The court makes available (lends) case files to a law enforcement authority that wishes to make copies for its own files. Is the authority the controller in relation to its own files and the copies attached to them, and not in relation to the entirety of the court files?

Question

Accepted Answer

ANSWER

Recital 20 of the GDPR preamble states that the competence of supervisory authorities should not cover the processing of personal data by courts acting in their judicial capacity. At the same time, Article 2(2)(d) GDPR provides that the Regulation does not apply to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including the safeguarding against and the prevention of threats to public security.

The above therefore means that the provisions of the GDPR do not apply to personal data contained in files of court or preparatory proceedings. However, all precautionary measures should nevertheless be taken when lending case files.

The court makes available (lends) case files to a law enforcement authority that wishes to make copies for its own files. Is the authority the controller in relation to its own files and the copies attached to them, and not in relation to the entirety of the court files?

ANSWER

Read also:

07 June 2026

TikTok a RODO w sektorze publicznym – czego urzędy mogą dowiedzieć się z niemieckich zaleceń dla instytucji

29 May 2026

Kontrola służbowej poczty e-mail pracownika a tajemnica przedsiębiorstwa - kiedy pracodawca może legalnie przejrzeć skrzynkę?

14 May 2026

Czy pracodawca może opublikować zdjęcie pracownika? Wykorzystanie wizerunku pracownika na gruncie RODO i prawa autorskiego

Ranking aplikacji dla sygnalistów

Ochrona sygnalistów - ranking aplikacji