Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On December 15, the Irish Data Protection Commission (Commission) announced a final decision was reached in a General Data Protection Regulation (GDPR) investigation into a U.S.-based social networking tech company’s actions related to a 2019 data breach that affected users across the European Union. The final decision, published by the European Data Protection Board (EDPA), imposes a €450,000 fine against the company, and resolves an investigation in which the Commission alleged the company violated Articles 33(1) and 33(5) of the GDPR by failing to provide notice about the breach within a 72-hour period and by neglecting to adequately document the breach. According to the Commission, this inquiry is the first “dispute resolution” Article 65 decision (draft decision) under the GDPR, and marks the first decision issued against a “big tech” company. According to the final decision, “a number of concerned supervisory authorities raised objections” to aspects of the draft decision, taking issue, among other things, with the size of the proposed fine, which was originally set between €135,000 and €275,000. The EDPA determined that the objections were “relevant and reasoned” and instructed the Commission to increase the fine to ensure “it fulfils its purpose as a corrective measure and meets the requirements of effectiveness, dissuasiveness and proportionality” established under the GDPR.
On December 11, the Federal Reserve Board and the OCC issued a joint statement addressing the ability of a covered swap entity to service cross-border clients. (See also OCC Bulletin 2020-108.) As previously covered by InfoBytes, the Fed, OCC, FDIC, FHFA, and Farm Credit Administration adopted an interim final rule (IFR) in 2019 to amend the Swap Margin Rule to assist covered swap entities preparing for the United Kingdom’s withdrawal from the European Union. The IFR addresses the situation where the withdrawal occurs without a negotiated agreement and entities located in the UK transfer existing swap portfolios that face counterparties located in the EU over to affiliates located in the US or the EU. Specifically, the IFR provides that certain swaps under this situation will not lose their “legacy” status—will not trigger the application of the Swap Margin Rule—if carried out in accordance with the conditions of the rule. The OCC notes that the absence of an agreement between the UK and the EU that addresses passporting rights (defined in the joint statement as the “EU’s system of cross-border authorizations to engage in regulated financial entities) would result in UK entities losing the ability to continue servicing their EU clients when the transition period expires.
The joint statement explains that the Fed and OCC “will not recommend that their respective agencies take action if a covered swap entity is a party to a legacy swap that was amended under [certain] conditions.” The no-action relief is applicable to the transfer of legacy swaps completed by the later of January 1, 2022, or one year after the expiration of EU passporting rights, unless amended, extended, terminated, or superseded, and is intended “to provide certainty to covered swap entities currently operating in the affected jurisdictions as to the legacy status of transferred swaps in light of the uncertainty regarding whether the EU will agree to a free trade agreement granting UK companies passporting rights related to financial services.”
- Buckley Webcast: CRA modernization — All eyes turn to the Fed
- Daniel R. Alonso to discuss "How to become an AUSA" at the New York City Bar Association Minorities in the Courts Committee “How To” series
- Michelle L. Rogers and Kathryn L. Ryan to discuss “Fintech U.S. expansion” at the Tech Nation 3.0 cohort meeting
- Melissa Klimkiewicz to discuss "Flood insurance basics" at the NAFCU Virtual Regulatory Compliance School