EU and global securities regulators welcome agreement on data transfer
The International Organization of Securities Commissions (IOSCO) and the European Securities and Markets Authority (ESMA) welcome the Opinion of the European Data Protection Board (EDPB) on their administrative arrangement for the transfer of personal data between European Economic Area (EEA) Financial Supervisory Authorities and non-EEA Financial Supervisory Authorities.
Under the European General Data Protection Regulation (GDPR), personal data can be transferred from a EEA country to a third country when appropriate safeguards are provided. One of the ways to provide the safeguards is by an administrative arrangement between public authorities. In its Opinion, the EDPB considers that ESMA and IOSCO’s administrative arrangement ensures appropriate safeguards when personal data will be transferred pursuant to the arrangement.
The EDPB Opinion is the first of its kind and will enable the continued exchange of enforcement and supervisory information between securities regulators, including under the IOSCO Multilateral MoU, to promote orderly markets and protect investors, while providing the protection of personal data.
ESMA and IOSCO members who exchange personal data on a regular basis will now take the necessary steps to enter into the arrangement.