They insist that failure by the EU to explicitly exempt markets regulators from the bloc’s General Data Protection Regulation (GDPR) could jeopardize international probes and enforcement actions in cases involving market manipulation and fraud.
The new rules, which came into force on May 25, have been several years in the making but lobbying by foreign regulators and their key international body has intensified over the past year with multiple meetings on both sides of the Atlantic as the law’s launch has approached, three people said.
The new EU law strengthens personal data privacy rights in the bloc, giving consumers greater control over their personal information. It narrows an exemption for cross-border personal data transfers made in the “public interest” by imposing new conditions, including extra privacy safeguards, on its use..
Under the previous law, regulators used the exemption to share vital information, such as bank and trading account data, to advance probes into a range of misconduct. For now, regulators are operating on the basis they can continue sharing such data under the new exemption but say doing so takes them into legally ambiguous territory because the new law’s language leaves room for interpretation.
They fear that without explicit guidance, investigations such as current US probes into cryptocurrency fraud and market manipulation in which many actors are based overseas, could be at risk. This is because in the absence of an exemption, cross-border information sharing could be challenged on the grounds that some countries’ privacy safeguards fall short of those now offered by the EU.
To fend off that risk, regulators are pressing the Brussels-based European Data Protection Board (EDPB) to formally sign-off on an “administrative arrangement” that would clarify in writing if and how the public interest exemption can be applied to their cross-border information sharing, three people with direct knowledge of the matter told Reuters.
The EU is reluctant to give such explicit guidance because it is worried the exemption could be used to illegitimately circumvent its privacy safeguards, now among the toughest in the world, harming EU citizens.