3 minute read
Confirming the Illegality of UBO Registry Public Access
A first reflection on WM and Sovim
SA Court of Justice of the European Union Judgement n a 22nd November 2022 seminal Judgement in Joined Cases C-37/20 and C-601/20 WM (C-37/20) and Sovim SA (C-601/20) v. Luxembourg Business Registers1, which essentially reinstated legal orthodoxy, the Court of Justice of the European Union (CJEU), declared, the Ultimate Beneficial Ownership (UBO) Public Access related provisions of the EU 5th AML Directive2, as legally invalid, due to the fact that they infringed the freedoms enshrined under the EU Primary Legislation, and in particular Charter of Fundamental Rights of the European Union (the Charter), Article 7 (Respect for private and family life) and Article 8 (Protection of personal data), and the Principle of Proportionality.
CJEU noted that it reaching the above – mentioned Judgement, took into consideration certain factors, including the following3:
1. The publicly accessible information in relation to the identity of the beneficial owner as well as to the nature and extent of the beneficial interest held in corporate or other legal entities, was capable of enabling a profile to be drawn up concerning certain personal identifying data more or less extensive in nature depending on the configuration of national law, the state of the person’s wealth and the economic sectors, countries and specific undertakings in which he or she has invested.
2. The said publicly accessible information was then accessible to a potentially unlimited number of persons, with the result that such processing of personal data had been liable to enable that information to be freely accessed also by persons who, for reasons unrelated to the objective pursued by that measure, seek to find out about, inter alia, the material and financial situation of a beneficial owner.
3. The potential consequences for the data subjects resulting from possible abuse of their personal data were exacerbated by the fact that, once those data had been made available to the general public, they could not only be freely consulted, but also retained and disseminated and that, in the event of such successive processing, it became increasingly difficult, or even illusory, for those data subjects to defend themselves effectively against abuse.
4. Although it is stated, in Recital (paragraph) 30 of the Preamble of the EU 5th AML Directive, that the general public’s access to information on beneficial ownership ‘can contribute’ to combating the misuse of corporate and other legal entities and that it ‘would also help’ criminal investigations, it must be found that such considerations are also not such as to demonstrate that that measure is strictly necessary to prevent money laundering and terrorist financing.
5. In the light of the above, it could not be considered that the interference with the rights guaranteed in Articles 7 and 8 of the Charter, which resulted from the general public’s access to information on beneficial ownership, was limited to what is strictly necessary, that being proportionate.
Further, the CJEU noted that4, while the Principle of Transparency, as it results from Articles 1 and 10 of the Treaty of the European Union (TEU) and Article 15 of the Treaty on the Functioning of the European Union (TFEU) is given concrete expression primarily in the requirements of institutional and procedural transparency covering activities of a public nature, including the use of public funds, such a link with public institutions could not be established, where the measure at issue had been intended to make available to the general public data concerning the identity of private beneficial owners and the nature and extent of their beneficial interests held in companies or other legal entities. Accordingly, the Principle of Transparency, could not be considered, as such, an objective of general interest capable of justifying the interference with the fundamental rights guaranteed in Articles 7 and 8 of the Charter, which resulted from the general public’s access to information on beneficial ownership.
The CJEU Judgement could be considered as reflecting, amongst other, the previous Judgements of the then European Court of Justice (ECJ) in Digital Rights Ireland5, the Article 29 Data Protection Working Party (WP) Opinion 14/2011 on data protection issues related to the prevention of money laundering and terrorist financing
Pantelis Christofides Advocate – Director, Head EU & Regulatory Law Department, L. PAPAPHILIPPOU & CO LLC
& Legal Consultants
as adopted on 13th June 20116, and the European Data Protection Supervisor (EDPS)) Opinion 1/2017 on a Commission Proposal amending Directive (EU) 2015/849 and Directive 2009/101/EC Access to beneficial ownership information and data protection implications dated 2nd February 20177
The Department of Registrar and Intellectual Property of the Republic of Cyprus, in response to the CJEU Judgement in EM and Sovim SA, duly issued a relevant Announcement on 28th November 2022, in Greek and in English translation8, to the effect that: a. Access to the Register of Beneficial Owners for the general public has been suspended as of the 23rd November 2022. b. The relevant information to the competent and supervisory authorities and the Unit as referred in article 12 of Directive R.A.A. 112/2021 and amending Directive R.A.A. 116/2022, will continue to be provided with the applicable procedure. c. The relevant information will, also continue to be provided to the obliged entities, with the applicable procedure by submitting additionally a solemn declaration confirming that the information on the Beneficial Owners is requested within the context of performing customer due diligence.
