By Dr Jay Fedorak, Information Commissioner
As Information Commissioner responsible for regulating data protection in Jersey, I am concerned about the privacy implications of publishing registers of beneficial ownership. My apprehensions relate only to information about identifiable individuals: names, addresses and personal financial details. I have no concerns about the information of corporations, such as company names, addresses of business, and details of corporate finances.
I recognise that protecting personal data is just one of many important public policy objectives. Preventing money laundering is another important public policy objective. It is particularly crucial to Jersey, where financial services lead the economy, as it relies on the trust and confidence of the international community that Jersey is a safe place to invest and conduct legitimate business. Therefore, the social and economic benefits of preventing the crime of money laundering may justify and outweigh the proportionate loss of personal privacy for owners of companies registered in Jersey.
Data protection laws permit the collection, use and disclosure of personal data for the purposes of achieving public policy objectives, subject to certain conditions. This is to ensure that we achieve these goals, while keeping the loss of privacy to the minimum necessary.
Creating a registry of beneficial ownership that is available to law enforcement officials around the world is an effective approach to combating the problem of money laundering. The crux of the issue is whether this registry should be open to the public. A secure registry restricting access to authorised users ensures the minimum intrusion of privacy. This approach simultaneously supports effective law enforcement and the protection of personal data.
The complete abrogation of privacy rights involved in publishing this personal data would require convincing evidence that the following two conclusions are valid. The first is that restricting access to law enforcement officials had failed in its objectives. The second is that publication would lead to a clear, measurable, and substantive decrease in money laundering that it would not be possible to achieve through other means.
I have not seen any evidence to suggest that making the Jersey registry ‘public’ will result in a significant increase in successful prosecutions for money laundering or decrease in associated crime.
Some parties critical of the current regime in Jersey have suggested that the Panama Papers and other scandals have proved that it has failed to prevent money laundering. However, saying that the privacy sensitive approach has failed is not enough to justify compromising personal privacy. It is also necessary to prove that the more privacy invasive alternative will succeed.
I have also heard arguments that there would be other public benefits to publishing the registry. These include academic and other non-profit research into general subjects such as patterns of company ownership or the effectiveness of the registry. I suggest, however, that there are less obtrusive means of achieving these legitimate objectives. It is possible to give access to researchers and the media with strict controls as to further disclosures of personally identifiable data. Again, the principle of data minimisation with respect to access, use and disclosure of personal data should apply.
The most important point is that privacy is a fundamental human right entrenched in Article 12 of the 1948 Universal Declaration of Human Rights. For some, this means having the right to control what information you give, to whom you disclose it and for which purposes. For others, it is the right to be let alone. In any case, it relates to preserving personal dignity by respecting people’s choices as to what they want to keep private about themselves.
What is more, privacy is not just a means to an end; it is an end in itself. This is an important point that many people overlook. It is incorrect that as long as you protect people from fraud, identity theft or physical harm, there is no loss of privacy, and there is no real harm. The improper disclosure of personal information is a harm in and of itself.
Therefore, we should not casually discard privacy in for speculative objectives. We should treat personal data like a valuable financial asset. We should exchange privacy only where a thorough cost-benefit analysis indicates that what we will receive is worth the loss.
Legitimate and effective crime prevention is a valuable objective. Transparency is also a valuable objective. As part of my responsibility involves oversight of the Jersey Freedom of Information Law, I promote transparency throughout the public sector. However, the private sector should be subject to the same level of scrutiny and transparency. There is a reason why we distinguish between the public and private sectors. The public sector involves the expenditure of public funds and the exercise of authority over the public. The public has a vested interest in these matters. Individuals cannot escape the reach of governments and normally do not have choice with respect to the providers of necessary public services. In addition, individuals fund these activities with their taxes.
Conversely, there is not the same imperative for transparency in the private sector as exists in the public sector. Absolute transparency, such as publication, is reasonable only when it is necessary to protect the public. I do not think that absolute transparency merely for its own sake should override a fundamental human right. That some individuals might be just curious, or want to base their commercial decisions on the identities and other personal details of owners of companies, is not a sufficient justification to invade the privacy of other individuals acting in their personal capacity.
In conclusion, I have yet to see evidence to persuade me that the benefits of publishing the register of beneficial ownership in Jersey would outweigh the loss or privacy involved. My position is not intractable on this issue. I am open to changing my opinion. However, I require evidence and cogent and convincing arguments. I hope that everyone will take the same sceptical approach, and weigh the cost benefit analysis, whenever they evaluate a public policy proposal that will compromise the privacy rights of individuals.