The complainant in this case was a journalist who emailed a public figure to ask questions about decisions that the public figure had taken in relation to their work. The public figure used their Twitter account to publish a copy of the email. The journalist’s name, work email address and mobile phone number were legible in the published copy of the email. The journalist reported receiving a number of threatening text messages afterwards.

The journalist asked the public figure to delete the published copy of the email. The public figure did so, but also published a Tweet saying that the journalist’s mobile phone number was available online. This included a link to a discussion board message posted by the journalist six years previously, while a student, which included the same mobile number. The journalist complained to the DPC.

As part of its investigation, the DPC asked the public figure to identify the legal basis for disclosing the journalist’s data. The public figure’s response queried whether the journalist’s name and contact details constituted personal data. It also asserted that, because the journalist had previously made that information available on the internet, the journalist had impliedly consented to its publication by the public figure. The journalist rejected that assertion.

The DPC took the position that the journalist’s name, email address and mobile phone number were personal data because the journalist was clearly identifiable by them. Concerning the legal basis for disclosing them, the DPC noted that, while data protection law provided for several possible legal bases for processing, the only basis raised by the public figure had been consent. The DPC’s view was that a media enquiry to a public figure from a journalist acting in that capacity did not amount to valid consent to the sharing of any personal data in the enquiry. For those reasons, the public figure’s disclosure of the data breached data protection law.