OT – CJEU Judgment (Lithuania, 2022)

The Chief Ethics Commission was a Lithuanian body checking declarations of private interests by public officers. According to Lithuanian law, public officers were asked to provide a large amount of information about themselves and their partner, including name, personal identification number, social security number, employment status, membership or undertakings with trade unions and/or political parties and details about transactions over €3,000 concluded in the last 12 months. The Chief Official Ethics Commission then published information on its website (after removing sensitive data). Notably, the published information, whilst removing what was obviously special categories of personal data, would still include the name of their spouse, cohabitant, or partner. The data subject was a public officer who asked the annulment of a decision by the Chief Ethics Commission according to which they failed to disclose mandatory information. The data subject claimed that this mandatory declaration violated their data protection rights under EU law. The Lithuanian court sent a preliminary reference to the CJEU to clarify whether Lithuanian law establishing the obligation violated Articles 6(1)(c) and (e), 6(3) and 9(1) GDPR. The preliminary questions concern the issue whether the existence of a legal obligation – Article 6(1)(c) GDPR – or a public interest – Article 6(1)(e) GDPR – can authorise a mandatory disclosure of personal data of a public officer for online publication. According to the CJEU, such mandatory declaration of private interests was a limitation of the data subject right to privacy and data protection; therefore, it shall be compliant with Article 52(1) of the European Charter of Fundamental Rights. The CJEU noticed that the mandatory declaration was based on Lithuanian law and pursued a public interest, namely the prevention of conflicts of interest and corruption. However, the measure shall also be proportionate. The Court found the declaration appropriat