During its latest plenary, the EDPB adopted a letter to the European Parliament, the Council and the European Commission on data sharing for anti-money laundering and countering the financing of terrorism (AML/CFT) purposes. This letter highlights the significant risks to privacy and data protection posed by some amendments introduced by the Council, which would allow private entities, under certain conditions, to share personal data between each other for AML/CFT purposes concerning “suspicious transactions” and data collected in the course of performing customer due diligence obligations.
The EDPB expresses serious concerns about the lawfulness, necessity and proportionality of these provisions, which could result in very large-scale processing by private entities. The EDPB considers that the amendments do not adequately specify the conditions under which such processing is justified, and that they do not provide sufficient safeguards, given that such processing could have a significant impact on individuals, such as blacklisting and exclusion from financial services. The EDPB therefore recommends the co-legislators not to include these provisions in the final text of the Proposal.