Data privacy and conﬁdentiality
13(4) Beneﬁcial ownership information shall not be made available to the public except for publishing the information relating to entities that have participated in a tendering process undertaken by a procuring entity or contracting authority pursuant to the Public Procurement and Asset Disposal Act, No. 33 of 2015 or the Public Private Partnership Act, No. 15 of 2013, respectively.
Through amendments to regulation 13, sub-regulation 4, an exemption to the bar on publication of BO data is created. This is a signiﬁcant step. Publishing BO data for procurement or otherwise has the wider beneﬁt of driving up the quality of data in addition to furthering the public policy aims.
Going further to create a fully public BO register would have additional indirect beneﬁts for public procurement including allowing companies to use this data to manage and reduce risk in their own due diligence processes. OO’s brieﬁng explores the beneﬁts of making central beneﬁcial ownership registers public as well as issues authorities should consider before taking this step.
To address legitimate concerns the publication of BO data may raise, OO recommends that the BRS considers:
- minimising the data collected and shared with procuring entities and contracting authorities to what is strictly necessary to achieve the policy aims (see OO’s further guidance on data minimisation; Section 4 of the Form BOF1 review below provides further discussion and recommendations).
- allow for narrowly deﬁned exceptions to the publication of BO data. The regulations and amendments do not currently provide for a narrowly deﬁned set of circumstances where a credible threat to an individual may be reasonable grounds for non-publication of one or more ﬁelds. In exceptional circumstances, the regulations may provide for an exemption from publication. This may be addressed through an additional sub-regulation at regulation 13. Where an exemption is permitted, this should be clearly reﬂected in the published contract.
- if data is made public, making a smaller subset available to the public than to competent and procurement authorities, omitting data ﬁelds that are particularly sensitive and unnecessary to public data use and oversight (also known as layered access).