Explanation on the Exposure of Personal Data

Individuals who are appointed as members of board or council of companies, or are indicated as the ultimate beneficial, have to be aware of and accept that their personal data is publically available. DSI made known such explanations after it received many inquiries from people about publishing their data by the Register of Enterprises of the Republic of Latvia through an official web-page which contains information about companies registered in Latvia and inter alia personal data of their officials, e.g. board members. Also, worth mentioning that this information is publicly available to anyone for free.

DSI explained that pursuant to the law “On the Register of Enterprises of the Republic of Latvia” (hereinafter – Law) the purpose of these data processing activities is to register legal entities and to make information, that has been recognized as public by the Law, on these legal entities freely available. Therefore, the DSI pointed out that processing of personal data of individuals engaged in commerce, namely, publishing their personal data on the official web-page, is justified, as the lawmakers intended for this information to be publicly available to everyone so that anyone could receive trustworthy information about e.g. trade partners and their ability to do business, represent and enter into agreements on behalf of respective entity. 

Nonetheless, the DSI agrees that even though some of the published information is indeed personal data, the main goal of processing of such personal data is to provide information on legal entities. The DSI justifies such processing of personal data by stating that the right to privacy of officials and restriction on further processing is less protected than that of people who are not engaged in commerce as officials in the legal entities. Moreover, the DSI reminded that the current framework on protection of personal data cannot be applied to ‘personal data’ when referring to legal entities. 

The conclusion can be drawn that personal data of natural persons who occupy official position in legal entities are less protected, but only to the extent to which precise data is connected with information about respective legal entity and such information about a legal entity has been identified as public according to the Law. However, the aforementioned statement does not mean that the DSI will not protect the right to privacy of people who occupy official position in legal entities. Any other public exposure of personal data of officials may only be performed strictly in accordance with the provisions of the GDPR.