Last month, the European Commission published a letter from the Article 29 Working Party (Art. 29 Working Party) to Juan Fernando López Aguilar, chair of the European Parliament's Committee on Civil Liberties, Justice and Home Affairs (LIBE). The letter addressed the proposed new directive on the prevention of money laundering and terrorist financing through financial systems, and a new regulation on information accompanying transfers of funds. After scrutinising the proposed directive, the European data protection watchdog suggested a number of changes.
In early February of this year, the European Commission published its proposal for the Anti-Money Laundering/Counter Terrorist Financing (AML/CFT) Directive (also known as MLD4) and a Regulation on information accompanying transfers of funds, COM (2013) 44/2 (Wire Transfer Regulation). The proposal aims to update and extend the scope of control over money transfers.
The Art. 29 Working Party has commended the proposal for giving greater consideration to data protection, including by preventing indefinite retention of personal data for AML/CFT purposes. It has also welcomed the recognition of the right of access under recital 34 of the MLD4.
The Art. 29 Working Party also, however, questioned a number of issues. First, it criticised the extension of MLD4’s scope to allow Suspicious Transaction Reports (STRs) to be used in tackling tax fraud and evasion on the basis that it contradicts the data protection principles relating to purpose limitation and proportionality.
Second, the Art. 29 Working Party suggested further efforts to be made to stop disproportionate application, or “goldplating,” of some AML/CFT provisions, noting that further efforts should be made to clarify the "tipping off" provision. Under that provision, companies would be exempt from complying with a data subject access request where access related to personal data collected was part of STRs. The Art. 29 Working Party was concerned that the exemptions would be used to withhold any data collected for AML/CFT purposes.
Last, the Art. 29 Working Party suggested that MLD4 should require member states to adopt national laws addressing the international transfer of personal data for AML/CFT purposes, especially in relation to transfers of personal data to third countries that do not offer an adequate level of data protection. The Art. 29 Working Party would like to see such laws specify the types of data, and countries, for which there are important public interests behind the transfers, as well as the guarantees available to ensure data protection.
The Art. 29 Working Party concluded that, while the proposals take into account the interaction between anti-money laundering provisions and the European data protection law, MLD4 as proposed fails to reconcile them.