Privacy is like sex: once you share it with someone else, it becomes kind of public. And it certainly is when you share it with your own government.
As we are running a database of all legal entities in Belgium and doing data analytics on this data at Finactum, we are daily confronted with persons that do have a public mandate but think they fall under the Privacy Act and the “Right To Be Forgotten” from Google search.
Many people seem to be quite unaware or even just ignore that this privacy legislation at national, European or international level applies only to individuals. In other words: any natural person, consumer, man, woman, transgender or whatever you would like to call a human being but one who has no context at all to or within any legal entity. (this is in fact one of the definitions of an “enterprise” or a “business”)
The moment one takes up a mandate as representative of any legal entity in any form, one loses a certain right to privacy. The exact scope and nature of this specific privacy can be discussed of course but the bare essence starts with the existence of a 1-to-1 relationship between your name (which is obviously attached to the human being you are) and the legal entity you represent. In case of a natural person taking up a mandate of director in a public company this seems very recognised and acceptable. Likewise accepted publicly is a politician taking up a public mandate in a government position. Or an actor or VIP.
However natural persons who apply for a VAT number seems to have it difficult to understand that they also take up a public mandate. Although this same legal entity is registered in the central database Crossroads Bank for Enterprises (“CBE” or also known as “KBO” in Belgium). And although this 1-to-1 relationship can be easily searched for in that same CBE dataset on national level (both on VAT number as on name) and the same with the European VAT number validation tool VIES.
Basically the modus operandi if you want to keep your name private and value this privacy so much is quite simple: just don’t start any registered business.
There is a website named forget.me that gives an excellent FAQ and overview of the exact nature of the rights we are talking about. The FAQ (as well as our own FAQ at Finactum) clearly states:
Can I use the removal request form in either a company’s name or in a brand’s name? No, the Court of Justice of the European Union (CJEU) has limited the scope of this measure to apply to individuals only.
Can someone in the public eye use a removal request to have links about them taken down ? It’s unlikely. The CJEU has specified that search engines must consider the public’s right to information as it is of more importance when dealing with someone in the public eye.
My conclusion from the daily mails we get from individuals representing legal entities with this question (over and over again) to be deleted from our/any database ‘at simple request’ is that this privacy legislation and ‘right to be forgotten’ has lead to more confusion than clarity amongst people. Ironically all the fuzz and long-standing battle of the EC to fight for this (consumer) ‘right to be forgotten’ has only led to a very tiny online form one has to apply for at Google and… which is also judged by Google.
*Note: this article was first published on LinkedIn on October 8, 2016.