Cross-border information – some countries’ privacy safeguards fall short of GDPR


Financial watchdogs from North America, Britain and Asia are urgently seeking a formal exemption from the European Union’s tough new data privacy law to avoid hampering cross-border investigations, regulatory officials told Reuters.
Failure by the EU to explicitly exempt markets regulators from the bloc’s General Data Protection Regulation (GDPR) could jeopardize international probes and enforcement actions in cases involving market manipulation and fraud, the officials warned.

The new rules, which came into force on May 25, have been several years in the making but lobbying by foreign regulators and their key international body has intensified over the past year with multiple meetings on both sides of the Atlantic as the law’s launch has approached, three people said.

The new EU law strengthens personal data privacy rights in the bloc, giving consumers greater control over their personal information.

It also narrows an exemption for cross-border personal data transfers made in the “public interest” by imposing new conditions, including extra privacy safeguards, on its use, said the officials and legal experts.

Under the previous law, regulators used the exemption to share vital information, such as bank and trading account data, to advance probes into a range of misconduct.

For now, regulators are operating on the basis they can continue sharing such data under the new exemption but say doing so takes them into legally ambiguous territory because the new law’s language leaves room for interpretation.

They fear that without explicit guidance, investigations such as current U.S. probes into cryptocurrency fraud and market manipulation in which many actors are based overseas, could be at risk.

This is because in the absence of an exemption, cross-border information sharing could be challenged on the grounds that some countries’ privacy safeguards fall short of those now offered by the EU.

To fend off that risk, regulators are pressing the Brussels-based European Data Protection Board (EDPB) to formally sign-off on an “administrative arrangement” that would clarify in writing if and how the public interest exemption can be applied to their cross-border information sharing, three people with direct knowledge of the matter told Reuters.

– By Michelle Price and Huw Jones, Reuters, 25 June 2018

Share this article

Recent posts

Popular categories

Recent comments