Compliance
European Union, US Agree Data-Sharing Pact
The controversy highlights the friction between the drive for more transparency that governments have led in recent years, and legitimate financial privacy. Different approaches on both sides of the Atlantic have also added to controversy.
The European Union has agreed a new deal governing transatlantic data transfers after it said that the US has accepted an “adequate” level of protection over citizens’ information.
The agreement comes at US President Joe Biden embarked on his visit to European capitals this week.
The EU-US pact on data is designed, so its framers say, to ease worries about information transfers and concerns that the US takes a more hands-off view on privacy than its European counterparts tend to do.
While it has access to the EU Single Market, Switzerland is not covered by this agreement.
There’s a wealth management dimension to this; the protection of client privacy in a globalized world is implicit in how the sector operates. But, as controversies have shown, there can be conflict between governments’ demands to foil offshore tax evasion, and other offences, and the need to protect legitimate client privacy. (See articles and a video interview here, here, and here.)
“The adequacy decision concludes that the United States ensures an adequate level of protection – compared to that of the EU – for personal data transferred from the EU to US companies participating in the EU-US Data Privacy Framework,” the European Commission said in a statement yesterday.
European Commission President Ursula von der Leyen yesterday was quoted saying (Bloomberg, others) that the EU’s executive adopted a so-called adequacy decision, allowing thousands of firms to safely ship data to the US without fear of violating EU privacy law – for the time being.
The US and EU have been in dispute about privacy in recent years. In 2020, the EU’s top court annulled the so-called Privacy Shield, the previous agreement regulating transatlantic data flows. Businesses, including private banks, wealth and asset managers, exchange information. There have been worries that legal frictions will hurt trade. Max Schrems, a privacy lobbyist, has been involved in EU court cases that ended up striking down the bloc’s previous transatlantic data flow decisions.
Adequacy
“The adequacy decision follows the US' signature of an executive
order on "Enhancing Safeguards for United States Signals
Intelligence Activities," which introduced new binding
safeguards to address the points raised by the Court of Justice
of the European Union in its Schrems II decision of July 2020,”
the European Commission said. “Notably, the new obligations were
geared to ensure that data can be accessed by US intelligence
agencies only to the extent of what is necessary and
proportionate, and to establish an independent and impartial
redress mechanism to handle and resolve complaints from Europeans
concerning the collection of their data for national security
purposes,” it continued.
The Commission explained that an “adequacy decision” is one of the tools provided under the General Data Protection Regulation (GDPR) to transfer personal data from the EU to third countries which, in the assessment of the Commission, offer a comparable level of protection of personal data to that of the European Union.
The US government has set up a “redress mechanism” to handle complaints from people whose data has been transferred from the EU to the US. This also covers countries in the European Economic Area (EEA): EU countries and also Iceland, Liechtenstein and Norway. It does not cover Switzerland.