In its Opinion, the EDPS reacted to the European Commission’s action plan for a comprehensive Union policy on preventing money laundering and terrorism financing (C(2020)2800 final), published on 7 May 2020. The EDPS believes that the Commission should make data protection a golden standard in the context of AML/CFT compliance processes.
The EDPS highlights the importance that the new governance mechanisms establish a clear legal basis for the processing of personal data, as well as specific rules for the access to and sharing of information, particularly when personal data being processed is particularly sensitive.
Concerning future legislation on AML/CFT measures, the EDPS recommends that appropriate safeguards are in place to guarantee compliance with the principles of data minimisation, purpose limitation and data protection-by-design, as well as the right of individuals to be informed when their data is collected and the purpose(s) for which the data will be processed.
The EDPS supports the idea of structuring, through Public-Private Partnerships (PPPs), the joint efforts between law enforcement authorities, FIUs and the private sector, in relation to policy debates, discussion forums, the research and analysis of typologies and trends in AML/CFT, as long as these exchanges have a sound legal basis and comply with data protection requirements. At the same time, the EDPS is concerned that PPPs for the sharing of operational information on intelligence suspects by law enforcement authorities to obliged entities, may result in an unacceptable high risk for the individuals’ rights to privacy and data protection.
Finally, the EDPS encourages the Commission to promote data protection principles when agreeing on international standards at the Financial Action Task Force.