Regulators Ask EU For GDPR Exemptions


Regulators from North America, Great Britain and Asia have requested a formal exemption from the European Union’s new data privacy law that they said could potentially interfere with cross-border investigations.

According to Reuters, officials warn that if the EU won’t grant the exemption from the bloc’s General Data Protection Regulation (GDPR), it could jeopardize international investigations and enforcement in cases involving market manipulation and fraud.

The new rules, which went into effect on May 25, bolster personal data privacy rights in the EU, but also restrict an exemption for cross-border personal data transfers made in the “public interest.” So while regulators continue to share data under the new exemption, there is concern that the lack of an exemption could cause legal issues because the regulation’s language is open to interpretation.

That could put investigations, such as current U.S. probes into cryptocurrency fraud and market manipulation where many participants are based overseas, in jeopardy.

To make sure that doesn’t happen, regulators are requesting that the European Data Protection Board (EDPB) formally sign-off on an “administrative arrangement” that would explain in writing if and how the public interest exemption can be applied to cross-border information sharing.

But sources said that the EU is concerned that such explicit guidance could be used to illegitimately avoid its privacy safeguards.

Regulators who are making the request include the EU’s European Securities and Markets Authority (ESMA), the U.S. Commodity Futures Trading Commission (CFTC), the Securities and Exchange Commission (SEC), the Ontario Securities Commission (OSC), the Japan Financial Services Agency (FSA), Britain’s Financial Conduct Authority (FCA), and the Hong Kong Securities and Futures Commission (SFC).

When asked to respond to the regulators’ concerns, European Commission spokesman Christian Wigand said that data sharing between the EU and non-EU countries could be ensured under the EU data protection legislation.

“Europe is open for business,” he said.