The International Organization of Securities Commissions (IOSCO) and the European Securities and Markets Authority (ESMA) said yesterday that it welcomed the Opinion of the European Data Protection Board (EDPB) on their administrative arrangement for the transfer of personal data between European Economic Area (EEA) Financial Supervisory Authorities and non-EEA Financial Supervisory Authorities.
Under the European General Data Protection Regulation (GDPR), personal data can be transferred from an EEA country to a third country when appropriate safeguards are provided. One of the ways to provide the safeguards is by an administrative arrangement between public authorities. In its Opinion, the EDPB said it considers that ESMA and IOSCO’s administrative arrangement ensures appropriate safeguards when personal data will be transferred pursuant to the arrangement.
Analysts say the EDPB Opinion is the first of its kind and will enable the continued exchange of enforcement and supervisory information between securities regulators, including under the IOSCO Multilateral MoU, to promote orderly markets and protect investors, while providing the protection of personal data.
“The IOSCO MMoU is a widely used arrangement under which 121 securities regulators have agreed the basis on which they exchange information for the purposes of their enforcement mandates,” said Ashley Alder, IOSCO Chair. “I welcome the EDPB’s opinion which enables these vital cross border exchanges to continue with EEA authorities in a manner that is consistent with the new GDPR and the overall public interest, she added”
ESMA and IOSCO said members who exchange personal data on a regular basis will now take the necessary steps to enter into the arrangement.
Steven Maijoor, ESMA Chair, said that, while providing data protection safeguards, the arrangement will allow EEA and non-EEA supervisory authorities to continue to share the data needed for their work in overseeing increasingly globalized and interconnected capital markets, particularly in the areas of market abuse and insider dealing.
“Our goal in working collaboratively with the EDPB to prepare the administrative arrangement has been to ensure that personal data rights are respected in a manner that allows securities markets regulators to continue to fulfill our mandates to protect investors and ensure stability in the capital markets through information sharing,” said Maureen Jensen, Chair of the IOSCO Subgroup on Data Protection. “I believe the administrative arrangement achieves this goal and balances these important objectives.”