ICO Confirms UK Firms May Rely on Public Interest Derogation for SEC Transfers
Friday, January 29, 2021
UK Information Commissioner’s Office Analysis UK General Data Protection Regulation
Print Mail Download i

On January 19, 2021, the UK Information Commissioner’s Office (“ICO”) published its analysis of the application of the UK General Data Protection Regulation (the “UK GDPR”) to transfers from UK-based firms or branches that are registered, required to be registered or otherwise regulated by the U.S. Securities and Exchange Commission (“SEC”). Such firms or branches include investment advisers, securities-based swap dealers and other market participants. The ICO also reviewed the application of the UK GDPR to transfers made by UK issuers that have equity securities or depositary receipts registered with the SEC and listed on a U.S. exchange or market.

In a letter to the SEC, the ICO stated that the UK GDPR does not prohibit direct transfers to the SEC in connection with the SEC’s evaluation of UK firms’ compliance with U.S. obligations or the SEC’s prevention and enforcement relating to unlawful behavior. Specifically, the ICO stated that UK firms subject to U.S. regulatory obligations may rely on the public interest derogation for the transfer under the UK GDPR, allowing UK firms to make transfers without implementing a transfer mechanism such as Standard Contractual Clauses. However, the ICO also expects UK firms and the SEC to work together to try to implement an Article 46 transfer mechanism where possible, and that the Article 49 derogations should only be used on a case-by-case basis, “with the appropriate thought taken and recorded by the companies concerned.”

Regarding the Article 49 public interest derogation, the ICO stated that there were several overlapping lines of public interest recognized in UK law, including the fact that compliance with SEC rules by SEC-regulated UK firms assists in preventing financial crimes. In assessing the requirement that any transfer made in reliance on the derogation be of “strict necessity” for important reasons of public interest, the ICO highlighted that UK firms must be satisfied that SEC data requests are within the scope of the SEC’s regulatory powers and the firms should keep relevant records that evidence this. Further, requests that rely on this derogation should not be large scale and systematic.

Copyright © 2024, Hunton Andrews Kurth LLP. All Rights Reserved.

Current Legal Analysis

More from Hunton Andrews Kurth

CIPL Publishes White Paper on Leveraging Data Responsibly and a Holistic Data Strategy
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
New Bipartisan Federal Privacy Proposal Unveiled: American Privacy Rights Act
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
Recent N.D. Ill. Ruling Upholds Common Interest Doctrine Over Communications Between Biometric Technology Vendors and Customers
by: Julia Y. Trankiem , Torsten M. Kracht
Senators Introduce Stablecoin Bill
by: Scott H. Kimpel
FTC Poised to Finalize Noncompete Rule
by: Katherine Pauly , Kevin Hahm
EDPB Issues Opinion on Pay-Or-Consent Models
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
Supreme Court Rules that MD&A Omission Does Not Give Rise to a Claim for Securities Fraud
by: Scott H. Kimpel , James V. Davidson
UK ICO Launches Latest Installment in the AI Consultation Series
by: Hunton Andrews Kurth’s Privacy and Cybersecurity
SCOTUS Decides That A Position Transfer May Violate Title VII If An Employee is Worse Off Due to Discriminatory Reasons
by: Emily Burkhardt Vicente , Steven J. DiBeneditto Jr.
IRS Issues New Favorable Pipeline Ruling for REITs
by: George C. Howell, III , Thomas W. Ford, Jr.

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins