Authorised third parties correspond to all authorities and bodies (usually public) which, by virtue of the public interest in the performance of their duties, have the power to request documents or information which may contain personal data.
For this reason, authorised third parties are to be distinguished from the different actors likely to receive communication of information outside the scope of investigations (for example, access by a user to administrative documents, exchanges provided for by law between administrations, a data subject's right of access).
The power of an authorised third party is systematically based on a legal framework providing for its implementation:
- bodies concerned,
- data subject of the request for access or copy,
- nature of the information and documents concerned.
These authorised third parties are, for example:
- The tax authorities.
- Social security organisations, as part of the fight against fraud, and organisations responsible for the instruction, payment and control of the unemployment benefits.
- Judicial, police and gendarmerie authorities.
- bailiffs.
But what are the conditions for an authorised third party to obtain information contained in a file?
It is essential that :
- The request must be written and specify the legislative text justifying it.
- The request must concern persons who are specifically identified or identifiable (an authorised third party cannot have access to an entire file).
- The request is only.
- The request specifies the categories of data concerned.
- The request makes it possible to identify the authorised third party making the request.