Brexit update: Financial services sector and personal data

By October 14, 2020News

Brexit and the Financial Services Sector

For some, the UK Financial Services Sector was under threat from the day (23rd June 2016) of the UK Brexit Referendum when the UK voted to leave the European Union. For them, the headline of an Article in The Sunday Times of 4th October 2020 – “Chill winds of Brexit sweep the Square Mile” – should, therefore, have come as no surprise.

According to The Sunday Times report, accountancy firm EY, has calculated that 7500 financial services sector jobs have been lost from the City of London to the EU as a result of Brexit, although this is less than some of the predictions in the immediate aftermath of the Brexit Referendum. Many of those jobs appear to have gone to Paris, France, where, according toThe Sunday Times report, the French Government will claim that 4000 new financial services sector jobs have been directly created as result of Brexit, with a further 20,000 jobs being created in Paris indirectly.

Meanwhile, the UK regulatory authorities in the financial services sector – including the Bank of England (BoE), the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) – have been busy promoting the City of London as a user friendly place from which to continue to do financial services business and, for instance, on 1st October 2020 the BoE and the PRA published a new webpage intended to provide financial markets participants with information on the BoE’s and PRA’s approach to the use of their so-called Temporary Transitional Power ( TTP).

The TTP allows the  UK’s financial services regulators (including the FCA as well as the BoE and the PRA) to delay or phase-in onshoring changes to UK regulatory requirements following the end of the UK-EU Withdrawal Agreement transition period on 31st December 2020.  This should make it more attractive in particular for EU–based organisations to continue to maintain their links with the UK, particularly as it appears that the BoE and the PRA intend to use the TTP to provide broad transitional relief, with certain exceptions, to financial markets’ participants for a 15 months’ period lasting until 31st March 2022. The FCA has also published draft directions with regard to its intended use of the TTP and has updated its Handbook to reflect Brexit-related amendments and has published an updated webpage on its use of the similarly–named Temporary Permissions Regime ( TPR).

The UK Government’s objective in trying to agree “equivalence” arrangements with the EU so as to facilitate the continued smooth running of financial services markets across the UK and the EU following the end of the UK-EU transition period has not approved easy to realise but on 30th September 2020 it published the Equivalence Determinations for Financial Services (Amendment etc) (EU Exit) Regulations (SI 2020/1055) with the apparent view of trying to facilitate the process.

The EU has not been unresponsive to the UK’s wish for a smooth transition to the new regulatory order in the financial services sector after the end of the transition period  and this has been recognised, for instance, in the new arrangements effectively agreed between the UK and the EU for euro clearing to continue through London for the period of 18 months after the end of the transition period.

Whilst the financial services sector remains outside the main framework of the UK-EU negotiations for a new Brexit post-transition period relationship – much to the regret of the City of London Corporation – it seems clear that regulators in both the UK and the EU recognise the need for transitional arrangements so as to avoid chaos in UK and EU financial markets after the end of the UK-EU transition period.

On 8th October 2020, the House of Lords EU Services Sub-Committee published a letter dated 21st September 2020 from John Glen MP, Economic Secretary and City Minister, giving the UK Government’s views on the important subjects of UK-EU equivalence decisions, future UK-EU regulatory co-operation and the future UK financial services regulatory framework. This letter does show the thought that is going on within the UK Government to deal with the consequences of Brexit in the financial services sector.

Brexit and Personal Data

On 2nd October 2020, the UK Government published updated guidance on the use of personal data by UK businesses and organisations after the UK-EU transition period, bearing in mind the restrictions placed by EU law (and in particular by the General Data Protection Regulation (EU) 2016/679 (“GDPR”)) on the transfer of personal data outside the EU from the EU, unless there are adequate arrangements in place to safeguard the use and integrity of such personal data. After the transition period, the UK will be fully outside the EU for GDPR purposes and, whilst the EU authorities are continuing to assess the “adequacy” arrangements of the UK for GDPR purposes, that determination has not yet been made as of 2nd October 2020.

The UK Government guidance indicates that, from the end of the UK-EU transition period on 31st December 2020, UK businesses and organisations may need to have so-called “Standard Contractual Clauses “ (SCCs) in place with EU counterparts in order legally to be able to receive personal data from within the EU. In this context, the UK Government guidance also refers readers to the more detailed guidance on the subject provided by the UK Information Commissioners Office (ICO) on the ICO website.

The UK Government guidance adds for completeness that there are currently no changes envisaged to the way in which UK businesses and organisations send personal data from the UK to the EU, EEA, Gibraltar and other countries deemed adequate by the EU but that the UK Government will update its guidance if the situation changes.

During the transition period, as confirmed by the UK Government guidance, EU data protection laws (including GDPR) continue to apply in the UK under the terms of the Withdrawal Agreement. After the end of the transition period, as the UK Government guidance points out, the intention is for GDPR to be retained in UK law and to continue to be read alongside the UK’s Data Protection Act 2018, with technical amendments to ensure that it can function in UK law. “The UK remains committed to high data protection standards”, in the words of the UK Government guidance.

For completeness, the UK Government guidance mentions Article 71 of the Withdrawal Agreement which contains provisions that apply EU data protection law to certain “legacy” personal data if the UK has not been granted the benefit of full adequacy decisions by the end of the transition period.

Very importantly, the UK Government guidance also mentions that some UK data controllers and processors may need to appoint EU-based representatives after the end of the transition period . According to the ICO, the UK data controllers and processors concerned are those who do not have a branch, office or other establishment in any other EU or EEA state  but who either offer goods or services to individuals in the EEA or monitor the behaviour of individuals in the EEA.

This latest updated UK Government guidance has been issued in the wake of the decision of the Court of Justice of the European Union (CJEU) in the so-called Schrems II case invalidating the EU-US Privacy Shield adequacy decision of the EU Commission as a basis for transferring personal data from the EU to the US.

The protection of personal data is a high profile issue both in the UK and the EU and the UK Government guidance is certainly very timely in the circumstances.

The high profile nature of personal data protection issues at EU level has been demonstrated very recently by the preliminary ruling of the European Court of Justice published on 6th October 2020 in joined cases C-623/17 (“Privacy International v Secretary of State for Foreign and Commonwealth Affairs and others”) and C-511/18, C512/18 and C-520/18 (“La Quadrature du Net and others v Premier Ministre and others”) which appeared to hold that, with narrow exceptions for serious threats to national security and for combatting serious crime, EU law (and in particular the E-Privacy Directive) precludes the use of national laws to authorise the general and indiscriminate retransmission or retention of personal data.

Brexit and Prospects for a New Agreed UK-EU Relationship

The Times of 8th October 2020 contains an interesting article in the middle pages headed “Johnson ready to make concessions, says official”. The article itself indicates that the “official” concerned is none other than the UK’s chief Brexit negotiator, Lord David Frost.

Lord Frost is said to have told UK parliamentarians that the UK Government was prepared to discuss commitments on trade policy that go beyond conventional trade agreements. Speaking to the House of Lords’ EU Committee, Lord Frost is reported to have acknowledged that the UK Government could sign up to a set of principles (although not to an “extensive text” at this stage) which mirror many of those set out in the state aid rules of the EU, including “clear statements” that state subsidies to business “must contribute to public policy or address market failure “ and that “they must be proportionate, aimed at bringing about a change in behaviour, [and that] they must be the right instruments for the purpose. And [that] you should not in general subsidise if there are negative effects on trade and investment.”

The ”level playing field for fair and open competition” is one of the key demands of the EU, given the physical proximity of the UK and the EU and the inter-connectedness of business and investment between the two jurisdictions. From the UK perspective, substantial state aid may continue to be necessary, particularly given the exigencies of Covid-19 and its harsh effects on the economy – the same should be true of most, if not all, EU member state economies. Hopefully, the two sides can now work together to come up with an acceptable set of state aid principles between them.

Another area where the UK side may be prepared to give a little more than in the past is in the incorporation of strong governance processes (including dispute settlement mechanisms) to deal with disputes arising from any new post-Brexit transition period deal that is struck between the UK and the EU. Lord Frost is reported as saying to the House of Lords EU Committee :“I can quite see us being ready to use them [ie dispute settlement mechanisms] just as much as the EU in the future…Other EU countries often subsidise more than we do and that could definitely have an impact on us.” The nature of these dispute settlement mechanisms and other governance processes remains to be spelt out by the UK side. (Usefully, the UK House of Commons published a briefing paper on dispute settlement and EU powers under the UK-EU Withdrawal Agreement on 2nd October 2020, which gives a description of the dispute resolution mechanisms already in place under the existing Withdrawal Agreement, though this does not cater for any disputes arising from any post-Brexit transition period deal between the UK and the EU.)

On the EU side, the Times reports in the same article that the EU’s chief Brexit negotiator, Mr Michel Barnier, has been spelling out the need on the EU side to show more realism on cuts to fishing quotas whilst not accepting British proposals to double the catch for British fishing fleets, which could spell disaster for coastal communities in northern Europe.

It seems that both sides are pulling back slightly from staring at the abyss of “no deal” and whether this will be enough to prevent  a “no deal” occurring may well become apparent in the coming days and weeks. At that stage, a story which now lurks in the middle pages of the Times may well move to the front page!

The post Brexit update: Financial services sector and personal data appeared first on Excello Law.


Source: News feed