A law presented by the European Commission in July 2021, which aims to strengthen European rules against money laundering and the financing of terrorism, challenges the CNIL and its European counterparts. Gathered within the EDPS, they alerted European lawmakers on the issue of data protection.
The CNIL calls for better data protection
The legislative framework proposed by the European Commission should make it possible to “better detect suspicious transactions and activities” and closing loopholes that criminals take advantage of to launder the proceeds of illicit activities or finance terrorist activities through the financial system. To achieve this, European legislators have agreed to give ground on the subject of data protection. This is why, on May 20, 2022, the CNIL and its counterparts published an open letter to the European Parliament, the European Commission, and the Council of the European Union on this proposal.
Microsoft thwarted cyberattacks from a Lebanese hacker group
The CNIL asks legislators to pay attention to the issues raised by this proposal in terms of data protection. Like its European counterparts, the National Commission for Computing and Liberties considers it essential that legislators “take better account of the principles laid down by the General Data Protection Regulation (GDPR) in the development of this regulation”. To comply with European regulations, this new law should only take into account data “accurate, relevant, and limited to what is necessary”.
The activity of service providers responsible for collection must be supervised
As such, the CNIL wishes that the categories of data as well as the conditions of their use be specified directly in the regulations under negotiation, “and not in specific regulatory technical standards”. Furthermore, the EDPS members ask to be involved in European discussions relating to the drafting of the legislative package. Concretely, the CNIL and its counterparts want the text to include additional guarantees, to ensure better protection of this data.
The Commission also calls for a certain vigilance with regard to “sources used by the organizations concerned to collect information on their customers”. The CNIL considers that it is essential to regulate the activity of service providers specializing in the provision of information, with regard to the requirements of the GDPR. Finally, the Commission points out that it reserves the right “to initiate investigations and adopt repressive measures in the event of non-compliance with the GDPR by these actors”.