Sunday, October 1, 2023 | Back issues
Courthouse News Service Courthouse News Service

Privacy Power: EU Court Nixes Easy Access to Driving Records

In another win for privacy advocates, Europe's top court ruled that Latvia is breaching EU data protection rules by making people's driving records easily accessible.

(CN) — The European Union's high court kept in line with the bloc's tight privacy laws on Tuesday with an order for Latvia to stop making people's driving records easily available to anyone seeking them.

By making people's past driving offenses available to the public upon request, Latvia is violating the right to privacy, the European Court of Justice found.

The Latvian law over driving records is meant to entice people to become more careful on the roads, but the EU's high court in Luxembourg said the law goes too far and breaches EU laws protecting against the abuse of personal data.

In its ruling, the court said Latvia failed to show how the law helped improve road safety.

Under the Latvian law, authorities are required to enter information about drivers' unpaid fines and penalties into a public national vehicle register database. Details about a driver in the database are available to anyone, including companies that use that information for their own purposes.

The Luxembourg court's ruling comes in a case brought by a Latvian driver identified in court documents only by the letter B. The driver, who had incurred penalties, challenged the constitutionality of the law, arguing that it violates a person's right to privacy. Several companies also obtained information about B's driving record.

Latvia's Constitutional Court asked the EU's high court for a ruling on whether the law breaches the General Data Protection Regulation, a wide-ranging set of rules the EU adopted in 2016 that seeks to protect the processing of personal data in an era of data breaches and scandalous data collection practices.

The EU rule has caused friction between the United States, where data-protection laws are less stringent, and Europe. U.S. tech giants, for example, have been forced to adapt to the GDPR rules or face hefty fines. The EU rules came into force in 2018.

Since the regulations came into effect, the EU high court has issued rulings with a strict interpretation of the privacy laws. Last July, it struck down a pact that lets companies move data between the U.S. and the EU, arguing that it did not include enough safeguards to protect data. The U.S. and EU are working on a new data-transfer deal.

The GDPR laws give people more say over how their personal data can be used and by whom. Under the rules, people can seek to have information about them removed from the internet; they can seek to have information about them corrected; and they can ask companies to show what data they have about them. Internet companies meanwhile are required to report data breaches within 72 hours, and they face massive fines for failing to protect data.

In the Latvia case, the high court said that the rights to privacy and protection of personal data are not an “absolute rights” but added that “limitations may be made only if they are necessary and genuinely meet objectives of general interest.”

In this context, the court said Latvia had not demonstrated that disclosing people's driving records was in the public's interest.

The Latvian government argued that it is good for the public to be able to identify “drivers of vehicles who systematically infringe the road traffic rules and to influence the conduct of road users by encouraging them to behave in accordance with those rules,” as summarized in the ruling.

Although road safety is in the public's interest, the court said Latvia had failed to show that “the disclosure of personal data … genuinely meets the objective of general interest of improving road safety.”

The court said Latvia can make its roads safer through other means that are “less restrictive of the fundamental rights of data subjects.” It said Latvia could impose, for example, stiffer penalties for bad driving or do more to educate drivers about how to behave on the roads, including making drivers do training.

Additionally, the court said that allowing easy access to driving records may end up giving “rise to social disapproval and result in stigmatization.”

Instead, the court said driving records should only be made available to people with a clear interest in obtaining someone else's information, such as those involved in a lawsuit against another driver.

The Latvian government contended that it was not breaking the EU data rules because information is provided only when someone provides a driver's national identification number.

This argument, though, did not convince the court. It also faulted Latvia for allowing its motor vehicle agency, the Road Safety Directorate, to enter into contracts with companies that specialize in selling data about drivers. The court said these companies have no clear interest in obtaining drivers' information.

Courthouse News reporter Cain Burdeau is based in the European Union.
Follow Cain Burdeau on Twitter

Follow @
Categories / Appeals, Civil Rights, Government, International

Read the Top 8

Sign up for the Top 8, a roundup of the day's top stories delivered directly to your inbox Monday through Friday.