Considerations for implementers
There are a number of considerations for implementers to think through when deciding how, and on what basis, to make BO information available. The most important considerations are:
- collating data in a central register;
- making the data accessible and usable without barriers;
- establishing a legal basis and broad purpose for publication in keeping with privacy and data protection legislation.
- creating a system that mitigates potential harms of publication.
A precondition to BO data being made public is that it is collated and held in a central register. Having a centralised register means the data can be accessed through one central location in a standardised format. This is a prerequisite for effective use of BO data by all user groups, and removes some of the practical and cost barriers to accessing and analysing BO information. Central registers is one of the Open Ownership Principles (OO Principles) for effective BO disclosure, which promote high quality, reliable data to maximise data usability and to minimise loopholes.
Maintaining a central register of BO information is one of three complementary approaches identified by the FATF as best practice. Analysis of FATF country evaluations clearly demonstrates the importance of central registers for reducing money laundering risk: countries maintaining a central register – as opposed to relying on other decentralised approaches where companies and other institutions hold BO data – perform better against FATF’s requirement to ensure timely access to adequate, accurate, and up-to-date information on the BO of companies. Central registers may be more challenging to implement for federal jurisdictions, which may need to harmonise BO legislation across sub-national jurisdictions in order to meet FATF requirements. The importance of this is demonstrated by Brazil, where, until the introduction of a national company register in 2008, individual Trade Boards in each of Brazil’s 27 states had to be contacted separately to determine whether it held information on a particular company, each with differing incorporation requirements.
Law enforcement in the UK, where a central – and public – register was introduced in 2016, “generally felt that the introduction of the register […] has made it quicker and easier to obtain such information”. A 2002 UK government study estimated the savings from having a central registry of BO in police time alone was GBP 30 million a year; it also made it easier to trace and recover stolen assets, therefore already providing net benefit before considering a range of other direct and indirect cost saving impacts. Many countries have also centralised their company registers – often charged with BO disclosure – to improve the ease of doing business.
The advantages of a central register are broadly recognised. Recent significant commitments to introducing centralised BO register covering specified legal entities include the United States and Canada. In the US, provisions were included in the Corporate Transparency Act (CTA), as part of the 2020 National Defense Authorization Act. The CTA will create a BO register within FinCEN. Several disclosure regimes have existed at the state level, but the US opted for a national central registry in light of national security concerns. Unlike the US, Canada’s central register, announced in the 2021 budget, will be made public. Nigeria, whilst having a longer-standing commitment, is also implementing a central register. It launched a first iteration in early 2021, but still faces considerable challenges. Implementation in these countries will provide lessons on implementing BOT in large, federated – both high and lower-income – jurisdictions.
Data accessibility and usability
Whilst a number of countries have started implementing public BO registers in recognition and pursuit of the benefits discussed above, many have introduced restrictions to access in the forms of: charging for data (e.g. Ghana ); requiring registration (e.g. Bulgaria ), and sometimes compulsory identification (e.g. Germany ); and having restrictive licensing (e.g. Austria ). Some regimes also have other barriers to use, such as limiting searchability to company name or number. Such barriers can constrain or limit the use of BO data to achieve desired policy goals.
In particular, charging a fee for every request, even if it is not a high fee, prevents journalists, researchers, and NGOs from being able to access data. This negates potential benefits mentioned above, such as being able to conduct thorough investigations into financial crime. As financial investigators Ray Blake and Graham Barrow said, “[we had to put] a whole range of research projects […] on hold because we simply couldn’t afford the fees to access the records.”  In the UK, the number of search requests on the register increased more than 200-fold, from 6 million in 2014/2015 to 1.3 billion in 2015/2016, after the paywall was removed, to 2.1 billion in 2016/2017. Whilst this does not necessarily prove benefit, some benefits outlined above, e.g. driving up data quality, are dependent on data use.
Similarly, licences can severely restrict the potential benefits of public BO registers. To realise the full benefits of public BO data, users should be able to copy, publish, distribute, and adapt the information that is in the public domain, for both commercial and non-commercial purposes, free of charge. There has been a proliferation of custom licences from governments, which poses a major challenge for users: each licence may have specific legal arrangements, which users need to understand, and different licences may have compatibility issues.
In summary, implementing agencies should consider the usability of the information by various data users. Whether the data is structured, accessible and usable without barriers such as payment, identification, registration requirements, has restrictive licensing, is searchable by both company and beneficial owner names or available as bulk data, all have an impact on usability. These aspects are outlined in the OO principles.
|BO data…||Yes (no. of countries)||No [g] (no. of countries)|
|is licensed under an open licence (for basic information)||8||19|
|has registration-free access||10||17|
|is accessible free of charge||11||16|
|has application programming interface (API) access||12||15|
|is downloadable in bulk||13||14|
|is machine readable||18||9|
|is searchable by both BO and legal entity||5||22|
Sources: Licensing, API, bulk download and machine readability: Deloitte ; Registration, cost and searchability: Transparency International.
Recovering or sustaining the cost of a BO register is often used as a justification for charging for access. This is only one of several ways to recover costs, including, for instance, filing charges. Whilst comprehensive cost analysis of global, public BO registers is lacking, Deloitte has conducted a study among EU member states on the costs of company registers, including BO data. The study concludes that: “When comparing the costs and benefits of making these datasets available, it emerges clearly that the benefits to society and reusers greatly exceed the costs borne by the data holders.”
The one-off cost of setting up an API is estimated to cost an average of EUR 50,000. In addition, annual operational costs of the overall registers were estimated between EUR 3.2 million and EUR 16 million. Momentarily leaving other benefits outside of consideration, these figures are substantially lower than the potential economic value of data reuse outlined above. The biggest perceived cost to making data public was lost revenue for countries that already charged for data. These countries generate considerable revenues in excess of register operating costs in certain EU countries, but less than the potential economic value of data reuse.
If implementers are seeking to recover costs directly through a register, a significant portion, if not all costs, can be recovered through modest filing charges rather than charging for data use and without substantial adverse effects to the ease of doing business. Companies House in the UK, for instance, “operates on the basis of cost recovery, seeking to break even taking one year with another” through fees. Most recovered costs are through charges for incorporation. Conversely, its BO data is free at the point of use, allowing for the substantial economic value of data reuse discussed above. Nonetheless, the UK is rated by the World Bank as one of the countries where it is easiest to do business.
One challenge that implementers face is that economic benefits often accrue in different departments from where costs are born, and government budgeting is often not set up to reconcile these. Because of this, the agencies who bear the costs often impose charges at the point of service. Implementers should aim to reconcile the costs of data products against the revenues through internal budget processes and clear interdepartmental agreements. These agreements should be long-term and should transcend annual budgeting to avoid having to do so on an annual basis.
Establishing a legal basis
Privacy is widely acknowledged to be a human right, but in most countries it is not an absolute right. It can be limited or restricted under certain circumstances, often including when it is in the public interest to do so, for instance, by helping prevent, detect, and investigate crime. Data protection legislation tries to balance the right to privacy with the legitimate uses of data. In some cases, data protection law may say that a certain use of data infringes privacy, but not the law, because the potential gains to the public interests outweigh the potential negative effects of reduced privacy. No data protection regimes categorically prevent the publication of personal information (see, for example, Box 11 and Box 12).
This raises the question as to what extent the publication of BO data specifically is in the public interest. What are the added potential benefits of making data public, and are these proportional to the potential impact on privacy? The first section of this briefing has summarised potential benefits. Although BOT has not yet been implemented in enough jurisdictions to have a robust evidence base of positive impact over the long term – and as discussed, things like deterrence are hard to measure – there are sufficient arguments for it to be reasonable and rational for policymakers to act on the understanding that a public register will serve the public interest.
Privacy concerns are highly context dependent. Within the EU, for instance, hugely divergent privacy concerns are emerging from different member states.[h] In the UK, when it was still an EU member, a public register was implemented without significant opposition. Contrarily, there was considerable opposition and eventually a closure of work to create a closed National Identity Register and ID cards for citizens, an equivalent of which is commonly found in many EU countries.
It is important for each country to assess whether publication is reasonable, proportionate, and justified given their national privacy and data protection safeguards, and to ensure that BOT is legislated for with these in mind. As part of this, implementers should define a clear purpose for publication.
Defining a purpose for publication
In order to ensure BO data can be made public in a manner that is compliant with data protection and privacy legislation, implementers should define a clear purpose in the legal basis for collecting and processing data when drafting legislation. Broadly, implementers have taken two approaches to this, defining a legal basis based on either a specific, narrow purpose (e.g. fighting financial crime), or a broader accountability and public interest purpose.
Box 10: The legal basis of beneficial ownership transparency in the EU
An example of narrow purpose is the AMLD5. It states: “[…] It should be possible for Member States to provide for wider access to information on beneficial ownership of trusts and similar legal arrangements, if such access constitutes a necessary and proportionate measure with the legitimate aim of preventing the use of the financial system for the purposes of money laundering or terrorist financing.”
AMLD5 complements this with specifically noting the value of making public interest registers public: “Public access to beneficial ownership information allows greater scrutiny of information by civil society, including by the press or civil society organisations, and contributes to preserving trust in the integrity of business transactions and of the financial system. It can contribute to combating the misuse of corporate and other legal entities and legal arrangements for the purposes of money laundering or terrorist financing, both by helping investigations and through reputational effects, given that anyone who could enter into transactions is aware of the identity of the beneficial owners. It also facilitates the timely and efficient availability of information for financial institutions as well as authorities, including authorities of third countries, involved in combating such offences. The access to that information would also help investigations on money laundering, associated predicate offences and terrorist financing.”
The advantage of defining a narrow purpose is that it makes it easier to build broad political support for BOT. In the case of the EU, for instance, it does not seem likely that public BO registers would have otherwise been accepted by all member states. The disadvantage is that this constrains further use in other policy areas, and forces a discussion on proportionality and impact of the specified purpose. At the time of writing, there are two ongoing court cases in Luxembourg  that have been submitted to the European Court of Justice against the publication of personal data in BO registers on the ground of GDPR, challenging governments to demonstrate that the potential benefits of making registers public in fighting money laundering are proportional to the potential negative effects. A recent application for injunction in the Netherlands against the state cites that public access is more relevant to combating tax evasion than AML and combating the financing of terrorism (CFT), but that this is not a stated aim of the Directive. Whilst the application was rejected , it highlights a potential challenge as, under GDPR, data can only be used for the purposes defined. Whilst this is an important data protection principle, it is difficult to apply to making personal data public if it is licensed for any form of use, as the purposes for which it is used cannot be controlled. Similarly, in discussions on making public BO data available for free as structured data for economic purposes, under the EU’s Public Sector Information (PSI) Directive, the point is often made that although the data was already made public under AMLD5, it was done so for a different purpose, and therefore would still face considerable political opposition.
Box 11: Cayman Islands legal review
On 14 December 2020, the UK Government published a draft Order in Council creating a requirement for the Overseas Territories (OTs) to implement publicly accessible registers of BO of companies. Subsequently, the OTs had to consider how to implement this consistently with their constitutional rights to privacy. As part of technical support to the OTs, OO commissioned a legal review for the Cayman Islands. The review considered the following Article in the constitution:
Private and family life
9.—(1) Government shall respect every person’s private and family life, his or her home and his or her correspondence.
(3) Nothing in any law or done under its authority shall be held to contravene this section to the extent that it is reasonably justifiable in a democratic society— (a) in the interests of defence, public safety, public order, public morality, public health, town and country planning, or the development or utilisation of any other property in such a manner as to promote the public benefit; (b) for the purpose of protecting the rights and freedoms of other persons;
Whilst the constitution covers a respect for privacy, it does not guarantee privacy, and includes provisions for government to interfere in private life if the interference is reasonably justified in a democratic society. It states that “It would seem likely that the publication of beneficial ownership information would be for the purposes of public order or public safety, given the law enforcement risks of the misuse of corporate structures for criminal purposes.”
Additionally, the review considered that, whilst the 2017 Data Protection Law provides a robust statutory framework for the treatment of personal data, it does not cover sensitive personal data, and can therefore be lawfully published as long as the data protection principles and constitution are complied with. It states that it is overwhelmingly likely that any court would conclude that there is “no violation of the Paragraph 9 right to respect for privacy”, as “the publication of the Article 4 information has a clear purpose – to prevent the misuse of corporations to break the law and the information published is subject to strict data protections as set out in the 2017 Law. […] The publication of BO information interferes with privacy, but does not amount to a violation of the Constitution given it is reasonable for the Government to publish that information.”
In contrast, some jurisdictions have taken the approach for specifying a broad purpose in law (for instance, the UK, which was an EU member when GDPR came into force and transposed this into national law). However, under one of its derogations, it included the “Processing and public access to Official documents”, quoting that the “disclosure of […] personal data, are already enshrined in several UK laws, particularly the Freedom of Information Act (FOIA) 2000”. On this basis, the publication of BO data  is covered by Section 8 of the 2018 Data Protection Act, which covers the “processing of personal data that is necessary for the performance of a task carried out in the public interest”, which includes purposes such as “the administration of justice” and “an activity that supports or promotes democratic engagement”. There has not been the type or scale of public objections to making BO data public in the UK compared with the EU. The UK was also able to because of its culture of making personal data public for certain purposes. The advantage is that as the purpose has been broadly defined as public interest, there is little resistance when there are proposals for using BO data for a different purpose in a new policy area, like procurement. Nigeria – a fellow common law state that has modelled much of its BOT legislation on the UK – has taken a similar approach.
Jurisdictions could consider pursuing a broad purpose based on accountability. Those who incorporate companies enjoy certain societal benefits, such as limited liability, and are therefore licensed by government and broader society. It could be argued that they need to be accountable to the general public, and that their business activities therefore need to be rendered less private. Arguably, in the same vein that governments are publicising the BO of recipients of public funds, many if not all companies in an economy fall under fiscal policies that grant some sort of tax benefit.
BO data has a broad range of applications across different policy aims. Jurisdictions that want to make use of the full potential of BO data should approach this holistically by defining a legal basis with a broad purpose.
Box 12: Canada legal analysis 
In October 2019, a coalition of Canadian NGOs commissioned a privacy analysis of the potential publication of BO information within the Canadian legal system. Of particular interest was section 8 (s.8) of the Canadian Charter of Rights and Freedoms: “Everyone has the right to be secure against unreasonable search and seizure”, which protects the individual’s reasonable expectations of privacy from unjustified state intrusion.
The report concluded that, based on the s.8 analysis, “the type of information sought by governments in the creation of a beneficial ownership registry would not likely be found to possess a high expectation of privacy. The information would be generally restricted to information identifying the beneficial owners of corporations, with the overall goals of reducing the misuse of such regulated entities and improving transparency.” It stated that “given the regulatory context and the nature of the information to be gathered, state collection of beneficial ownership would unlikely be found to be an illegal search and seizure under s.8 of the Charter.”
The report also concluded that if the collection of BO information were to be found to engage s.8 and be considered a state intrusion of privacy, “it would likely be accepted by courts as a justifiable intrusion on individual privacy rights when balanced against the important state and social objectives of making corporations more transparent and less susceptible to abuse.”
Mitigating potential negative effects of public access
The potential benefits of making BO data need to be weighed against the potential harmful effects of reducing privacy. These will differ per jurisdiction, and each implementer will need to assess what the potential effects are through stakeholder consultations. Implementers will also need to assess which concerns are valid. For instance, some stakeholders in Germany have voiced concerns over identity fraud and kidnapping. Research has shown that whilst company directors are disproportionately at risk of identity fraud, this risk is most serious when information about them has already been published online, such as on social media. In terms of kidnapping, research shows that there have been no documented examples of harms that have arisen from the publication of BO data in open registers. However, registers have been mostly implemented in Global North countries so far. It is likely that if BOT reforms are considered in other contexts, these will face their own set of potential harms. For instance, based on OO’s experience supporting implementation in Mexico, there are specific concerns about risks to personal safety (e.g. kidnapping) based on Mexico’s specific legal and security environment. Similar concerns have also featured in Mexico’s debates about the asset disclosures of public officials. In other countries where OO is supporting implementation, such as Indonesia, data protection laws are still being drafted, creating uncertainty. Whatever concerns arise, implementers can take a number of steps to ensure that potential harms are mitigated.
Implementers should follow the principle of data minimisation and only collect data that is adequate (sufficient to fulfil the stated policy aims), relevant (has a rational link to that purpose), and limited to what is necessary (not surplus to that purpose). Disclosure regimes should not collect any unnecessary data – especially not sensitive data (e.g. physical appearance or racial background), which also often needs to meet a higher legal threshold for processing.
Most countries will make a smaller subset of the data available to the public than to the authorities. This can be called layered access. For example, it is difficult to justify the need for the general public to be able to see a person’s tax identification number, but authorities may need this information. Only the minimum – but sufficient – details necessary for public oversight to work should be published. This means publishing sufficient data in order to be able to identify two beneficial owners of different companies when they are the same person, and being able to distinguish between two beneficial owners when they are different people, but for instance share the same name. Therefore, usually additional data fields such as month and year of birth, nationality, and country of residence are made publicly available. Table 2.1 and Table 2.2 show a comparative overview of the data fields available to the public and to the authorities in two European countries.
|Information available to the public||
Information available to
|Month and year of birth||Full date of birth|
|Service address and country of residence||Service address and full residential address|
|Date BO started||Date BO started|
|Whether an application has been made for the individual’s information to be protected from public disclosure||Whether an application has been made for the individual’s information to be protected from public disclosure|
|Nature and extent of interest held (ranges)||Nature and extent of interest held (ranges)|
|Information available to the public||
Information available to
|Month and year of birth||Full date, place, and country of birth|
|Country of residence||Full residential address|
|Date BO started||Date BO started|
|Whether an application has been made for the individual’s information to be protected from public disclosure|
|Nature and extent of interest held (ranges)||Nature and extent of interest held (ranges)|
|Citizen service number or foreign tax identification number (TIN)|
|Copies of one or more documents confirming the identity of the ultimate beneficial owner (UBO)|
|Copies of one or more documents showing the nature and extent of the interest held (i.e. why that person is classified as UBO)|
Implementers can also mitigate potential negative effects arising from the publication of data by providing for exemptions to publication in circumstances where someone is exposed to disproportionate risks. This is a common feature of many BOT regimes. This should focus on mitigating risks emerging from the publication of the data – i.e. knowing that someone is the beneficial owner of a specific legal entity. For instance, a person might be a member of a particular religious community and be the beneficial owner of a company whose activities conflict with the principles of that religion. The protection regime should also include risks emerging from the publication of any of the personal data. For instance, someone who has been stalked and harassed has a legitimate case not to have the combination of name and residential address published. A protection regime should have an application system with the possibility to apply to have certain or all data fields protected before these are published, when substantiated by evidence. These should be reviewed according to a set of narrowly defined conditions, to avoid creating significant loopholes in a disclosure regime.
Box 13: The UK’s Persons of Significant Control Protection Regime
The UK’s protection regime covers either residential addresses or all information of any individual who can demonstrate “serious risk of violence or intimidation”. Applications are assessed on a case-by-case basis. Between April 2016 and January 2019, 447 applications were made to protect all information. Only 16% were successful (with 40% awaiting decision). 456 requests were made to protect addresses, of which 88% were approved, demonstrating a higher bar for full protection. Authorities may submit applications to view protected information, but in that same period, none had done so.
[g] This includes countries where this was not yet implemented or for which information was not available.
[h] For example, in the Netherlands an application for injunction (subsequently rejected) mentions examples of children being bullied at school for being rich (“Dagvaarding in Kort Geding”, Privacy First, 5 January 2021, 27, https://www.privacyfirst.nl/images/stories/UBO/2021-01-05_KG_dagvaarding_UBO_register_PrivacyFirst_def.pdf); in Germany, the Association of family businesses cited blackmailing and kidnapping fears (Markus Henn, “Bundesregierung knickt vor Unternehmenslobby ein – Firmendaten bleiben geheim”, 22 February 2017, Netzwerk Steuergerechtigkeit, https://www.netzwerk-steuergerechtigkeit.de/bundesregierung-knickt-for/).
 “Principles for Effective Beneficial Ownership Disclosure”, Open Ownership, n.d., https://www.openownership.org/principles/.
 “Best Practices on Beneficial Ownership for Legal Persons”, FATF, Paris, October 2019, 22, https://www.fatf-gafi.org/media/fatf/documents/BestPractices-Beneficial-Ownership-Legal-Persons.pdf.
 Maíra Martini, “Who is behind the wheel? Fixing the global standards on company ownership”, Transparency International, 2019, 3, https://images.transparencycdn.org/images/2019_Who_is_behind_the_wheel_EN.pdf.
 “Anti-Money Laundering and Combating the Financing of Terrorism: Federative Republic of Brazil”, FATF and OECD, 25 June 2010, 210-214, https://www.fatf-gafi.org/media/fatf/documents/reports/mer/MER%20Brazil%20full.pdf. Note: although the national company register does not hold BO data on individuals, which is held by the tax authority, it does hold all the data on legal entities.
 “Review of the implementation of the PSC Register”, Department for Business, Energy and Industrial Strategy, March 2019, 34, https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/822823/review-implementation-psc-register.pdf.
 “Regulatory impact analysis: Disclosure of beneficial ownership of unlisted companies”, HM Treasury and DTI, July 2002, https://webarchive.nationalarchives.gov.uk/+/http:/www.hm-treasury.gov.uk/media/9/9/ownership_long.pdf.
 “Budget 2021”, Government of Canada, Part 4, Chapter 10.1, https://www.budget.gc.ca/2021/report-rapport/p4-en.html#261.
 See: “Tracking Beneficial Ownership and the Proceeds of Corruption: Evidence from Nigeria – Interim Project Report”, Northumbria University and Global Integrity Anti-Corruption Evidence (ACE) Programme, n.d., https://ace.globalintegrity.org/wp-content/uploads/2020/11/FCDO-projectInterim-Report-Final.pdf.
 In Ghana, BO data is currently free and accessible for competent authorities and civil society organisations, but accessible to the public for a small fee. Jemima Oware, quote from online event “Webinar: High-level discussion on beneficial ownership transparency in Africa”, 19 May 2021, https://eiti.org/event/beneficial-ownership-transparency-in-africa.
 Deloitte, 112.
 Ibid, 114.
 Ibid, 24.
 Ibid, 116.
 “The Open UBO Register (English edition): A study into the implementation in the Netherlands of Directive 2018/843”, ICTRECHT, 25 May 2020, 44, https://openstate.eu/wp-content/uploads/sites/14/2020/06/25052020-Het-Open-UBO-Register-ENG-NL.pdf.
 Graham Barrow and Ray Blake, “British Shells and the Beirut Blast”, The Dark Money Files podcast, 17 January 2021, https://podcasts.apple.com/us/podcast/british-shells-and-the-beirut-blast/id1448635132?i=1000505495826.
 Nienke Palstra, “10 lessons from the UK’s public register of the real owners of companies”, Global Witness, 23 October 2017, https://www.globalwitness.org/en-gb/blog/10-lessons-uks-public-register-real-ownerscompanies/; “Annual Report and Accounts 2016/17”, Companies House, 18 July 2017, 7, https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/633763/CompaniesHouse_AnnualReport_2017_web_version.pdf..
 Danny Lämmerhirt, “Avoiding data use silos: How governments can simplify the open licensing landscape”, Open Knowledge International, December 2017, https://research.okfn.org/avoiding-data-use-silos/
 See https://opendefinition.org/licenses/
 “Principles”, Open Ownership.
 Deloitte, 112-118.
 “How accessible are BO registers across the EU”, Transparency International, May 2021 (Forthcoming).
 Deloitte, 141.
 Deloitte, 381.
 For example, the Netherlands, Germany, and Italy. See: Deloitte, 119-120
 “Companies House business plan 2020 to 2021”, Companies House, 29 September 2020, https://www.gov.uk/government/publications/companies-house-business-plan-2020-to-2021/companies-housebusiness-plan-2020-to-2021#our-finances-and-resources.
 “Companies House fees”, Companies House, 6 January 2021, https://www.gov.uk/government/publications/companies-house-fees/companies-house-fees.
 “Ease of doing business in United Kingdom”, World Bank, 2020, te.
 For more information, please see: Adriana Edmeades-Jones, Tom Parker, and Tom Walker, “Data protection and privacy in beneficial ownership disclosure”, The B Team, The Engine Room, and Open Ownership, May 2019, https://www.openownership.org/uploads/oo-data-protection-andprivacy-188205.pdf.
 Alan Travis, “ID cards scheme to be scrapped within 100 days”, The Guardian, 27 May 2010, https://www.theguardian.com/politics/2010/may/27/theresa-may-scrapping-id-cards; “Identity cards are to be scrapped”, GOV.UK, 27 May 2010, https://www.gov.uk/government/news/identity-cards-are-to-be-scrapped.
 “Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018”, Official Journal of the European Union, 19 June 2018, 28, https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32018L0843&from=EN.
 “Case C-601/20”, Court of Justice of the European Union, 13 November 2020, https://curia.europa.eu/juris/showPdf.jsf?text=&docid=235961&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=4974448; “Case C-37/20”, Court of Justice of the European Union, 24 January 2020, https://curia.europa.eu/juris/showPdf.jsf;jsessionid=B3B63A86DA4477C1773F9176D8CAD6E3?text=&docid=225905&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=4970639.
 “Dagvaarding in Kort Geding”, Privacy First, 4 January 2021, 6, https://www.privacyfirst.nl/images/stories/UBO/2021-01-05_KG_dagvaarding_UBO_register_PrivacyFirst_def.pdf.
 “Uitspraken: ECLI: NL: RBDHA: 2021: 2457”, de Rechtspraak, 18 March 2021, https://uitspraken.rechtspraak.nl/inziendocument?id=ECLI:NL:RBDHA:2021:2457.
 Deloitte, 366.
 “Overseas Territories: adopting publicly accessible registers of beneficial ownership”, Foreign, Commonwealth and Development Office, 14 December 2020, https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/943307/SAMLA_s51_Draft_Order_in_Council.pdf.
 John McKendrick QC, “Case Study: The Cayman Islands, Privacy rights and Data Protection in the Context of Publication of Beneficial Ownership Information”, February 2021 (Unpublished).
 “Summary of GDPR derogations in the Data Protection Bill”, Department for Digital, Culture, Media and Sport, 7 August 2017, https://iapp.org/media/pdf/resource_center/UK-GDPR-derogations.pdf.
 “Personal information charter”, Companies House, GOV.UK, n.d., https://www.gov.uk/government/organisations/companies-house/about/personal-information-charter.
 “Data Protection Act 2018”, Legislation.gov.uk, Section 8, 2018, https://www.legislation.gov.uk/ukpga/2018/12/section/8/enacted.
 Mora Johnson, “A Public Beneficial Ownership Registry and the Canadian Privacy Regime: A Legal Analysis”, Publish What You Pay Canada, Canadians for Tax Fairness, and Transparency International Canada, October 2019, https://static1.squarespace.com/static/5c8938b492441bf93fdbc536/t/5eac6dd026b8946d37f7dde2/1588358609932/endsnowwashing-public-beneficial-ownershipregistry.pdf.
 Ibid, 16.
 Ibid, 19.
 Ibid, 19.
 See: Thom Townsend, “Effective consultation processes for beneficial ownership transparency reform”, Open Ownership, June 2020, https://www.openownership.org/uploads/open-ownership-effective-consultationprocesses-for-bot.pdf.
 “Privacy or public interest? Making the case for public information on company ownership”, The B Team, The Engine Room, and Open Ownership, March 2019, 4, https://www.openownership.org/uploads/privacyreport-summary.pdf.
 See the OO Principle “Sufficient Detail”: “Sufficient Detail”, Open Ownership, n.d., https://www.openownership.org/principles/sufficient-detail/.
 “Review of the implementation of the PSC Register”, Department for Business, Energy and Industrial Strategy, March 2019, 43, https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/822823/review-implementation-psc-register.pdf.