Privacy

CPFB Releases Consumer Protection Principles for Consumer-Authorized Financial Data Sharing and Aggregation

By Katherine Mooney Carroll, Diana Yu & Gareth Kristensen on October 26, 2017

On October 18, the Consumer Financial Protection Bureau (the “CFPB”) released the Consumer Protection Principles: Consumer-Authorized Financial Data Sharing and Aggregation (the “Principles”). The Principles represent a cautious step forward by the CFPB in providing guidance on how institutions holding customer accounts (such as banks) should share information with service providers, including “fintech” companies that obtain customer authorization to access their account information in order to provide services to such customers. Such data aggregation-based service providers can provide useful products and services to consumers, such as fraud screening, identity verification, personal financial management and bill payment, and promote competition in the financial services market. With respect to fraud screening and identity verification services in particular, in the aftermath of the recent Equifax breach, the appeal of such services is obvious. However, with additional sharing of data comes additional risks—the increase in data access points, albeit consumer-authorized, presents new challenges from a cybersecurity and privacy perspective, increasing the possibility of consumers inadvertently losing control of their information.
Continue Reading CPFB Releases Consumer Protection Principles for Consumer-Authorized Financial Data Sharing and Aggregation

EU-U.S. Privacy Shield Functions Well, with Scope for Improvement, According to its First Annual Review

By Emmanuel Ronco, Natascha Gerlach, Gareth Kristensen & Lucinda Smart on October 23, 2017

Posted in European Union, Privacy, United States

On October 18, 2017, the European Commission published its report on the functioning of the EU-U.S. Privacy Shield framework (the “Privacy Shield”), marking the conclusion of its first joint annual review of the regime. The Privacy Shield, which is administered by the International Trade Administration within the U.S. Department of Commerce (“DOC”), provides companies on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union to the United States. To join the Privacy Shield, a U.S.-based organization is required to self-certify to the DOC and publicly commit to comply with the Privacy Shield requirements. While joining the Privacy Shield is voluntary, once an eligible organization makes the public commitment to comply with the Privacy Shield requirements, the commitment will become enforceable under U.S. law.
Continue Reading EU-U.S. Privacy Shield Functions Well, with Scope for Improvement, According to its First Annual Review

Schrems Ruling: Renewed Scrutiny of Standard Contractual Clauses for EU-US Personal Data Flows

By Emmanuel Ronco & Gareth Kristensen on October 18, 2017

Posted in European Union, Privacy, United States

Earlier this month, in the latest ruling to emerge from the privacy campaign initiated by activist Max Schrems, the Irish High Court cast fresh doubt on the legitimacy of so-called Standard Contractual Clauses (“SCCs”, also commonly referred to as Model Contracts) as an approved method of ensuring lawful personal data transfers from the European Economic Area (“EEA”) to the United States. In this case, Mr. Schrems, joined by the Irish Data Protection Commissioner (“DPC”), objected to Facebook Ireland Ltd. transferring personal data to its parent company in the U.S., Facebook Inc.
Continue Reading Schrems Ruling: Renewed Scrutiny of Standard Contractual Clauses for EU-US Personal Data Flows

Amélie Champsaur

Amélie Champsaur’s practice covers a broad range of financial regulatory, compliance and enforcement matters, at French and EU level.

View Latest Posts

Daniel Ilan

Daniel Ilan’s practice focuses on intellectual property law.

View Latest Posts

Chase D. Kaniecki

Chase Kaniecki’s practice focuses on international trade and national security matters, including CFIUS and global foreign direct investment, economic sanctions, export controls, customs, and trade…

View Latest Posts

Joon H. Kim

Joon H. Kim’s practice focuses on white-collar criminal defense, internal corporate investigations, regulatory enforcement, and crisis management, as well as complex commercial litigation and arbitration.

View Latest Posts

Jonathan S. Kolodner

Jonathan S. Kolodner’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

View Latest Posts

Rahul Mukhi

Rahul Mukhi’s practice focuses on criminal, securities, and other enforcement and regulatory matters as well as on complex commercial litigation.

View Latest Posts

James Norris-Jones

James Norris-Jones has substantial experience of English and international commercial dispute resolution including litigation, arbitration, investigations, and enforcement.

View Latest Posts

Menu

Cleary Cybersecurity and Privacy Watch

Privacy

CPFB Releases Consumer Protection Principles for Consumer-Authorized Financial Data Sharing and Aggregation

EU-U.S. Privacy Shield Functions Well, with Scope for Improvement, According to its First Annual Review

Schrems Ruling: Renewed Scrutiny of Standard Contractual Clauses for EU-US Personal Data Flows