Transposing Article 30 of Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purpose of money laundering or terrorist financing, as amended by Directive (EU) 2018/843 of 30 May 2018, the Law of 13 January 2019 (the “RBE Law”) established under Luxembourg law an ultimate beneficial owner register (the “RBE”) and provides that all entities registered with the Luxembourg trade registry (Registre de Commerce et des Sociétés, Luxembourg) must identify their beneficial owners, thus rendering public a certain amount of their personal information.

By default accessible to all, the RBE Law provides that the access to such personal information may, in “exceptional circumstances” and by reasoned request of the entities or beneficial owners, be limited solely to national authorities.

Should the RBE administrator refuse to grant the request, the entity or beneficial owner may file an appeal with the courts.

Appealed to by ultimate beneficial owners whose request for limitation was refused by the RBE administrator, the Luxembourg District Court asked European Court of Justice (the “ECJ“) in substance by means of several preliminary questions:

  • Whether the public access regime for ultimate beneficial owners' information and its derogation system were valid with respect to the right to privacy and the protection of personal data;
  • Whether the public access regime was compatible with certain GDPR provisions; and
  • The interpretation of the derogation system of said system of public access to ultimate beneficial owner information.

All while recognising that the making available and disclosure to the public, by the RBE, of ultimate beneficial owner personal data constitutes encroachment on the right to privacy and data protection, the ECJ's Advocate General deems that not to be particularly serious.

According to her, the data disclosed (the ultimate beneficial owner's name, month and year of birth, citizenship, country of residence as well as the nature and scope of the rights held) do not alone allow one to obtain information on the data subjects and neither substantially nor directly affect their privacy.

It follows that the limitation of those rights does not constitute a crucial violation of ultimate beneficial owners' fundamental rights.

Public access to ultimate beneficial owner data, without requiring a legitimate interest, appears necessary to attain the objectives of the fight against money laundering and the financing of terrorism established by the directive.

However, the Advocate General adds that such public access does not relieve a Member State from the duty to protect ultimate beneficial owners' fundamental rights and ensure the protection of all their rights from any disproportionate harm. She considers that not only do Member States have the ability, but they must grant derogations to ultimate beneficial owner data in case of disproportionate harm to their fundamental rights, as provided by the Charter. She also considers it possible for the RBE to know the identity of the persons who consult it.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.