Court case VSL00035084 – Court Ruling (Slovenia, 2020)

A representative of a company obtained the personal data, including the names, surnames and addresses, of 51 owners of motor vehicles registered in Slovenia, and forwarded the obtained data to the company. He forwarded this information on the basis of Article 10 of the Slovenian Law on Advocacy (ZOdv). The authority found that the forwarding of the data was in breach of this law, because the representative did not acquire the data for reasons permitted in the ZOdv, i.e. for performing an act of the legal profession for an individual case where the data was required. The decision of the authority was appealed to the Ljubljana District Court. As the court of first instance, it considered that Article 6(1)(c) GDPR (processing on the basis of complying with a legal obligation) did not apply to this case. The Slovenian DPA (Informacijski pooblaščenec) disagreed with the court's assessment. Does Article 6(1)(c) apply here? The VSL agreed with the finding of the court of first instance and dismissed the appeal as unfounded. In its reasoning, the VSL noted that while Article 6(2) GDPR permits Member States to maintain or introduce more detailed provisions in order to adapt the application of GDPR rules for processing done under Article 6(1)(c), this does not permit Member States to regulate Article 6(1)(c) in such a way "indefinitely".