Request A Demo Login Now Sign up to DataGuidance Alerts DataGuidance DataPrivacy Index Cookie Consent Guide Data Protection Law & Policy Download a DataGuidance Brochure DataGuidance Videos


The transverse study performed by DataGuidance is particularly interesting and innovative as it enables one, at a glance, to obtain information on the obligations that lie with companies in terms of data breach in a large number of countries. Yet, very often, companies which are victims of a data breach are not subject to the breach in only one of the countries where they are set up, but in several countries. In such case, they must react extremely quickly notably in terms of informing control authorities if applicable. Having this transverse study, they will necessarily save precious time.
Florence Chafiol-Chaumont, Partner at August & Debouzy
RSS feed of this page Updated: 11/07/2013 
Sharing disabled by cookie consent preference.
Privacy This Week powered by DataGuidance

back to Privacy This Week

EU: EDPS: Data protection a 'basic' AML requirement

The European Data Protection Supervisor (EDPS) published - on 4 July 2013 - his Opinion on the European Commission's (EC) proposals on money transfers, anti-money laundering (AML) and terrorist financing (the Opinion), requesting explicit reference to applicable EU data protection law (DP Law) in both proposals.

"Data protection [should be perceived] as a basic requirement necessary [of AML]", said Giovanni Buttarelli, Assistant EDPS. "The growing trend to acknowledge the importance of data protection in proposals for legislation is a welcome one. But […] the claims are often not supported with concrete measures and safeguards. A lack of further details will also result in undue discrepancies among Member States."

The EC adopted a Directive extending the scope and strengthening the obligations of the Third AML Directive (2005/60/EC), and a Regulation replacing the current Funds Transfers Regulation (Regulation (EC) No 1781/2006), on 5 February 2013. The proposals would implement the revised Financial Action Task Force (FATF) AML standards introduced in February 2012. FATF is an intergovernmental body with 36 members to which the EU is one of its founding members.

The EDPS recommends references to the applicable national laws implementing Directive 95/46/EC to be explicitly inserted in a 'substantive' provision in both proposals. Mere reference to general principles in recitals is insufficient.

The EDPS recommends that the applicable DP Law be explicitly mentioned in a 'substantive' provision and that the principles of purpose limitation and proportionality be included. Specific provisions should be added to provide safeguards on international transfers and avoid mass transfers of personal and sensitive information. Data subjects' right to be informed should also be clearly outlined in the proposed Directive.

The legitimate aim of […] countering terrorism and money laundering has to be pursued while ensuring compliance with data protection requirements.

The Opinion states: '[T]he legitimate aim of achieving transparency of payments sources, funds deposits and transfers for purpose of countering terrorism and money laundering has to be pursued while ensuring compliance with data protection requirements.'

Under the Third AML Directive, 'obliged entities' must identify and verify the identity of customers (customer due diligence) and beneficial owners, monitor customers' financial transactions, and report any suspicion of money laundering or terrorist financing to relevant Financial Intelligence Units (FIUs). Currently, obliged entities include: financial and credit institutions, lawyers, notaries, accountants, real estate agents, casinos, company service providers, and all goods providers when payments are made in cash in excess of €15,000. The proposed Directive would extend covered entities to include gambling service providers and dealers in goods with a threshold of €7,500. Beneficial ownership information must be disclosed to obliged entities and competent authorities.

Additionally, the proposed Directive contains administrative sanctions which Member States would impose for systematic breaches of key provisions in the Directive including customer due diligence, record keeping, suspicious transaction reporting and internal controls.

The current Funds Transfers Regulation ensures the payer's basic information is immediately available to law enforcement and/or prosecutorial authorities.

© 2015 Cecile Park Publishing Ltd. All rights reserved

Sharing disabled by cookie consent preference.

Other News

© 2016 Cecile Park Publishing Ltd. Privacy Policy | Terms and Conditions | Sitemap
Address: 17 The Timber Yard, Drysdale Street, London, N1 6ND, UK | Phone: +44 (0)20 7012 1380 | Email: