.svg)
The EU’s data protection supervisor has struck a note of caution on the trading bloc’s newly-proposed anti-money laundering (AML) law.
Wojciech Wiewiórowski, the European Data Protection Supervisor (EDPS), has welcomed the prospect of new EU laws to tackle money laundering and terrorist financing but believes that they should not compromise EU citizens’ privacy.
In July, the European Commission published its long-awaited new AML legislative proposals.
The four proposals aim to centralise the EU's AML efforts. Various Europeans have welcomed the idea of an overarching AML regulator for the whole bloc.
Wiewiórowski welcomed the “harmonisation” of the EU’s AML rules, but called for a clear definition of the jobs of everyone involved in the new supervisory model from the perspective of data protection.
“I recognise the importance of combating money laundering and the financing of terrorism. At the same time, it is also important that the measures envisaged to achieve this goal are fully in line with the EU’s data protection laws and principles.”
In particular, he thought that the processing of individuals’ personal data had to remain limited to what is necessary and proportionate in light of the specific purposes set out in the proposals.
In relation to the EU’s proposal to coordinate financial intelligence units (FIUs), Wiewiórowski, who previously served as data protection supervisor in his native Poland, stated that access to information related to criminal offences, to administrative information and to financial information about individuals should be limited to what is necessary for specific purposes.
He thought that the commission and others involved in the legislative process should “reassess the necessity and proportionality of the proposed access rights”.
In addition, Wiewiórowski said that the EU’s plans should not allow anybody to process personal data relating to individuals’ sexual orientation or ethnic origin. He thought that the proposal ought to set out the specific and strict conditions under which people might process data about individuals’ criminal offences and/or convictions.
The AML package has already prompted concern among the EU’s crypto-community because it includes a clause that deals with the travel rule which the Financial Action Task Force (FATF) recommended some time ago.
Blockchain for Europe, the trade association, wrote to the EU’s national data protection authorities about FATF’s draft guidelines for virtual assets and virtual asset service providers (VASPs) in May this year. It believed that they threatened privacy.
FATF published these proposals in March. It wishes to introduce the travel rule to require VASPs to collect and transmit the personal financial information of customers and counterparties.
