The Article 29 Data Protection Working Party (Data Protection WP) has published a letter it wrote in April to the European Parliament expressing its concerns over the impact on privacy and data protection of certain aspects of the fourth Money Laundering Directive (MLD4). The Data Protection WP recommends that the EU should specify more clearly:
- that the ban on tipping off extends only to suspicious transaction reports or investigations being carried out, and that Member States cannot gold-plate this provision to include information gathered in Know Your Customer or Customer Due Diligence (CDD) profiling operations;
- the conditions that would legitimise the transfer of personal data to a third country for anti-money laundering and counter-terrorist financing purposes where the third country does not have adequate data protection regulation;
- the type of data that can be processed in simplified CDD, as it is concerned that a blanket requirement to collect information is contrary to the risk-based approach in MLD4. It says CDD data should be processed only where necessary to comply with the law.