Europe Does Better on the Right to be Forgotten
This first appeared in SIIA’s Digital Discourse Blog.
In a significant ruling, earlier this month, the European Court of Justice ruled that an individual’s privacy interest in limiting the disclosure of personal information does not generally override the interest in public disclosure about company officials. The ruling protects the public interest in transparency about governance of public companies; preserves the capacity of stock holders to assess companies accurately and protect their legal rights with respect to them; and reaffirms the legitimacy of data processor access to personal information in public data bases about companies.
The new ruling says that the right to be forgotten does not mean that individuals can require the operator of a registry of companies to delete personally identifying professional information from the registry. A former executive claimed harm to his reputation because a third-party processer accessed the registry and disclosed to others that he had been the head of a dissolved company at the time of its bankruptcy and dissolution. This disclosure, he claimed, was making it difficult for him to sell properties in a tourist complex that he directed.
The court ruled that under European directives and national law, companies are required to disclose their key officials through registries that are available to the public. Moreover, the disclosure of the name of company officials might be needed for many years after the company has ceased to exist — for instance, to determine whether company actions were legal or to bring legal actions involving the company. Because member states provided no single time period beyond which such information would no longer be useful, the court declined to specify a “right to be forgotten” date for this information.
The court moved the question back to national governments, saying that they could apply national law and on a case-by-case basis to find if there are legitimate and overriding reasons which might exceptionally justify limiting third parties’ access to the data in registries.
Here’s the court case.