AMLD4: European Data Protection Supervisor criticizes proposals to amend AMLD4 | access to beneficial ownership information only to authorities

On 2 February 2017 the European Data Protection Supervisor (EDPS)  adopted its opinion on the proposal of the European Commission to amend the Fourth Anti-Moneylaundering Directive (AMLD4).

EDPS criticizes the unfounded plan to process personal data collected for one purpose (AML)  for another, completely unrelated purpose (tax). Further EPDS is of the opinion that forms of invasive personal data processing are introduced, that may be acceptable in relation to anti-money laundering and fight against terrorism, but are not proportionate in other contexts.

Regarding the access to personal data EDPS writes:

Last, and most importantly, the amendments significantly broaden access to beneficial ownership information by both competent authorities and the public, as a policy tool to facilitate and optimise enforcement of tax obligations. We see, in the way such solution is implemented, a lack of proportionality, with significant and unnecessary risks for the individual rights to privacy and data protection.

EDPS recommends to design access to beneficial ownership information in compliance with the principle of proportionality, inter alia, ensuring access only to entities who are in charge of enforcing the law.

Executive summary

The executive summary of the EDPS opinion runs as follows:

On 5 July 2016, the Commission published a set of proposed amendments to the AML Directive and to Directive 2009/101/EC that aim at tackling directly and incisively tax evasion, in addition to anti-money laundering practices, in order to establish a fairer and more effective tax system. This Opinion assesses the data protection implications of such amendments.
In general, they seem to take a stricter approach than before to the problem of effectively countering anti-money laundering and terrorism financing. In this respect, among other measures proposed, they focus on new channels and modalities used to transfer illegal funds to the legal economy (e.g. virtual currencies, money exchange platforms, etc.). While we do not express any merit judgment on the policy purposes pursued by the law, in this specific case, we are concerned with the fact that the amendments also introduce other policy purposes -other than countering anti-money laundering and terrorism financing- that do not seem clearly identified.
Processing personal data collected for one purpose for another, completely unrelated purpose infringes the data protection principle of purpose limitation and threatens the implementation of the principle of proportionality. The amendments, in particular, raise questions as to why certain forms of invasive personal data processing, acceptable in relation to anti-money laundering and fight against terrorism, are necessary out of those contexts and on whether they are proportionate.
As far as proportionality is concerned, in fact, the amendments depart from the risk-based approach adopted by the current version of the AML Directive, on the basis that the higher risk for anti-money laundering, terrorism financing and associated predicate offences would not allow its timely detection and assessment.
They also remove existing safeguards that would have granted a certain degree of proportionality, for example, in setting the conditions for access to information on financial transactions by Financial Intelligence Units.
Last, and most importantly, the amendments significantly broaden access to beneficial ownership information by both competent authorities and the public, as a policy tool to facilitate and optimise enforcement of tax obligations. We see, in the way such solution is implemented, a lack of proportionality, with significant and unnecessary risks for the individual rights to privacy and data protection.

In the conclusion EDPR recommends the following:

66. We have reviewed the Proposal and we consider that it should have:
• Ensured that any processing of personal data serve a legitimate, specific and well identified purpose and be linked to it by necessity and proportionality. The data controller performing personal data processing shall be identified and accountable for the compliance with data protection rules.
• Ensured that any limitation on the exercise of the fundamental rights to privacy and data protection be provided for by law, respect their essence and, subject to the principle of proportionality, enacted only if necessary to achieve objectives of general interest recognised by the Union or the need to protect the rights and freedoms of others.
• Ensured a proper assessment of the proportionality of the policy measures proposed in relation to the purposes sought, as emergency-based measures that are acceptable to tackle the risk of terrorist attacks might result excessive when applied to prevent the risk of tax evasion.
• Maintained into place safeguards that would have granted a certain degree of proportionality (for example, in setting the conditions for access to information on financial transactions by FIUs).
• Designed access to beneficial ownership information in compliance with the principle of proportionality, inter alia, ensuring access only to entities who are in charge of enforcing the law.

More information:

  • EDPS Opinion on a Commission Proposal amending Directive (EU) 2015/849 and Directive 2009/101/EC Access to beneficial ownership information and data protection implications

Over Ellen Timmer, advocaat ondernemingsrecht @Pellicaan

Verbonden aan Pellicaan Advocaten, http://www.pellicaan.nl/, kantoor Rotterdam, telefoon 088-6272287, fax 088-6272280, e-mail ellen.timmer@pellicaan.nl ||| Weblogs: algemeen: https://ellentimmer.com/ || modernisering ondernemingsrecht: http://flexbv.wordpress.com/
Dit bericht werd geplaatst in English - posts in English on this blog, Europa, Financieel recht, onder meer Wft, Wtt, Fraude, witwasbestrijding, Wwft, ICT, privacy, e-commerce, Ubo-register en getagged met , , , . Maak dit favoriet permalink.

Geef een reactie

Vul je gegevens in of klik op een icoon om in te loggen.

WordPress.com logo

Je reageert onder je WordPress.com account. Log uit /  Bijwerken )

Google photo

Je reageert onder je Google account. Log uit /  Bijwerken )

Twitter-afbeelding

Je reageert onder je Twitter account. Log uit /  Bijwerken )

Facebook foto

Je reageert onder je Facebook account. Log uit /  Bijwerken )

Verbinden met %s