Access to public information and personal data protection

Introduction

Law No 19/2013 on transparency, access to public information and good governance, as is well known, sets out that requests for access to information possessed by Public Administrations may be denied when said information contains personal data.

In order to ensure consistency between the principles of transparency and access to public information and the fundamental right to personal data protection, on 13 October 2016, the Spanish Data Protection Agency (hereinafter AEPD) published two documents containing guidelines on how to reuse information generated by the public sector and how to anonymise personal data contained therein.

AEPD Guidelines

In these documents the AEPD proposes a series of measures in order to enable Public Administrations to provide individuals with information in their possession (known as the “reuse of public information”), whilst complying with personal data protection guarantees.

Specifically, the documents include detailed instructions on how to anonymise public information in such a way as to minimise the risk of information requested by applicants identifying the individuals to which said information may refer.

In this regard, applicants who have been refused access to information based on said information containing personal data may ask the Public Administration in charge to anonymise the information pursuant to the AEPD guidelines.

Anonymising is not the same as redrafting

These guidelines have been established at a time at which the discretionary powers available to Public Administrations to deny access to public information is gradually subject to more restrictions. Proof of this is the ruling of 23 September 2016 issued by the Spanish Council of Transparency and Good Governance, in which said organisation considers to be incorrect a decision of the Ministry of Development to denying access to files regarding a building work on the basis that it would have to redraft said information.

The need to redraft the information requested is indeed a valid reason for denying access thereto. However, the Spanish Council of Transparency and Good Governance believes that this rationale was in this case unjustified by the Ministry of Development, as it had merely invoked this exception to the right to access public information but without explaining the reasons for having to redraft the requested information. In this regard, the Spanish Council of Transparency and Good Governance highlights the fact that requested information must be previously anonymised does not involve submitting said information to a redrafting process and, therefore, access to information cannot be denied on these grounds.