Confidentiality

The confidentiality of personal and business information is an increasingly important issue in international business law. Jurisdictions differ significantly in the scope and depth of protection provided for both personal data (e.g., medical information) and business information (e.g., the details of a person's or company's bank accounts). Failure to comply with a jurisdiction's confidentiality laws can result in criminal penalties in some instances, and businesses operating in multiple jurisdictions must take care to comply with the relevant law in each.

Confidentiality rules have grown increasingly complex since the widespread adoption of generalized confidentiality statutes and regulations in the 1970s. For example, the United Nations Declaration of Human Rights lists privacy as a basic human right, and the European Union (EU) passed a Data Protection Directive in 1995 that requires all data processing to have a “proper legal basis” that incorporates a balance between the vital interests of the data subject, the legitimate interests of those controlling the data, and any contractual obligations. The directive requires that anyone about whom data is collected has a right of access to it, to have inaccurate data corrected, recourse against anyone who unlawfully processes the [Page 364]data, to withhold permission for the use of the data in certain circumstances, and to know the source of the data. Sensitive data concerning ethnicity, religion, political views, sexual history, union membership, or health can only be processed with explicit consent. Further EU rules govern transfer of data from within EU countries to agencies outside the EU. These rules have proven complicated to implement, leading to a lengthy disagreement with the United States over the provision of airline passenger lists in 2005.

One key area of disagreement among jurisdictions is the privacy of financial information. Offshore financial centers like the Channel Islands, the Isle of Man, Switzerland, Luxembourg, Bermuda, the Cayman Islands, the Bahamas, and others tend to have strong confidentiality laws protecting financial information. Governments in larger economies, such as Germany, France, and the United States, tend to view financial confidentiality as a means of tax avoidance and tax evasion and seek to undermine domestic confidentiality rules through international agreements that encourage the sharing of financial information between governments. In 2008 the German government sparked a major international controversy by purchasing stolen confidential financial information from a former employee of a Liechtenstein bank and using the information in tax evasion investigations in Germany.

Confidentiality with respect to financial matters has a long history, with some arguing that it has roots in the Code of Hammurabi in Babylon and biblical texts. More recently, European civil codes incorporated financial privacy provisions and a common law duty in jurisdictions that follow British law from the 1924 case of Tournier v. National Provincial Bank. Tournier concerned a bank official who told an employer that one of his employees had bounced checks and that the bank suspected a gambling problem. As a result, the employee was fired. The English court found for the employee, holding that the bank had a duty to protect the employee's financial privacy. Confidentiality should be distinguished from secrecy, associated with anonymous bank accounts, bearer bonds, and the like. Most jurisdictions no longer permit secrecy with respect to financial matters, but confidentiality remains an important legal concept.

...