Data protection: Art. 29 Working Party guidelines on BCRs EBF comments
EBF advisor: Helene Benoist
Article 29 Data Protection Working Party: EBF’s comments on the WP29 updated adequacy referential and working document on BCRs (wp254 & wp256) k
Publication date: 17 January 2018
The European Banking Federation (EBF) welcomes the Article 29 Data Protection Authority (hereafter ‘WP29’) paper on Binding Corporate Rules (BCRs) and the updated adequacy referential which provide further clarity on how international data transfers will be managed under the General Data Protection Regulation (GDPR).
Cross-border data transfers are today an important part of the modern global economy as data has become its lifeblood. Digital trade and cross-border data flows are expected to continue to grow faster than the overall rate of global trade.
Financial institutions often need to process personal data within the group of which they are members in order to achieve objectives, such as offering a broader variety of products to the clients, or, efficiently tackling fraud. In that respect, clarity and legal certainty are necessary.
Nevertheless, there will be greater difficulties going forward for three reasons:
The new provisions in the GDPR will make third country transfers more difficult. Under the GDPR, the possibility to make an internal adequacy decision within the firm is no longer possible.
However, the slowness of the BCRs adoption process is today an important obstacle. We note that BCRs currently require 18 months or more to be approved and demand will likely increase under the GDPR.
There is uncertainty over firms’ ability to rely even on the safeguards provided for under the GDPR. The EU-U.S. Privacy Shield and SCCs, for example, have an uncertain future, given the striking down of the Safe Harbour adequacy decision in 2015 and a more recent court challenge against SCCs and referral to the Court of Justice of the European Union (“Schrems II”).
We believe further assessment should be conducted on the barriers that prevent banks from processing or storing data inside and outside the EU (linked to data protection, confidentiality, bank secrecy requirements, etc.). Ultimately, there should also be a clear legal basis to share information among jurisdictions at group company level.
Join the @DigFinSummit on 27/11 at @SheratonZTM to network with experts from all fields of #FinTech! As a media partner, we are happy to give you this code Firamis20 to get a 20% discount #DFS19
Register now >> https://t.co/JfYMPkiq2L
The EBF is the voice of the European banking sector, bringing together national banking associations from 45 countries. The EBF is committed to a thriving European economy that is underpinned by a stable, secure and inclusive financial ecosystem, and to a flourishing society where financing is available to fund the dreams of citizens, businesses and innovators everywhere.
56 Avenue des Arts
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.