Mishcon de Reya, the City law firm, has taken legal steps against the Organisation for Economic Co-operation and Development's Common Reporting Standard and the UK's beneficial ownership registers.

The firm is concentrating its court action on "fundamental rights" and the relationship between individuals and the State. Most British bank account holders living in one of the 100+ countries that have joined the CRS will be affected by the outcome, even though many of them have weaker data protection laws than the UK.

In the UK, ultimate beneficial ownership information has been available online since 2016 and other countries in the European Union will have to remove the need for observers to show their Governments that they have a "legitiamate interest" to view the results by 2020.  Practically anyone who owns a substantial interest in a private company based in Europe (or with a European subsidiary) will see his details published, regardless of where he is resident, the nature of his business or the nature of his involvement in that business.

However, the rights to privacy and data protection (as seen in the EU's onerous General Data Protection Regulation) are fundamental rights. Mishcon is arguing that any interference with these rights ought to be lawful, pursue a legitimate public interest (such as the fight against crime); and be limited to what is strictly necessary to achieve the objective being pursued. It contends that the publication of sensitive data about the ownership companies "is not necessary to achieve the stated objectives."

It also believes that the exchange of information in accordance with the CRS is excessive because it is indiscriminate and affects all account holders regardless of the sizes of their accounts. It includes sensitive personal data (such as the name, date/place of birth and tax identification number of the account holder) and data about the financial account itself such as the account number and balance.  This exposes compliant account holders to risk of hacking and data loss and Mishcon argues that it could lead to identity theft on a grand scale.

Mischon has written to the OECD and HM Revenue & Customs for help without receiving replies. It has now lodged a complaint with the Information Commissioner's Office. It is not known whether this is merely a publicity stunt to attract business from HNW clients with offshore bank accounts who are in need of data protection.