scholarly journals Data protection rules applicable to Financial Intelligence Units: still no clarity in sight

ERA Forum ◽  
2022 ◽  
Author(s):  
Teresa Quintel
Keyword(s):  
Law Enforcement ◽  
Money Laundering ◽  
Data Protection ◽  
Action Plan ◽  
Personal Data ◽  
Legal Framework ◽  
General Data Protection Regulation ◽  
Terrorism Financing ◽  
Financing Of Terrorism ◽  
Financial Intelligence

AbstractFinancial information can play a key role in tackling money laundering, terrorist financing and combatting serious crime more generally. Preventing and fighting money laundering and the financing of terrorism were top priorities of the European Union’s (EU) Security Strategy for 2020-2025, which might explain the fast developments regarding legislative measures to further regulate anti-money laundering (AML) and counter terrorism financing (CTF). In May 2020, the European Commission put forward an Action Plan to establish a Union policy on combatting money laundering and shortly afterwards, proposed a new AML Package.Financial Intelligence Units (FIUs) play a crucial role in analysing and exchanging information concerning unusual and suspicious transactions, serving as intermediaries between the private sector and law enforcement authorities (LEAs). Such information includes personal data, which is protected under the EU data protection acquis. The latter is constituted of two main laws, the General Data Protection Regulation (GDPR), which applies to general processing and the so-called Law Enforcement Directive (LED) that is applicable when competent law enforcement authorities process personal data for law enforcement purposes.This Article argues that the current legal framework on AML and CTF legislation is unclear on the data protection regime that applies to the processing of personal data by FIUs and that the proposed AML Package does little or nothing to clarify this dilemma. In order to contribute to the discussion on the applicable data protection framework for FIUs, the assessment puts forward arguments for and against the application of the LED to such processing, taking into account the relevant legal texts on AML and data protection.

scholarly journals Reconciliation of anti-money laundering instruments and European data protection requirements in permissionless blockchain spaces

2021 ◽  
Vol 7 (1) ◽  
Author(s):  
Iwona Karasek-Wojciechowicz
Keyword(s):  
Data Processing ◽  
Money Laundering ◽  
Data Protection ◽  
Task Force ◽  
Policy Instruments ◽  
Personal Data ◽  
General Data Protection Regulation ◽  
Terrorist Financing ◽  
The Government ◽  
High Level

AbstractThis article is an attempt to reconcile the requirements of the EU General Data Protection Regulation (GDPR) and anti-money laundering and combat terrorist financing (AML/CFT) instruments used in permissionless ecosystems based on distributed ledger technology (DLT). Usually, analysis is focused only on one of these regulations. Covering by this research the interplay between both regulations reveals their incoherencies in relation to permissionless DLT. The GDPR requirements force permissionless blockchain communities to use anonymization or, at the very least, strong pseudonymization technologies to ensure compliance of data processing with the GDPR. At the same time, instruments of global AML/CFT policy that are presently being implemented in many countries following the recommendations of the Financial Action Task Force, counteract the anonymity-enhanced technologies built into blockchain protocols. Solutions suggested in this article aim to induce the shaping of permissionless DLT-based networks in ways that at the same time would secure the protection of personal data according to the GDPR rules, while also addressing the money laundering and terrorist financing risks created by transactions in anonymous blockchain spaces or those with strong pseudonyms. Searching for new policy instruments is necessary to ensure that governments do not combat the development of all privacy-blockchains so as to enable a high level of privacy protection and GDPR-compliant data processing. This article indicates two AML/CFT tools which may be helpful for shaping privacy-blockchains that can enable the feasibility of such tools. The first tool is exceptional government access to transactional data written on non-transparent ledgers, obfuscated by advanced anonymization cryptography. The tool should be optional for networks as long as another effective AML/CFT measures are accessible for the intermediaries or for the government in relation to a given network. If these other measures are not available and the network does not grant exceptional access, the regulations should allow governments to combat the development of those networks. Effective tools in that scope should target the value of privacy-cryptocurrency, not its users. Such tools could include, as a tool of last resort, state attacks which would undermine the trust of the community in a specific network.

scholarly journals Artificial intelligence, Digital Single Market and the proposal of a right to fair and reasonable inferences: a legal issue between ethics and techniques

2019 ◽  
Vol 5 (2) ◽  
pp. 75-91
Author(s):  
Alexandre Veronese ◽  
Alessandra Silveira ◽  
Amanda Nunes Lopes Espiñeira Lemos
Keyword(s):  
Artificial Intelligence ◽  
European Union ◽  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Single Market ◽  
Legal Issue ◽  
The European Union ◽  
European Union Law ◽  
General Data Protection Regulation

The article discusses the ethical and technical consequences of Artificial intelligence (hereinafter, A.I) applications and their usage of the European Union data protection legal framework to enable citizens to defend themselves against them. This goal is under the larger European Union Digital Single Market policy, which has concerns about how this subject correlates with personal data protection. The article has four sections. The first one introduces the main issue by describing the importance of AI applications in the contemporary world scenario. The second one describes some fundamental concepts about AI. The third section has an analysis of the ongoing policies for AI in the European Union and the Council of Europe proposal about ethics applicable to AI in the judicial systems. The fourth section is the conclusion, which debates the current legal mechanisms for citizens protection against fully automated decisions, based on European Union Law and in particular the General Data Protection Regulation. The conclusion will be that European Union Law is still under construction when it comes to providing effective protection to its citizens against automated inferences that are unfair or unreasonable.

scholarly journals Personal Data Protection in Russia

2020 ◽  
pp. 95-113
Author(s):  
Alexander Gurkov
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Fundamental Rights ◽  
Special Role ◽  
State Control ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
General Data

AbstractThis chapter considers the legal framework of data protection in Russia. The adoption of the Yarovaya laws, data localization requirement, and enactment of sovereign Runet regulations allowing for isolation of the internet in Russia paint a grim representation of state control over data flows in Russia. Upon closer examination, it can be seen that the development of data protection in Russia follows many of the steps taken at the EU level, although some EU measures violated fundamental rights and were invalidated. Specific rules in this sphere in Russia are similar to the European General Data Protection Regulation. This chapter shows the special role of Roskomnadzor in forming data protection regulations by construing vaguely defined rules of legislation.

Financial information in the context of anti-money laundering

2020 ◽  
Vol 23 (2) ◽  
pp. 369-378
Author(s):  
George Pavlidis
Keyword(s):  
Law Enforcement ◽  
Money Laundering ◽  
Financial Information ◽  
The European Union ◽  
Law Enforcement Agencies ◽  
Content Type ◽  
Open Source Data ◽  
Financing Of Terrorism ◽  
Set Up ◽  
Financial Intelligence

Purpose This paper aims to examine three important interrelated issues that arise in the context of financial investigations: the access of law enforcement agencies to centralised bank account registries that have been set up in several jurisdictions; the exchange of financial information between financial intelligence units (FIUs) that function in different jurisdictions; and the exchange of financial information between FIUs and law enforcement bodies. Through the adoption of Directive 2019/1153, the European Union (EU) has attempted to achieve a paradigm shift in these three areas, but many challenges remain, from the interconnection of registries to the implementation of adequate data protection safeguards. Design/methodology/approach This paper draws on primary sources of law, legal scholarship, reports and open source data to analyse the changes that Directive 2019/1153 has brought about in conducting financial investigations in the area of anti-money laundering (AML) and the counter-financing of terrorism (CFT). Findings The new Directive 2019/1153 constitutes an international model for broadening the access of law enforcement agencies to financial information and facilitating information exchanges between FIUs and law enforcement agencies. Nevertheless, many challenges have still to be addressed, such as the interconnection of centralised registries and the implementation of adequate safeguards. Originality/value This is a comprehensive study examining the new EU framework for access to financial information and information exchanges between FIUs and law enforcement agencies, which can be used as a model for international cooperation in the areas of AML/CFT.

The Impact of the GDPR on Extra-EU Legal Systems

2020 ◽  
pp. 224-237
Author(s):  
Maria Casoria ◽  
Eman Mahmood AlSarraf
Keyword(s):  
United Arab Emirates ◽  
Data Protection ◽  
Arabian Gulf ◽  
Personal Data ◽  
Legal Framework ◽  
Legal Systems ◽  
General Data Protection Regulation ◽  
Personal Data Protection ◽  
Data Protection Law ◽  
Regional Organisation

The chapter discusses the influence of the General Data Protection Regulation (GDPR) on legal systems extra-EU and particularly the Kingdom of Bahrain, country member to a regional organisation located in the Arabian Gulf denominated Gulf Cooperation Council (GCC), which is exclusive to six states (i.e., Saudi Arabia, United Arab Emirates, Oman, Qatar, and Kuwait in addition to Bahrain). Amongst these countries, Bahrain is the only one that has recently enacted its own separate Personal Data Protection Law (PDPL) mostly resembling the GDPR due to the ever-increasing commercial relationship with business undertakings in Europe. Moreover, the adoption of the data protection law counts as a huge leap forward taken by the kingdom in reforming its legal framework, since it is the state's striving strategy to grow into a midpoint for data centre, just on time for the launch of data centres opening in Bahrain that are endorsed by Amazon Web Services.

22. Data protection: the legal framework

2019 ◽  
pp. 565-594
Author(s):  
Andrew Murray
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Personal Privacy ◽  
General Data Protection Regulation ◽  
Key Concepts ◽  
General Data ◽  
Geographical Scope

This chapter examines data protection, digitization of data, its implications for personal privacy, and the regulation of data industries. It begins by discussing the current law found in the General Data Protection Regulation and the Data Protection Act 2018. It examines the key concepts of data controllers, data processors, and data subjects, and discusses the conditions for the processing of personal data. This includes an examination of key cases such as Nowak v Data Protection Commissioner and Bodil Lindqvist. It looks at the geographical scope of the GDPR and the extraterritorial effect of the Regulation, and examines the domestic purposes exemption after Ryneš.

The Practice of the Italian Republic in the Field of Combating Money Laundering

2019 ◽  
Vol 6 (6) ◽  
pp. 103-107
Author(s):  
Денис Шелестинский ◽  
Denis Shelestinskiy ◽  
А. Буртасова ◽  
A. Burtasova
Keyword(s):  
United States ◽  
Great Britain ◽  
Law Enforcement ◽  
Money Laundering ◽  
Stock Exchange ◽  
The United States ◽  
Legal Framework ◽  
National Commission ◽  
Insurance Supervision ◽  
Financial Intelligence

The process of formation of the existing system of counteraction to legalization of proceeds from crime, which is based on the principles of interaction between financial, administrative institutions and law enforcement bodies, is considered in the work. Unlike the United States and Great Britain, the Ministry of Economy and Finance is responsible for developing policies to counteract money laundering in Italy. The paper analyzes the activities of the national financial intelligence unit of Italy — L’Unita` di informazione finanziaria per l’Italia (UIF), established in accordance with Legislative Decree 231/2007 as an independent body within the structure of the Bank of Italy, as well as the National Commission for Companies and The stock exchange and the Institute for Insurance Supervision. Based on the data received, the authors draw attention to the fact that Italy has a well thought-out regime for countering the legalization of proceeds from crime through a well-developed legal framework. During the research, the authors used historical, logical, statistical, systemic and prognostic methods of investigation. The main conclusion of the study was that the distinctive feature of the Italian system is the close interaction of the national financial intelligence unit with the Bank of Italy, whose formally independent but essentially structural subdivision is it.

scholarly journals Compatibility of a Security Policy for a Cloud-Based Healthcare System with the EU General Data Protection Regulation (GDPR)

Information ◽  
2020 ◽  
Vol 11 (12) ◽  
pp. 586
Author(s):  
Dimitra Georgiou ◽  
Costas Lambrinoudakis
Keyword(s):  
Healthcare System ◽  
Data Protection ◽  
Security Policy ◽  
Personal Data ◽  
Legal Framework ◽  
Healthcare Systems ◽  
Security And Privacy ◽  
Security Measures ◽  
General Data Protection Regulation ◽  
General Data

Currently, there are several challenges that cloud-based healthcare systems around the world are facing. The most important issue is to ensure security and privacy, or in other words, to ensure the confidentiality, integrity, and availability of the data. Although the main provisions for data security and privacy were present in the former legal framework for the protection of personal data, the General Data Protection Regulation (GDPR) introduces new concepts and new requirements. In this paper, we present the main changes and the key challenges of the GDPR and, at the same time, we present how a cloud-based security policy could be modified in order to be compliant with the GDPR, as well as how cloud environments can assist developers to build secure and GDPR compliant cloud-based healthcare systems. The major concept of this paper is dual-purpose; primarily, to facilitate cloud providers in comprehending the framework of the new GDPR and secondly, to identify security measures and security policy rules, for the protection of sensitive data in a cloud-based healthcare system, following our risk-based security policy methodology that assesses the associated security risks and takes into account different requirements from patients, hospitals, and various other professional and organizational actors.

scholarly journals La libertad de información como límite al derecho a la protección de datos personales: la excepción periodística

2015 ◽  
pp. 377
Author(s):  
Cristina Pauner Chulvi
Keyword(s):  
Data Protection ◽  
Personal Data ◽  
Legal Framework ◽  
Fundamental Rights ◽  
Freedom Of Information ◽  
Member States ◽  
General Data Protection Regulation ◽  
Personal A ◽  
The Media ◽  
The Right

La aplicación indiscriminada de la normativa sobre el derecho a la protección de datos de carácter personal a los medios de comunicación puede suponer una restricción excesiva de la libertad de información, uno de los elementos más característicos del patrimonio jurídico de las sociedades democráticas. En el intento de lograr un equilibrio entre ambos derechos fundamentales, el régimen europeo en materia de protección de datos —la actual Directiva 95/46/CE y la Propuesta de Reglamento General de Protección de Datos— contemplan la denominada excepción periodística que autoriza a los Estados miembros a establecer limitaciones a la aplicación de determinadas disposiciones. El presente artículo analiza el concepto y alcance de la mencionada excepción en las normas europeas y en las legislaciones de los Estados miembros que, en transposición de la Directiva, han incorporado el reconocimiento de la excepción periodística.Indiscriminate application to the media of the rules on the right to data protection may cause excessive restriction of freedom of information, one of the most characteristic items of the legal heritage of democratic societies. In an attempt to strike a balance between the two fundamental rights, the European legal framework for the protection of personal data — the current Directive 95/46/EC and the proposed General Data Protection Regulation — provide for the so-called journalism exemption which allows Member States to establish exemptions to the application of certain provisions. This article analyses the concept and scope of this exemption in the European regulations and in the legislation of the Member States which have transposed the Directive into their national law and have thus incorporated recognition of the journalism exemption.

scholarly journals Data protection for networked and robotic toys - a legal perspective

2018 ◽  
Vol 27 ◽  
Author(s):  
Rocco Panetta ◽  
Federico Sartore
Keyword(s):  
Data Protection ◽  
Codes Of Conduct ◽  
Personal Data ◽  
Legal Framework ◽  
Fundamental Rights ◽  
Security Measures ◽  
General Data Protection Regulation ◽  
Legal Perspective ◽  
Psychological Maturity ◽  
Iot Devices

This paper is aimed to understand the state of the art and the resulting consequences of the legal framework in Europe, with regard to the protection of children's data. Especially when they interact with networked and robotic toys, like in 'My friend Cayla' case. In order to evaluate the practical implications of the use of IoT devices by children or teenager users, the first part of the paper presents an analysis of the international guiding principles of the protection of minors, a category which enjoys a higher level of protection of their fundamental rights, due to their condition of lack of physical and psychological maturity. Secondly, the focus is moved upon the protection of personal data of children. Only after confronting previous data protection legal instruments and having compared them with the novelties set forth in General Data Protection Regulation, it is reasonable to assume that new provisions such as "privacy by design" principle, adequacy of security measures and codes of conduct, can support data controllers in ensuring compliance (in line with the accountability principle) in the field of IoT toys. In conclusion, the paper supports a view of Data Protection Authorities as a relevant player in enhancing these renovated tools in order to achieve the protection of children's rights, as to ensure their substantial protection against the threats of the interconnected world.

Sign in / Sign up

Export Citation Format

Share Document