Bavarian Lager was created to import bottled German beer for public houses and bars in the UK. The product could not be sold easily because most of those establishments were bound by exclusive purchasing contracts with certain breweries. UK regulations required British breweries to allow public house managers to buy beer from another brewery if the beer was cask-conditioned ("Guest Beer Provision" (GBP)). However, most beers produced outside the UK, like the applicant’s, were sold in bottles (paras. 15-17).
Bavarian Lager lodged a complaint with the Commission in regard to the restriction on imports. The Commission instituted proceedings against the United Kingdom but then had a meeting with British authorities. After the meeting it informed the applicant that the GBP would be amended to allow the sale of bottled beer and suspended all procedures against United Kingdom (paras. 19-22).
Bavarian Lager made several requests to the Commission for access to documents placed on the file, including full minutes of the meeting with British authorities, including the names of the participants (paras. 23-36). The Commission agreed to disclose the minutes but blanked out five names. Two of the participants specifically refused to have their names disclosed and the other three could not be contacted. The Commission argued that the applicant had not established an express and legitimate purpose or need for disclosure required under Article 8 of Regulation No 1045/2001 (Data Protection Regulation) and thus, the Article 4(1)(b) privacy and integrity of the individual exception of Regulation No 1049/2001 (Access to Documents Regulation) applied. In case the Court found that the privacy exception did not apply, the Commission also relied on the Article 4(2) exception for documents that, if disclosed, would undermine the purpose of inspections, investigations and audits) (para. 37).
The Access to Documents Regulation establishes a general rule that the public may access documents, subject to certain exceptions. One of these exceptions is when disclosure would undermine the privacy and the integrity of individuals. When personal data is sought, the Data Protection Regulation requires the recipient to establish the need for disclosure, and the subject retains the right to object at any time (paras. 56-57).
The General Court was wrong in applying Article 8 of the European Convention of Human Rights (ECHR), since the Data Protection Regulation makes it clear that ECHR should only be applied “[w]here […] processing [of personal data] is carried out […] in the activities falling outside the scope of [the Data Protection Regulation” (para. 62). Where a request based on the Access to Documents Regulation seeks to obtain documents including personal data, the Data Protection Regulation applies in its entirety (para. 63).
The list of participants at the meeting held with the British authorities contains personal data within the meaning of the Data Protection Regulation, since the persons who participated can be identified (para. 70).
By requiring the consent of the participants to disclose their personal data, the Commission complied with the Data Protection Regulation. Since the applicant had not demonstrated an express and legitimate justification for the personal data to be disclosed, the Commission was not able to weigh the various interests of the parties (para. 78). Thus, the Commission was right to reject the access to information request.
Judgment of the Court.
Summary of the Court of Justice.