CEDHCASELAW;CLIN;ENG
CEDH · CASELAW;CLIN;ENG — 5 novembre 2024
- ECLI
- ECLI:CEDH:002-14410
- Date
- 5 novembre 2024
- Publication
- 5 novembre 2024
droits fondamentauxCEDH
Source : DILA / Judilibre · open data
Mes notes
privées · visibles par vous seulRésumé structuré
version préliminaireFaits
Non déterminable à partir du texte fourni.
Procédure
Non déterminable à partir du texte fourni.
Question juridique
Non déterminable à partir du texte fourni.
Solution
source officielleInadmissible (Art. 35) Admissibility criteria;(Art. 35-1) Exhaustion of domestic remedies;(Art. 35-3-a) Ratione personae
Résumé généré automatiquement — à vérifier avec la décision originale.
Analyse IA non disponible
Générez un résumé intelligent de cette décision
Texte intégral
.s3ABFC313 { font-size:10pt } .sD4B5322E { margin-top:12pt; margin-bottom:12pt; text-align:justify } .sBB9EE52A { font-family:Arial } .sA241FE93 { margin-top:0pt; margin-bottom:18pt; text-align:justify; page-break-after:avoid; border-bottom:0.75pt solid #000000; padding-bottom:1pt } .s2EF62ED2 { margin-top:0pt; margin-bottom:0pt; font-size:12pt } .s4DDA3AA3 { font-family:Arial; font-weight:bold; font-style:italic } .s29100277 { font-family:Arial; font-weight:bold } .s32563E28 { margin-top:0pt; margin-bottom:0pt } .s8F2B0B1B { margin-top:12pt; margin-bottom:12pt; page-break-after:avoid; font-size:12pt } .s97EB40D9 { margin-top:12pt; margin-bottom:14pt; page-break-after:avoid } .sA36B60A1 { font-family:Arial; font-style:italic } .s65B66A85 { margin-top:12pt; margin-bottom:12pt } .s5F48796F { margin-top:12pt; margin-bottom:0pt; text-align:justify } .s7ED160F0 { text-decoration:none } .s3DC36BA9 { font-family:Arial; text-decoration:underline; color:#0069d6 } .s8B6C6D43 { margin-top:0pt; margin-bottom:0pt; border-bottom:1pt solid #000000; padding-bottom:1pt } .sDF790F1E { margin-top:12pt; margin-bottom:0pt; text-align:center } Legal summary November 2024 Casarini v. Italy (dec.) - 25578/11 Decision 5.11.2024 [Section I] Article 34 Victim No evidence of a risk of misuse or abuse of the applicant’s personal data, stored in the Taxpayer Information Service database, by third entities with access: inadmissible Victim Alleged misuse and abuse of the applicant’s personal data, stored in the Taxpayer Information Service database, by the Revenue Police: victim status Article 35 Article 35-1 Exhaustion of domestic remedies Non-exhaustion of domestic remedies in respect of the State’s alleged failure to protect the applicant’s personal data, stored in the Taxpayer Information Service database, from abuse and misuse by the Revenue Police: inadmissible Facts – In October 2010 the applicant learned from a newspaper article that F.D., an officer of the Revenue Police, had unlawfully extracted information concerning him from the Tax Registry, in particular the Taxpayer Information Service database, and passed it to G.A., a journalist working for a well-known Italian magazine. The applicant lodged a criminal complaint against F.D. and G.A. Meanwhile, in response to reports lodged by the Revenue Police, criminal proceedings had been opened in respect of F.D. and G.A. on suspicion of having unlawfully accessed the above database, the indictment listing numerous injured parties, including the applicant. At the end of a plea-bargaining procedure, F.D. and G.A. were sentenced to suspended sentences of two and one years, respectively. The Revenue Police also subjected F.D. to disciplinary measures. The criminal proceedings that were brought by the applicant were discontinued by the preliminary investigations judge as F.D. had already been sentenced on the basis of the same facts. The applicant complained of a breach of his right to respect for his private life under Article   8 on account that the national authorities had failed to protect his personal data, stored in the Taxpayer Information Service database, from misuse and abuse by the Revenue police and by third entities which had access to that database. Law – Article   8: (a) Applicability – Certain data contained in the Taxpayer Information Service database such as the applicant’s name, date of birth and address, details on income and net assets and any pending cases with the tax authorities, had clearly concerned his private life. Conclusion : Article   8 applicable. (b) The applicant’s victim status – The present case differed from cases in which the Court had accepted that an applicant could claim to be a victim of a violation of Article   8 occasioned by the mere existence of secret-surveillance measures, or legislation permitting secret-surveillance measures. In those cases, provided that certain criteria had been fulfilled, the threat of surveillance could be claimed in itself to restrict free communication through the postal and telecommunication services, thereby constituting for all users or potential users a direct interference with the right guaranteed by Article   8. By contrast, the applicant had complained of the domestic authorities’ failure to protect his personal data stored in the Taxpayer Information Service database from abuse and misuse. The question thus arose whether the applicant could claim to be a victim of the measure complained of for the purpose of Article   34 of the Convention. (i) The complaint concerning the misuse and abuse of the applicant’s personal data by the Revenue Police – The applicant had shown he had been personally and directly affected by the alleged omission of the State to protect his personal data from misuse and abuse by the Revenue Police. In particular, he had demonstrated that he had learned from a newspaper article that F.D. had unlawfully extracted information concerning him from the Taxpayer Information Service database and had argued that abuse of his personal data had been facilitated by the State’s omission to put in place adequate measures to prevent that from happening. Conclusion : victim status (compatible ratione personae ). (ii) The complaint concerning the misuse and abuse of the applicant’s personal data by third entities   – The applicant had relied on the fact that, as an Italian taxpayer, he belonged to a category of persons whose data had been stored in the Taxpayer Information Service database pursuant to Article   1 of Presidential Decree no.   605/ 1973 and that, accordingly, he had been exposed to the risk of being subjected to misuse and abuse by third entities in the light of the wide access conferred on them to that database and of the insufficient protection afforded by the domestic legal framework. The applicant had not been in a situation in which he had been required to either modify his conduct or risk being prosecuted. Therefore, his situation had to be distinguished from that of applicants who had faced the dilemma of either complying with the impugned legal provision or refusing to do so and, in so doing, exposing themselves to sanction. The mere fact of being an Italian taxpayer whose personal data were stored in the Taxpayer Information Service database did not suffice to consider that the applicant had already been exposed to or had been potentially at risk of being subjected to, abuse and misuse of his personal data by third entities with access to the database. In that regard, the Court had previously stressed in several cases that it was not sufficient to belong to a class of persons that, in the abstract, could be affected by the impugned measure, it being also necessary to produce reasonable and convincing evidence of the likelihood that a violation affecting the applicant directly would occur. It was only in highly exceptional circumstances that an applicant might claim to be a victim of a violation of the Convention owing to the risk of a future violation. The applicant had not provided any evidence capable of demonstrating that he had been exposed, owing to his personal situation, to the risk of misuse or abuse of his personal data by third entities with access to the database. His fear of being subjected to such a measure was based on a mere hypothesis, which was too remote and abstract for the applicant to make an arguable claim to be a “victim” within the meaning of Article 34. Therefore, he could not claim to be a victim solely on account of the alleged insufficiencies in the applicable legal framework or in the practice of the competent domestic authorities to prevent it happening. Conclusion : inadmissible (incompatible ratione personae ). (c) Exhaustion of domestic remedies – In so far as the applicant complained of the State’s omission to protect his data from abuse and misuse by the Revenue Police, lodging a criminal complaint against F.D. and G.A. had not been a remedy that could have provided redress in respect of his grievances. Even if he had succeeded in obtaining compensation from the perpetrators of the unlawful access, that would not have entailed any obligation on the part of the national authorities to act to prevent further abuse of his personal data. Furthermore, the compensatory remedy under Article   15 of the Personal Data Protection Code and Article   2050 of the Civil Code was also inadequate as it would not have been capable of directly addressing important aspects of the applicant’s grievances. The Government argued that the applicant could have lodged a complaint with the Data Protection Authority requesting it to order the domestic authorities to put in place the necessary operational and technological measures aimed at protecting his personal data. In that connection, the Court reiterated that its case-law did not require that all instances of a domestic remedy be judicial in the strict sense. The Personal Data Protection Code, as in force at the material time, provided that the Data Protection Authority was an independent administrative body, fully autonomous and with independence of decision and assessment. Having regard to the manner and conditions of appointment of its members, and in the absence of any indication of a lack of sufficient and adequate safeguards against possible external pressure, there was no reason to doubt the Data Protection Authority’s independence with regard to any other power or authority, and especially with regard to the executive. As to the procedural guarantees, individuals could be legally represented and the proceedings were adversarial in nature and led to the adoption of binding decisions. Although the Data Protection Authority’s decisions were formally administrative in nature and it retained discretion on how to exercise its functions and powers, the applicant could have lodged an appeal against its decision with the competent judicial authorities. Furthermore, any decision adopted in such proceedings would have been subject to an appeal on points of law before the Court of Cassation. Therefore, there was no reason to consider that, in the present case, a complaint to the Data Protection Authority of the alleged failure of the domestic authorities to adopt technological and operational measures aimed at protecting his personal data stored in the Taxpayer Information Service database from misuse and abuse coupled, if need be, with an appeal to the competent judicial authorities, would not have constituted an aggregate of remedies which would have provided the applicant with at least reasonable prospects of success. Accordingly, there was no doubt that the remedy had been available in theory, as it had been clearly set out in the statutory law. Even though no examples of domestic case-law had been provided in respect of the applicant’s specific complaints, there was no indication that the remedy in question would have been obviously futile in his case. By contrast, the material that had been submitted to the Court indicated the opposite. In particular, the parties had submitted decisions adopted by the Data Protection Authority, on its own motion, concerning the lack of safeguards aimed at protecting the data stored in the Taxpayer Information Service database from abuse and misuse by third entities. In that context, in which the domestic legal system set out a specific body with a general competence in the field of data protection, and which had moreover already ruled on similar issues, the Court saw no reason why the Data Protection Authority would have refused, upon the applicant’s complaint, to deal with the issue of necessary safeguards for the protection of the data at issue. Any delays in the enforcement of that Authority’s decisions which were not reiterated and systemic were insufficient to raise doubts as to the effectiveness of the remedy in question. In conclusion, the applicant had not provided the national authorities with the opportunity to prevent or put right Convention violations through their own legal system. Conclusion : preliminary objection upheld; inadmissible (non‑exhaustion of domestic remedies). (See also Willis v.   the United Kingdom, 36042/97, 11   June 2002, Legal Summary ; Dimirtas and Others v.   Greece (dec.), 59573/09 and 65211/09 , 4   July 2017; Shortall and Others v.   Ireland (dec.), 50272/18, 19   October 2021, Legal Summary ; A.M. and Others v.   Poland (dec.), 4188/21 et al., 16   May 2023, Legal Summary )   © Council of Europe/European Court of Human Rights This summary by the Registry does not bind the Court. To access legal summaries in English or French click here . For non-official translations into other languages click here .Citations
Aucune citation répertoriée pour cette décision.
Décisions connexes
Aucune décision similaire identifiée pour le moment.
Synthèse
- Juridiction
- CEDH
- Chambre
- CASELAW;CLIN;ENG
- Date
- 5 novembre 2024
- Matière
- droits fondamentaux
Référence
ECLI:CEDH:002-14410
Données disponibles
- Texte intégral
- Résumé officiel