Reflections on the late 2022 European Court Ruling
Summary:
In November 2022, the European Court of Justice (ECJ) ruled member states cannot be required to have a public register of company ownership.
Ireland was/is one of the countries with a public register of company owners.
The ruling was seen as a victory for privacy advocates and a setback by organisations combatting money laundering and fraud.
Privacy and transparency are each important virtues. Sometimes there are difficult trade-offs. Those trade-offs should be recognised, not ignored.
Business Privacy in Ireland
Until recently, I was only familiar with running businesses in the US, where business information is largely private and unavailable to the public.
When I returned to Ireland in 2021, I was surprised how substantial information about private businesses is publicly available – including the names and addresses of owners, and financial reports. When starting a new company, founders often don’t have a business address, so they put down a home address instead. But this address gets written into public record, and, even if changed in the future, that record remains. This isn’t great from a personal safety standpoint. It further surprised me that private company financial accounts are also visible online. This puts information on wealth into the public domain and it gives away competitive information.
It will be interesting to follow how Ireland responds to the 2022 ruling of the European Court of Justice in favour of privacy.
The Value of Making Business Information Public
As a business owner, a public registry of businesses is a tool that allows me to quickly verify business owners. This is a big help in avoiding companies that are involved in fraud and money laundering. To state the obvious, it’s highly undesirable to do business with companies involved with fraud and money laundering – not only because of legal repercussions, but because business is based on trust. Without a public record, and with companies having multiple layers (e.g. individuals owning companies that own parts of other companies), it is hard to figure out who one is doing business with.
There’s an argument that legitimate businesses should have nothing to fear from making public their owners and financials. Indeed, the ownership and financials of companies with publicly traded shares are public. (What then is the role of “private” businesses? Is there a need for them at all?)
A counterargument is that when data is made public, there is a public eye on those business owners. This serves a public good, but it can also be smothering, particularly for a) nascent businesses without the resources for security, b) businesses without majority popular support or c) businesses with vehement minority opposition. A world of absolute transparency hampers diversity, dampens expression and is stifled by shame.
Positives and Negatives from reactions to the ECJ Court Ruling
As I have previously written, privacy rights are enshrined into EU law. Over recent years, these rights have become meaningfully subservient to anti-money laundering legislation. So, while the ECJ ruling is a setback to business transparency (I’m unsure, but in favour of some level of public business records), I see the ruling as a welcome reaffirming of EU rights to privacy and counter to recent trends in the opposite direction.
There is a legitimate fear of money laundering, particularly in the light of circumvention of Russian sanctions (a complex topic). Evil should not be tolerated, but it should also not blind us to the perils of surveillance, nor should evil fool us into thinking that transparency – or indeed anything – is a panacea (although transparency can be helpful).
Next, I quote the reaction of Finland’s minister of transport and communications, Timo Harakka (unfortunately paywalled on FT):
Going beyond traditional privacy safeguards, we should take advantage of new techniques that respect sensitive information while providing useful data from the same source, such as so-called zero knowledge proof and federated learning. To support the Data Act, the European Commission is even funding some of those privacy-proof but non-restrictive data sharing methods. Privacy is a code word for mistrust. To reap the benefits of free data flows, we need more trust and less trepidation.
It’s great to see awareness of new technologies to soften the trade-off of privacy versus transparency. Zero knowledge proofs involve using cryptography to attest to a piece of information (e.g. I have paid my taxes OR I am not on this money-laundering blacklist) without having to reveal one’s personal data. It’s reassuring there are ministers in EU countries and in the EU that have good knowledge on these tools.
By contrast, the phrase “Privacy is a code word for mistrust” is concerning. Why then would the EU have enshrined privacy (read “mistrust”) as a fundamental right? The statement seems overly simple, and perhaps Minister Harakka had something different in mind. There is already a growing sentiment that privacy is for criminals; a sentiment that illegitimately breeds on legitimate fears of fraud and criminality. Privacy and transparency both have important roles to play in society, and we should recognise there are difficult trade-offs, not ignore them.
As Minister Harakka points out and I agree (btw, I agree with most of his recent piece in the FT, except the title and his above quote on privacy being mistrust):
Trust is also sorely needed between the US and Europe. Ten years have passed since Edward Snowden exposed American data espionage, and only now are we agreeing a passable EU-US data privacy framework. This wasted decade has led to some European countries reacting to US transgressions with retaliatory measures that run counter to the very idea of universal free flows of information and free trade.
Clearly Minister Harakka sees government espionage as a real risk. Quoting further:
Faced with authoritarian aggression, free societies need to enhance co-operation in critical technologies. We must share knowledge, pool our research and development resources, and ensure that human rights and democratic values are entrenched in all global standards and protocols. The Data Act is a crucial step towards that. The wealth of all our data should bring wealth to all of us.
Indeed, facing authoritarian aggression, free societies need transparency so as not to be spurned by corporate interests or money laundering criminals. However, they also need a level of privacy so as not to be authoritarian and so as to be free.