On 22 November 2022, the Court of Justice of the European Union (CJEU) ruled that the Dutch UBO register of the Chamber of Commerce (KvK) violates European privacy legislation. Therefore, Minister of Finance Sigrid Kaag temporarily closed this public register. The register is meant to detect fraud, money laundering and terrorist financing. Therefore, Emanual van Praag, Professor of Financial Technology and Law at Erasmus School of Law, advocates for an improved version of the UBO register that aligns with the privacy legislation. In an opinion piece in the Financieele Dagblad (FD), he explains who should have access to the register and how the new system could be designed.
An Ultimate Beneficial Owner (UBO) is an owner or person who has control within an organisation. Since March 2022, all organisations must register these UBOs with the Chamber of Commerce. This includes, for example, people who own more than 25 per cent of the shares in a BV, but they can also be a board member or director of an organisation. Until now, this UBO register was publicly accessible. However, the CJEU considers this a severe breach of privacy and personal data protection.
The register must open again
According to Van Praag, however, this does not mean the end of the UBO register: “The register will (have to) open again, but with a new policy. To do so, we first have to determine who is allowed to look in the register.” According to the CJEU, public authorities and banking organisations can access the register.
Van Praag explains that who is visible in the register it is also relevant: “For a public figure, such as a politician or senior civil servant, it is public interest that citizens know what other financial interests that person has. This is more obvious than for random citizens.”
UBO register 2.0
The Professor of Financial Technology and Law mentions two options for the new UBO register: “Variant A is that the individuals give explicit permission to a specific institution to consult their data in the UBO register. In this solution, the data subjects log into the Chamber of Commerce, and the Chamber of Commerce only provides the data to the institution designated by the data subjects.
In variant B, a financial institution must ask the customer who the Ultimate Beneficial Owner is. The financial institution provides that information to the UBO register, from which there is only confirmation of whether it is correct. These technological solutions limit the privacy breach but still permit financial institutions to verify the UBO.”
- More information
Read Van Praag’s entire opinion piece in the FD here (in Dutch).