The last two weeks has seen further activity on the new EU –US Privacy Shield agreement and work start on the new ePrivacy legal framework. Discussions on the EU-US Privacy Shield indicate that there is still some way to go before key regulators such as the Article 29 Working Party and the European Data Protection Supervisor are comfortable with it.

Work on developing the new ePrivacy legal framework will no doubt look to incorporate the new General Data Protection Regulation on which we are still awaiting publication of the final text, something that is anticipated next month. 


  • EUROPEAN PARLIAMENT HEARING – The new EU-US Privacy Shield for commercial transfers of EU personal data to the US

On Thursday, 17 February 2016, the European Parliament’s Civil Liberties, Justice and Home Affairs committee (LIBE) organised a public hearing on the new ‘EU-US Privacy Shield for commercials transfers of EU personal data to the US’, that was agreed on 2 February 2016.

Chairwoman of the Article 29 Working Party (WP29), Isabelle Falque-Pierrotin (French Data Protection Authority), stated that the WP29 will specifically assess the function of the Ombudsperson, which is created by the Privacy Shield to allow civilians to address complains regarding access by national authorities to personal data. Ms Falque-Pierrotin  further stated that the WP29 will also closely review the possibility for European data protection authorities to unilaterally review the Privacy Shield. This in addition to the annual joint review mechanism that will monitor the functioning of the Privacy Shield. A final key issue that the WP29 will assess is data retention limitations, a core principle of EU data protection legislation, that is incorporated in the Privacy Shield.

The European Data Protection Supervisor (EDPS), Giovanni Buttarelli, stated that the EDPS will issue a separated opinion from the one of the WP29, which might imply political diverging views between the two bodies on the matter.

Please find here a link to the programme of the hearing.

Next steps:

o    7 April 2016: EU member states officials meet to start assessment of Privacy Shield, which will ultimately lead to a binding decision;

o    12-13 April 2016: WP29 plenary session. EU national data protection authorities to issue a non-binding opinion on Privacy Shield;

o    June 2016: European Commission aims to have Privacy Shield in effect.


On Friday, 18 March 2016, ACCIS submitted a response to the Green Paper on Retail Financial Services incorporating BIIAs views.

It is expected that the European Commission will publish the Retail Financial Services Action Plan in July-September 2016, outlining the policy actions it intends to propose on various aspects of retail financial services in Europe. A copy of the response is attached. Whilst it had been our intention to submit a response separately by our association due to time constraints this was not possible. We are however very comfortable with the points made by ACCIS.


o    On Tuesday 12 April 2016, in Brussels, a Stakeholder Workshop: Towards a future proof ePrivacy legal framework, hosted by the European Commission will take place. The workshop will discuss the key issues around the new ePrivacy legal framework. Link to the event . BIIA will be represented at the event by ACCIS

Submitted by Neil Munroe,  BIIA Director and member of the BIIA Regulatory Committee

Neil can be reached at:  e:
m: +44 (0) 7710 844518

p: +44 (0) 1923 284604
Skype: neilmcrs