Determining the scope of exemptions from data subjects’ rights to process tax data

Case C‑201/14 Smaranda Bara and Others [2015] For a public institution to be exempted on the basis of Article 13 of Directive 95/46/EC from complying with data subjects’ rights under the Directive, a legislative measure is required. A non-public protocol is not sufficient to qualify a legislative measure (author’s headnote). Articles 10, 11, and 13 of Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, OJ 1995 L 281, 31