Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Document 52023XX0720(01)

    Summary of the Opinion of the European Data Protection Supervisor on the Proposal for a Directive of the European Parliament and of the Council on deposit protection, cross-border cooperation and transparency 2023/C 255/04 (The full text of this Opinion can be found in English, French and German on the EDPS website https://edps.europa.eu)

    OJ C 255, 20.7.2023, p. 4–6 (BG, ES, CS, DA, DE, ET, EL, EN, FR, GA, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

    20.7.2023   

    EN

    Official Journal of the European Union

    C 255/4


    Summary of the Opinion of the European Data Protection Supervisor on the Proposal for a Directive of the European Parliament and of the Council on deposit protection, cross-border cooperation and transparency

    (2023/C 255/04)

    (The full text of this Opinion can be found in English, French and German on the EDPS website https://edps.europa.eu)

    On 18 April 2023 the European Commission issued a Proposal for a Directive of the European Parliament and of the Council amending Directive 2014/49/EU as regards the scope of deposit protection, use of deposit guarantee schemes funds, cross-border cooperation, and transparency.

    The Proposal aims to improve the protection of depositors in cases of bank failures in the Union, while also protecting important financial interests of the Union and its Member States.

    The Proposal sets out to achieve said goals by offering depositors a robust level of protection, increasing the convergence in the practices of Depositor Guarantee Schemes (DGS), and improving national cross-border cooperation between DGSs, and between the latter and member credit institutions and Financial Intelligence Units (FIU). This entails aligning Directive 2014/49/EU with the existing and upcoming EU rules on anti-money laundering and countering the financing of terrorism (AML/CFT).

    The present Opinion of the EDPS is issued in response to a consultation by the European Commission of 19 April 2023 pursuant to Article 42(1) of EUDPR. The EDPS recommends to add a reference to this consultation in the Recitals of the Proposal.

    The Proposal would entail the sharing of personal data of depositors or other persons related to suspected money laundering or terrorism financing offences between FIUs, designated authorities, and DGSs. This Opinion takes into account the risks to the fundamental rights and freedoms of data subjects that could arise from these data exchanges and addresses recommendations in relation to the different scenarios of data sharing pursuant to the Proposal. In this regard, the EDPS makes a number of recommendations.

    In particular, the EDPS recommends to define the categories of data subject to the processing, the data subjects concerned, as well as to clearly lay down the purpose(s) for the processing.

    The EDPS also wishes to draw attention of the Commission to the need to consult the EDPS before the adoption of any delegated acts validating draft regulatory technical standards developed by the European Banking Authority (EBA) that would imply the processing of personal data.

    1.   INTRODUCTION

    1.

    On 18 April 2023 the European Commission issued a Proposal for a Directive of the European Parliament and of the Council amending Directive 2014/49/EU as regards the scope of deposit protection, use of deposit guarantee schemes funds, cross-border cooperation, and transparency (1) (‘the Proposal’).

    2.

    According to the European Commission’s Impact Assessment (‘the IA’), the Deposit Guarantee Schemes (DSG) Directive (‘the DGSD’) (2) has been broadly effective in improving the level of depositor protection across the EU, which is an important objective of the Banking Union. However, the IA reveals that the application of the DGSD safeguards remains uneven among national DGSs, highlighting both the needs for harmonized rules to address divergences that have adverse impacts on depositors, and to clarify the coverage for certain types of depositors (3). Therefore, the objective of the Proposal is to improve the depositor protection framework to ensure a coherent application of rules and a better level playing field, while protecting financial stability and enhancing depositors’ confidence. This entails clarifying the scope of depositor protection, settling divergent interpretations of conditions for the use of Deposit Guarantee Schemes (DSG) funds in the Union, and improving the operational effectiveness, cross-border cooperation, and efficiency in the way DGSs work (4).

    3.

    The achieve these objectives, and further specifying requirements set out under the DGSD (5), the Proposal includes provisions that would require credit institutions, DGSs, and designated authorities (6) to process personal data related to depositors who are natural persons or potentially to representatives of depositors which are legal persons. In particular:

    a.

    Credit institutions may not know the clients entitled to repayments of deposits held in the client accounts, or be able to check and record individual data of those clients (7). Therefore, a new Article 8b introduced by the Proposal would enable credit institutions to assess whether client funds deposits are covered by the DGSs by allowing them to collect certain personal data about their clients. The categories of personal data to be processed for this purpose would be specified in draft regulatory technical standards developed by the European Banking Authority (EBA) outlining the technical details related to the identification of clients for the repayment in accordance with Article 8 of the DSGD.

    b.

    When reimbursing depositors, DGSs may encounter situations that give rise to money laundering concerns and thus the European Commission proposes that DGSs should withhold the payout to a depositor when notified that a financial intelligence unit (FIU) has suspended a transaction, a bank or payment account in accordance with the applicable anti-money laundering (AML) rules (8). A new Article 8c(1) under the Proposal would oblige authorities designated at Member State level as administrators of a DGS to inform the DGS about strictly necessary information received from financial supervisors about the outcome of customer due diligence measures carried out in accordance with the AML regime. Additionally, according to paragraph 3 of the same Article, FIUs would notify DGSs about their decision to act against a depositor pursuant to AML rules as amended by the Proposal for a new AML Directive (‘AMLD 6 Proposal’) (9). In case DGSs receive such a communication, Article 8c(3) of the Proposal would require them to suspend the repayment to the depositor for the same duration of the measure imposed by the FIU.

    c.

    The new Article 16a advanced by the Proposal would replace current Articles 4(8) and 14(4) of the DSGD, that currently entitle DSGs to receive from their member credit institutions upon request and share with DSGs in other Member States all information necessary to prepare for a repayment of depositors, including so-called ‘markings’ (10).

    4.

    The present Opinion of the EDPS is issued in response to a consultation by the European Commission of 19 April 2023 pursuant to Article 42(1) of EUDPR. The EDPS recommends adding a reference to this consultation in the Recitals of the Proposal.

    6.   CONCLUSIONS

    27.

    In light of the above, the EDPS makes the following recommendations:

    (1)

    including a reference to the fact that the entities covered by the Proposal should comply with the GDPR - and, if applicable, with the EUDPR and the LED - when implementing their obligations under the Proposal in an appropriate recital;

    (2)

    including a recital mentioning the consultation of the EDPS pursuant to Article 42(1) of EUDPR and to this Opinion;

    (3)

    consulting the EDPS before the adoption of the delegated act that would validate EBA’s draft regulatory technical standards defining the categories of personal data that DGSs are legally entitled to process in the context of client identification for the purposes of deposit repayment, as per Article 8b of the Proposal;

    (4)

    assessing whether the reference to compliance with Directive 96/9/EC of the European Parliament and of the Council of 11 March 1996 on the legal protection of databases (11) (the ‘Database Directive’) in Article 8c(1) is correct;

    (5)

    amending Article 8c(1) of the Proposal to further ensure that the sharing of personal data between financial supervisors and designated authorities, and subsequently between the latter and DGSs is limited to what is strictly necessary to enable DGSs to decide about whether they should suspend the repayment of deposits in case of concerns about money laundering or terrorist financing;

    (6)

    including in Article 8c(2) of the Proposal appropriate safeguards for the rights and freedoms of data subjects, including the definition of the categories of personal data to be shared with or obtained by DGSs, the sources where such personal data should be obtained, appropriate purpose limitation obligations, and an appropriate data storage period;

    (7)

    specifying the categories of personal data and the data subjects concerned in the notifications from FIUs to DGSs under Article 8c(3) of the Proposal, and that such notifications would only take place in case of the failure of the client’s or beneficial owner’s credit institution, which should would only cover measures taken against depositors to the extent that the involved personal data sharing is necessary and proportionate to the envisaged aim of preventing repayments of depositors that FIUs acted against under the AMLD 6 Proposal;

    (8)

    the Commission to consult the EDPS before the adoption of the delegated act that would validate EBA’s technical standards defining such the categories of personal data that credit institutions would be required to share with DGSs for the purposes listed under Article 16a of the Proposal.

    Brussels, 12 June 2023.

    Wojciech Rafał WIEWIÓROWSKI


    (1)  COM(2023) 228 final.

    (2)  Directive 2014/49/EU of the European Parliament and of the Council of 16 April 2014 on deposit guarantee schemes (OJ L 173, 12.6.2014, p. 149).

    (3)  SWD(2023) 226 final.

    (4)  See Explanatory Memorandum, pages 1 and 3.

    (5)  See EDPS Opinion on the Proposal for a Directive of the European Parliament and of the Council on Deposit Guaranteee Schemes , issued on 9 September 2010, paragraph 7.

    (6)  According to Article 2(18) of the DGSD, ‘designated authority’ means a body which administers a DGS pursuant to this Directive, or, where the operation of the DGS is administered by a private entity, a public authority designated by the Member State concerned for supervising that scheme pursuant to this Directive.

    (7)  Recital (14) of the Proposal, specifying Article 8b.

    (8)  Recital (15) of the Proposal, specifying Article 8c.

    (9)  Proposal for a Directive of the European Parliament and of the Council on the mechanisms to be put in place by the Member States for the prevention of the use of the financial system for the purposes of money laundering or terrorist financing and repealing Directive (EU) 2015/849, COM/2021/ 423 final.

    (10)  Opinion on the Proposal for a Directive of the European Parliament and of the Council on Deposit Guarantee Schemes (recast), of 9 September 2010, paragraph 9.

    (11)  OJ L 77, 27.3.1996, p. 20.


    Top