EU: EDPB publishes letter on EU-US terrorist finance tracking program
The European Data Protection Board ('EDPB') announced on Twitter, on 4 December 2020, that it had published a letter in response to Member of Parliament Moritz Körner's letter in relation to the processing and transfer of financial messaging data for the implementation of the EU-US Terrorist Finance Tracking Program ('TFTP'). In particular, the letter outlines that Körner's letter raises questions as to whether, within the context of the TFTP, individuals can have their personal data corrected or deleted, as well as to the amount of personal data collected and retained by U.S. authorities. Specifically, the letter notes that, although the TFTP provides for a mechanism according to which any person has the right (as a minimum) to receive confirmation as to whether his/her data protection rights have been upheld, such a procedure might, however, result in a situation where the data subject is not informed of whether his/her data is stored in the TFTP database or whether any breaches to the TFTP had to be remedied in response to his/her request.
Furthermore, the letter highlights that the above broad and unverified restriction to the exercise of the right of access prejudices the exercise of the other data subject's rights. In addition, the letter states that the Court Justice of the European Union's ('CJEU') judgment in Data Protection Commissioner v. Facebook Ireland Limited, Maximillian Schrems (C-311/18) ('the Schrems II Case') stressed the importance and necessity of ensuring data subjects' rights' enforceability against authorities in the courts, in order to provide for an effective judicial remedy.