British Bankers Association submission to the consultation on the legal framework for the fundamental right to protection of personal data
|
|
- Mark Payne
- 5 years ago
- Views:
Transcription
1 British Bankers Association submission to the consultation on the legal framework for the fundamental right to protection of personal data The BBA 1 is pleased to respond to the European Commission s consultation on the legal framework for the fundamental right to the protection of personal data. The BBA is a registered organisation in the European Transparency Initiative (ETI). Our registration number is Any enquiries in relation to the responses below should be directed to shahid.rahman@bba.org.uk Q1: Please give us your views on the new challenges for personal data protection, in particular in the light of new technologies and globalisation. 1. Banks and other financial services organisations operate in a global environment. The rules imposed by the European Data Protection Directive (95/46/EC) ( the Directive ) governing the transfer of personal data outside the European Economic Area were written at a time when the internet was in its infancy and the need and ability to share personal data across national borders was considerably lower than it is in the 21 st century. 2. One of the challenges is how to provide clarity over who is deemed to be a data controller. In addition, greater clarity is required to assess where a data controller is established ; a typical example might be where an individual logs on to his computer in France, searches a UK website, for which he applies for a product in Africa. In this example, it might be assumed that the Data Controller is not established in Community territory ( 4.1(c)), although this is not necessarily the case. A challenge will be to achieve clarity. 3. Following the same theme, many EU organisations archive or back-up their data on servers outside the EU, where there will be no active processing of the information, simply retaining a mirror copy for disaster recovery purposes. The location is chosen for economic as well as operational reasons. For example, business continuity plans may make it appropriate to archive personal data on a different continent. Under current laws, the location of the server is a determining factor, rather than the law of the jurisdiction in which decisions are made about the processing of the data. 4. Conversely, the Directive applies to a non-eu located data controller that processes personal data in the EU. This extra-territorial effect creates a burden for controllers that would not otherwise have to comply with EU data protection law. It is difficult to enforce and noncompliance by such controllers is likely. It is also a disincentive to locate processing in the EU. Data belonging to another jurisdiction should be governed only by the law pertaining to that jurisdiction and not where the data is processed. 5. Data processors play an increasingly large part in processing activity and yet do not have legal obligations to comply with the Directive. Have the distinction between the two lost its relevance in today s business world? 6. Since 95/46/EC came into force, the world has experienced the events of 9/11, resulting in a range of subsequent anti-terrorism measures, not least the US Patriot Act. 7(e) Public Interest probably has a significantly different interpretation today than it had in the last decade 1 The BBA is the leading association for the UK banking and financial services sector, speaking for 223 banking members from 60 countries on the full range of UK or international banking issues and engaging with 37 associated professional firms. Collectively providing the full range of services, our member banks make up the world s largest international banking centre, operating some 150 million accounts and contributing 50 billion annually to the UK economy.
2 2 of the 20 th century. It will also be interpreted differently in different jurisdictions, depending on their view (perceived or otherwise) of threats to their community and citizens. 7. The volume of personal data being processed is far greater than it was in Whilst acknowledging the benefits of data minimisation, data controllers are subject to legal obligations to retain certain types of data for significant periods. 8. A register of Data Controllers does not help a data subject in any material way. It does not appear to have been implemented across Europe in the way intended and is used by some Data Protection Authorities for auditing purposes. Notification appears to be unnecessarily bureaucratic with little added value to either a data subject or data controller Transfer to third countries would appear to be at odds with the modern world. In the technological world where there are no geographic boundaries, the challenge would seem to be how to enforce the article and whether it is even realistic to try. 10. Each Member State has interpreted and implemented the Directive differently. The lack of harmonisation is a particular challenge, particularly when it comes to what constitutes consent. This can be difficult where, for example, a UK based Group of companies with employees across Europe wishes to hold personal data about those employees centrally in the UK. Some Member States require particularly strong conditions to be met before such transfers may be made, including the explicit consent of the employee and also, perhaps, Works Council approval. This has the effect of restricting the free flow of personal data between Member States. 11. Processing of personal data is on such a scale today that obtaining the necessary level of consent from pre-existing customers is not viable. Whilst data controllers may be able to rely on one of the other fair processing conditions, this is not always possible, especially not on a pan-european basis. This potentially puts controllers at a disadvantage where there may in fact be no potential damage to the data subjects. The absence of an on risk of harm or intent of either the data subject or data controller is a gap in the legislation in this regard. Q2: In your view, how does the current legal framework meet these challenges? 12. The adequacy rule on cross-border data transfers lacks clarity and is unnecessarily burdensome. 13. Globalisation and lack of geographic borders in relation to new technologies such as the internet mean that the current framework is ineffective in a significant volume of daily crossborder transfers. 14. It creates uncertainty over the circumstances when a data processor might be a data controller. The current framework does not reflect the level of responsibility applicable to data processors. 15. There is uncertainty over which is the lead jurisdiction in a multi-jurisdictional relationship. 16. The perception of what is in the public interest has changed significantly since 9/11. The current framework does not reflect that perception. Given that public interest will mean different things to different organisations and individuals in different jurisdictions, it is difficult to understand how any data controller could ever rely on any public interest exemption Special categories of data seems to add no value or benefit to data subjects or data controllers. Indeed, it seems unnecessarily burdensome. Given that the Directive requires all personal data to be processed fairly and lawfully this should be sufficient, without creating extra burden for data subjects and data controllers. An element of proportionality could helpfully be applied. 18. The current framework is too broad in its definition of Access ( 12a) and enables data subjects or their representatives to obtain information as part of wider campaigns, rather than for the intended purposes of (a) identifying whether a data controller is processing information about them and (b)to verify the accuracy of that information.
3 Q3: What future action would be needed to address the identified challenges? 3 2(a) Personal data definition Harmonisation and greater clarity is required 2(f) Third party We recommend that third party and data processor are brought together under a single definition 2(h) Data subject s consent 3.1 Forms part or intention to form part of a filing system 3.2 Does not apply outside Community law 4.1(c) Controller not established in Community territory Harmonisation and greater clarity is required. There should be a single definition of consent to encompass all types of personal data and all types of processing throughout the Directive for clarity. It is difficult to prove intent. Therefore, we recommend that or intention to form part should be removed. It is not clear what this means in practice, nor how it can work in respect of multi-national companies. It needs a clearer framework of the interaction of the Treaties and Directives. Ideally, this should be removed from the Directive. The law of the jurisdiction where decisions are made should apply, not where the server is located, particularly if the processing is undertaken solely for, say back-up or business continuity purposes Representative As with 4.1(c) this should be removed as it seems to add little value. 7(c) Legal obligation We would welcome the addition of or regulatory before obligation as there is real conflict in respect of non-eu national regulations. 7(e) Public interest Public interest means different things in different countries. We recommend that this clause be deleted as it appears to be difficult for any jurisdiction to be able to rely on this clause. 8.1 Special categories of data 8.2(a) Explicit consent 8.5 Offences, criminal convictions As this can prove burdensome for both data subject and data controller, we recommend that this clause is deleted and that all personal data should be processed fairly and lawfully with protection proportionate to the risk of harm. Explicit is not defined, but clearly it is intended to be stronger than the definition under 7(a). There should be a single definition of consent to encompass all personal data. We recommend that the word offences should be deleted thus enabling organisations to conduct internal investigations under this. 8.6 Derogations It is not clear what value this provision adds. For example, who relies on it? If it is never relied on should it be removed? 8.7 National ID numbers As this is already covered by local legislation and is the same for all other categories of personal data that haven t been deemed special what does this add?
4 12(a) Access Harmonisation is required to achieve the same reasonable timeframe across the EU. In the interests of proportionality, only personal data being processed now in a live environment should be provided. Archive or back-up data that no longer has any impact of the privacy of the individual should be exempted. An exemption in relation to vexatious requests would ensure focus remains on whether a data controller processes personal data and whether such data is accurate. 18 / 19 Notification (and contents) 4 Notification should be limited to the name and public contact details (e.g. for submitting access requests) of the data controller, plus a general description of the data controller s business, e.g. banking / financial services. It isn t clear what value is being added to the data subject, the data controller or the public at large by the current requirements. This requirement to register/notify hasn t been consistently applied across jurisdictions and so harmonisation is required to facilitate passporting i.e. if notification is accepted in domestic jurisdiction, it would be accepted in all other EU member states in which the data controller operated. 20 Prior checking We recommend that this be removed as it is an unnecessary burden on regulatory authorities and is inconsistently applied across jurisdictions. 25 Transfers to third countries Ideally, this should be removed as it is at odds with the modern world, where geographic boundaries can be by-passed electronically. Alternatively, revise 17 to build in the need for proportionate, harm-based controls in relation to transfers. There should also be a legitimate interest provision. There should be differentiation between intra-group transfers and transfers to other organisations. Add clarity in respect of which law applies where there is multijurisdictional impact. Take account of the concept of Cloud Computing and the chains of parties that exist in modern day outsourcing arrangements. Link in with greater clarity in Derogations We recommend that this be removed as it seems at odds with the objectives of the Directive to state that security does not apply if the data subject consents to the transfer. There should be a single list of exemptions for all the provisions in the Directive. 26.1(a) adds another variation on consent by introducing unambiguously. There should be a single, all-encompassing definition of consent in all its forms. An additional derogation should be added in relation to back-up data that exists for business continuity purposes only or else the data should not be considered processed in the first place, akin to the rule in relation to data in transit.
5 Authorised Recognising that if 26.1 is not removed, this must transfers / objections / remain, we recommend that BCRs should be approved by one contractual Data Protection Authority and then recognised by all others in safeguards the EU. 27 Codes of conduct We support the use of Codes of conduct, but would welcome mutual recognition across all EU member states as a further move towards harmonisation. In the way that the BCR process is intended to work.
Standard contractual clauses for the transfer of personal data to third countries - Frequently asked questions
MEMO/05/3 Brussels, 7 January 2005 Standard contractual clauses for the transfer of personal data to third countries - Frequently asked questions Directive 95/46/EC, on the protection of individuals with
More informationData Transfer Policy Version 1.1 Last amended: 18 September 2014 Policy Owner: Governance Team
Data Transfer Policy Version 1.1 Last amended: 18 September 2014 Policy Owner: Governance Team The University of Nottingham ( the University ) Tri-Campus Data Transfer Policy Background and Statement of
More informationEBA FINAL draft regulatory technical standards
EBA/RTS/2013/08 13 December 2013 EBA FINAL draft regulatory technical standards on passport notifications under Articles 35, 36 and 39 of Directive 2013/36/EU EBA FINAL draft regulatory technical standards
More informationData protection and transfer
Brexit Quick Brief #5 Data protection and transfer Key points The movement of personal data between locations is an integral part of modern banking operations. Financial services firms store and process
More informationMichael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty. Overview of the EU General Data Protection Regulation (GDPR)
Michael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty Overview of the EU General Data Protection Regulation (GDPR) WHAT YOU NEED TO KNOW ABOUT THE EU GENERAL DATA PROTECTION REGULATION (GDPR) What is the GDPR?
More informationPrivacy Policy. For the purposes of Data Protection Legislation the data controller is the Company.
Privacy Policy Ashoka India Equity Investment Trust plc (the "Company"), or any third party service provider, functionary, or agent appointed by the Company acting on its behalf (together, the "Fund",
More informationGLOBAL DATA PROTECTION POLICY URUP
Page 1 of 8 1. SCOPE AND INTRODUCTION GLOBAL DATA PROTECTION POLICY URUP 1.1. This document is intended to provide a policy under which URUP International Limited, its subsidiaries and affiliates and/or
More informationCP19/15: Contractual stays in financial contracts governed by third-country law
Andrew Hoffman and Leanne Ingledew Prudential Regulation Authority 20 Moorgate London EC2R 6DA Cp19_15@bankofengland.co.uk 14 th August 2015 Dear Leanne and Andrew, CP19/15: Contractual stays in financial
More informationABI response to DCMS Call for views on GDPR. The ABI
ABI response to DCMS Call for views on GDPR The ABI The Association of British Insurers is the leading trade association for insurers and providers of longterm savings. Our 250 members include most household
More informationStates of Guernsey EU General Data Protection Regulation (GDPR) - High-level impact assessment
CI Advisory EU General Data Protection Regulation (GDPR) - High-level impact assessment Basis for this report This document has been prepared only for the and solely for the purpose and on the terms agreed
More informationEffective flow of personal data post-brexit
Effective flow of personal data post-brexit Implications for capital markets April 2018 Association for Financial Markets in Europe www.afme.eu GDPR Background Contents Executive Summary... 3 1 GDPR Background...
More informationBrexit Essentials: an update on data protection and privacy
Brexit Essentials: an update on data protection and privacy November 2017 With the United Kingdom set to withdraw from the European Union on 29 March 2019, the Ministry for Brexit faces a critical juncture
More informationEBA FINAL draft implementing technical standards
EBA/ITS/2013/05 13 December 2013 EBA FINAL draft implementing technical standards on passport notifications under Articles 35, 36 and 39 of Directive 2013/36/EU EBA FINAL draft implementing technical standards
More information11 th July Summary views
Record Currency Management Limited response to European Supervisory Authorities Consultation Paper Draft regulatory technical standards on risk-mitigation techniques for OTC-derivative contracts not cleared
More informationBINDING CORPORATE RULES
BINDING CORPORATE RULES CONTROLLER PRINCIPLES INTRODUCTION At Marsh & McLennan Companies (MMC), we respect and are committed to protecting the privacy, security and integrity of Personal Information 1
More informationRef: BEPS CONFORMING CHANGES TO CHAPTER IX OF THE OECD TRANSFER PRICING GUIDELINES
Jefferson VanderWolk Organisation for Economic Cooperation and Development 2 rue André-Pascal 75775, Paris, Cedex 16 France August 16, 2016 William Morris Chair, BIAC Tax Committee 13/15, Chaussée de la
More informationIndividual Accountability: Extending the Senior Managers & Certification Regime to all FCA firms
Individual Accountability: Extending the Senior Managers & Certification Regime to all FCA firms 3 rd November 2017 On behalf of their members, AFME and UK Finance welcome the opportunity to comment on
More informationData Protection Post-Brexit
Brexit Law your business, the EU and the way ahead Data Protection Post-Brexit What to expect and how to prepare March 2019 Understanding the practical implications of Brexit for data protection compliance,
More informationDraft Registration of Overseas Entities Bill
17 September 2018 To: transparencyandtrust@beis.gov.uk Introduction 1. The British Property Federation (BPF) represents the commercial real estate sector. We promote the interests of those with a stake
More informationGovernance under AIFMD
www.pwc.co.uk Governance under September 2011 Governance under The Alternative Investment Fund Managers Directive () subjects managers of alternative investment funds (AIFs) to compulsory regulation in
More informationInternational data transfers and Schrems White & Case. Aqeel Kadri and Tim Hickman
International data transfers and Schrems White & Case Aqeel Kadri and Tim Hickman 9 March 2016 Overview of EU data protection law Currently, each EU Member State has its own national data protection law,
More informationA distinctive local company with national standards. Practical Credit Control & New [GDPR] Data Protection Regulations
A distinctive local company with national standards Practical Credit Control & New [GDPR] Data Protection Regulations 1 Introduction DSL started collecting veterinary debt 11 years ago and now help over
More informationQuestions and Answers Relating to the provision of CFDs and other speculative products to retail investors under MiFID
Questions and Answers Relating to the provision of CFDs and other speculative products to retail investors under MiFID 1 June 2016 ESMA/2016/904 Date: 01 June 2016 ESMA/2016/904 ESMA CS 60747 103 rue de
More informationAmCham EU s position on the Commission Anti-Tax Avoidance Package
AmCham EU s position on the Commission Anti-Tax Avoidance Package Executive summary AmCham EU welcomes attempts to ensure that adoption of the OECD s recommendations is consistent across the EU and with
More informationFirefighters Pension Scheme
Compliance Firefighters Pension Scheme General Data Protection Regulation Privacy Notices As confirmed in bulletin 7 (April 2018) the LGA Bluelight team commissioned Squire Patton Boggs to produce a template
More informationData Protection Privacy Notice for people not directly involved in the accident
Data Protection Privacy Notice for people not directly involved in the accident Purpose of this Privacy Notice MIB (or we ) respects your privacy and is committed to protecting your personal data. This
More informationDATA PROTECTION LAWS OF THE WORLD. Czech Republic
DATA PROTECTION LAWS OF THE WORLD Czech Republic Downloaded: 15 July 2018 CZECH REPUBLIC Last modified 24 May 2018 LAW The General Data Protection Regulation (Regulation (EU) 2016/679) (" GDPR") is a European
More informationWorking Party on the Protection of Individuals with regard to the Processing of Personal Data
EUROPEAN COMMISSION DIRECTORATE GENERAL XV Internal Market and Financial Services Free movement of information, company law and financial information Free movement of information and data protection, including
More information2. TASK OF DPO IN INTERNATIONAL DATA TRANSFERS
INTERNATIONAL DATA TRANSFERS AND CODES OF CONDUCT Ana María Martínez Bermejo ammartinezb@agpd.es Spanish Data Protection Agency 1. INTERNATIONAL DATA TRANSFERS 2. TASK OF DPO IN INTERNATIONAL DATA TRANSFERS
More informationCONSULTATION DOCUMENT ON THE REVIEW OF THE INSURANCE MEDIATION DIRECTIVE (IMD) (EC CONSULTATION)
CONSULTATION DOCUMENT ON THE REVIEW OF THE INSURANCE MEDIATION DIRECTIVE (IMD) (EC CONSULTATION) BEUC RESPONSE TO CONSULTATION Contact: Financial Services financialservices@beuc.eu Ref.: X/2011/026 04/03/11
More informationTransborder data transfers briefly explained
Federal Data Protection and Information Commissioner FDPIC Transborder data transfers briefly explained For the attention of federal bodies and private industry (Last modified: January 2017) 1) What is
More informationInvestigatory Powers Bill ISPA response
About ISPA 1. The Internet Services Providers Association (ISPA) is the trade association for companies involved in the provision of Internet Services in the UK with around 200 members from across the
More informationPart II. Criteria for determining the relative importance of the differing factors to be taken into account for best execution. (Art. 21.
Legal & General Investment Management Limited s response to CESR S advice on possible implementing measures of the Directive 2004/39/EC on Markets on Financial Instruments. Part II Legal & General Investment
More informationSanctions and Anti-Money Laundering Bill
Sanctions and Anti-Money Laundering Bill Committee Stage House of Lords Tuesday 21 November 2017 The Law Society of England and Wales is the independent professional body that works to support and represent
More informationMan and Machine - Data Protection Policy
Man and Machine - Data Protection Policy 1. Introduction This Policy sets out the obligations of Man and Machine Ltd, whose registered office is at Unit 8 Thame 40, Jane Morbey Road, Thame, Oxfordshire,
More informationThe GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018
The GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018 GDPR so far The EU General Data Protection Regulation (Regulation (EU) 2016/679) comes into effect on 25 May 2018 Aims to protect:
More informationCustomer means any EEA entity that registers for or purchases products or services from SDL or SDL EEA Entities.
SDL Inc. : EU-US Privacy Shield Notice Policy version: 1.01 Effective Date: 26 September 2016 The SDL Group of companies is an international commercial organization which due to the nature of modern business
More informationEBF POSITION ON THE REVIEW OF THE MARKET ABUSE DIRECTIVE
EBF Ref.D2000D-2011 Brussels, 19 December 2011 Launched in 1960, the European Banking Federation is the voice of the European banking sector from the European Union and European Free Trade Association
More informationTax risk management strategy
Vodafone Group Plc has a tax strategy focused on the following 6 key areas: Integrity in compliance and reporting Enhancing shareholder value Business partnering Influencing tax policy Developing our people
More informationGeneralised Reverse Charge Mechanism
POSITION PAPER 28 th March 2017 Generalised Reverse Charge Mechanism KEY MESSAGES 1 2 3 BusinessEurope fully endorses the fight against VAT-fraud. VAT fraud has a negative impact on government revenues,
More informationBRITISH BANKERS ASSOCIATION
BRITISH BANKERS ASSOCIATION JOINT BBA - ICMA RESPONSE TO CESR CONSULTATION ON THE MARKET ABUSE DIRECTIVE LEVEL 3 SECOND SET OF GUIDANCE AND INFORMATION ON THE COMMON OPERATION OF THE DIRECTIVE TO THE MARKET
More informationOPINION OF THE EUROPEAN CENTRAL BANK
EN ECB-PUBLIC OPINION OF THE EUROPEAN CENTRAL BANK of 5 February 2014 on a proposal for a regulation of the European Parliament and of the Council on interchange fees for card-based payment transactions
More informationWe have seen and generally support the comments made by Law Society of England and Wales in its response (the Law Society Response).
City of London Law Society Company Law Committee response to the Department for Business Innovation and Skills Discussion Paper on Transparency & Trust: enhancing the transparency of UK company ownership
More informationKCSP Data Protection Policy
KCSP Data Protection Policy Approving Body Board of Directors Approval Date March 2017 Review Date March 2019 By knowledge the upright are safeguarded [Proverbs 11/9] 1. Statement of purpose The purpose
More information- PACS - Project Anti-Corruption System. (Construction Projects) Template 4. Disclosure Assessment Guide
GIACC Global Infrastructure Anti-Corruption Centre TRANSPARENCY INTERNATIONAL (UK) - PACS - Project Anti-Corruption System (Construction Projects) Template 4 Disclosure Assessment Guide Licence to use:
More informationTackling tax evasion: legislation and guidance for a corporate offence of failure to prevent the criminal facilitation of tax evasion
Jennifer Haslett HM Revenue & Customs Room 1C/26 100 Parliament Street London SW1A 2BQ consult.nosafehavens@hmrc.gsi.gov.uk 6 July 2016 Dear Jennifer Tackling tax evasion: legislation and guidance for
More informationPRIVACY NOTICE Use of Information Data Controller and Data Processor
PRIVACY NOTICE Please take time to read this document carefully as it contains details of the basis on which we will process (collect, use, share, transfer) and store your information. You should show
More informationDATA PROTECTION NOTICE
DATA PROTECTION NOTICE The protection of your personal data is important to the BNP Paribas Group, which has adopted strong principles in that respect for the entire Group. The BNP Paribas Group is made
More informationLondon Stock Exchange Group Response to ESMA consultation on Guidelines for participant default procedures under CSDR
London Stock Exchange Group Response to ESMA consultation on Guidelines for participant default procedures under CSDR Introduction London Stock Exchange Group (LSEG) is a diversified international market
More informationEurofinas is entered into the European Transparency Register of Interest Representatives with ID n
Eurofinas observations on the Commission s Proposal for a Directive on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing (COM(2013) 45 final)
More informationON24 DATA PROCESSING ADDENDUM
ON24 DATA PROCESSING ADDENDUM This Data Processing Addendum ( Addendum ) is entered into by and between ON24 Inc., on behalf of itself and its Affiliates ( ON24 ), and Client, on behalf of itself and its
More informationPRIVACY NOTICE LAST UPDATED: SEPT. 2018
PRIVACY NOTICE LAST UPDATED: SEPT. 2018 HOW THE BANK USES YOUR PERSONAL DATA This privacy notice provides an overview of how Hellenic Bank Public Company Ltd (the Bank ) processes your personal data. Personal
More informationBrexit Quick Brief #1
Brexit Quick Brief #1 1 Implications of leaving the EU single market s are a series of short papers intended to inform readers about key commercial, regulatory and political considerations around Brexit.
More informationDelegations will find in the Annex a Presidency compromise on the abovementioned proposal.
Council of the European Union Brussels, 29 November 2018 (OR. en) Interinstitutional File: 2018/0073(CNS) 14886/18 FISC 511 ECOFIN 1149 DIGIT 239 NOTE From: To: Presidency Council No. Cion doc.: 7420/18
More informationConsultation response
Consultation response European Commission DG Markt DATE: 06 April 2009 TO: markt-retailconsultation@ec.europa.eu RESPONSE BY: Vera Cottrell Principal Policy Advisor Which? Re: Financial inclusion: Ensuring
More informationThe Era of GDPR Data Privacy, Two Months In: Do you have a Data Transfer Agreement handy? July 31, 2018
The Era of GDPR Data Privacy, Two Months In: Do you have a Data Transfer Agreement handy? July 31, 2018 Upcoming Events: Sign up on our web site Associate Safety Professional (ASP) Examination Preparation,
More informationCENTRAL BANK OF MALTA DIRECTIVE NO 1. in terms of the. CENTRAL BANK OF MALTA ACT (Cap. 204 of the Laws of Malta)
CENTRAL BANK OF MALTA DIRECTIVE NO 1 in terms of the CENTRAL BANK OF MALTA ACT (Cap. 204 of the Laws of Malta) THE PROVISION AND USE OF PAYMENT SERVICES Ref: CBM 01/2018 Repealing CBM Directive No.1 modelled
More informationCESR s guidelines for supervisors regarding the transitional provisions of the amending UCITS Directives 2001/107/EC and 2001/108/EC
CESR s guidelines for supervisors regarding the transitional provisions of the amending UCITS Directives 2001/107/EC and 2001/108/EC Consultation Paper ref: CESR / 04-434 A response from Fidelity International
More informationReview of tax and corporate whistleblower protections in Australia
Review of tax and corporate whistleblower protections in Australia FEBRUARY 2017 Business Council of Australia February 2017 1 The Business Council of Australia is a forum for the chief executives of Australia
More informationEU General Data Protection Regulation vs. Swiss Data Protection Act (in the Private Sector 1 )
EU General Data Protection Regulation vs. Swiss Data Protection Act (in the Private Sector 1 ) October 26, 2017 Version 4.01 David Rosenthal (david.rosenthal@homburger.ch) Updates and more infos: http://www.homburger.ch/dataprotection
More informationTAX EVASION AND AVOIDANCE: Questions and Answers
EUROPEAN COMMISSION MEMO Brussels, 6 December 2012 TAX EVASION AND AVOIDANCE: Questions and Answers See also IP/12/1325 Tax Evasion Why has the Commission presented an Action Plan on Tax fraud and evasion?
More informationChapter 2. Business Framework
Agenda Item 2 Working Draft Chapter 2 Business Framework [This paper is based on a paper prepared by Members of the UN Tax Committee s Subcommittee on Practical Transfer Pricing Issues, but includes Secretariat
More informationBREXIT AND DATA PROTECTION Q & A
BREXIT AND DATA PROTECTION Q & A What happens now? The UK decision to leave the EU will not affect existing data protection and privacy laws in the UK. These laws (the UK Data Protection Act 1998 (DPA)
More informationFrequently asked questions on: Supply Chain Security
Frequently asked questions on: Supply Chain Security 1. Will the implemented AEO measures be applied uniformly in the customs territory? 2. What are the advantages of getting an AEO authorisation? 3. Does
More informationUK membership of the single currency
UK membership of the single currency An assessment of the five economic tests June 2003 Cm 5776 Government policy on EMU GOVERNMENT POLICY ON EMU AND THE FIVE ECONOMIC TESTS Government policy on EMU was
More informationBlackRock is pleased to have the opportunity to respond to the Call for Evidence AIFMD passport and third country AIFMs.
8 th January 2015 European Securities and Markets Authority 103 Rue de Grenelle 75007 Paris France Submitted via electronic submission RE: Call for evidence AIFMD passport and third country AIFMs Dear
More informationEU VAT FORUM WORKING DOCUMENT DOCUMENT ELABORATED BY THE BUSINESS EXPERT GROUP (BEGV): DOING BUSINESS IN PAST AND PRESENT TIMES
EUROPEAN COMMISSION DIRECTORATE-GENERAL TAXATION AND CUSTOMS UNION Indirect Taxation and Tax administration Tax administration and fight against tax fraud Brussels, 15.1.2013 EU VAT FORUM WORKING DOCUMENT
More informationEUROPEA U IO. Brussels, 12 June 2009 (OR. en) 2007/0198 (COD) PE-CO S 3651/09 E ER 173 CODEC 704
EUROPEA U IO THE EUROPEA PARLIAMT THE COU CIL Brussels, 12 June 2009 (OR. en) 2007/0198 (COD) PE-CO S 3651/09 ER 173 CODEC 704 LEGISLATIVE ACTS A D OTHER I STRUMTS Subject: REGULATION OF THE EUROPEAN PARLIAMENT
More informationReasoned Opinion of the House of Commons. Concerning a draft Regulation on a Common European Sales Law for the European Union 1
Reasoned Opinion of the House of Commons Submitted to the Presidents of the European Parliament, the Council and the Commission, pursuant to Article 6 of Protocol (No 2) on the Application of the Principles
More informationMiFID Questions and Answers
MiFID Questions and Answers Investor Protection & Intermediaries 18 April 2011 ESMA/2011/119 Date: 18 April 2011 ESMA/2011/119 Contents Question 1: Client profile review 5 Question 2: Appropriateness 5
More informationResponse to HMRC Consultation document issued 18 May 2018
Response to HMRC Consultation document issued 18 May 2018 Off-payroll working in the private sector Contents I. About Johnston Carmichael II. Summary III. Response to Consultation Questions IV. Conclusions
More informationInside magazine issue 12 Part 01 - From a digital perspective
Digital cross-border Wealth management When crossing borders, do you know and comply with all regulations, anytime and anywhere? Pascal Martino Partner Strategy, Regulatory & Corporate Finance Deloitte
More informationWhat does GDPR and the new Data Protection Act mean to Brokers/Intermediaries?
YYYYYYYYYYY The New Class 2016-2017 Report 2: General Date Protection Regulation (GDPR) What does GDPR and the new Data Protection Act mean to Brokers/Intermediaries? 1 2 Contents The Insurance Institute
More informationHillgate Travel GDPR Response. Privacy Policy
Hillgate Travel GDPR Response Privacy Policy HILLGATE TRAVEL This document has been designed using the guidance procedures provided by the Information Commissioners Office (ICO) and in relation to the
More informationAnti-money laundering Annual report 2017/18
Anti-money laundering Annual report 2017/18 Anti-money laundering Contents 1 Introduction 4 2 Policy developments 5 3 OPBAS 7 4 How our AML supervision is evolving 8 5 Findings and outcomes 9 6 Financial
More informationProposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
EUROPEAN COMMISSION Brussels, 12.3.2018 COM(2018) 110 final 2018/0045 (COD) Proposal for a REGULATION OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on facilitating cross-border distribution of collective
More informationAssociation of British Insurers Submission to the International Trade Select Committee inquiry: UK-US trade relations November 2017
Association of British Insurers Submission to the International Trade Select Committee inquiry: UK-US trade relations November 2017 Executive Summary 1. The Association of British Insurers (ABI) welcomes
More informationGuide to compliance with the Australian Privacy Principles. APP 1 Open and transparent management of personal information
Guide to compliance with the Australian Privacy Principles This guide provides a summary of each of the Australian Privacy Principles (APPs) prescribed under the Privacy Act 1988 (Cth), together with some
More information2. FROM WHICH SOURCES THE BANK COLLECTS YOUR PERSONAL DATA?
P R I V A C Y N O T I C E Last updated May 2018 Eurobank Cyprus Ltd ( the Bank ) wishes to inform you why and how the Bank collects and processes your personal data as well as of your rights under local
More informationDEED OF APPOINTMENT OF ADDITIONAL TRUSTEES. For use with the Scottish Widows OEIC Discretionary Trust
DEED OF APPOINTMENT OF ADDITIONAL TRUSTEES For use with the Scottish Widows OEIC Discretionary Trust What this form is for Should you die, you would want your OEIC investment to be paid out quickly efficiently.
More informationA New European Regime for Venture Capital
Ref. Ares(2011)1001117-21/09/2011 A New European Regime for Venture Capital Response of the Law Society of England and Wales ETI Registration number: 24118193117-34 The Law Society of England and Wales
More informationALFI response to ESMA s Discussion Paper on UCITS share classes
Luxembourg, 27 March 2015 ALFI response to ESMA s Discussion Paper on UCITS share classes General Remarks The Association of the Luxembourg Fund Industry (ALFI) is the representative body of the Luxembourg
More informationESMA s policy orientations on possible implementing measures under the Market Abuse Regulation
24 January 2014 European Securities and Markets Authority 103 rue de Grenelle 75007 Paris France Submitted online at: www.esma.europa.eu RE: ESMA s policy orientations on possible implementing measures
More informationPrivacy Source EU-U.S. Privacy Shield Passes First Annual Review
Privacy Source EU-U.S. Privacy Shield Passes First Annual Review Privacy Shield, the EU-U.S. data transfer agreement used by over 2,400 companies, recently passed its first annual review. This means the
More informationABI response to ICO consultation on GDPR consent guidance
1 31 March 2017 ABI response to ICO consultation on GDPR consent guidance About the ABI: The Association of British Insurers (ABI) is the leading trade association for insurers and providers of long-term
More informationCustomer Privacy Notice Edition
Customer Privacy Notice - 2018 Edition How Precise Mortgages uses your personal data 0800 116 4385 precisemortgages-customers.co.uk Contents About us 3 Who this privacy notice applies to 3 Why we are providing
More informationProposal for a regulation on the establishment of a framework to facilitate sustainable investment Contact person:
Position Paper Insurance Europe comments on the European Commission proposal for a regulation on the establishment of a framework to facilitate sustainable investment Our reference: Referring to: ECO-LTI-18-033
More informationCall for evidence - possible implementing measures of the future UCITS directive
Schroder Investments Limited 31 Gresham Street, London EC2V 7QA Investor Services: 0800 718 777 Switchboard 020 7658 6000 www.schroders.co.uk 31 March 2009 The Committee of Securities Regulators 11-13
More informationBANKING UNIT BANKING RULES SUPERVISION ON A CONSOLIDATED BASIS OF CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT Ref: BR/10/2007.
BANKING UNIT BANKING RULES SUPERVISION ON A CONSOLIDATED BASIS OF CREDIT INSTITUTIONS AUTHORISED UNDER THE BANKING ACT 1994 Ref: SUPERVISION ON A CONSOLIDATED BASIS OF CREDIT INSTITUTIONS AUTHORISED UNDER
More informationThis document is meant purely as a documentation tool and the institutions do not assume any liability for its contents
2009L0138 EN 31.03.2015 006.001 1 This document is meant purely as a documentation tool and the institutions do not assume any liability for its contents B DIRECTIVE 2009/138/EC OF THE EUROPEAN PARLIAMENT
More informationMobius Life Limited Data Privacy Notice
Mobius Life Limited Data Privacy Notice Introduction This data privacy notice confirms how Mobius Life Limited (referred to hereafter as our, us, we or MLL ) obtains, manages, uses, retains and destroys
More informationPROPOSALS FOR ENHANCED PUBLIC ACCOUNTABILITY Ref: TECH-CDR-897
PROPOSALS FOR ENHANCED PUBLIC ACCOUNTABILITY Ref: TECH-CDR-897 Comments from ACCA November 2009 ACCA (Association of Chartered Certified Accountants) is pleased to have this opportunity to comment on the
More informationCOMMITTEE OF EUROPEAN SECURITIES REGULATORS
COMMITTEE OF EUROPEAN SECURITIES REGULATORS Date: 6 May 2010 Ref.: CESR/10-591 Questions and answers on MiFID: Common positions agreed by CESR Members in the area of the Secondary Markets Standing Committee
More informationVODAFONE GROUP PLC TAX STRATEGY
VODAFONE GROUP PLC TAX STRATEGY In accordance with Para 16(2) Schedule 19 Finance Act 2016 this represents the Group s tax strategy in effect for the year ended 31 March 2018. 1 The areas below form the
More informationREQUEST TO EIOPA FOR TECHNICAL ADVICE ON THE REVIEW OF THE SOLVENCY II DIRECTIVE (DIRECTIVE 2009/138/EC)
Ref. Ares(2019)782244-11/02/2019 REQUEST TO EIOPA FOR TECHNICAL ADVICE ON THE REVIEW OF THE SOLVENCY II DIRECTIVE (DIRECTIVE 2009/138/EC) With this mandate to EIOPA, the Commission seeks EIOPA's Technical
More informationProcessing under the GDPR: risk and liability shifts
Processing under the GDPR: risk and liability shifts October 2016 With the GDPR now technically in force, and just over 18 months before it applies in Member States, we look at how this new regime will
More informationDiscussion Paper: Credit Hardship Obligations Outstanding Issues
Mr Tim Gough Senior Manager Deposit Takers, Credit & Insurers Australian Securities and Investments Commission 120 Collins Street MELBOURNE VIC 3000 By email: Copy to: tim.gough@asic.gov.au rushika.curtis@asic.gov.au.
More information***II POSITION OF THE EUROPEAN PARLIAMENT
EUROPEAN PARLIAMENT 1999 2004 Consolidated legislative document 14 May 2002 1998/0245(COD) PE2 ***II POSITION OF THE EUROPEAN PARLIAMENT adopted at second reading on 14 May 2002 with a view to the adoption
More informationTHEMED EXAMINATION PROGRAMME 2011: ANTI-MONEY LAUNDERING AND COMBATING THE FINANCING OF TERRORISM
THEMED EXAMINATION PROGRAMME 2011: ANTI-MONEY LAUNDERING AND COMBATING THE FINANCING OF TERRORISM SUMMARY FINDINGS DOCUMENT OVERVIEW 1 Introduction 1 2 Scope 1 3 Preliminary Observations 2 4 Major areas
More informationASTRAZENECA GLOBAL POLICY DATA PRIVACY
ASTRAZENECA GLOBAL POLICY DATA PRIVACY This Global Policy sets out the requirements for ensuring that we collect, use, retain and disclose personal data in a fair, transparent and secure way. Personal
More information