open search
close
Internationales Arbeitsrecht Italy

The right to be forgotten – ECJ ruling on Italian data protection case

Print Friendly, PDF & Email
Italy

The European Court of Justice (ECJ) recently ruled on an Italian case in which the director of a company, a Mr Manni, had brought an action against the Lecce Chamber of Commerce. He had built a tourist complex in Italy, but argued that the properties had failed to sell because it was apparent from the companies register that he had been involved in a company that had gone bankrupt in 1992 and was wound up in 2005. He believed he had a ‘right to be forgotten’ in relation to the data held about that company in the companies register. The ECJ disagreed.

The Court of Lecce in Italy had ordered the Lecce Chamber of Commerce to anonymise the data linking the director to the liquidation of the first company and to pay compensation for the damage suffered by him. The Lecce Chamber of Commerce appealed to the Court of Cassation, which decided to refer several questions to the ECJ.


In its ruling, the ECJ noted that the public nature of company registers is intended to ensure legal certainty in dealings between companies and third parties and to protect the interests of third parties, since the only safeguards they offer to third parties are their assets. The ECJ further noted that there may be reasons why personal data held by the companies register might be needed many years after years a company has ceased to exist, but that it was not possible to set a single date after which those data would not be needed.

In principle, having an open-ended requirement for data to be available in this way infringes a person’s fundamental rights (in particular, the right to respect for private life and the right to protection of personal data guaranteed by the Charter of Fundamental Rights of the Union). But the ECJ found this was not disproportionate as (1) in fact, very little personal data is held in the company register and (2) holding it is justified because the data is a safeguard for third parties and it is reasonable that those registering should be required to disclose it.

However, the ECJ clarified that where a sufficiently long time has elapsed after dissolution of a company, Member States were entitled to provide for restricted access to data by third parties in exceptional cases. It is for each Member State to decide if it wants such a limitation of access in its national legal system.

In the case at hand, the Court found that the fact that properties in the tourist complex did not sell because potential purchasers had access to the data of Mr Manni in the companies register did not justify limiting access by third parties to that data. He had no right to be forgotten.

First published on Global-HR.

Verwandte Beiträge
Internationales Arbeitsrecht Neueste Beiträge

The general public's enthusiasm for artificial intelligence (AI) technologies is making its way into the workplace.

While AI offers many advantages, employers must remain aware of the risks that a lack of supervision can generate.  Avoiding discrimination Discrimination is one of the risks most feared by the intrusion of AI into decision-making processes, particularly in terms of recruitment and candidate selection. Failure to comply with non-discrimination rules exposes the employer to various risks, ranging from the invalidity of the decision in…
Internationales Arbeitsrecht Neueste Beiträge

Can employers monitor their employees’ social media posts?

Increasingly, employers are being made aware of employee misconduct that is evidenced by photos, videos or other social media posts. What are employers allowed to do when it comes to their employees‘ posts, what are the limits, what should they bear in mind when using these posts? Here we consider the situation in Germany, with comments from our experts in 19 other jurisdictions. Employee posts…
Brazil Internationales Arbeitsrecht Neueste Beiträge

Data protection in Brazil: what to expect this year

In 2023, the Brazilian General Data Protection Law (LGPD) celebrates five years since its publication. Since its entry into force in 2020, the LGPD has come a long way, but there are several legal issues relating to the protection of personal data that still need further refinement.  Brazilian Data Protection Authority Among the main changes since the enactment of the LGPD has beenthe change in…
Abonnieren Sie den kostenfreien KLIEMT-Newsletter.
Jetzt anmelden und informiert bleiben.

 

Die Abmeldung ist jederzeit möglich.