Implementation of the personal data minimization principle in financial institutions: Lithuania’s case
Journal of Money Laundering Control
ISSN: 1368-5201
Article publication date: 22 July 2021
Issue publication date: 21 October 2021
Abstract
Purpose
The purpose of this paper is to assess such processing of personal data for identification purposes from the point of view of the principle of data minimisation, as set out in the EU’s General Data Protection Regulation (GDPR) and examine whether the processing of personal data for these purposes can be considered proportionate, i.e. whether it is performed for the purposes defined and only as much as is necessary.
Design/methodology/approach
In this paper, the authors discuss and present the relevant legal regulation and examine the goals and implementation of such regulation in Lithuania. This paper also examines the conditions for the lawful processing of personal data and their application for the above-mentioned purposes.
Findings
This paper addresses the problem that, on the one hand, financial institutions must comply with the objectives of collecting as much personal data as possible under the AML Directive (this practice is supported by the supervisory authority, the Bank of Lithuania), and, on the other hand, they must comply with the principle of data minimisation established by the GDPR.
Originality/value
Financial institutions process large amounts of personal data. These data are processed for different purposes. One of the purposes of processing personal data is (or may be) related to the prevention of money laundering and terrorist financing. In implementing the Know Your Customer principle and the relevant legal framework derived from the EU AML Directive, financial institutions collect various data, including projected account turnovers, account holders' relatives involved in politics, etc.
Keywords
Acknowledgements
Solving privacy paradox: Promoting High Standards of Data Protection as a Fundamental Right and Central Factor of Consumer Trust in Digital Economy 814754.
Citation
Laurinaitis, M., Štitilis, D. and Verenius, E. (2021), "Implementation of the personal data minimization principle in financial institutions: Lithuania’s case", Journal of Money Laundering Control, Vol. 24 No. 4, pp. 664-680. https://doi.org/10.1108/JMLC-11-2020-0128
Publisher
:Emerald Publishing Limited
Copyright © 2021, Emerald Publishing Limited