GDPR: Supreme administrative court to deem a decision by Czech Police about personal data erasure from a public register to be an administrative act
The Supreme Administrative Court ruled in a case regarding the freedom of information and the right to obtain the erasure in accordance with the General Data Protection Regulation (GDPR). Those were the rights invoked by the individual towards the Police of the Czech Republic, after the person had been refused entry to the French Republic due to having been pronounced undesirable in the Registry of Undesirable Persons (Evidence nežádoucích osob, ENO) and the Schengen Information System (SIS II). Although the Czech police provided the person with the requested information, it rejected the request to erase the data on the grounds that this could prevent the purpose for which the person was registered in ENO and SIS II.
The individual defended its rights by bringing an action against the Czech Police for unlawful interference at the Municipal Court in Prague. The court ruled but the judgment was then set aside. The Supreme Administrative Court dismissed the action and declared the communication by the Police of the Czech Republic on rejecting the request for erasure to be a decision – an administrative act. Such a decision must be contested by an action against a decision of the administrative authority, i.e. not an action for protection against unlawful interference.
In its decision, the Supreme Administrative Court also dealt with the nature of the complaint filed with the Office for Personal Data Protection. The Court said that such a complaint was only a supporting tool to exercise the office’s supervisory authority, the filing of which may or may not precede the action against a decision of the administrative authority.