Commercial Register: BGH strengthens 'right to be forgotten' for private data

Contents

The Commercial Register is a transparent archive for legal transactions, but transparency has its limits in data protection. In a landmark decision, the Federal Court of Justice (BGH) has clarified that managing directors and partners have a right to have data deleted that was not legally required to be disclosed in the first place. The II. Civil Senate is thus correcting the previously restrictive practice of many registration courts and strengthening the right to erasure and the right to be forgotten under Article 17 of the General Data Protection Regulation (GDPR).

The background to the proceedings was the application by two managing directors who disclosed far more when registering with the Commercial Register than was legally required. The submitted documents contained not only the usual business information but also their private residential addresses and their handwritten signatures. Since the Commercial Register has been freely accessible online via a portal that has been controversial for years following the implementation of the Digitalisation Directive, this sensitive information was accessible worldwide.

The individuals concerned feared becoming targets for criminals through mass automated retrieval of their data. They therefore demanded that the Hamburg Register Court replace the documents with revised versions. Both the Local Court and the Higher Regional Court of Hamburg initially rejected this. The reasoning of the lower courts: replacement was pointless. Furthermore, there was no legal interest in the request, as the data was already available elsewhere in other register files for the same individuals.

BGH: Deletion also for “supererogatory data”

The BGH rejected this argument with its decision of February 18, now published (File no.: I ZB 2/25). The court sees no general legal basis in the register law to permanently store information that goes beyond the legal minimum, despite the withdrawal of consent. The claims under Article 17 GDPR therefore also apply to documents in the register file.

The Senate's reasoning on "legal interest" is noteworthy. Just because data is already public in one place on the internet does not mean that the individual loses the right to stop its dissemination elsewhere. According to the Karlsruhe judges, each removed source reduces the risk of multiple data misuse and the creation of criminal profiles. Informational self-determination allows individuals to decide for themselves when and to what extent they disclose personal circumstances. A request for deletion can therefore also be made selectively for only one specific storage location.

Implementation: Replacement instead of redaction

In practice, this means that registration courts must not simply delete documents but must replace them with revised versions. The original document is then moved to the register file, which cannot be publicly accessed, while the version without the private address and with a typed name instead of a signature appears in the public file. This is legally covered by the Commercial Register Ordinance (HRV) and ensures the documentation of the process without unnecessarily violating privacy.

The BGH further emphasizes that neither the signature nor the private address of a managing director of the general partner of a GmbH & Co. KG are mandatory components of the registration. Notaries already have the option to create electronic copies for submission to the register that only reproduce parts of the original and omit sensitive data. If this is not done during registration, affected individuals can now retroactively enforce correction, provided no other legal basis justifies the storage.

Long debate about handelsregister.de

The Federal Ministry of Justice decided at the end of 2022: Despite justified concerns about misuse, the portal handelsregister.de will remain online. Free access complies with European legal requirements. Furthermore, a shutdown would impair commercial transactions, as the "public faith" of the register is linked to its availability on the portal, it was stated. Data protection officers also saw no grounds for an "offline mode". The Ministry of Justice assured at the time that it intended to change the service regulations for notaries to systematically exclude private addresses and signatures from submissions.

(wpl)