- The OLG Munich qualifies letters, emails, telephone notes, file notes and minutes relating to the plaintiff as personal data pursuant to Art. 4 No. 1 GDPR.
- Art. 15 para. 3 GDPR grants an independent right to the provision of copies in the form in which the information is available to the controller; redactions possible in accordance with Art. 15 para. 4 GDPR.
- Criticism: The court applies the term “personal data” too broadly; only specific parts of a document that contain personal information are in need of protection.
In a ruling issued on October 4, 2021, the Munich Higher Regional Court (Ref. 3 U 2906/20) took a hard line. The case concerned a claim for information within the meaning of Art. 15 GDPR – including the provision of copies – against the background of a civil claim dispute. The plaintiff had Copies of, among other things, telephone notes, memos, minutes, e‑mails, etc. demanded. The defendant provided information, but did not give the plaintiff any copies. The Munich Regional Court I upheld the corresponding action. The Munich Higher Regional Court dismissed the appeal.
The core of the ruling is the following statement by the OLG Munich:
[…] According to Art. 4 No. 1 GDPR, personal data are any information relating to an identified or identifiable natural person. […] The latter requirement is met if the information is linked to a specific person by virtue of its content, purpose or effects (BGH NJW 2021, 2726 m.w.Nachw.). With regard to the data held by the defendants, a connection to the plaintiff can be drawn in each case from the subject or the interlocutor. Letters and e‑mails of the plaintiff to the defendants are in principle to be regarded as personal data according to Art. 4 No. 1 DS-GVO according to their entire content. […] Telephone notes, file notes and minutes as internal notes at the defendants containing information about the plaintiff are also to be classified as personal data. Here, the defendants record what the plaintiff said by telephone or in personal conversations (see only BGH NJW 2021, 2726 marginal no. 25).
After this introduction, the OLG examines the Copy entitlement. Here, the OLG follows the view that the claim for copies pursuant to Article 15 (3) of the GDPR stands independently alongside the claim for information pursuant to Article 15 (1) of the GDPR and confers an independent claim for surrender:
4) The subject matter of this claim is not merely directed at an abstract enumeration of the existing information, as this is already contained in the right to information pursuant to Article 15 (1) of the GDPR. Rather, the creditor has a Entitlement to be provided with the information in the form in which it is available to the responsible person […]. A necessary protection of the debtor is ensured by the possibility of redaction according to Art. 15(4) GDPR.
The very broad application of the concept of personal data certainly gives rise to criticism. If every document containing personal data as a whole is a personal data, then every telephone directory as a whole is also a personal data for every subscriber. This, of course, is not the case. Rather, the court should have examined for each part of the relevant documents whether that part still satisfies the notion of personal data, according to the criteria mentioned by the OLG itself (content, purpose or effects of the information; elaborated on by the then Article 29 Working Party in the Opinion 4/2007 on the concept of “personal data). In a document, therefore, only that information is personal data which relates directly to the data subject, which has the purpose of making a statement about the data subject, or which is likely to affect the data subject in a relevant way because of the content of the information. Only to this extent do questions of redaction arise.
This is basically a matter of course: data protection law relates to personal data, i.e., to personal information in embodied form, and not to documents. Understanding the right to information as a right to inspect files is therefore a conceptual error.