation (EC) No 1049/2001 apply unless there
is an overriding public interest in disclosure of the documents. We have not been able to
identify such an interest with regard to the specific information redacted.
Full non-disclosure
Having examined the documents requested under the provisions of Regulation (EC) No
1049/2001, alongside the scope of your request, I have come to the conclusion that
disclosure of Documents 3 and 4 cannot be granted (docs 3 and 4 correspond to Annex III
and the main document). Their disclosure is prevented by the following exception to the right
of access laid down in Article 4 of Regulation (EC) No 1049/2001:
Exception 4(2), 2nd paragraph (“protection of legal advice”): the documents contain
internal legal advice and assessments developed by the DPOs of the SAs and of the EDPB in
the exercise of their tasks, in accordance with Article 39(1) of Regulation (EU) 2016/679 [5]
and Article 45(1) of Regulation (EU) 2018/1725 [6], respectively. The disclosure of the
requested documents would undermine the purpose of the advice provided and could also
seriously undermine the work that the DPOs of the SAs and of the EDPB carry out in the
context of the EDPB DPO Network. In particular, DPOs must be able to provide advice to the
controller in an independent manner [7]. However, the disclosure of the DPOs’ internal legal
advice, in a situation in which such advice was not to become public, would jeopardise the
independence of the DPOs and their ability to provide frank, objective and comprehensive
legal advice [8]. In addition, disclosure of the documents could be easily mistaken as an
express opinion of the Board, thus creating confusion and seriously undermining the work of
the Board.
The exceptions laid down in Article 4(2) of Regulation (EC) No 1049/2001 apply unless there
is an overriding public interest in disclosure of the documents. We have not been able to
identify such an interest.
In accordance with Article 4(6) of Regulation (EC) No 1049/2001, we have considered whether
partial access could be granted to the concerned documents. However, they are either entirely
covered by the above-mentioned exception under Article 4(2) of Regulation (EC) No
1049/2001, or the expungement of the information falling under the exception identified above
is so significant that it renders the documents irrelevant, which is why they have not been
provided.
Disclaimer
You may reuse the documents requested free of charge for non-commercial and commercial
purposes provided that the source is acknowledged and that you do not distort the original
meaning or message of the document/documents. Please note that the information included in
the documents may not be up to date anymore. Neither the EDPB, nor its Secretariat assume
liability stemming from the reuse of the documents.
[1] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the
free movement of such data, and repealing Directive 95/46/EC (General Data Protection
Regulation)
[2] Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October
2018 on the protection of natural persons with regard to the processing of personal data by the
Union institutions, bodies, offices and agencies and on the free movement of such data, and
repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC
[3] Article 38 and 39(1)(a) GDPR and Article 44 and 45(1)(a) Regulation 2018/1725.
[4] Judgment of the Court of Justice of 1 July 2008 in case C-39/05 P and C-52/05 P, Sweden
& Turco v Council, paragraph 42 and Judgment of the General Court of 7 September 2022 in
case T-448/21, Saure v European Commission, paragraph 60.
[5] Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016
on the protection of natural persons with regard to the processing of personal data and on the
free movement of such data, and repealing Directive 95/46/EC (General Data Protection
Regulation)
[6] Regulation (EU) 2018/1725 of the European Parliament and of the Council of 23 October
2018 on the protection of natural persons with regard to the processing of personal data by the
Union institutions, bodies, offices and agencies and on the free movement of such data, and
repealing Regulation (EC) No 45/2001 and Decision No 1247/2002/EC
[7] Article 38 and 39(1)(a) GDPR and Article 44 and 45(1)(a) Regulation 2018/1725.
[8] Judgment of the Court of Justice of 1 July 2008 in case C-39/05 P and C-52/05 P, Sweden
& Turco v Council, paragraph 42 and Judgment of the General Court of 7 September 2022 in
case T-448/21, Saure v European Commission, paragraph 60.”
Daher kommt die bremische Landesbeauftragte für Datenschutz und Informationsfreiheit zu dem Ergebnis, dass der Informationszugang zum Hauptdokument und der Anlage 3 nachteilige Auswirkungen auf internationale Beziehungen haben kann und daher nach § 3 Absatz 1 Nr. a BremIFG kein Informationszugang besteht.
Die beiden Anhänge 1 und 2 fügen wir mit wenigen Schwärzungen bei.