Promotie M.M. Brewczyńska

Technological developments and an increase in the amount of information, including personal data, collected and processed by private companies, make state authorities ever more interested in, if not dependent on, the non-public sources of data. This results in the intertwining of state- and non-state surveillance capacities and a gradual spread of responsibility for crime control onto actors operating outside the public criminal justice system. Such a trend is exemplified by the Anti-Money Laundering and Countering the Financing of Terrorism (AML/CFT) policy. 

The AML/CFT system involves financial institutions, especially banks, in ‘policing’ by requiring them to scrupulously monitor transactions of their customers, and flag and report any instances identified as potential suspicions of crime. Yet, to fulfil such tasks, banks need input from the state criminal law enforcement bodies; simply put, banks need to know what or who they are looking for. While the circle of public-private collaboration tightens to enhance the joint investigatory capacities of public and private actors, important questions about the rights to privacy and the protection of personal data arise.

The citizens subject to the AML/CFT measures are no longer confronted only with the surveillance power of the state but with a network of joint public-private surveillance powers. Taking the perspective of two fundamental rights, namely the right to privacy and personal data protection, the thesis seeks an answer to the question of the legitimacy of the privacy-intrusive practices of sharing information about individuals between the state and non-state actors in modern democratic societies.

It argues that the requirement, which demands power to be exercised when ‘provided for by law’, must not be limited to the simple enactment of laws which establish formal legal grounds for the processing of personal data. Importantly, such laws need to meet several standards such as clarity, consistency or transparency to form an acceptable legal system, which is not just legal, meaning correctly imposed by the lawgiver, but rather reflects the reciprocal relationship between the lawgiver and people subject to the law, what renders it legitimate.

The thesis is predominantly a legal investigation focused on the European human rights law. The analysis of the applicable provisions and relevant caselaw is supplemented with the arguments from legal philosophy, which among others yields tools for distinguishing legality from legitimacy and allows for explaining how the latter can serve as a useful lens for the evaluation of policing in the new network of power. Due to the multifaceted relevance of public-private cooperation through personal data sharing, the analysis is also embedded in a broader theoretical framework designed with the use of literature from other disciplines than law, including history, sociology, and political science.