Regulators are concerned cross-border investigations could be placed in jeopardy by GDPR requirements.
Regulators from North America, Great Britain and Asia have requested a formal exemption from the European Union’s new data privacy law which they said could potentially interfere with cross-border investigations. Officials warn that if the EU will not grant the exemption from the bloc’s General Data Protection Regulation (GDPR), it could jeopardise international investigations and enforcement in cases involving market manipulation and fraud, Reuters has reported. The new rules, which went into effect on May 25, bolster personal data privacy rights in the EU, but also restrict an exemption for cross-border personal data transfers made in the “public interest.” While regulators continue to share data under the new exemption, there is concern that the lack of an exemption could cause legal issues because the regulation’s language is open to interpretation. That could put investigations, such as current US probes into cryptocurrency fraud and market manipulation where many participants are based overseas, in jeopardy. To ensure this does not happen, regulators are requesting that the European Data Protection Board (EDPB) formally sign-off on an “administrative arrangement” that would explain in writing if and how the public interest exemption can be applied to cross-border information sharing.
Sources told Reuters the EU is concerned that such explicit guidance could be used to illegitimately avoid its privacy safeguards. Regulators who are making the request include the EU’s European Securities and Markets Authority (ESMA), the US Commodity Futures Trading Commission (CFTC), the Securities and Exchange Commission (SEC), the Ontario Securities Commission (OSC), the Japan Financial Services Agency (FSA), Britain’s Financial Conduct Authority (FCA), and the Hong Kong Securities and Futures Commission (SFC). Responding to the regulators’ concerns, European Commission spokesman Christian Wigand said that data sharing between the EU and non-EU countries could be ensured under the EU data protection legislation. He said, ‘Europe is open for business.’