The Dutch Data Protection Authority has strongly criticized a government plan to tackle money laundering. According to the privacy watchdog, the Money Laundering Action Plan creates risks of mass surveillance and discrimination. Nor is the law necessary.
That is what the AP writes in a warning letter which can be found on the website of the House of Representatives. In it, the privacy supervisor explains its opinion on a bill for the Money Laundering Action Plan Act. The AP advises the House on this. It is not the first time that the AP has criticized the law. In October, the regulator also warned that the new law ‘opens the door to unprecedented mass surveillance by banks’. In the bill, all transactions from banks above a certain amount must be automatically scanned for potentially suspicious behavior. It is mainly the specific rules of the law that the AP has difficulty with; for example, all transaction data can be stored in a central location and banks must use controversial algorithms to perform the scans. This monitoring is then done by a third party. Banks must also exchange data with each other.
In the new letter, the AP reiterates those concerns. Since the previous advice, the biggest objections that the AP had have not been removed. For example, the law would be unnecessary and ‘contrary to the principle of proportionality’. According to the AP, the bill can ensure that ‘the path of full central control of payment transactions is taken’. “This road is an unlawful violation of fundamental rights and civil liberties. This creates a society in which a provision that is essential to everyone, such as payments, is used to massively and centrally monitor all citizens,” the watchdog writes.
p>According to the regulator, the law would also be in conflict with the Charter of Fundamental Rights of the EU, because only a small percentage of payment traffic is linked to money laundering. “A tool aimed at detecting a relatively small number of cases will be used against everything and everyone,” the regulator writes, who compares this to the preventive search of every payment. The AP cannot directly test against that Charter as it can against the GDPR, but the regulator can in theory start a lawsuit and have it go to the European Court.
The AP also points out that the current European anti-money laundering rules already infringe the privacy of citizens. Those rules are already ‘at odds with the Charter’ and tightening them would make that more serious. The AP also warns against function creep, where a measure can later be used for other measures. There is also the risk that many citizens will no longer be able to bank by law and that there will be no good solution if that happens. Finally, there is the risk that citizens will be discriminated against on the basis of race, ethnicity or religion.