CJEU - C-601/20 - SOVIM

From GDPRhub
CJEU - Case C-601/20 SOVIM
Cjeulogo.png
Court: CJEU
Jurisdiction: European Union
Relevant Law: Article 5(1)(b) GDPR
Article 5(1)(c) GDPR
Article 5(1)(f) GDPR
Article 5(1)(a) GDPR
Article 25(2) GDPR
Article 44 GDPR
Article 45 GDPR
Article 46 GDPR
Article 47 GDPR
Article 48 GDPR
Article 49 GDPR
Article 50 GDPR
Article 30 Directive 2015/849
Article 1(15) Directive 2018/843
Decided:
Parties: SOVIM SA
Luxembourg Business Registers
Case Number/Name: Case C-601/20 SOVIM
European Case Law Identifier:
Reference from: TA Luxembourg (Luxembourg)
Language: 24 EU Languages
Original Source: Judgement
Initial Contributor: n/a

See Holding for questions referred.

English Summary

Facts

Facts pending decision.

Holding

Questions referred

Question 1

Is Article 1(15)(c) of Directive (EU) 2018/843, amending the first subparagraph of Article 30(5) of Directive (EU) 2015/849 on the prevention of the use of the financial system for the purposes of money laundering or terrorist financing …, in so far as it requires Member States to make information on beneficial owners accessible to the general public in all cases, with no requirement for a legitimate interest to be shown, a valid provision:

(a) in the light of the right to respect for private and family life guaranteed by Article 7 of the Charter of Fundamental Rights of the European Union (the ‘Charter’), interpreted in accordance with Article 8 of the European Convention on Human Rights, having regard to the objectives stated inter alia in recitals 30 and 31 of Directive 2018/843 relating, in particular, to efforts to combat money laundering and terrorist financing; and

(b) in the light of the right to protection of personal data guaranteed by Article 8 of the Charter, in so far as it is intended, inter alia, to guarantee that personal data are processed lawfully, fairly and in a transparent manner in relation to the data subject, that the purposes for which such data are collected are limited, and that the data are minimised?

Question 2

1. Is Article 1(15)(g) of Directive 2018/843 to be interpreted as meaning that the exceptional circumstances to which it refers, in which Member States can provide for exemptions from access to all or part of the information on beneficial owners, where access on the part of the general public would expose the beneficial owner to disproportionate risk, risk of fraud, kidnapping, blackmail, extortion, harassment, violence or intimidation, exist only where it is demonstrated that there is a disproportionate risk of fraud, kidnapping, blackmail, extortion, harassment, violence or intimidation which is exceptional, which is actually borne by the beneficial owner as an individual, and which is clear, real and present?

2. Should this be answered in the affirmative, is Article 1(15)(g) of Directive 2018/843, thus interpreted, a valid provision in the light of the right to respect to private and family life guaranteed by Article 7 of the Charter and the right to protection of personal data guaranteed by Article 8 of the Charter?

Question 3

1. Is Article 5(1)(a) of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (the ‘GDPR’), which requires data to be processed lawfully, fairly and in a transparent manner in relation to the data subject, to be interpreted as not precluding:

(a) that the personal data of a beneficial owner, recorded in a register of beneficial owners established in accordance with Article 30 of Directive 2015/849, as amended by Article 1(15) of Directive 2018/843, are accessible to the general public, with no monitoring of access and no requirement for any member of the public to provide justification, and without any way for the data subject (the beneficial owner) to know who has accessed his personal data; or

(b) that the data controller responsible for such a register of beneficial owners provides access to the personal data of beneficial owners to an unlimited and indeterminable number of persons?

2. Is Article 5(1)(b) of the GDPR, which requires the purposes of data processing to be limited, to be interpreted as not precluding that the personal data of a beneficial owner, recorded in a register of beneficial owners established in accordance with Article 30 of Directive 2015/849, as amended by Article 1(15) of Directive 2018/843, are accessible to the general public, in circumstances where the data controller cannot guarantee that those data will be used only for the purpose for which they were collected, which, in essence, is that of combating money laundering and terrorist financing — a purpose in relation to which the general public is not the responsible body from which compliance is required?

3. Is Article 5(1)(c) of the GDPR, which requires data to be minimised, to be interpreted as not precluding the general public from having access, through a register of beneficial owners established in accordance with Article 30 of Directive 2015/849, as amended by Article 1(15) of Directive 2018/843, to data indicating, in addition to the beneficial owner’s name, month and year of birth, nationality and country of residence, as well as the nature and extent of his beneficial interests, also his day and place of birth?

4. Does Article 5(1)(f) of the GDPR, which requires data to be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing, and thus guarantees the integrity and confidentiality of such data, preclude access to the personal data of beneficial owners contained in a register of beneficial owners established in accordance with Article 30 of Directive 2015/849, as amended by Article 1(15) of Directive 2018/843, from being provided on an unlimited and unconditional basis, with no commitment to keep such data confidential?

5. Is Article 25(2) of the GDPR, which guarantees data protection by default, providing in particular that by default, personal data must not made accessible without the individual’s intervention to an indefinite number of natural persons, to be interpreted as not precluding:

(a) that a register of beneficial owners established in accordance with Article 30 of Directive 2015/849, as amended by Article 1(15) of Directive 2018/843, does not require members of the general public consulting the personal data of a beneficial owner on its website to create an account; or

(b) that no information concerning a consultation of personal data of a beneficial owner contained in such a register is disclosed to that beneficial owner; or

(c) that no restriction on the extent and accessibility of the personal data at issue is applicable in the light of the purpose of their processing?

6. Are Articles 44 to 50 of the GDPR, under which the transfer of personal data to a third country is subject to strict conditions, to be interpreted as not precluding that the personal data of a beneficial owner, contained in a register of beneficial owners established in accordance with Article 30 of Directive 2015/849, as amended by Article 1(15) of Directive 2018/843, are accessible in any circumstances to any member of the general public, with no requirement to demonstrate a legitimate interest and no limitations as to the location of that public?

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!