The right to be forgotten – ECJ ruling on Italian data protection case

The European Court of Justice (ECJ) recently ruled on an Italian case in which the director of a company, a Mr Manni, had brought an action against the Lecce Chamber of Commerce. He had built a tourist complex in Italy, but argued that the properties had failed to sell because it was apparent from the companies register that he had been involved in a company that had gone bankrupt in 1992 and was wound up in 2005. He believed he had a ‘right to be forgotten’ in relation to the data held about that company in the companies register. The ECJ disagreed.

The Court of Lecce in Italy had ordered the Lecce Chamber of Commerce to anonymise the data linking the director to the liquidation of the first company and to pay compensation for the damage suffered by him. The Lecce Chamber of Commerce appealed to the Court of Cassation, which decided to refer several questions to the ECJ.

In its ruling, the ECJ noted that the public nature of company registers is intended to ensure legal certainty in dealings between companies and third parties and to protect the interests of third parties, since the only safeguards they offer to third parties are their assets. The ECJ further noted that there may be reasons why personal data held by the companies register might be needed many years after years a company has ceased to exist, but that it was not possible to set a single date after which those data would not be needed.

In principle, having an open-ended requirement for data to be available in this way infringes a person’s fundamental rights (in particular, the right to respect for private life and the right to protection of personal data guaranteed by the Charter of Fundamental Rights of the Union). But the ECJ found this was not disproportionate as (1) in fact, very little personal data is held in the company register and (2) holding it is justified because the data is a safeguard for third parties and it is reasonable that those registering should be required to disclose it.

However, the ECJ clarified that where a sufficiently long time has elapsed after dissolution of a company, Member States were entitled to provide for restricted access to data by third parties in exceptional cases. It is for each Member State to decide if it wants such a limitation of access in its national legal system.

In the case at hand, the Court found that the fact that properties in the tourist complex did not sell because potential purchasers had access to the data of Mr Manni in the companies register did not justify limiting access by third parties to that data. He had no right to be forgotten.

First published on Global-HR.