Mass disclosure of personal data and privacy: Lessons from Slovakia and the EU

The right to privacy and the protection of personal data is a core human right in the European Union. It is often challenged when states or public authorities require broad or indiscriminate processing of personal information from different types of organizations. This may involve collecting or publishing data on large groups of people, such as all telecom service users or donors to nongovernmental organizations. These measures can seriously infringe privacy and personal data protection, and courts rarely uphold them if they are not carefully justified and proportionate.

Slovakia NGO law cancelled by the Constitutional Court

A recent example comes from Slovakia. The government amended the law on NGOs. The amendment required NGOs to publish identification data of all individual donors whose contributions exceeded 5,000 euros per year, including natural persons. The government argued that the law would increase transparency, reduce undue influence, fight the shadow economy and prevent illegal funding.

However, the Constitutional Court of the Slovak Republic disagreed. It struck down the amendment, ruling that the blanket and broad obligation to disclose all donor data was disproportionate and unbalanced. The court emphasized that even a strong public interest in transparency cannot automatically outweigh the right to privacy and personal data protection.

Ultimate Beneficial Owner legislation

Similar issues have arisen at the European level. One notable example involves Ultimate Beneficial Owner registries. The Fifth Anti-Money Laundering Directive (Directive 2018/843) required EU member states to allow public access to company ownership registries. These registries contained personal data such as names, dates of birth, nationalities and ownership shares. The goal of the legislation was to fight money laundering and illicit financial activity.