Skip to content
Guidance · EDPB ·on-the-protection-of-personal-data-processed-in-relation-with-the EN LLM context A cited markdown file you can paste into your AI assistant (ChatGPT, Claude, a RAG or project knowledge base) to ground it in this document. Contains: this document’s text, its sections with their topics, and the full text of every law provision it applies. Everything links back to its source on overview.legal — legal information, not advice.

Statement on the protection of personal data processed in relation with the prevention of money laundering and terrorist financing

Summary

adopted 1 Statement on the protection of personal data processed in relation with the prevention of money laundering and terrorist financing Adopted on 15 December 2020 The European Data Protection Board has adopted the following statement: This statement follows the adoption by the European Commission of an Action Plan 1 for a comprehensive Union policy on preventing money laundering and terrorist financing and the launch of a public cons ultation 2 in May 2020. According to the A ction P lan,…

How it connects

Full text 6 sections

Paragraphs carrying a topic or an applied provision show those connections inline Original at the source →
¶1

Statement on the protection of personal data processed in relation with the prevention of money laundering and terrorist financing Adopted on 15 December 2020 The European Data Protection Board has adopted the following statement: This statement follows the adoption by the European Commission of an Action Plan 1 for a comprehensive Union policy on preventing money laundering and terrorist financing and the launch of a public cons ultation 2 in May 2020. According to the A ction P lan, t he Commission aims to present new legislative proposals in the first quarter of 2021, inter alia, establishing a single rulebo ok on these topics (i.e. a Regulation or a more detailed revised Directive ), ensuring EU level supervision (either by granting new powers to an existing EU Agency or by establishing a new dedicated body), and creating a support and coordination mechanism for F inancial Intelligence Unit s. The applicable anti - money la undering meas ures 3 include very broad and far - reaching obligations on financial services providers and other obliged entities to identify and know their customers, to monitor transactions undertaken using their services, and to report any suspicious transactions. Furth ermore, the legislation stipulates long retention periods 4 . These measures cover the entire European financial services industry, and therefore affect, in a comprehensive manner, all persons using financial services, each time that they use these services. 1 Action plan for a comprehensive Union policy on preventing money laundering and terrorism financing , 7 May 2020, available at https://ec.europa.eu/info/publications/200507 - anti - money - laundering - terrorism - financing - action - plan_en .

¶2

The consultation can be accessed at https://ec.europa.eu/info/law/better - regulation/have - your - say/initiatives/12176 - Action - Plan - on - anti - money - laundering/public - consultation .

¶3

Directive (EU) 2015/849 of the European Parliament and of the Council of 20 May 2015 on the prevention of the use of the financial system for the purposes of money laund ering or terrorist financing , as amended by Directive (EU) 2018/843 of the European Parliament and of the Council of 30 May 2018 .

¶4

The retention period is the business relationship plus five years (article 40 of Directive (EU) 2015/849). Where the busines s relationship only covers a single transaction, the retention period is five years. Where there is a long - term business relationship, such as a bank has with its customers, the retention period will often extend over several decennia. Retention periods ca n be extended by Member States with an additional five years. adopted 2 The EDPB, and before it the Article 29 Working Party, has repeatedly noted the privacy and data protection challenges relate d to these measures in the past 5 . The upcoming update to the legislation is an opportunity to address the interplay between the pr otection of privacy and personal data and the anti - money laundering measures , as well as their concrete application on the ground . In this context, the EDPB stresses that the intended update to the anti - money laundering framework sh all not be undertaken w ithout a review of the relationship between the anti - money laundering measures and the rights to privacy and data protection. In this discussion, relevance and accuracy of the data collected plays a paramount role. The EDPB is indeed convinced that a close r articulation between the two sets of rules would benefit both the protection of personal data and the efficiency of the AML framework. In this respect , the EDPB would like to reiterate the need for a clear legal basis for the processing of personal data and stating the purposes and the limits of such processin g, in line with Article 5(1) GDPR, in particular regarding information sharing and international transfers of data , as noted by the EDPS in its opinion on the European Commission’s action plan for a comprehensive Union policy on preventing money laundering and terrorism financing 6 . The EDPB considers it as a matter of the utmost importance that the anti - money laundering measures are compatible with the rights to privacy and data protection enshrined i n Articles 7 and 8 of the Charter of Fundamental Rights of the European Union , the principle s of necessity of such measures in a democratic society and their proportionality , and the case law of the Court of Justice of the European Union . The EDPB therefo re calls on the European Commission to be associated to the drafting process of any new anti - money laundering legislation in its early stages , with a view to provide legal advice on some key points from a data protection perspective , without prejudice to t he consultation by the European Commission in line with Article 42 of Regulation 2018/1725 at a later stage. T he EDPB is also ready to contribute to discussions with in the Council of the EU and the European Parliament during the legislative p rocess . Going forward , the EDPB stand s ready to be involved and consulted in a timely manner by any European or international regulatory bodies or standard - setters, such as the Financial Action Task Force , currently chaired by an EU Member state, before issuance of the revision of their recommendations . For the European Data Protection Board The Chair (Andrea Jelinek)

¶5

See for instance Article 29 WP Opinion 14/2011 on data protection issues related to the prevention of money lau ndering and terrorist financing, available at https://ec.europa.eu/justice/article - 29/documentation/opinion - recommendation/files/2011/wp186_en.pdf .

¶6

EDPS Opinion 5/2020 on the European Commission’s action plan for a comprehensive Union policy on preventing money laundering and terrorism financing, point 26, 23 July 2020.

Similar Content