Data protection: Art. 29 Working Party guidelines on BCRs EBF comments
EBF advisor: Helene Benoist
Article 29 Data Protection Working Party: EBF’s comments on the WP29 updated adequacy referential and working document on BCRs (wp254 & wp256) k
Publication date: 17 January 2018
The European Banking Federation (EBF) welcomes the Article 29 Data Protection Authority (hereafter ‘WP29’) paper on Binding Corporate Rules (BCRs) and the updated adequacy referential which provide further clarity on how international data transfers will be managed under the General Data Protection Regulation (GDPR).
Cross-border data transfers are today an important part of the modern global economy as data has become its lifeblood. Digital trade and cross-border data flows are expected to continue to grow faster than the overall rate of global trade.
Financial institutions often need to process personal data within the group of which they are members in order to achieve objectives, such as offering a broader variety of products to the clients, or, efficiently tackling fraud. In that respect, clarity and legal certainty are necessary.
Nevertheless, there will be greater difficulties going forward for three reasons:
The new provisions in the GDPR will make third country transfers more difficult. Under the GDPR, the possibility to make an internal adequacy decision within the firm is no longer possible.
However, the slowness of the BCRs adoption process is today an important obstacle. We note that BCRs currently require 18 months or more to be approved and demand will likely increase under the GDPR.
There is uncertainty over firms’ ability to rely even on the safeguards provided for under the GDPR. The EU-U.S. Privacy Shield and SCCs, for example, have an uncertain future, given the striking down of the Safe Harbour adequacy decision in 2015 and a more recent court challenge against SCCs and referral to the Court of Justice of the European Union (“Schrems II”).
We believe further assessment should be conducted on the barriers that prevent banks from processing or storing data inside and outside the EU (linked to data protection, confidentiality, bank secrecy requirements, etc.). Ultimately, there should also be a clear legal basis to share information among jurisdictions at group company level.
Every Friday at noon you can receive the EBF Weekly + Financial Regulation Agenda. This agenda presents an overview of upcoming European and international meetings and conferences in financial regulation, as well as important general financial and economic events and key EBF meetings for the week ahead. CLICK HERE TO SUBSCRIBE
Subscribe to the EBF Morning Brief
The EBF Morning Brief is published Monday through Friday morning and brings you the top banking headlines, relevant announcements from the EU institutions and the latest from the EBF and its members, national banking associations in 32 countries in Europe. CLICK HERE TO SUBSCRIBE
The European Banking Federation is the voice of the European banking sector, bringing together national banking associations from across Europe. The federation is committed to a thriving European economy that is underpinned by a stable, secure and inclusive financial ecosystem, and to a flourishing society where financing is available to fund the dreams of citizens, businesses and innovators everywhere.
56 Avenue des Arts
+32 2 508 37 11
D-60311 Frankfurt am Main
+49 69 17509942