EU Rules Restricting the International Transfer of Non-Personal Data
All Fintech
Cybersecurity
February 29, 2024
The Case
While the EU GDPR regulates the international transfer of personal data, several recently enacted EU laws regulate the international transfer of non-personal data, which is any data that is not “personal data” under the GDPR. In other words, these new laws apply to data that does not relate to an identified or identifiable natural person, including anonymized data and data about industrial equipment, significantly expanding the types of data subject to international transfer restrictions.
Why Does This Matter?
The EU-US Adequacy Decision has been recently adopted. It will replace the Privacy Shield, which guides companies in transferring data between the two countries through self-certification under the EU-US Data Privacy Framework.
The new Adequacy Decision Framework introduced significant improvements compared to the mechanism under the Privacy Shield.
InnReg's Experience
Since its inception in 2013, InnReg has developed deep expertise in compliance services related to customer data protection for EU-based fintechs.
Learn More About This Topic
For additional insights, read InnReg’s comprehensive guide to help with compliance towards EU regulations, as well as our analysis of the EU-US Adequacy Decision and its impact on GDPR.
Blockchain
On December 30, 2024, the US Department of the Treasury and the IRS issued final regulations focused on decentralized finance (DeFi) platforms and their role in digital asset transactions.
RIAs
The Securities and Exchange Commission announced charges against nine investment advisors and three broker-dealers for failures by the firms and their personnel to maintain and preserve electronic communications in violation of recordkeeping provisions of the federal securities laws.
RIAs
The SEC’s order finds that, from at least October 2018 until January 2022, an investment advisory firm stated in its offering materials and other documents provided to prospective and existing private fund investors that it was voluntarily complying with AML due diligence laws despite those laws not applying to investment advisors.
