Data Confidentiality in the Management of a Case File

Data Confidentiality in the Management of a Case File

Romania
Tools
Typography
  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

The writs of summons and all proceedings handled by the courts of law are recorded in an online system. The case file number, the names of the parties, the object of the file and other information are published on the Ministry of Justice’s online portal www.portal.just.ro and are also disseminated through the electronic dossier applications implemented by several courts of law.

The publicly available information regarding the involvement of a company in a litigation could impact its business operations or potential transactions concerning the company or envisaged by the latter, since third parties could take into account the respective litigation when assessing the company in question. This applies as well to the company’s directors, shareholders and, as a matter of principle, to any individual involved in a court file.

Furthermore, the current system for accessing the case file dossier allows any of the parties to the litigation to view all documents, including those which contain sensitive personal data and should be protected. Several courts of law implemented an online system where the case file documents can be accessed directly, by using a password provided by the court.

This password, however, is made available in a relatively uncontrolled manner, through subpoenas /procedural documents communicated to parties to the case file, and is transmissible to any third party that is not connected to the case file, in a way that is both easy and impossible to restrict.

Personal data protection, in the context of a litigation

The dissemination of certain data pertaining to a natural person, such as personal identification number, domicile, data on civil status, as well as, in general, data which allow the identification of a natural person, even in the organisation and management system of court case files, is a practice with many vulnerable aspects by having regard to the legal framework on the protection of personal data. When processing of these data – especially by dissemination/ disclosure, their collection also being important – it is necessary to observe the protection regime of the fundamental rights they are associated to, with a direct impact on the right to respect private and family life, the right to domicile, to personal safety and security, the right to an image and reputation – personal and professional.

The principle of publicity of the court proceedings vs. the protection of data and information processed in the case file

The legal framework on personal data protection – regulated at the EU and at the national level – entails the obligation of the national public authorities to protect personal data and, as the case may be, to anonymize them in certain cases. This should apply as well to the courts of law, when implementing the measures necessary to ensure the publicity of the information specific to a litigation.

First and foremost, we refer to the data publicly disseminated through the system that allows access to the electronic case files managed by the courts of law, which contains extensive information. In certain cases, the information published on the court’s online portal referring to a particular case file could also be limited by reference to the data protection rules.

Are there limitations regarding the court of law’s right to access the national personal data database?

Under certain circumstances and for a clear purpose, the court is granted the possibility to access the Ministry of Internal Affairs’ database, in order to extract – in an apparently absolute manner – personal data pertaining to a natural person. This should, however, be approached with increased prudence, taking into consideration the following aspects:

  • The court may access the national database when the contact details of the person who needs to be summoned are not known nor can be identified in another way, as it is under legal obligation to fulfil the summoning procedures;
  • The situations when the processing of personal data becomes debatable is when they are taken over from the national database by the courts of law, for the purpose of procuring evidence for the case file; accessing the database in such a way, especially for extracting and disseminating the personal data of third parties, could raise a number of issues; thus, such processing should be performed only in strictly limited cases by the courts of law;
  • The principle of establishing the truth should not be used as a pretext to ignore fundamental rights, especially in case these rights pertain to third parties in relation to the case file, but whose data come to be processed in the context of the litigation; it is important to guarantee the protection of the rights and freedoms of all parties involved in a litigation, without undermining the legitimate rights and interests of third parties;
  • The independence of the magistrate relies on the obligation of impartiality and legality of the judicial activity. These principles involve the objective and corroborated application of all applicable legal provisions, in relation to all the rights that interact in the context of the trial, and not the application of certain rights by extracting them from the overall legislative context, and procedurally disadvantaging other holders of contextual rights in the litigation in question.
  • The uncontrolled dissemination of these data is significantly amplified in the context of the implementation by the courts of the electronic case file, which facilitates in a problematic manner the access of many persons to all the personal data processed in a litigation. Establishing a simple password to access the case file is only a theoretical protection in guaranteeing their integrity.

By Angela Porumb, Partner, Musat & Asociatii