Data Protection requirements must go hand in hand with the prevention of money laundering and terrorism financing. In its Opinion published today, the EDPS reacted to the European Commission’s action plan for a comprehensive Union policy on preventing money laundering and terrorism financing, published on 7 May 2020. The EDPS believes that the Commission should make data protection a golden standard in the context of AML/CFT compliance processes.

Wojciech Wiewiórowski, EDPS, said: “We welcome the Commission’s commitment to rely on the risk-based approach to streamline the legislative framework for the prevention of money laundering and terrorism financing, in line with the principle of proportionality. The Commission should strike a balance between the necessary measures to take for the general interest and the goals of the AML/CFT and the respect of the fundamental rights of privacy and personal data protection. General compliance with the EU AML/CFT rules by Member States must go hand in hand with the GDPR and the data protection framework”.

The EDPS highlights the importance that the new governance mechanisms establish a clear legal basis for the processing of personal data, as well as specific rules for the access to and sharing of information, particularly when personal data being processed is particularly sensitive.

Concerning future legislation on AML/CFT measures, the EDPS recommends that appropriate safeguards are in place to guarantee compliance with the principles of data minimisation, purpose limitation and data protection-by-design, as well as the right of individuals to be informed when their data is collected and the purpose(s) for which the data will be processed.

The EDPS supports the idea of structuring, through Public-Private Partnerships (PPPs), the joint efforts between law enforcement authorities, FIUs and the private sector, in relation to policy debates, discussion forums, the research and analysis of typologies and trends in AML/CFT, as long as these exchanges have a sound legal basis and comply with data protection requirements. At the same time, the EDPS is concerned that PPPs for the sharing of operational information on intelligence suspects by law enforcement authorities to obliged entities, may result in an unacceptable high risk for the individuals’ rights to privacy and data protection.

Finally, the EDPS encourages the Commission to promote data protection principles when agreeing on international standards at the Financial Action Task Force.

Bron: EDPS