The Data Protection Implications of the EU AML Framework: A Critical Overview & the Case of AI

The tension and the need for alignment between the data protection and AML/CFT framework has been pointed out by scholars and authorities since the first AMLD, over thirty years ago. Despite the criticism, none of the competent authorities has issued a pragmatic guidance aiming at consolidating the two regimes. This lack of regulatory clarity together with the fragmented implementation and interpretation of the AMLD across the EU are aggravating the challenges of the obliged entities. At the same time, the adoption of emerging technologies, such as AI for AML/CFT purposes, is further highlighting the need for harmonising the various conflicting obligations to avoid duplication and goldplating practices. Following a doctrinal approach of primary sources, the present aims to contribute to the discussion towards a reconciliation between the data protection and AML/CFT framework from the perspective of the obliged entities, considering the recent regulatory developments, namely the AML Package and the AIA Proposal, the relevant case law of the EUCJ, and the current literature.