In the modern world we are, in a very real sense, our data, and our data is us. It impinges on all aspects of modern lives, and the data environment in which we live can have a profound effect upon the type of society that we create.
Privacy versus public interest issues are not straightforward and lend themselves to much subjective thinking.
And as with all subjective matters, there is a continuum between data that all agree should be private (such as personal medical records) and where all agree it should be public (such as the personal commercial interests of politicians).
In between, lies a large grey area where opinions will vary widely and matters will often be viewed on the basis of specific circumstances rather than judged against defining principles.
This raises the very substantial issue of who decides what may and may not be kept confidential.
Regulation and law
Into this morass the EU has stepped with their heavy boots and the general data protection regulations (GDPR).
To be fair, they have done their best to deal with the extreme complexity of the issues but in the process have produced regulations that are themselves dazzlingly complex to normal people.
To date, the main outcome has seen ordinary companies frightened by threats of extreme sanctions in the event of a breach.
The reality is that proscriptive regulations to deal with all facets of data protection were always going to be very complex, suffer from the usual law of unintended consequences, and only partially address the concerns that exist.
Nor do they provide any real clarity on the core issue of what is and what is not legitimate privacy.
Most law has sought to limit the rights of the individual and corporations to privacy where governments have legitimate interests in the information involved. This has led to FATCA, CRS, Registers of Beneficial Ownership and so on.
No doubt there is more of the same to come.
This is to be cautiously welcomed.
There is more than a marginal difference between legitimate and reasonable privacy from the prying eyes of the merely curious and the rights of legitimate public authorities charged with the collection of taxes, the protection of citizens from crime and terrorism, and the general management of the property within their governance.
It is entirely appropriate, for instance, for a leading film actress plagued by paparazzi to use an offshore ownership structure to conceal her normal residential address, provided that she does not seek to keep her ownership of the property secret from the appropriate public authorities.
The right to legitimate privacy from public gaze cannot and should not be conflated with secrecy of income and assets from legitimate authorities.
Where are we today?
Demands for public access to personal data, however, are a very different matter.
Even where public access to personal data exists, there has been disquiet at the idea that individuals’ personal financial data can be secretly accessed without their knowledge.
The tax authorities in Norway, where tax returns can be viewed online, have addressed these concerns by emailing every individual whose return is viewed to tell them who has viewed it.
Clearly transparency needs to apply as much to the snooper as to the “snoopee”.
Interestingly, the number of accesses has dropped substantially after the snoopers were outed.
It is worth noting that there is little global convergence in this area.
Throughout much of the world there is little effective limit to the access of governments to data, personal or otherwise. In the USA, secrecy is actively enabled and encouraged in many circumstances at levels that are not legally possible in western Europe.
In many states, there are even options within “quiet” or “silent” trusts under which settlors can prevent trustees from disclosure to beneficiaries themselves.
What advice can be offered in a private wealth context?
The reasons for wanting privacy are important in defining the best strategy to deliver it.
Guernsey’s Register of Beneficial Ownership, launched last year, goes to great lengths to limit access. It is held in an electronic format but on a closed system, so access to the information would require access to the physical building where the server is held.
It is seen as a statement for Guernsey clients worldwide that the island will not compromise on data protection and privacy.
So, I offer three pieces of generic advice.
Firstly, be clear about what information needs to be kept private and why. Ensure that all legitimate official interests are met and that arrangements themselves are not secretive.
Secondly, recognise the risk of private information getting into the public domain and have contingency plans in place to manage any reputational impact it may have. Be ready to explain why information is being kept private, and that these reasons are not contrary to the public interest.
Thirdly, as well as looking at the legal privacy environment, give consideration to the data protection environment and the technical environment in which data will be held. All the legal protection in the world cannot put the genie back in the bottle once it gets out.
Where are we headed?
What is needed is far better legal clarity concerning how various existing legal rights and privileges will apply in practice, and how the parameters of our data lives will be decided.
The pending UK case regarding the so-called Paradise Papers is an opportunity for the courts to define clearly the obligations of the media regarding respect for confidential information. It may also be an opportunity for them to articulate clearly the difference between the public interest and the curiosity of the public.
Clarity on both issues would be a welcome start.
Wheatley’s comments follow his appearance as a panellist at the Mourant Ozannes Guernsey Trusts Forum.