The European Data Protection Board sent a letter to the Commissioner for Justice and the Commissioner for Financial services, financial stability, and Capital Markets Union in order to advise the EU Commission on privacy challenges related to the AML-CFT framework in relation to the legislative package on AML the Commission was about to issue. The recommendations made by the European Data Protection Board to the EU Commission can be summarised as follows:
– Specifying the application of the GDPR in the context of the new AML-CFT legal framework;
– Taking the ‘privacy by design’ concept into consideration;
– Adopting a more tailored risk-based approach;
– Adopting appropriate safeguards regarding personal data relating to criminal convictions and offences;
– Specifying that supervisory authorities should consult the EDPB before issuing acts that may affect the right to data protection;
– Avoiding excessive data processing.