Category Data Protection
The FCA has updated FG 16/5, ‘Guidance for firms outsourcing to the ‘cloud’ and other third party IT services’. This update takes account of the publication of the European Banking Authority’s recommendations, and changes to relevant legislation.
Charles Randell, the recently appointed Chair of the FCA and the PSR, has delivered a speech, in which he discussed the increasing dominance of algorithms in our day to day lives, and noted some of the consequent issues that will need to be grappled with, as the rise of Big Data, AI and machine learning […]
On 23 May, the Data Protection Act 2018 was finally passed into law. The new Act repeals the Data Protection Act 1998, and facilitates the implementation into UK law of the General Data Protection Regulation (EU) 2016/679, which comes into effect on 25 May. We will be publishing an article in due course that will […]
The FCA has published a memorandum of understanding (MoU) it has entered with the Insolvency Service (IS). The MoU sets out the agreement between the IS and the FCA that governs the exchange of information to better deliver the objectives of both organisations, in particular, in respect of information relating to misconduct, investigations and enforcement. […]
The Department for Business, Energy and Industrial Strategy is consulting on proposals which, among other issues, seek to to improve the consumer experience in regulated markets for utilities, telecommunications and financial services and to ensure consumers buying and selling online benefit from new technology and business models, and have appropriate protection for their personal data. […]
The FCA and the PRA have both published their business plans for 2018/2019. The FCA’s business plan shines a spotlight on consumer protection, including in relation to pension products and high-cost credit, as an area of concern for the forthcoming year, as well as ongoing programmes such as Brexit, and firms’ culture and governance (including […]
In a recent report the Complaints Commissioner expressed concern about the absence of published information about how and in what circumstances information about live ombudsman cases may be shared between the FOS and the FCA. The complaint alleged that the FCA illegally influenced the FOS in its handling of complaints against a firm represented by […]
An update from FCA and the ICO confirms FCA’s view that firms can comply with both the GDPR and its rules. The update notes that GDPR is a board level responsibility, and firms must produce evidence to show what they have done to comply with it. FCA also notes that, although the ICO will regulate […]
We have written an article that assesses the UK’s developing cyber insurance market in the context of the changing regulatory landscape and looks at the possible benefits and risks associated with the proposal to share data breach information between insurers and the ICO.
We have written an article on the final countdown to GDPR compliance.
Following the publication of its discussion paper regarding the risks and opportunities, and characteristics of distributed ledger technology (DLT) in April 2017, the FCA’s feedback statement FS17/4 sets out responses received and the FCA’s next steps. The responses related to the following issues: operational risk, including outsourcing and network security; digital currency, including digital currency […]
The Lloyd’s Market Association (LMA), along with the International Underwriting Association of London, the London & International Insurance Brokers’ Association and the British Insurance Brokers’ Association, has published a London Insurance Market Core Uses Information Notice, which takes into account GDPR requirements. The Notice has been designed to assist a market participant and to help data […]
The European Union Agency for Network and Information Security (ENISA) has published a report on the commonality of risk assessment language in cyber insurance. ENISA comments on the growth of the cyber insurance market and its anticipated further expansion as a result of the General Data Protection Regulation and the Directive on Network and Information […]
The Information Commissioner’s Office (ICO) has launched an advice line in order to help small organisations prepare for compliance with the EU General Data Protection Regulation (GDPR), which is due to come into force in May 2018. The phone service is aimed at people running small businesses or charities and recognises the particular problems they face […]
On 20 October 2017, the FCA published a report on lessons learned from its regulatory sandbox. As a reminder, the regulatory sandbox allows firms to test innovative products, services and business models in a live market environment, while ensuring that appropriate safeguards are in place. The report contains the FCA’s reflections on how the sandbox […]
The EBA recently published a table which includes key questions around the Payment Services Directive 2 (PSD2) transposition activities and dates of the different EEA countries. In addition, the EBA has announced the release of two new publications in its ongoing series of working group papers, dealing with PSD2 and distributed ledger technology (DLT) driven opportunities for new […]
On 12 October 2017, the Association of British Insurers (ABI) published a blog on the impact of the GDPR on innovation in insurance. The ABI discusses a recent study on “Harnessing Innovation in European Insurance” undertaken by an independent research company, PAC, and BAE Systems. The study reports that “only one third of European insurers believe themselves to […]
Dr. Manuela Zweimüller, Head of Policy Department at EIOPA, has delivered a speech on what will the future hold? The European insurance industry in times of major disruption. The speech highlights challenges in respect of InsurTech, Brexit and Regulatory stability. EIOPA considers that the insurance industry needs to reinvent itself in respect of InsurTech and […]
Insurance Europe has published a webpage on cyber insurance and a template for breach notifications under GDPR.
We have written an article on the Government’s statement of intent for the Data Protection Bill.
The Information Commissioner’s Office has fined Provident Personal Credit Ltd £80,000 for sending nearly 1 million unsolicited texts promoting personal loans. The company used third party affiliates to send the communications, to which the recipients had not consented.
ESMA has responded to the Commission’s consultation on Fintech. It sees Fintech as a positive evolution so long as business models continue to aim to improve the customer experience and financial inclusion. It identifies some concerns that it thinks need to be addressed, including: the risks (from a market integrity and investor protection standpoint) and costs […]
The Information Commissioner’s Office (ICO) recently published its information rights strategic plan 2017 – 2021. The strategic plan sets out the ICO’s mission to increase the trust that the public has in government, public bodies and the private sector; including trust in transparency, in the digital economy and in digital public service delivery. It also […]
Giovanni Buttarelli, the European Data Protection Supervisor (EDPS) presented the EDPS Annual Report 2016 to the European Parliament’s Committee on Civil Liberties, Justice and Home Affairs on 4 May 2017. By way of reminder, the EDPS is the EU’s independent data protection authority, tasked with ensuring that the institutions and bodies of the EU respect […]
Economic and monetary affairs committee MEPs want the EU to accelerate the development of financial services enabled by new technologies (FinTech). Their key priorities are: Cybersecurity and data protection: the need for end-to-end security across the whole financial services value chain and to create more awareness among the consumers regarding the value of their personal […]
The ICO has fined Monevo Limited, a finance brokerage firm, £40,000 for sending unsolicited marketing texts without proper consent. Between April 2016 and June 2016, the company sent 44,172 texts encouraging people to apply for loans and 130 complaints were made, prompting the ICO investigation. Under the Privacy and Electronic Communications (EC Directive) Regulations 2003, […]
The UK Government has launched a Call for Views on the derogations (exemptions) from the EU General Data Protection Regulation (GDPR), which comes into force on 25 May 2018. Although there is limited scope for flexibility, the GDPR does allow member states to exercise their discretion over how certain provisions of the GDPR will apply […]
On 10 April 2017, Christopher Woolard, the FCA’s Executive Director of Strategy and Competition delivered a speech at the Innovate Finance Global Summit in London. The speech considers the work of the FCA’s Project Innovate to date including the Regulatory Sandbox initiative. Mr Woolard explained the FCA’s commitment to supporting innovation and its desire for […]
The FCA has published a discussion paper on distributed ledger technology (DLT). The discussion paper describes DLT and acknowledges blockchain as a type of DLT. The FCA invites a discussion on two sets of issues: What new risks and opportunities does DLT present to the FCA’s statutory objectives of market integrity, consumer protection and competition? Can DLT […]
The government’s vision is for UK financial services to be the most competitive and innovative in the world, supplementing existing services with greater choice and value for consumers. The innovation plan covers how financial services regulators are adapting and encouraging new technologies and disruptive business models, and better utilising new technologies to reduce regulatory burdens […]
John Griffith-Jones, Chairman of FCA and Payment Systems Regulator, has written to Rt Hon. Andrew Tyrie MP, Chairman of the Treasury Committee, about contactless card fraud. In 2015 there was £2.5m of reported contactless fraud, out of £7.75bn of contactless transactions. In his letter, Griffith-Jones highlights the key risk as merchants who process payments ‘offline’ (ie batch […]
In a statement made at an ECB Fintech Workshop, Sabine Lautenschläger (Member of the Executive Board of the ECB and Vice-Chair of the Supervisory Board of the ECB) told the audience how the ECB sees some of the following as risks: New players make the market more competitive. And that could squeeze profits and force […]
The ICO has fined a credit broker £20,000 for sending unsolicited communications in breach of regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003. Munee Hut markets its services partly through affiliates that send marketing texts that direct recipients to Munee Hut’s website. Between mid-2015 and spring 2016, 885 complaints were made about receipt […]
Simon Kirby, Economic Secretary to the Treasury, spoke at the LSE Global Fintech Investor Forum where he emphasised UK dominance in Fintech innovation. Mr Kirby gave three examples of what others envy in the British system: FCA’s regulatory sandbox, the Bank of England’s Fintech Accelerator and the Fintech Delivery Panel. He also mentioned the Open […]
The Information Commissioner’s Office (ICO) and FCA have published a summary of their forum on the use of Big Data in retail general insurance. The forum, held on 16 January 2017, was to engage with the insurance industry following stakeholder concerns raised as part of FCA’s call for input, on which it published a feedback statement […]
The Government has published its White Paper on building a new relationship with the EU after Brexit. The paper looks at the basis on which the Government wants to address the 12 principles Theresa May set out on 17 January. However, the Government says it has respected Parliament’s wish that it does not publish detail […]
The first report of the committee on exiting the EU calls for the Government to publish its Brexit plan by mid-February, and says that plan should set out the Government’s position on membership of the single market and should commit that Parliament will be able to vote on the final Treaty. Among the priorities the […]
The House of Commons Library has published a report looking at how many EU laws are directly applicable in the UK (around 5,000), and will therefore cease to apply in the UK once the European Communities Act 1972 is repealed, unless other provision is made for them. The Government says the so called “Great Repeal […]
The Information Commissioner’s Office (ICO) has issued Royal & Sun Alliance Insurance PLC (RSA) with a monetary penalty notice (£150,000) because of a serious breach of the seventh principle (the requirement to keep data secure) of the Data Protection Act 1998 by RSA. Between 18 May 2015 and 30 July 2015, a portable Network Attached […]
The ICO has recently issued a revised Privacy Notices Code of Practice, which we have reviewed in our recent article on the Code for the Privacy and Data Protection Journal.
The UK Government has confirmed that the UK will adopt the GDPR . Secretary of State Karen Bradley MP stated: ‘We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be […]