Earlier this week the European group of national data protection authorities, collectively the Working Party 29 (“WP 29”), released a new opinion on data protection issues relating to the prevention of money laundering and terrorist financing. The new paper features a slew of new recommendations from the WP 29 that are designed to enhance privacy and data protection in this area. Among the most prominent of the recommendations are proposals to:
- review the overarching framework of anti-money laundering and anti-terrorist financing laws at the EU and national levels to ensure compatibility with privacy rights and data protection;
- increase EU harmonisation of anti-money laundering and anti-terrorist financing laws, in part to enshrine the “purpose limitation principle” that stands behind data retention, protection and privacy laws;
- provide clearer and enhanced guidance for bodies involved in the collection and processing of personal data where terrorist financing or money-laundering issues are prominent;
- better balance “tipping off” rules to enhance compatibility with data protection;
- introduce “stress tests” for organisations that use BCRs;
- introduce “required benchmark” tests for adequacy findings for international transfers; and
- improve coordination between financial authority regulators, data protection authorities and financial intelligence units.
Although scant detail is given, the paper ends with a promise by WP 29 to “follow up” on the proposals.