Between Privacy and Protection

Abstract

This thesis investigates the interplay between privacy and safety within the context of Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) practices in the Dutch banking sector. As financial institutions face increasing pressure to detect and report Financial Economic Crime (FEC), the demand for advanced surveillance techniques such as: Artificial Intelligence (AI)-driven monitoring, Public Private Partnerships (PPPs) and cross-bank data sharing, has grown. However, these innovations face barriers in their implementation due to concerns regarding financial privacy and data protection. By conducting a structural privacy assessment, this research identifies and categorizes the specific privacy harms that emerge from transaction monitoring. It analyses the tensions between key legal frameworks, including the General Data Protection Regulation (GDPR), the Dutch AML/CFT law (Wwft) and the recently introduced EU Anti Money Laundering Regulation (AMLR), highlighting the regulatory ambiguities and ethical dilemmas they present. Using expert interviews and a conceptual privacy framework grounded in academic theory, the study evaluates the proportionality of privacy and safety trade-offs. The key message of this thesis is that successful AML/CFT will remain politically and technically fragile until banks, regulators and developers adopt a structured, continuously-revised understanding of privacy harms and use that lens to decide which monitoring practices, data-sharing schemes and analytic tools are ethically and legally proportionate. The thesis therefore supplies both an analytic privacy framework tailored to transaction monitoring and a map of the legal, technical and governance tensions that must be resolved before developments such as AI, data-sharing and PPPs can be deployed responsibly. Keywords: Privacy, Anti-Money Laundering, Counter Terrorism Financing, GDPR, Data-sharing, PublicPrivate Partnership, Artificial Intelligence