Smaranda Bara and Others – CJEU Judgment (European Union, 2015)
CJEU precedent (Directive 95/46/EC, pre-GDPR)
This is a Court of Justice judgment predating the GDPR. It interprets Directive 95/46/EC (the Data Protection Directive). It is not a cookie or ePrivacy case and is excluded from cookie statistics and the Risk Calculator.
The Court of Justice of the European Union ruled that Romanian authorities should have informed people when their data was shared between government agencies. This case highlights the importance of transparency in data sharing, especially when it involves personal information. Businesses and government bodies must ensure they inform individuals about how their data is used.
What happened
Romanian authorities shared personal data between agencies without informing the individuals involved.
Who was affected
Self-employed individuals whose income data was shared between Romanian government agencies.
What the authority found
The Court held that Romanian authorities should have informed individuals about the data sharing, as required by data protection rules under Directive 95/46/EC.
Why this matters
This ruling underscores the need for transparency in data sharing by public bodies. It sets a precedent that individuals must be informed about how their personal data is used, which is crucial for maintaining trust in government data practices.
GDPR Articles Cited
National Law Articles
Article 315 (currently 322) of Romanian Law No 95/2006 mandated that all public authorities must transmit any data necessary to determine the insurance status of individuals to the National Health Insurance Fund (CNAS). The law also recognised persons without a taxable income qualify as insured. The National Tax Administration Agency (ANAF) transmitted data related to several self-employed persons, the applicants, including their income, based on a common 2007 Protocol, not subject to official publication. Neither authority informed the data subjects of this transmission. In this preliminary ruling, the Court clarified, first, that Article 124 TFEU (prohibiting privileged access by public authorities to financial institutions) is exclusively related to the Union’s economic and monetary policy, irrelevant to the proceedings and thus rejected as inadmissible. Second, since the fourth question concerned the lawfulness of data processing in a specific context, it benefited from a presumption of relevance to the dispute at hand. As a result, it was deemed admissible. Then the Court held that the Directive 95/46 was applicable. First, because the data transferred (names, categories of income, taxes paid) constitutes personal data. Second, both the transfer of data from ANAF to CNAS and the subsequent processing performed by CNAS constitute data processing. Therefore, the rules set out in Articles 10 and 11 (information that must be communicated to the data subject) are also applicable to the processing in dispute, in the limits set in Article 13. With regards to substance, the Court stated, first, that Article 10 sets out what information must be provided to the data subjects if their data was collected directly from them. This includes providing the identity of the “recipients of data” (Article 10(c)) in order to ensure fair processing. Thus, the Court and the Advocate General agreed that the principle of fair processing “requires a public administrative body to inform
Outcome
CJEU Judgment
A judgment by the Court of Justice of the European Union, typically on a preliminary reference from a national court.
Related Cases (0)
No other cases found for Smaranda Bara and Others in EU
This is the only recorded case for this entity in this jurisdiction.
Details
Judgment Date
1 October 2015
Authority
Court of Justice of the European Union
GDPRhub ID
gdprhub-cjeu-5599About this data
Cite as: Cookie Fines. Smaranda Bara and Others - European Union (2015). Retrieved from cookiefines.eu
Last updated: