CDD On Demand

New! In addition to the Quote 500, now also the Dutch Top 500.000 of the richest shareholders. Facilitated by the State! Does the end justify the means?

Reading time: 6 min

Since September 27 you’re able to request Dutch UBOs at the Chamber of Commerce. You will receive a name, month and year of birth, nationality and country of residence of the UBO, including an insight (range) into the size of the share. This new service has been facilitated by Europe and the affiliated countries with which all UBO information is exchanged.

The State does nothing about data protection. Everything is public; you only need to request a code from the Chamber of Commerce and pay.

Determining the value of a natural person is easy (shares * company balance sheet value). An address is easy to find because most holdings, for example, are on a private address and otherwise Google will help!

Risky for those involved? That the State thinks so is evident from the following. The State offers the possibility to make UBO’s, that are mentioned on a specific protection list, invisible. As a layman, this seems to me to be contrary to the principle in the constitution that all Dutch citizens should be treated equally in an equal situation. A lawyer is allowed break their teeth on this.

All in all, a gross violation of the privacy of approximately 500.000 UBOs under the motto “preventing money laundering and combating terrorism”. This substantiation and justification has virtually no value because money laundering in the Netherlands is mainly done by drug criminals, according to research by the University of Utrecht. It would surprise the undersigned if drug criminals can be found in a UBO register.

Then the statement about a hidden agenda of the State remains. Certainly not fancy but has happened before (see SyRI story below). Below an elaboration.

 

The introduction

“More than 1.5 million organizations will have to deal with the UBO register by 2020. From 27 September, many organizations have to register UBOs in this new register. UBOs (Ultimate Beneficial Owners) are persons who have more than 25% of the economic interest in an organization ”. The above quote comes from the website of the Chamber of Commerce (KvK). Immediately a new source of income for the Chamber of Commerce. Companies have to pay for a UBO request. The State does not pay for the use of the Chamber of Commerce database! Also bizarre.

The UBO register provides insight into shareholders who have an economic interest of more than 25% or who have a say in companies, foundations and associations, among other things.

 

The consequences

The UBO register has consequences:

  1. The UBO register is in violation of the (European) GDPR, which must guarantee the privacy of natural persons. The State will argue that it is a more important interest, but the State is not always right and cannot properly assess such matters. In the case of System Risk Inventory (SyRI), the State has had to back down for the time being.
  2. It concerns many people. There are approximately 800,000 BVs in the Netherlands. Most BVs have several UBOs and a number of UBOs have several BVs, such as an operating company and a holding. The number of UBOs in the Netherlands remains a guess, but according to good marketing practice, we estimate that there are 500,000 +/- 100,000 UBOs in the Netherlands.
  3. The UBO register has (possibly) far-reaching consequences for the personal safety of shareholders and their families. The State also endorses this position, as appears from the exceptional rule that has been drawn up that will protect the privacy of certain UBOs.

The UBO Register will make the following information publicly available for approximately 500,000 shareholders and directors:

  1. First and last name
  2. Month and year of birth
  3. Nationality
  4. Country of residence
  5. The nature and size of the equity interest in a range

 

Violation of the privacy

The above is a blatant violation of the GDPR. Point 5, for example, the nature and size of the equity interest, even if it’s only a range, is a very sensitive financial data in the GDPR. very sensitive financial data in the GDPR.

"Financial data are sensitive personal data that can say a lot about someone. It is therefore important that organizations such as banks and the tax authorities handle this carefully." This can be read on the website of the Dutch Data Protection Authority. Seems like the above does not apply to the State?

 

Risks for those involved?

The fact that there are risks associated with the dissemination of this information is known to the State. This is evident from the following in the supplementary regulations. “The UBO may submit a request to the Chamber of Commerce to block certain data”. This will be honored if one of the following situations is demonstrably involved:

  1. Exposure to a
  2. Disproportionate risk,
  3. A risk of fraud,
  4. Kidnapping,
  5. Blackmailing etcetera.

This is also possible if the UBO is a minor, is under guardianship or administration or has police security.

 

State protection is a sham

“The additional UBO data - the day of birth, the place of birth, the country of birth, the residential address, BSN and / or TIN and the underlying documentation showing the identity of the UBO and the exact nature and scope of the economic interest held by the UBO - are only accessible to competent authorities and FIU-the Netherlands ”. This text comes from a briefing of the Senate by the Ministry of Finance. Naturally, the State and about twenty government services, including the Tax and Customs Administration, have unlimited free access to the information.

This claim that “the additional UBO data” is protected by the State is an outlandish and pointless.

The opposite is true: anyone with access to the internet and common sense can make a reasonable estimate of the value of the shares on the basis of the company's balance sheet value (annual report available from the Chamber of Commerce).

The value of the shareholder and his family is equal to the share range * value of the company (s) found in the UBO register. The protected residential addresses are also not very difficult to find on the internet with a first and a last name in combination with a country of residence and a nationality.

Entrepreneurs are often known on the internet and the information is easy to find. The State could just as well have placed a target on the head of enterprising Netherlands with an additional amount.

 

The conclusion; the medicine is worse than the disease

Any sane person will ask himself whether the importance of “preventing money laundering and financing terrorism”, which is done by a very limited group of Dutch people, who probably cannot be found in a UBO register, outweighs the means and that is a massive privacy violation of the shareholders (often entrepreneurs). The alternative is a hidden agenda at the State. This behavior is unworthy of the State.

A parallel can be drawn with SyRI; this is a system of the State in which the privacy rights of the citizens were massively violated under the motto “anti-fraud”.

For more information click here

Rechtszaak in de maak:

Source: Privacy Web

Privacy First will start a lawsuit against the UBO register with its lawyer Otto Volgant (Boekx Advocaten) for violation of European privacy law. Dutch law and the overlying European directive are in conflict with the European Charter for Fundamental Rights and the GDPR. Privacy First often conducts its strategic procedures on privacy with a coalition of stakeholders. Privacy First is currently identifying which parties can contribute to the case against the UBO register.