Court case 1 L 134/20 – Court Ruling (Germany, 2020)

A regional supervisory authority requested access to an association’s board meeting minutes as well as an external auditor’s report in the context of an investigation into the association’s managing director’s conduct. The association refused to submit the requested information entirely and unredacted, partially relying on privacy rights. The supervisory authority acknowledged the potential legitimacy of redactions where merely personal data was concerned, but claimed that redactions went far beyond this, and included information on employment contracts and pay crucial to the performance of their rights and duties as supervisory authority. The documents had also been requested by the regional audit office (Landesrechnungshof). Could the association refuse to submit information to their supervisory authority based on data protection laws? The regional court found, inter alia, that the association could not rely on privacy regulations as an objection to submitting the documents requested by their supervisory authority. The court confirmed applicability of § 2 (1) 1 BbgDSG (Brandenburgisches Datenschutzgesetz – regional privacy law Land Brandenburg), corresponding to § 3 BDSG (Bundesdatenschutzgesetz – Federal Data Protection Act) and implementing Art 6 (1) e) GDPR, as a basis for access to personal data by a supervisory authority. It further concluded that the element of necessity, as required by the applicable provisions, was met for the specific case.