The European Data Protection Supervisor (EDPS) has published an opinion (dated 2 February 2017) on the proposed Fifth Money Laundering Directive (MLD5), which amends the Fourth Money Laundering Directive ((EU) 2015/849).
In the opinion, the EDPS considers the European Commission’s original July 2016 MLD5 proposal, as well as the MLD5 text adopted by the Council of the EU in December 2016.
THE IMPACT OF MLD5 ON THE FUNDAMENTAL RIGHTS TO PRIVACY AND DATA PROTECTION
The EDPS analyses the impact of MLD5 on the fundamental rights to privacy and data protection. It also assesses the necessity and proportionality of personal data processing that would take place under MLD5 in the light of the policy purposes identified in the Directive.
The EDPS explains that the purpose of the opinion is not to express any merit judgment on the choice of the policy objectives the legislators decide to pursue. Instead, its attention is focused on the tools and modes of action that MLD5 adopts.
The EDPS considers that MLD5 takes a stricter approach to effectively countering money laundering and terrorist financing than that set out in MLD4.
It is concerned that the proposed amendments introduce policy purposes other than countering money laundering and terrorist financing, which do not seem clearly identified. The EDPS refers, in particular, to the fight against tax evasion as a specific goal of MLD5, commenting that in MLD4 tax crimes are relevant merely as a source of illicit funds, but not directly targeted and enforced. It also notes, among other things, that MLD5 generically mentions the fight against financial crime and enhanced corporate transparency as policy goals.
MLD5 INTRODUCES A SIGNIFICANT DEGREE OF UNCERTAINTY
In expanding the purposes of data processing beyond the initial anti-money laundering (AML) and counter-terrorist financing (CTF) purpose, the EDPS considers that MLD5 introduces a significant degree of uncertainty as to the purposes pursued, and on the controllers entrusted with these purposes. This uncertainty reduces data protection safeguards.
Processing personal data collected for one purpose for another completely unrelated purpose infringes the data protection principle of purpose limitation and threatens the implementation of the principle of proportionality.
In particular, the EDPS explains that the proposed amendments raise questions as to why certain forms of invasive personal data processing, acceptable about AML and CTF, are necessary out of those contexts, and whether they are proportionate.
As far as proportionality is concerned, the proposed amendments depart from the risk-based approach (RBA) adopted by MLD4, on the basis that the higher risk for AML, CTF and associated predicate offences would not allow its timely detection and assessment.
The proposed amendments also remove existing safeguards that would have granted a certain degree of proportionality, for example, in setting the conditions for access to information on financial transactions of financial intelligence units (FIUs).
The EDPS is also concerned that the proposed amendments significantly broaden access to beneficial ownership information by both competent national authorities (NCAs) and the public, as a policy tool to facilitate and optimise the enforcement of tax obligations.
Depending on how these provisions are implemented, there could be a lack of proportionality, with significant and unnecessary risks for the individual rights to privacy and data protection.
The EDPS advises that it was not consulted by the Commission before it published its MLD5 proposal in July 2016. However, its opinion was solicited by the Council.
Loading...