NEW TECHNOLOGY, PERSONAL DATA PROTECTION AND IMPLICATIONS FOR FINANCIAL SERVICES REGULATION

Size: px
Start display at page:

Download "NEW TECHNOLOGY, PERSONAL DATA PROTECTION AND IMPLICATIONS FOR FINANCIAL SERVICES REGULATION"

Transcription

1 NEW TECHNOLOGY, PERSONAL DATA PROTECTION AND IMPLICATIONS FOR FINANCIAL SERVICES REGULATION Information, Communication and Technology (ICT) developments present a challenge to public expectations about the collection, use, control and cross-border transmission of personal data - including financial data. Though policy settings are not yet stable or consistent globally, substantial regulatory activity in the field of data protection continues. 1 Most international regimes, including Australia s have two major policy drivers 2 : 1. Human rights: To protect the fundamental rights and freedoms of natural persons and in particular the right to privacy with respect to the processing of personal data; and 2. Economic: Not to restrict the free flow of personal data between states for reasons connected with protections afforded in 1. A global approach to these policy considerations is hampered by an absence of consensus on benefits and potential harms arising from ICT innovation 3 and consequently, the useful role for regulation. Private sector responses or privacyenhancing innovation also contribute to disagreement about the need for regulation. In this paper we briefly consider data protection laws in Europe and Australia. Europe is an important reference point as it has the most comprehensive personal data protection laws globally. We then examine the impact of different approaches to data protection for three areas of technology-driven financial sector innovation. Personal data protection in Europe and Australia Australia s personal data protection regime is contained in The Privacy Act which mandates 13 Australian Privacy Principles (APPs) in Schedule 1 to the Act. While administrative interpretation is provided by the Office of the Information Commissioner 4, Australian privacy and data protection concepts do not have much depth of jurisprudence arising from application of the statute, or from any right or tort of privacy at common law. That position contrasts starkly with the intense debate in Europe about the replacement of the existing Data Protection Directive ( Directive ) with the General 1 For an overview see Greenleaf, Graham, Sheherezade and the 101 Data Privacy Laws: Origins, Significance and Global Trajectories, Journal of Law, Information and Science 23, no. 1 (2014), 2 See for example the European Parliament and Council Directive 95/46/EC of 24 Oct1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data [1995] OJ L281/23 3 A Risk-based Approach to Privacy: Improving Effectiveness in Practice, Centre for Information Policy Leadership, 2014 accessed at: https://www.informationpolicycentre.com/privacy_risk_framework/ 4 Office of The Information Commissioner, All Privacy Resources Privacy Office of the Australian Information Commissioner - OAIC, Privacy Resources, accessed May 10, 2015, 1

2 Data Protection Regulation 5 ( Regulation ). The Australian position also contrasts with the deep human rights jurisprudence that supports the EU architecture 6. Most recently, evolution of personal data protection as a fundamental right in EU member states has been reflected in the adoption of the Lisbon Treaty 7 and the Charter of Fundamental Rights ( European Charter ) 8. The Right to Privacy contained in Article 7 was supplemented by Article 8 that protects individuals fundamental rights and freedoms with regard to the processing of personal data. The additional protection afforded by a human right to data protection over the established right to privacy is still subject to debate. 9 Digital innovation in financial services It has often been observed that technology-driven innovation is transformative for the financial services sector. Opportunities for innovation are abundant as fundamentally the sector revolves around recording, analysing and interpreting transactions, and managing associated information flows. With no physical products to manage, these processes readily lend themselves to improvement with digital technologies 10. In this paper we discuss three categories of innovation: 1. Big Data and Profiling 2. Cloud, and Trans Border Data Flows 3. Data portability, Robo advice and credit provision. Big Data and Profiling A commonly accepted definition of Big Data is datasets whose size is beyond the ability of a typical database software tool to capture, store, manage and analyse 11. By this definition many financial services firms have always had access to Big Data. Their business depends on access to personal identity and financial data about customers. Much of that information arises from service provision itself. Other information is solicited to meet legislative requirements, for risk assessment or to tailor product offerings. International standards require all customers to provide details about their 5 Proposal for a Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General Data Protection Regulation) COM (2012) 11 final. 6 European Commission - PRESS RELEASES - Press Release - Commission Proposal on New Data Protection Rules to Boost EU Digital Single Market Supported by Justice Ministers, accessed June 17, 2015, 7 Treaty of Lisbon amending the Treaty on European Union and the Treaty Establishing the European Community art. 16B, Dec. 13, 2007, 2007 O.J. (C 306) 51 Treaty of Lisbon, available at 8 Charter of Fundamental Rights of the European Union, Dec. 18, 2000, 2000 O.J. (C 364) 10, EU Charter of Fundamental Rights, available at charter/pdf/text_en.pdf. 9 Orla Lynskey, Deconstructing Data Protection: The Added-Value of a Right to Data Protection in the EU Legal Order, International and Comparative Law Quarterly 63, no. 03 (July 2014): , doi: /s Financial System Inquiry (Australia : 2014) et al., Final Report ([Parkes, A.C.T.]: [The Treasury], 2014), at p Big Data: The next Frontier for Innovation, Competition, and Productivity McKinsey & Company, accessed June 17,

3 identity prior to services being provided. 12 Clients seeking credit will provide information to inform credit assessments; advisors will require information about personal circumstances and needs to provide a reasonable basis for advice; legislation increasingly requires jurisdictional nexus information to inform tax authorities and international market trading obligations 13. In addition to these data sets, an explosion of sensors, smart devices and social collaboration technologies is supplementing data from traditional sources. Additional data is also being collected by centralised bodies international clearing houses for financial market trading; central credit reporting databases; and new payment platforms overseen by central banks are a few examples 14. National governments are encouraging these trends with open data policies and academic institutions are increasingly publishing useable data 15. Data generated by all sources is also increasingly connected. Cisco systems recently predicted that almost 3% of all things on earth will be network-connected by 2020 (from 0.6% in 2012) and 14% of these devices will be fully autonomous devices largely devoted to collecting data 16. For financial services firms the benefits of Big Data make it a commercial imperative. Studies point to enhanced algorithmic and market research capabilities, better risk management and regulatory reporting benefits, increased customer loyalty from better anticipation of customer needs and other forms of data monetisation 17. The benefits to customers are also self-evident less friction in product and service choice because of more targeted product offerings and often, lower cost. However the proliferation and use of data cause a general sense of unease. This unease is increasingly being described as a loss of informational self determination - originally a German concept 18. A lack of informational self-determination is a lack of control of how one presents oneself to others. 19 The retention of information alone is sufficient to give rise to these concerns the German Constitutional Court has 12 Financial Action Task Force, International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation: The FATF Recommendations (FATF/OECD, 2012), t.pdf. 13 For example Dodd Frank Wall St Reform and Consumer Protection Act purports to extend operation to persons outside the US but providing services to US Persons as explained Interpretative Guidance to certain Swap Rules accessed May 7, 2015, 14 RBA: Speech - The Path to Innovation in Payments Infrastructure in Australia, accessed May 14, 2015, 15 Timothy Glyn Davies, Open Data Policies and Practice: An International Comparison, Available at SSRN , 2014, 16 The Internet of Things. How the next Evolution of the Internet Is Changing Everything, accessed May 5, 2015, https://www.cisco.com/web/about/ac79/docs/innov/iot_ibsg_0411final.pdf. 17 See study prepared for the UK government to quantify the efficiency benefits of big data across different sectors of the UK Economy including investment and retail banking: CeBR Data-Equity-Unlocking the Value of Big Data (April 2012) accessed May 7, 2015, 18 The German Constitutional Court 1983 Population Census Decision, judgement 15 December 1983, 1 BvR 209/83, BVerfGE65,1 as cited in Ibid, p591 n Better Choices: Better Deals - Consumers Powering Growth: BIS Report , accessed June 20, 2015, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/294798/bis better-choicesbetter-deals-consumers-powering-growth.pdf. n20 3

4 referred to a diffusely threatening feeling of being watched 20. At a more granular level, there are two more micro sets of Policy concerns: Privacy and Discrimination 21. Big Data challenges privacy because it facilitates processing of aggregated information, or depersonalised ( pseudonymous ) information and matching with other information, enabling personal attributes to be derived. Most data protection laws use a concept of personal data or information as the threshold for substantive protections. That concept is increasingly challenged by the fact that general data can be personalised without the data subject s knowledge or consent. The Australian and European regimes have approached this issue differently. Both regimes use the concept of personal information (Australia) and personal data (EU) as a definitional threshold for the protections they provide. However, in addition the European regime defines their term more widely and specifies threshold grounds for use of personal data. The most common ground is: (a) the data subject has unambiguously given his consent; or.. (f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by the third party or parties to whom the data are disclosed, except where such interests are overridden by the interests for fundamental rights and freedoms of the data subject. 22 Where consent is not obtained the interests of the data controller and data subject need to be weighed against each another. For example, using this test, the Article 29 Working Group 23 has advised that creation of prebuilt profiles on non-social network sites though the aggregation of data independently contributed by social network users, lacks a legal basis and is not permitted 24. The Australian regime does not have a legal grounds concept limiting personal data use. Given the broader social role of the financial system to provide funding and risk solutions, profiling and matching give rise to important policy issues for the financial sector. Discrimination and adverse selection issues arise from advances in analytical capacity and profiling. The issues can be particularly harmful where those analytics are embedded in online or automated decision tools not transparent to the data subject. Automation and big data mining is pervasive. A business advisor describes services it was able to provide to a Fortune 500 life insurance company: 20 https://www.bundersverfassungsgericht.de/sharedocs/pressemitteilungen/en/2010/bvg html 21 I. S. Rubinstein, Big Data: The End of Privacy or a New Beginning?, International Data Privacy Law 3, no. 2 (May 1, 2013): 74 87, doi: /idpl/ips036 at Article 7 Directive 95/46/EC 23 The WP29 is composed of a representative of the supervisory authorities designated by each EU Member State, a representative of the European Data Protection Supervisor and a representative of the European Commission. It has advisory status and acts independently. 24 Article 29 Working Group Opinion 5/2009 4

5 [we] brought understanding of the opportunities, sources, quality and use of available data third party data sets and analytical capabilities to give the client the insights it needed..assisted the client with collecting external third party data sets how many people have life insurance, what type it is, what their net worth is, what demographic categories they fall into, how digitally savvy they are an even how much time they spend online each week. Armed with that model, the client could easily find the prospects most likely to shop online and create marketing programs that would target with a laserlike focus. create a direct distribution system that could analyse a customer s application, write a policy and confirm it with the type of response times customers expect from online sales applications 25. Increasing accuracy in analytics reduces the market for financial products that pool risks across a group or society. Risk pooling operates so that in an uncertain future the more fortunate underwrite the misadventure of the less fortunate. Accurate predictive analytics decreases the size of the uncertain future. Persons with attributes that suggest an unacceptably high probability of future risk are either priced out of the market or not offered financial products at all 26. This policy concern of adverse selection was first recognised for genetic information. In Europe restrictions prohibit the use genetic information in insurance assessments 27. In Australia the Privacy Act applies to genetic information collected by insurers and a comprehensive report in 2003 into genetic practices recommended strengthening of industry practice in this regard. 28 While some steps have been taken, the issue is still the subject of industry guidance rather than tailored legislative protection for individuals. 29 A recent report commissioned by the UK government into the commercial use of personal information has also considered adverse selection for motor vehicle insurance 30. It notes increasing use of big data in assessment of risk including rising incidence of black box insurance policies requiring installation of telematics in her or his car to monitor driver behaviour. Other information, such as a good credit rating might also be used as a proxy in risk assessments for evidence of responsible behaviour 31. That big data and automated decision making present a new frontier for policy is recognised in Europe. Existing Article 15 of the Directive provides a right not to be subject to a decision based on automated processing: such a decision is defined as a 25 PWC-Unlocking-Big-Data-Value.pdf, p31 accessed May 3, 2015, 26 The Commercial Use of Data - A Research Report for the CMA (June 2015), accessed June 20, 2015, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/435777/the_commercial_use_of_ Consumer_Data_-_DotEcon_and_Analysys_Mason.pdf. 27 Council of Europe s Convention on Human Rights and Biomedicine Article 11 states that discrimination against a person on grounds of his or her genetic heritage is prohibited. 28 Australia and National Health and Medical Research Council (Australia), eds., Essentially Yours: The Protection of Human Genetic Information in Australia: Report, Report 96 (Sydney: Australian Law Reform Commission, 2003). 29 Position Statement - Genetic Testing and Life Insurance in Australia, accessed May 14, 2015, https://www.hgsa.org.au/documents/item/ The Commercial Use of Data - A Research Report for the CMA (June 2015), accessed June 20, 2015, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/435777/the_commercial_use_of_ Consumer_Data_-_DotEcon_and_Analysys_Mason.pdf. 31 Ibid at p51 5

6 measure that produces legal effects concerning this natural person or significantly affects this natural person. This right allows a data subject to require human intervention in any significant decision that affects them. Proposed Article 20 of the Regulation extends these protections 32. None of these issues is explicitly addressed in Australia s regulatory settings. Cloud and Trans Border Data Flows (TBDFs) Since the1990s there has been broad acceptance that free flow of data was crucial to international integration of trade and commerce 33. What may not have been anticipated was the speed and level of disaggregation of financial service value chains 34. Offshore data processing is reliant upon data being provided to facilitate the activity a trans border data flow (TBDF). The movement of data internationally provides complexity for policy formulation. It introduces the risks of: Avoidance of tight data protection requirements (particularly in Europe) Enforcement difficulties in foreign jurisdictions. 35 Protecting home citizens against inadequate data protection or intrusive government surveillance practices 36 Cloud computing highlights these issues though they arise for any internationally outsourced financial service function, and particularly where the financial product or service is dependent on distributed ledger innovations. Cloud computing is the provision of flexible, location-independent access to computing resources that are quickly and seamlessly allocated or released to demand. It is deployed variously as a private, public or community cloud categorisation based on the number or common interests of the users of the infrastructure. That infrastructure will typically be provided by a number of providers distributed globally either in a cooperative arrangement or with principal provider and sub-providers 37. In financial services, there are significant efficiency benefits that result from reliance on cloud services. By using cloud, Australia s largest bank has reduced its storage, application testing, and development costs by 50%. Previously 75% of the bank s IT expenditure was on infrastructure but cloud usage has reduced this to 26%. 38 While 32 Rubinstein supra note 24 at p See description of Amex initiatives to ensure data mobility was included in the WTO services liberalisation agenda at p825 in T. Cottier and M. Krajewski, What Role for Non-Discrimination and Prudential Standards in International Financial Law?, Journal of International Economic Law 13, no. 3 (September 1, 2010): McKinsey Global Institute - Global_flows_in_a_digital_age_Full_report-March_ For more detailed discussion see OECD, Report on the Cross-Border Enforcement of Privacy Law, OECD Digital Economy Papers, (June 18, 2006), And Cross-Border Enforcement ALRC, accessed May 7, 2015, 36 Christopher Kuner, Regulation of Transborder Data Flows under Data Protection and Privacy Law, OECD Digital Economy Papers (Paris: December 8, 2011), 37 W. Kuan Hon and Christopher Millard, Data Export in Cloud Computing How Can Personal Data Be Transferred Outside the Eea? The Cloud of Unknowing, Part 4, SSRN Scholarly Paper (Rochester, NY: Social Science Research Network, April 4, 2012), 38 Interim Report Financial System Inquiry, accessed May 11, 2015, at p

7 the Australian Prudential Regulator has issued some guidance on risks, there is no detailed guidance on the level of regulatory tolerance of the use of Cloud services by the financial services sector 39. In Australia APP 8 allows disclosure of personal information to a recipient outside Australia if the entity reasonably believes the overseas recipient is subject to a law or binding scheme that, overall is at least substantially similar to the way in which the APPs protect the information and enforcement mechanisms in place. The provisions do not apply where the data stays within in the same entity globally. To facilitate the forming of a reasonable belief with regard to data flows within Asia, Australia agreed to the APEC Cross-Border Privacy Rules (CBPRs). If adopted in an entity s privacy policy, the CPBRs facilitate the free flow of information inside a corporate group within Asia as well as to other entities that meet those standards. There are some doubts over the effectiveness of the CBPR framework itself 40 and a recent referential of the CBPRs by the EU s Article 29 Working Party provides a good overview of the divergence between Asia and EU settings 41. Australia/Asia do not qualify as adequate under Article 25(6) of the EU Directive and that prevents free flow of personal data from EU member states into Australia. New Zealand has made the necessary adjustments and was recognised as adequate in December Legitimate questions are raised about effective enforcement of rules relating to TBDF where cloud technologies provide a dynamic jurisdictional environment not transparent to the user (or regulator). That concern is one reason for the rise of regional clouds Europe has recently announced a pathway for a EU cloud 43 following a steering committee report into its viability in Information within the cloud could be passed from service provider to service provider without concern for the legality of that TBDF within the EU. Data portability, Robo advice and credit provision 39 Australian Prudential Regulatory Authority, APRA - Letter to Industry - Outsourcing and Offshoring - Specific Considerations When Using Cloud Computing Services, accessed May 11, 2015, 40 Graham Greenleaf, APEC s Cross-Border Privacy Rules System: A House of Cards?, 2014, 41 Opinion 02/2014 on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in the EU and Cross Border Privacy Rules submitted to APEC CBPR Accountability Agents accessed May 3, 2015, /65/EU: Commission Implementing Decision of 19 December 2012 pursuant to Directive 95/46/EC of the European Parliament and of the Council on the adequate protection of personal data by New Zealand (notified under document C(2012) 9557) 43 European Commission, European Commission - Press Release - A Digital Single Market for Europe: Commission Sets out 16 Initiatives to Make It Happen, May 6, 2015, 44 Hans Graux, European Commission, and Directorate-General for the Information Society and Media, Establishing a Trusted Cloud Europe a Policy Vision Document by the Steering Board of the European Cloud Partnership: Final Report. (Luxembourg: Publications Office, 2014), 7

8 The draft Data Protection Regulation introduces for the first time a right to data portability ('RDP') 45. Proposed Article 18 provides a data subject with the right to transfer data from one electronic processing system to another, without being prevented from doing so by the data controller. As a precondition, and to further improve access to personal data, Article 18 provides a right to obtain from the controller that data in a structured and commonly used electronic format 46. The proposed new right has its policy foundation in competition law. Lack of data portability has long been recognised as a potential switching cost, and a friction in the free operation of competitive forces 47. Difficulty in retrieving data and transferring it from one service provider to another discourage users from leaving an incumbent. This has damaging effects on markets where friction in switching will generally result in higher prices and discourage entry of new competitors 48. While public debate and discussion about the need for Article 18 has focused on market power of social network providers, the proposed right has large implications for emerging business models in financial services. Robo advice is the provision of advice about financial products generated by algorithms that match potential investors with products that suit the investor s financial attributes and needs 49. Online tools matching the investor to appropriate financial products may ultimately result in disintermediation of the human financial advisor. 50 Initial steps toward this future state already exist in most countries. In the UK, lack of mobility in switching between deposit accounts has been identified an impediment to competition in retail banking 51. A Current Account Switching Service (CASS) was introduced that required banks to provide details of the customer s services in a standard format to facilitate the switching of services to new providers in less than seven days. A recent review of the scheme has noted its limited success. 52 Another option mooted to facilitate bank account switching - Bank Account Number Portability (allowing the customer to own their bank account number when switching akin to mobile number portability) is considered too expensive and the Midata initiative (discussed below) may supersede CASS. 45 Supra, note Supra, note 8, Explanatory Memorandum Para For a literature review of the cost of a lack of data mobility see Paul T. Moura, The Sticky Case of Sticky Data, 2014, Moura.pdf. 48 P. Klemperer, Competition When Consumers Have Switching Costs: An Overview with Applications to Industrial Organization, Macroeconomics, and International Trade, The Review of Economic Studies 62, no. 4 (October 1, 1995): SEC.gov Investor Alert: Automated Investment Tools, accessed June 6, 2015, 50 Commonwealth Treasury, Supra n38. See also A New Form of Financial Advice - Morningstar.com.au, accessed June 18, 2015, 51 Personal Current Accounts - Market Study Update: Competition and Markets Authority (July 2014), accessed June 21, 2015, https://assets.digital.cabinet-office.gov.uk/media/53c834c640f0b610aa000009/140717_- _PCA_Review_Full_Report.pdf. 52 Making Current Account Switching Easier - the Effectiveness of the Current Account Swith Service (Mar 2015), accessed June 18, 2015, https://www.fca.org.uk/static/documents/research/making-current-accountswitching-easier.pdf. 8

9 Upon a refusal to extend credit to a small or medium business, lenders are now subject to obligations that promote data mobility. The Small & Medium Sized Business (Finance Platforms) Regulation requires lenders to share standardised data attributes of SMEs and their financing needs which can then be assessed by alternative lenders. More broadly the UK Midata initiative is a public/private program in the UK working toward standardising how personal information held by service providers can be provided to data subjects in machine readable form to allow greater consumer mobility, including for financial services 54. The US equivalent program is Smart Disclosure. These international developments have been noted and the Australian Government is considering the recommendation of the 2014 Financial System Inquiry to consider how financial product information is reported so third parties could use automated processes to create market wide datasets of available products supporting consumers in making more informed online choices and enhancing competition 55. Implications for Australian financial services Australian financial services flows are predominantly to and from Europe and the US 56. While the Asian region is Australia s most significant trading partner for physical goods, financial flows do not mirror that. A discrepancy between data protection standards of Australia and Europe will cause increasing friction for the provision and receipt of financial services with Europe. The significance of that discrepancy is yet to result in serious regulatory impositions or disciplinary action for Australian financial service providers. There are indications however that personal data protection is rapidly increasing as a regulatory focus. In the EU the proposed Regulation includes stronger sanctions, with data protection agencies able to impose fines of up to 1 million Euro or 2% of an enterprise s annual global turnover for personal data breaches including for transferring data to prohibited jurisdictions where protections are not equivalent. There are also strengthened requirements to notify Data Protection Agencies and data subjects of personal data breaches 57. Higher standards may also be imported to Australia through international trade negotiations. Traditionally issues relating to personal data have been outside the scope of trade negotiations under the GATT and GATS frameworks, because of a carve-out from scope of those Treaties for measures to protect personal data, personal privacy and the confidentiality of individual records and accounts 58. However, a number of the largest bilateral treaties currently being negotiated include 21 st century issues - 53 The_Small_and_Medium_Sized_Business Finance_Platforms Regulations_2015_Regulations_draft_statuto ry_instrument.pdf, accessed June 18, 2015, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/389210/the_small_and_medium_s ized_business Finance_Platforms Regulations_2015_Regulations_draft_statutory_instrument.pdf. 54 Better Choices: Better Deals - Consumers Powering Growth: BIS Report , accessed June 20, 2015, https://www.gov.uk/government/uploads/system/uploads/attachment_data/file/294798/bis better-choicesbetter-deals-consumers-powering-growth.pdf. n20 55 Commonwealth Treasury, supra n13 p See Figure 1.3 Interim Report Financial System Inquiry showing financial and physical outward flows and Chapter 10 International Integration. 57 Bygrave, Data Privacy Law: An International Perspective (Also available as: ebook, 2014). at p Article XIV(c) GATS and Understanding on Commitment in Financial Services, paragraph 8. 9

Privacy and Cloud Computing for Australian Government Agencies

Privacy and Cloud Computing for Australian Government Agencies Privacy and Cloud Computing for Australian Government Agencies Better Practice Guide February 2013 Version 1.1 Introduction Despite common perceptions, cloud computing has the potential to enhance privacy

More information

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.

OVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively. Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in

More information

www.corrs.com.au OFFSHORING Data the new privacy laws

www.corrs.com.au OFFSHORING Data the new privacy laws www.corrs.com.au OFFSHORING Data the new privacy laws OFFSHORING DATA THE NEW PRIVACY LAWS Transfer of data by Australian organisations to other jurisdictions is increasingly common. This is a result of

More information

Council of the European Union Brussels, 28 July 2015 (OR. en)

Council of the European Union Brussels, 28 July 2015 (OR. en) Conseil UE Council of the European Union Brussels, 28 July 2015 (OR. en) PUBLIC 11243/15 LIMITE DRS 50 CODEC 1084 NOTE From: To: Subject: General Secretariat of the Council Delegations Proposal for a DIRECTIVE

More information

Impact of Regulations and Risk Management in Financial Markets in Europe

Impact of Regulations and Risk Management in Financial Markets in Europe SALES OPPORTUNITY ASSESSMENT PRODUCT CATI EMERGING MARKET ENTRY STRATEGY CUSTOMER INTELLIGENCE MARKET SIZING AND FORECASTING INDUSTRY BEST PRACTICE CUSTOMER NEED BEST PRACTICE ASSESSMENT COMPETITIVE INTELLIGENCE

More information

slaughter and may The new EU Data Protection Regulation revolution or evolution?

slaughter and may The new EU Data Protection Regulation revolution or evolution? slaughter and may The new EU Data Protection Regulation revolution or evolution? BRIEFING April 2012 Reform of Europe s data protection regime moved one step closer this January with the publication of

More information

International money transfers public interest determination applications. Consultation paper

International money transfers public interest determination applications. Consultation paper International money transfers public interest determination applications Consultation paper Closing date for comment 4 August 2014 Purpose of consultation paper The Office of the Australian Information

More information

T: [redacted] F: +61 2 9551 8644 [redacted] www.rba.gov.au

T: [redacted] F: +61 2 9551 8644 [redacted] www.rba.gov.au T: [redacted] F: +61 2 9551 8644 [redacted] www.rba.gov.au 7 May 2014 Australian Privacy Commissioner Office of the Australian Information Commissioner GPO Box 5218 SYDNEY NSW 2001 Dear Mr Pilgrim APPLICATION

More information

The Cloud and Cross-Border Risks - Singapore

The Cloud and Cross-Border Risks - Singapore The Cloud and Cross-Border Risks - Singapore February 2011 What is the objective of the paper? Macquarie Telecom has commissioned this paper by international law firm Freshfields Bruckhaus Deringer in

More information

BCS, The Chartered Institute for IT Consultation Response to:

BCS, The Chartered Institute for IT Consultation Response to: BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First

More information

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me?

Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me? EUROPEAN COMMISSION MEMO Brussels, 27 September 2012 Unleashing the Potential of Cloud Computing in Europe - What is it and what does it mean for me? See also IP/12/1025 What is Cloud Computing? Cloud

More information

Application of Data Protection Concepts to Cloud Computing

Application of Data Protection Concepts to Cloud Computing Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective

More information

Australia s unique approach to trans-border privacy and cloud computing

Australia s unique approach to trans-border privacy and cloud computing Australia s unique approach to trans-border privacy and cloud computing Peter Leonard Partner, Gilbert + Tobin Lawyers and Director, iappanz In Australia, as in many jurisdictions, there have been questions

More information

European Union Green Paper on Mortgage Credit in the EU. Response from Prudential plc

European Union Green Paper on Mortgage Credit in the EU. Response from Prudential plc 1 General Comments European Union Green Paper on Mortgage Credit in the EU Response from Prudential plc 1.1 We welcome the opportunity to respond to the Commission s Green Paper on Mortgage Credit in the

More information

Chapter 5: Australian Privacy Principle 5 Notification of the collection of personal information

Chapter 5: Australian Privacy Principle 5 Notification of the collection of personal information Chapter 5: Australian Privacy Principle 5 Notification of the collection of personal information Version 1.0, February 2014 Key points... 2 What does APP 5 say?... 2 Taking reasonable steps to notify or

More information

Accountability: Data Governance for the Evolving Digital Marketplace 1

Accountability: Data Governance for the Evolving Digital Marketplace 1 Accountability: Data Governance for the Evolving Digital Marketplace 1 1 For the past three years, the Centre for Information Policy Leadership at Hunton & Williams LLP has served as secretariat for the

More information

(Legislative acts) REGULATIONS

(Legislative acts) REGULATIONS 24.3.2012 Official Journal of the European Union L 86/1 I (Legislative acts) REGULATIONS REGULATION (EU) No 236/2012 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 March 2012 on short selling and

More information

International Privacy and Data Security Requirements. Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine

International Privacy and Data Security Requirements. Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine International Privacy and Data Security Requirements Benedict Stanberry, LLB LLM MRIN Director, Centre for Law Ethics and Risk in Telemedicine Aims of this Presentation. To provide a brief overview of

More information

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development

7.0 Information Security Protections The aggregation and analysis of large collections of data and the development 7.0 Information Security Protections The aggregation and analysis of large collections of data and the development of interconnected information systems designed to facilitate information sharing is revolutionizing

More information

Mr President, Ladies and Gentlemen Members of the Court, Mr Advocate. Thank you for inviting the European Data Protection Supervisor today.

Mr President, Ladies and Gentlemen Members of the Court, Mr Advocate. Thank you for inviting the European Data Protection Supervisor today. Request for an Opinion by the European Parliament, draft EU-Canada PNR agreement (Opinion 1/15) Hearing of 5 April 2016 Pleading notes of the European Data Protection Supervisor (EDPS) Mr President, Ladies

More information

Promoting Cross Border Data Flows Priorities for the Business Community

Promoting Cross Border Data Flows Priorities for the Business Community Promoting Cross Border Data Flows Priorities for the Business Community The movement of electronic information across borders is critical to businesses around the world, but the international rules governing

More information

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that

More information

Cloud Computing in a Government Context

Cloud Computing in a Government Context Cloud Computing in a Government Context Introduction There has been a lot of hype around cloud computing to the point where, according to Gartner, 1 it has become 'deafening'. However, it is important

More information

005ASubmission to the Serious Data Breach Notification Consultation

005ASubmission to the Serious Data Breach Notification Consultation 005ASubmission to the Serious Data Breach Notification Consultation (Consultation closes 4 March 2016 please send electronic submissions to privacy.consultation@ag.gov.au) Your details Name/organisation

More information

Comments and proposals on the Chapter IV of the General Data Protection Regulation

Comments and proposals on the Chapter IV of the General Data Protection Regulation Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International

More information

Public Consultation Paper: Payment Accounts Directive. Department of Finance. July 2015

Public Consultation Paper: Payment Accounts Directive. Department of Finance. July 2015 DIRECTIVE ON PAYMENT ACCOUNTS Public Consultation July 2015 Public Consultation Paper: Payment Accounts Directive Department of Finance July 2015 Department of Finance Government Buildings, Upper Merrion

More information

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015

Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection

More information

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation

Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for

More information

Australian Privacy Principle 5 Notification of the collection of personal information

Australian Privacy Principle 5 Notification of the collection of personal information Australian Privacy Principle 5 Notification of the collection of personal information Chapter 5 Draft version, August 2013 Key points... 2 What does APP 5 say?... 2 Reasonable steps to notify or ensure

More information

DISCUSSION PAPER: GREY AREAS - AGE BARRIERS TO WORK IN COMMONWEALTH LAWS

DISCUSSION PAPER: GREY AREAS - AGE BARRIERS TO WORK IN COMMONWEALTH LAWS Professor Rosalind Croucher President Australian Law Reform Commission GPO Box 3708 SYDNEY NSW 2000 30 November 2012 Via email: age_barriers_to_work@alrc.gov.au Dear Professor Croucher DISCUSSION PAPER:

More information

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol).

Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the protocol). Microsoft Submission to ACS Cloud Protocol Discussion Paper General Comments Microsoft appreciates the opportunity to respond to the Cloud Computing Consumer Protocol: ACS Discussion Paper July 2013 (the

More information

Article 29 Working Party Issues Opinion on Cloud Computing

Article 29 Working Party Issues Opinion on Cloud Computing Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,

More information

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

More information

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY

E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY E-COMMERCE GOES MOBILE: SEEKING COMPETITIVENESS THROUGH PRIVACY Oana Dolea 7 th Annual Leg@l.IT Conference March 26th, 2013 Montreal, Canada INTRODUCTION Mobile e-commerce vs. E-commerce Mobile e-commerce:

More information

Privacy, the Cloud and Data Breaches

Privacy, the Cloud and Data Breaches Privacy, the Cloud and Data Breaches Annelies Moens Head of Sales and Operations, Information Integrity Solutions Legalwise Seminars Sydney, 20 March 2013 About IIS Building trust and privacy through global

More information

Annotated Agenda of the Sherpa meeting. Main features of Contractual Arrangements and Associated Solidarity Mechanisms

Annotated Agenda of the Sherpa meeting. Main features of Contractual Arrangements and Associated Solidarity Mechanisms Annotated Agenda of the Sherpa meeting 21-11-2013 Main features of Contractual Arrangements and Associated Solidarity Mechanisms At their meeting on 26 November the Sherpas are invited to discuss: General

More information

CP ON TECHNICAL ADVICE ON CRITERIA AND FACTORS FOR INTERVENTION POWERS CONCERNING STRUCTURED DEPOSITS. Contents

CP ON TECHNICAL ADVICE ON CRITERIA AND FACTORS FOR INTERVENTION POWERS CONCERNING STRUCTURED DEPOSITS. Contents EBA/CP/2014/20 5 August 2014 Consultation Paper Draft Technical advice on possible delegated acts on criteria and factors for intervention powers concerning structured deposits under Article 41 and Article

More information

FX Week conference "State of play, state of flux: a regulator's perspective"

FX Week conference State of play, state of flux: a regulator's perspective FX Week conference "State of play, state of flux: a regulator's perspective" Introduction 1. Ladies and Gentleman, thank you for the invitation to present to you this afternoon. 2. Looking around the room,

More information

Police Financial Services Limited Copyright exists in this document Privacy Policy 1

Police Financial Services Limited Copyright exists in this document Privacy Policy 1 Privacy January 2015 Policy Police Financial Services Limited ABN 33 087 651 661 ('we', 'us', 'our', BankVic ) is bound by the Australian Privacy Principles under the Privacy Act 1988 (Cth) (Privacy Act).

More information

Having regard to the Charter of Fundamental Rights of the European Union, and in particular Articles 7 and 8 thereof,

Having regard to the Charter of Fundamental Rights of the European Union, and in particular Articles 7 and 8 thereof, Opinion of the European Data Protection Supervisor on the Commission Proposal for a Directive of the European Parliament and of the Council amending Directive 2007/36/EC as regards the encouragement of

More information

Privacy and Transparency for Consumer Trust and Consumer Centrality

Privacy and Transparency for Consumer Trust and Consumer Centrality 1 1 2 2 Ecommerce Europe is the association representing around 5000+ companies selling products and/or services online to consumers in Europe. Ecommerce Europe is a major stakeholder in policy issues

More information

EUROPEAN CENTRAL BANK

EUROPEAN CENTRAL BANK 17.2.2005 C 40/9 EUROPEAN CTRAL BANK OPINION OF THE EUROPEAN CTRAL BANK of 4 February 2005 at the request of the Council of the European Union on a proposal for a directive of the European Parliament and

More information

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA:

Briefly summarised, SURFmarket has submitted the following questions to the Dutch DPA: UNOFFICIAL TRANSLATION Written opinion on the application of the Wet bescherming persoonsgegevens [Dutch Data Protection Act] in the case of a contract for cloud computing services from an American provider

More information

FINANCIAL SERVICE PROVIDERS (REGISTRATION) REGULATIONS

FINANCIAL SERVICE PROVIDERS (REGISTRATION) REGULATIONS 1 OFFICE OF THE MINISTER OF COMMERCE The Chair CABINET ECONOMIC GROWTH AND INFRASTRUCTURE COMMITTEE FINANCIAL SERVICE PROVIDERS (REGISTRATION) REGULATIONS PROPOSAL 1 This paper seeks Cabinet approval for

More information

The Amendment of the Loan Agreement (for Business)/ Overdraft Facility Agreement (for Consumption)/ Money Mortgage Agreement*

The Amendment of the Loan Agreement (for Business)/ Overdraft Facility Agreement (for Consumption)/ Money Mortgage Agreement* The Amendment of the Loan Agreement (for Business)/ Overdraft Facility Agreement (for Consumption)/ Money Mortgage Agreement* No. Clause Reference Amendment Sanctions 1. Important notice Standard Chartered

More information

Privacy & Data Security: The Future of the US-EU Safe Harbor

Privacy & Data Security: The Future of the US-EU Safe Harbor Privacy & Data Security: The Future of the US-EU Safe Harbor NAOMI MCBRIDE, LISA J. SOTTO AND BRIDGET TREACY, HUNTON & WILLIAMS LLP, WITH PRACTICAL LAW US INTELLECTUAL PROPERTY & TECHNOLOGY AND UK IP&IT

More information

1 Data Protection Principles

1 Data Protection Principles Today, our personal information is being collected, shared, stored and analysed everywhere. Whether you are browsing the internet, talking to a friend or making an online purchase, personal data collection

More information

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing.

Privacy in the cloud. DNB has indicated that it considers cloud computing a form of outsourcing. Privacy in the cloud computing, and the company concerned is required to submit a risk analysis to DNB. 3 Cloud computing entails the saving, processing and using of company data on the servers of a cloud

More information

An overview of UK data protection law

An overview of UK data protection law An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44

More information

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS

COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS EUROPEAN COMMISSION Brussels, 20.9.2011 COM(2011) 573 final COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE

More information

Insurance Law Reforms and Requirements for Direct Offshore Foreign Insurers ("DOFIs")

Insurance Law Reforms and Requirements for Direct Offshore Foreign Insurers (DOFIs) Insurance Law Reforms and Requirements for Direct Offshore Foreign Insurers ("DOFIs") The Clayton Utz contact for this document is Fred Hawke, Partner Clayton Utz Lawyers Level 18 333 Collins Street Melbourne

More information

CHAPTER SUMMARY: INVESTMENT

CHAPTER SUMMARY: INVESTMENT CHAPTER SUMMARY: INVESTMENT Investment rules are included in trade agreements such as the TPP because of the importance governments attach to guaranteeing the high standards of governance that are pivotal

More information

Inquiry into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014

Inquiry into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 Inquiry into the Telecommunications (Interception and Access) Amendment (Data Retention) Bill 2014 AUSTRALIAN HUMAN RIGHTS COMMISSION SUBMISSION TO THE PARLIAMENTARY JOINT COMMITTEE ON INTELLIGENCE AND

More information

Australian Prudential Regulation Authority. Protecting Australia s depositors, insurance policyholders and superannuation fund members

Australian Prudential Regulation Authority. Protecting Australia s depositors, insurance policyholders and superannuation fund members Australian Prudential Regulation Authority Protecting Australia s depositors, insurance policyholders and superannuation fund members APRA s vision is to be a world-class integrated prudential supervisor

More information

DATA PROTECTION IN DIRECT MARKETING

DATA PROTECTION IN DIRECT MARKETING Document 1.1.2-1 DATA PROTECTION IN DIRECT MARKETING analysis of the legislation in direct marketing Component 1 Activity 1.1.2 Final version The content of this report is the sole responsibility of Human

More information

COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT AND THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE

COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT AND THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE EN EN EN EUROPEAN COMMISSION Brussels, COM(2010) COMMUNICATION FROM THE COMMISSION TO THE COUNCIL, THE EUROPEAN PARLIAMENT AND THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE Removing cross-border tax obstacles

More information

ACT Justice and Community Safety portfolio: Open and transparent management of personal information

ACT Justice and Community Safety portfolio: Open and transparent management of personal information ACT Justice and Community Safety portfolio: Open and transparent management of personal information Privacy assessment report Territory Privacy Principles 1.3, 1.4 and 1.5 Assessment undertaken: November

More information

Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16

Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16 Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16 Summary The Northern Ireland Human Rights Commission (the Commission):

More information

EDRi s. January 2015. European Digital Rights Rue Belliard 20, 1040 Brussels www.edri.org @EDRi tel. +32 (0) 2 274 25 70

EDRi s. January 2015. European Digital Rights Rue Belliard 20, 1040 Brussels www.edri.org @EDRi tel. +32 (0) 2 274 25 70 EDRi s Red lines on TTIP January 2015 European Digital Rights Rue Belliard 20, 1040 Brussels www.edri.org @EDRi tel. +32 (0) 2 274 25 70 ABOUT EDRI European Digital Rights is a network of 34 privacy and

More information

Dealing with data breaches in Europe and beyond

Dealing with data breaches in Europe and beyond Dealing with data breaches in Europe and beyond Karin Retzer and Joanna Łopatowska Morrison & Foerster LLP www.practicallaw.com/6-505-9638 The use of increasingly advanced technology means that the ways

More information

POLICIES, RULES AND GUIDELINES

POLICIES, RULES AND GUIDELINES APEC CROSS-BORDER PRIVACY RULES SYSTEM POLICIES, RULES AND GUIDELINES The purpose of this document is to describe the APEC Cross Border Privacy Rules (CBPR) System, its core elements, governance structure

More information

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012

The reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012 The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions

More information

SUBMISSION BY THE AUSTRALIAN SECURITIES AND INVESTMENTS COMMISSION

SUBMISSION BY THE AUSTRALIAN SECURITIES AND INVESTMENTS COMMISSION SUBMISSION BY THE AUSTRALIAN SECURITIES AND INVESTMENTS COMMISSION Executive Summary ASIC has responsibility for the regulation of securities and some derivatives markets in Australia. These markets are

More information

Foreign investment managers and other financial

Foreign investment managers and other financial The Investment Lawyer Covering Legal and Regulatory Issues of Asset Management VOL. 22, NO. 8 AUGUST 2015 Investment Management Business in Australia By Jim Bulling, Daniel Knight, and Gabrielle Palmieri

More information

European Privacy Reporter

European Privacy Reporter Is this email not displaying correctly? Try the web version or print version. ISSUE 02 European Privacy Reporter An Update on Legal Developments in European Privacy and Data Protection November 2012 In

More information

INSURANCE CORE PRINCIPLES, STANDARDS, GUIDANCE AND ASSESSMENT METHODOLOGY

INSURANCE CORE PRINCIPLES, STANDARDS, GUIDANCE AND ASSESSMENT METHODOLOGY INSURANCE CORE PRINCIPLES, STANDARDS, GUIDANCE AND ASSESSMENT METHODOLOGY ICP 4 Draft revisions for consultation June 2015 (Clean version) ICP 4 Licensing A legal entity which intends to engage in insurance

More information

COMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document

COMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document EUROPEAN COMMISSION Brussels, 10.4.2014 SWD(2014) 135 final COMMISSION STAFF WORKING DOCUMENT on the existing EU legal framework applicable to lifestyle and wellbeing apps Accompanying the document GREEN

More information

ACS CLOUD COMPUTING CONSUMER PROTOCOL. Response from AIIA

ACS CLOUD COMPUTING CONSUMER PROTOCOL. Response from AIIA ACS CLOUD COMPUTING CONSUMER PROTOCOL Response from AIIA AUGUST 2013 INTRODUCTION The Australian Information Industry Association (AIIA) is the peak national body representing multinational and domestic

More information

AISA Position Statement: Mandatory Data Breach Notification in Australia

AISA Position Statement: Mandatory Data Breach Notification in Australia AISA Position Statement: Mandatory Data Breach Notification in Australia Overview Although AISA members are broadly in support of mandatory data breach notification in Australia they have a number of concerns

More information

Work programme 2016 2018

Work programme 2016 2018 ARTICLE 29 Data Protection Working Party 417/16/EN WP235 Work programme 2016 2018 Adopted on 2 February 2016 This Working Party was set up under Article 29 of Directive 95/46/EC. It is an independent European

More information

Protecting Privacy in a World of Big Data. Paper 1

Protecting Privacy in a World of Big Data. Paper 1 Protecting Privacy in a World of Big Data Paper 1 DISCUSSION DRAFT 21 October 2015 The Role of Enhanced Accountability in Creating a Sustainable Data-driven Economy and Information Society Centre for Information

More information

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES:

CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: CLOUD COMPUTING FOR SMALL- AND MEDIUM-SIZED ENTERPRISES: Privacy Responsibilities and Considerations Cloud computing is the delivery of computing services over the Internet, and it offers many potential

More information

The guidance will be developed over time in the light of practical experience.

The guidance will be developed over time in the light of practical experience. Freedom of Information Act Awareness Guidance No. 14 International Relations The Information Commissioner s Office (ICO) has produced this guidance as part of a series of good practice guidance designed

More information

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES

OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES OUTSOURCING, HOSTING AND DATA PRIVACY ISSUES 4 April 2013 James Castro-Edwards Solicitor Monica Salgado Advogada / Portuguese Lawyer OUR TEAM Speechly Bircham is an ambitious, full-service law firm with

More information

The APRA Supervision Blueprint

The APRA Supervision Blueprint The APRA Supervision Blueprint May 2015 www.apra.gov.au Australian Prudential Regulation Authority Contents Introduction 3 Section 1: Principles and approach 4 APRA s mission and supervisory approach 4

More information

Data Protection A Guide for Users

Data Protection A Guide for Users Data Protection A Guide for Users EUROPEAN PARLIAMENT Contents Contents 3 Introduction 4 Data protection standards making a difference in the European Parliament 5 Data protection the actors 6 Data protection

More information

Corporate Compliance: A Global Perspective

Corporate Compliance: A Global Perspective Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming

More information

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING?

CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? CLOUD COMPUTING & THE PATRIOT ACT: A RED HERRING? Lindsey Finch Senior Global Privacy Counsel Salesforce.com lfinch@salesforce.com David T.S. Fraser Partner McInnes Cooper David.fraser@mcinnescooper.com

More information

Using AWS in the context of Australian Privacy Considerations October 2015

Using AWS in the context of Australian Privacy Considerations October 2015 Using AWS in the context of Australian Privacy Considerations October 2015 (Please consult https://aws.amazon.com/compliance/aws-whitepapers/for the latest version of this paper) Page 1 of 13 Overview

More information

COMMISSION DELEGATED DECISION (EU) / of 5.6.2015

COMMISSION DELEGATED DECISION (EU) / of 5.6.2015 EUROPEAN COMMISSION Brussels, 5.6.2015 C(2015) 3740 final COMMISSION DELEGATED DECISION (EU) / of 5.6.2015 on the provisional equivalence of the solvency regimes in force in Australia, Bermuda, Brazil,

More information

Isle of Man Government

Isle of Man Government Isle of Man Government Commitment to Combating Money Laundering and the Financing of Terrorism & Proliferation Council of Ministers June 2012 Isle of Man Government Commitment to Combating Money Laundering

More information

The proposed Fourth Money Laundering Directive

The proposed Fourth Money Laundering Directive The proposed Fourth Money Laundering Directive What the proposed Directive means and how to keep your business safe USING IDENTITY INTELLIGENTLY Money Laundering Directive What the proposed Directive means

More information

CHAPTER 14 ELECTRONIC COMMERCE

CHAPTER 14 ELECTRONIC COMMERCE CHAPTER 14 ELECTRONIC COMMERCE Article 14.1: Definitions For the purposes of this Chapter: computing facilities means computer servers and storage devices for processing or storing information for commercial

More information

Privacy and Data Protection

Privacy and Data Protection Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304 hp.com HP Policy Position Privacy and Data Protection Current Global State of Privacy and Data Protection The rapid expansion and pervasiveness

More information

The eighth data protection principle and international data transfers

The eighth data protection principle and international data transfers Data Protection Act 1998 The eighth data protection principle and international data transfers The Information Commissioner s recommended approach to assessing adequacy including consideration of the issue

More information

Statement of Principles

Statement of Principles Statement of Principles Bank Registration and Supervision Prudential Supervision Department Document Issued: 2 TABLE OF CONTENTS Subject Page A. INTRODUCTION... 3 B. PURPOSES OF BANK REGISTRATION AND SUPERVISION...

More information

NATIONAL INSURANCE BROKERS ASSOCIATION OF AUSTRALIA (NIBA) Submission to WorkCover Western Australia. Legislative Review 2013

NATIONAL INSURANCE BROKERS ASSOCIATION OF AUSTRALIA (NIBA) Submission to WorkCover Western Australia. Legislative Review 2013 NATIONAL INSURANCE BROKERS ASSOCIATION OF AUSTRALIA (NIBA) ABOUT NIBA Submission to WorkCover Western Australia Legislative Review 2013 February 2014 NIBA is the peak body of the insurance broking profession

More information

THE HON JOSH FRYDENBERG MP Assistant Treasurer SPEECH FINANCIAL SERVICES COUNCIL BT FINANCIAL GROUP BREAKFAST SYDNEY 15 APRIL 2015

THE HON JOSH FRYDENBERG MP Assistant Treasurer SPEECH FINANCIAL SERVICES COUNCIL BT FINANCIAL GROUP BREAKFAST SYDNEY 15 APRIL 2015 THE HON JOSH FRYDENBERG MP Assistant Treasurer SPEECH FINANCIAL SERVICES COUNCIL BT FINANCIAL GROUP BREAKFAST SYDNEY 15 APRIL 2015 **CHECK AGAINST DELIVERY** Introductory remarks Good morning. Thank you

More information

COMMISSION RECOMMENDATION. of 12.3.2014. on a new approach to business failure and insolvency. (Text with EEA relevance) {SWD(2014) 61} {SWD(2014) 62}

COMMISSION RECOMMENDATION. of 12.3.2014. on a new approach to business failure and insolvency. (Text with EEA relevance) {SWD(2014) 61} {SWD(2014) 62} EUROPEAN COMMISSION Brussels, 12.3.2014 C(2014) 1500 final COMMISSION RECOMMENDATION of 12.3.2014 on a new approach to business failure and insolvency (Text with EEA relevance) {SWD(2014) 61} {SWD(2014)

More information

COMMISSION STAFF WORKING DOCUMENT. Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe'

COMMISSION STAFF WORKING DOCUMENT. Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe' EUROPEAN COMMISSION Brussels, 2.7.2014 SWD(2014) 214 final COMMISSION STAFF WORKING DOCUMENT Report on the Implementation of the Communication 'Unleashing the Potential of Cloud Computing in Europe' Accompanying

More information

ANZ Privacy Policy PROTECTING YOUR PRIVACY 07.15

ANZ Privacy Policy PROTECTING YOUR PRIVACY 07.15 ANZ Privacy Policy PROTECTING YOUR PRIVACY 07.15 Contents Introduction to ANZ s Privacy Policy 4 Collecting your personal information 6 Using your personal information 9 Disclosing your personal information

More information

Productivity Commission Study into Barriers to Growth in Australian Services Exports

Productivity Commission Study into Barriers to Growth in Australian Services Exports 15 May 2015 Australian Services Exports Productivity Commission Locked Bag 2, Collins Street Melbourne VIC 8003 Productivity Commission Study into Barriers to Growth in Australian Services Exports Standards

More information

MiFID II Key aspects. I. Introduction

MiFID II Key aspects. I. Introduction MiFID II Key aspects I. Introduction Yesterday the final texts of the revised Markets in Financial Instruments Directive were published in the Official Journal of the European Union. The texts consist

More information

APRA S FIT AND PROPER REQUIREMENTS

APRA S FIT AND PROPER REQUIREMENTS APRA S FIT AND PROPER REQUIREMENTS Consultation Paper Australian Prudential Regulation Authority PREAMBLE APRA was created out of the Government s financial sector reforms that were implemented as a result

More information

Leveraging digital solutions to ease cross-border financial services

Leveraging digital solutions to ease cross-border financial services Leveraging digital solutions to ease cross-border financial services Pascal Martino Partner Strategy, Regulatory & Corporate Finance Deloitte Said Qaceme Director Governance, Risk & Compliance Deloitte

More information

REFORM OF STATUTORY AUDIT

REFORM OF STATUTORY AUDIT EU BRIEFING 14 MARCH 2012 REFORM OF STATUTORY AUDIT Assessing the legislative proposals This briefing sets out our initial assessment of the legislative proposals to reform statutory audit published by

More information