[Decision not legally binding, appealed to the Federal Supreme Court].
Greenpeace submitted a request to the Swiss Federal Nuclear Safety Inspectorate ENSI at the end of 2014 for access to exhaust air data (so-called EMI data) on the chimney of the Leibstadt nuclear power plant (KKL). These data are used to assess radioactive radiation in emergencies. In normal operation, however, the radiation is so low that EMI data do not prove the radiation, but only the functioning of the measuring system. Based on a provision in the Radiation Protection Ordinance, ENSI deletes EMI data continuously after 30 days.
ENSI initially rejected the access request because this data was no longer available and the operator of KKL, Leibstadt Nuclear Power Plant AG (KKLAG), had not provided it again despite a request. However, the FDPIC subsequently recommended to ENSI (Recommendation from 5 October 2015) to recover the requested data, to grant Greenpeace access to it and also to publish this data on its website (VBGÖ 19). ENSI then issued an order requiring KKLAG to provide ENSI with the requested data. ENSI would systematically store such data in the future and publish it on the Internet on an ongoing basis. KKLAG, represented by WalderWyss, appealed against this order to the FAC. The Federal Administrative Court upholds the appeal and remits the case to ENSI..
Concept of (official) “document”: machine data are also covered
Before the BVGer, it was initially questionable whether EMI data are “official documents” within the meaning of BGÖ 5 I. The BVGer first states that data which are not created by humans can also be considered as (official) “documents”:
Contrary to the complainant’s view, not only documents created by humans are to be considered official documents; there is no factual reason for this. The Federal Code of Civil Procedure does not specify any requirements regarding the creator or (original) origin of an official document. Accordingly, Art. 5 para. 1 let. a FCO states that the information may be recorded on any information carrier. Nothing else follows from the dispatch (cf. BBl 2003 1991), which – contrary to the complainant’s assertion – does not only cite examples that (can) only refer to documents written by humans. Namely, statistics, sound or image recordings and documents on electronic data carriers can certainly also be produced purely by machine. It is true that they will each be based on human programming. However, this also applies to purely mechanically generated data, which is why these are also to be regarded as official documents as soon as they are recorded, provided that the other requirements are met.
“Simple electronic process” (left open).
BGÖ’s right of access refers only to “completed” documents (BGÖ 6 III b) and to documents that “can be created from recorded information by a simple electronic process” (BGÖ 6 II). Whether EMI data fall under this provision was disputed because special software is required to create a document from EMI data.
The FAC could leave this question open: The requirement of simple production serves to protect the authorities from disproportionate effort. However, the authorities are free – at least from the point of view of the Federal Supreme Court – to accept disproportionate effort. In this case, the same applies as when the applicant bears the costs. In this case, the data in question are subject to the Federal Act on the Protection of Personal Data, i.e. they do not fall outside its scope. Consequently, only the authority can invoke disproportionality, but not a third party.
Duty to replace affirmed under certain circumstances (obiter)…
The question then arose as to whether ENSI has a duty – not expressly laid down in the Federal Act on the Federal Nuclear Safety Inspectorate – to retrieve deleted EMI data. The FAC ultimately leaves this point open, but in principle nevertheless affirms (i.e. obiter; but clearly) a duty to recover, primarily based on the Message on the BGÖ and on teleological considerations:
It would indeed be repugnant if an authority could evade its duty of disclosure under BGÖ by disposing of certain documents. In this case it seems justified that the authority must endeavor to recover them. The same is likely to happen if documents are lost in the custody of an authority. In such cases, the authority will regularly be obliged to recover the documents or data concerned, irrespective of an access request under BGÖ. Such an obligation, on the other hand, is likely to be rejected if the authority has relinquished possession of a document lawfully or even in accordance with the regulations, namely because the public task associated with it has been fulfilled and possession is therefore no longer necessary. For example, the authority may return a document – without having made a copy of it – to its original owner (e.g. the documents for processing an application) or destroy data based on the DPA or other provisions (e.g. the images of a surveillance camera, which are automatically deleted after a certain period of time) after the purpose of the processing has definitely ceased to exist. In particular, if – as in the present case – it is merely a virtual document that does not actually exist within the meaning of Art. 5 (2) FADP, it is natural that often no actual document is created from which a copy could be made. The latter would not even be permissible in certain cases, for example if sensitive data (e.g. DNA profiles, images from a surveillance camera) are to be permanently deleted.
… but lack of legal basis for a duty to surrender
The question of whether a private individual must supply deleted or lost data again must be distinguished from the question of the obligation to replace data – should such an obligation exist. This would require a separate legal basis. In other words, the Federal Data Protection Act alone does not impose an obligation to supply data again:
The Federal Code of Civil Procedure regulates access to official documents in the possession of an authority pursuant to Art. 2 of the Federal Code of Civil Procedure and thus the relationship between the applicant and the requested authority. However, no (namely surrender) obligations at the expense of private third parties can be derived from it – at least as long as they do not exceptionally fall under Art. 2 para. 1 let. b FSIO.
However, the BVG hardly sees any practical problems as a result:
If a public authority is actually obliged to retrieve documents that it has unintentionally lost or unlawfully disposed of, it should regularly have a legal or contractual claim to surrender against the third party in whose possession the documents in question are, since in such cases they are still necessary for the performance of the public task associated with them. In contrast, an obligation to cooperate on the part of private individuals merely for the purpose of granting access under BGÖ – irrespective of the actual purpose of the data processing – would go too far.
In the specific case, however, there was no legal basis for an obligation on the part of KKLAG to provide the EMI data again.
Publication on the Internet: “important” official documents
According to VBGÖ 19 important” official documents are to be made available on the Internet as quickly as possible, provided this does not involve unreasonable effort and there are no statutory provisions to the contrary. Again, unreasonable effort does not play a role if the authority concerned is prepared to bear the effort involved.
Whether a document is “important” is to be judged by the competent authority in its own (dutiful) discretion. In doing so, the Explanatory notes of the FOJ of May 24, 2006 on VBGÖ to note. The great demand for a document can also be an indication of a considerable interest in publication. In other respects, however, an authority is in principle entitled – although not obliged – to make official documents available on the Internet that are not “important”. In the present case, however, the question ultimately remained open because the data protection interests of KKLAG prevailed (see below). However, the importance (as defined by VBGÖ 19) of the EMI data was at least not evident.
Publication on the Internet: Protection of the privacy of third parties
Publication on the Internet is not permitted if it conflicts with legal provisions. If the publication relates to personal data, there is in fact a legal basis for the publication (DSG 19b III). However, it is a Weighing up the publication interests and the protection interests of the persons concerned required. However, it is not always clear on which legal basis this balancing of interests is to be carried out:
- According to BGÖ 7 II, access to official documents may be restricted, postponed or denied if access may affect the privacy of third parties. The public interest in access can only prevail “by way of exception”.
- According to DSG 19 Ibis lit. b, federal bodies may disclose personal data if there is an overriding public interest in their disclosure.
However, BGÖ 9 II provides that access requests relating to official documents which cannot be anonymized are to be assessed under DPA 19. This was the case here, so that DSG 19 (and thus DSG 19 Ibis lit. b) was relevant.
The FAC cites the following factors that are generally relevant in this regard:
- Function and position of the third parties concerned
- Effects of making available
- Nature of the data
- Weight of public interest, taking into account the purpose of the BGÖ (transparency of the administration’s decision-making processes, improvement of control over the administration, strengthening of citizens’ trust in public institutions).
- any specific information interests of the public
If an authority publishes official documents containing personal data on the Internet voluntary without a corresponding obligation, is a stricter standard than in the case of publication of “important” documents as defined in VBGÖ 19 (i.e. in this case the public interest is lower).
In the present case, the FAC gave greater weight to the private interest of KKLAG in not publishing the data. In particular, it was relevant that the data are not very meaningful, and that KKLAG is regularly criticized for operating a nuclear power plant and that EMI data could be used against KKLAG. In this context – and this is somewhat surprising – it is not even relevant whether this happens rightly or wrongly.