Privacy First participation in DNB consultation
The Dutch Central Bank (DNB) recently held a internet consultation on their new approach to money laundering for the financial sector. As Privacy First is concerned about how personal data and citizens' fundamental financial rights are handled in the financial sector, it participated in this consultation.
In the consultation submission, Privacy First drew attention to the risks to citizens associated with the unrestrained collection of confidential data by financial institutions in the context of money laundering. Currently, financial institutions lack AVG compliance oversight and are not required to report data breaches to concerned citizens. There are also significant risks associated with the use by financial institutions of data traders, parties who are not themselves under integrity supervision and who are insufficiently compliant with the AVG.
A factor here is that financial institutions are uncertain about the extent of their data collection obligations, leading them to collect as much data as possible for fear of fines and criminal prosecution. As a result, they act in violation of the data minimisation obligation of the AVG. Privacy First urges DNB to create more clarity so that financial institutions can fulfil their duty not to process personal data unnecessarily.
Copy of passport
The way financial institutions verify the identity of their clients, representatives and ultimate stakeholders causes many problems. Privacy First points out in its response that the law does not require the creation, storage and long-term retention of copies of identity documents and advises DNB to propose an improved approach to financial institutions here.
Secure communication on KYC and more
Other topics from Privacy First's consultation submission include:
- Financial institutions' compliance with the AVG information obligation;
- Secure communication with clients about the Wwft client survey;
- bad press monitoring;
- nationality discrimination;
- high-risk situations;
- cash;
- processing of personal data of stakeholders below the Wwft-UBO threshold;
- Subjective and objective 'indicators';
- retention periods and look-back period.
Privacy First's entire consultation submission can be found at HERE read (pdf). We expect a response from DNB in early 2024.