Access to Information and Data Protection

In this section, you will find a collection of key treaty and non-treaty instruments, international case-law and OSCE commitments pertaining to the right to seek, receive and impart information and the right to the protection of personal data. This section also contains relevant EU law, as well as a substantial compilation of domestic legislation, regulations and case-law on this topic from across the OSCE region.   

This section also offers other useful resources for lawmakers and legal professionals, such as ODIHR’s legal opinions and links to national institutions and NGOs dealing with the issue of access to information and data protection.

The right to seek and receive information is a central part of freedom of opinion and expression as protected by Article 19 of the International Covenant on Civil and Political Rights (ICCPR) and Article 10 of the European Convention for the Protection of Human Rights and Fundamental Freedoms (ECHR). A trend that has emerged over the recent years and is steadily gaining support is towards the recognition of freedom of information as a freedom on its own. While freedom of information is an important corollary of freedom of opinion and expression, it has a unique and crucial role as an underpinning of democracy, public participation and government accountability, as well as is intrinsically related to other fundamental human rights such as freedom of thought and the right to privacy. This forms the rationale for viewing freedom of information as a fundamental right on its own.

Freedom of information is a cornerstone of democracy and public participation in the governance as it entails a positive obligation for the States to ensure access to information, particularly with regard to information held by Government in all types of storage and retrieval systems. By setting strict limits on government secrecy the requirement of access to public information ensures administrative transparency by making confidential treatment of public records or other information an exception that may only be justified when necessary for “the protection of national security or of public order (ordre public), or of public health or morals.” Moreover, any restrictions must to be specified by the law. It is therefore the basic principle behind the right to freedom of information that the burden of proof falls on the body requested for information, and not the requesting person.

The specific meaning and content of freedom of information finds its basis in a number of authoritative sources, first and foremost the 2000 Annual Report of the UN Special Rapporteur on Freedom of Opinion and Expression to the Commission on Human Rights. The UN Special Rapporteur report elaborates on a number of key principles, including the principle of maximum disclosure, the obligation to publish, the promotion of open government, and the limited scope of exceptions. It also reiterates that any requests for information should be processed speedily and requesting persons should not be deterred from making requests for information by excessive costs.

Freedom of information legislation is essential to ensuring implementability of the right to freedom of information as it establishes a legally enforceable right to official documents for inspection and copying. In many cases the right to information is facilitated by independent administrative bodies with the power to receive requests for information from the public and to issue decisions binding upon the government department or agency concerned.

Freedom of information is intrinsically related to the right to privacy as guaranteed by Article 17 of the ICCPR and Article 8 of the ECHR, and, consequently, to the protection of personal data. Freedom of information and right to privacy are fundamental human rights values but may in many instances be competing and in need of reconciliation. There exists a number of principles that national laws on data protection and access to information have to conform to in order to ensure that both privacy and individual liberties are adequately protected. The very key principles are found in the European Convention on Automatic Processing of Personal Data and include

a) the collection limitation principle (i.e. that the personal data should be obtained fairly and lawfully);

b) the data quality principle (the data should be adequate, relevant and not excessive in relation to the purposes for which they are stored; accurate and, where necessary, kept up to date; preserved in a form which permits identification of the data subjects for no longer than is required for the purpose for which those data are stored);

c) the purpose specification principle (the data should be stored for specified and legitimate purposes); the use limitation principle (the data should not be used in a way incompatible with these specified and legitimate purposes);

d) the openness and individual participation principles (the data subject should be able to establish the existence of an automated personal data file, its main purposes, as well as the identity and habitual residence or principal place of business of the controller of the file; to obtain at reasonable intervals and without excessive delay or expense confirmation of whether personal data relating to him are stored in the automated data file as well as communication to him of such data in an intelligible form; to obtain rectification or erasure of such data if these have been processed contrary to the law; to have a remedy if a request for confirmation, rectification or erasure is not complied with); and

e) the security safeguards principle (personal data should be protected against accidental or unauthorized destruction or accidental loss as well as against unauthorized access, alteration or dissemination).

An effective freedom of information legislation should include detailed provisions on procedures for application for access to information, rules for the processing of applications, categories of documents and information access to which can be legitimately restricted, as well as the procedure for the administrative review of refused applications.

Generally, as evidenced by the best practices, freedom of information legislation also presumes regular publication of information which is of potential public interest and defined by the law.

One of well-known methodologies for the development of freedom of information legislation and assessment of the efficiency of legal and regulatory frameworks in this area was developed by "Article 19" non-governmental organization. "Article 19" has developed principles of freedom of information legislation that contain basic elements of an effective legal framework as well as detailed comments on each of those principles. The list of the countries that succeeded in adoption of effective freedom of information legislation have been selected taking into account the principles developed by “Article 19”, as well as the recommendations of the Committee of Ministers of the Council of Europe R(2002)2.

Posted: February 2007