Every European citizen has the right to know who has access to their data and to whom their personal data is forwarded. This was ruled by the European Court of Justice on Thursday.
The court considered a question from Austria’s highest court about the General Data Protection Regulation (GDPR). This privacy law regulates the processing of personal data by private companies and public authorities throughout the European Union.
In Austria, a citizen’s case is pending against Österreichische Post. He wanted to know who the postal company had forwarded his personal information to. He was not satisfied with the answer “marketing goals”.
During the lawsuit, the postal company stated that it had forwarded the man’s data to customers. These include IT companies, mailing list providers, charitable organizations and political parties.
But that is not specific enough, the court ruled. If someone wants to know to which companies and authorities their personal data has been forwarded, the specific names of the receiving parties must be disclosed.
Only if the request for that information is unfounded or excessive, or if it is impossible to identify the recipient, can a company use the term “for marketing purposes”, according to the court.