Art. 12

Breaches of privacy

1 Anyone who processes personal data must not unlawfully breach the privacy of the data subjects in doing so.
2 In particular, he must not:
a. process personal data in contravention of the principles of Articles 4, 5 paragraph 1 and 7 paragraph 1;
b. process data pertaining to a person against that person’s express wish without justification;
c. disclose sensitive personal data or personality profiles to third parties without justification.
3 Normally there is no breach of privacy if the data subject has made the data generally accessible and has not expressly prohibited its processing.