At its most recent session, the European Data Protection Board (EDPB) sent an open letter to the European Parliament, the Council, and the European Commission concerning data sharing for tackling financial crime. In the letter, the EDPB expressed serious reservations about certain additions from the Council which would enable private entities to acquire personal information from each other regarding “suspect transactions” and details associated with complying with customer due diligence regulations.
The Board highlighted potentially sizable risks to privacy and data protection, including potential overprocessing by these private firms. Furthermore, they raised doubts as to the validity of such activities, as well as their necessity and relevance in proportion to the effect they could have on individuals — such as blacklisting and denying them access to banking services. As such, the EDPB urgently counselled that these amendments should not be included in the Proposal’s final text.