In a preliminary ruling procedure, the ECJ ruled on March 9, 2017 (Ref.: C-398/15) that a shareholder has no right to be „forgotten“ for the personal data entered in the company register.
Not even if the company has not existed for years.
Italian man demands the deletion of his personal data
An Italian businessman brought an action before the national courts at first instance.
He complained that his personal data could still be found in the company register years later, even though his company no longer existed.
Mr. Salvatore Manni was a partner in a real estate company that had to file for insolvency in 1992 and was finally liquidated in 2005.
His data entered in the company register at the time can still be accessed by third parties today.
Accessibility to the data violates the protection of personal data
The entrepreneur was of the opinion that the personal data still available in the company register was detrimental to his current business.
Some of his current real estate sales had fallen through as a result.
Making the personal data accessible violated the rights to respect for private life and the protection of personal data guaranteed by the Charter of Fundamental Rights of the European Union.
He won at first instance, but the Court of Cassation (Corte suprema di cassazione) requested a preliminary ruling from the ECJ in the cassation appeal proceedings.
The European Court of Justice primarily dealt with the question of whether a claim for deletion exists at least if the company has not existed for several years.
Access to data in the company register serves to protect third parties
In this context, the ECJ first explained the purpose of the registration of personal data.
The disclosure of data from the company registers is intended to ensure legal certainty in relations between companies and third parties.
In particular, the interests of third parties vis-à-vis public limited companies and limited liability companies should be protected.
The reason for this is that companies are only liable with their company assets, which may well be less than the amount of liability itself.
Even several years later, a third party still has an interest in the detailed personal data of its business partner.
In the Court’s opinion, the interference with the fundamental rights of the persons concerned was not disproportionate.
Only a limited amount of personal data is disclosed in the company register.
Furthermore, the data subject decided to disclose their data in connection with the limited liability company when they were entered in the register.
Restricted access after dissolution of the company
However, the ECJ does not rule out per se that the personal data is worthy of protection in certain cases.
It therefore considers a temporary restriction of access to personal data after the dissolution of the company to be sufficient.
Access must be restricted to those who can demonstrate a special interest in viewing the personal data.
However, such a restriction on access must be the result of a case-by-case assessment.
It is up to each Member State to decide whether such a restriction of access is desirable in its legal system.
In the case of Mr. Salvatore Manni, the mere fact that the properties cannot be sold because potential buyers have access to the personal data does not justify the restriction of access to his data.
The presumed buyers‘ interest in information outweighs this.