European Union: Issued letter on data sharing for AML-CFT purposes

On 4 April 2023, the European Data Protection Board (EDPB) published a letter sent to the European Parliament, the Council of the European Union, and the European Commission on data sharing for Anti-Money Laundering and Countering the Financing of Terrorism (AML-CFT) purposes given the Council's mandate for negotiations over European Union-wide regulations. This action followed the Council's adopted position on the Regulation on 5 December 2022 allowing private organisations, including banks or insurance companies, to share information on consumers with public authorities and each other for the purpose of detecting criminal activity. The EDPB's letter expressed concerns about the provisions allowing data sharing with regards to AML-CFT. The EDPB noted that the effectiveness of such data sharing on AML-CFT has not been thoroughly evaluated, there is a risk of mass surveillance by private entities, and the sharing of sensitive data could possibly lead to issues such as discrimination. The EDPB therefore requested the withdrawal of these provisions from the proposed Regulation.