EU Rules Restricting the International Transfer of Non-Personal Data
February 29, 2024
The Case
While the EU GDPR regulates the international transfer of personal data, several recently enacted EU laws regulate the international transfer of non-personal data, which is any data that is not “personal data” under the GDPR. In other words, these new laws apply to data that does not relate to an identified or identifiable natural person, including anonymized data and data about industrial equipment, significantly expanding the types of data subject to international transfer restrictions.
Why Does This Matter?
The EU-US Adequacy Decision has been recently adopted. It will replace the Privacy Shield, which guides companies in transferring data between the two countries through self-certification under the EU-US Data Privacy Framework.
The new Adequacy Decision Framework introduced significant improvements compared to the mechanism under the Privacy Shield.
InnReg's Experience
Since its inception in 2013, InnReg has developed deep expertise in compliance services related to customer data protection for EU-based fintechs.
Learn More About This Topic
For additional insights, read InnReg’s comprehensive guide to help with compliance towards EU regulations, as well as our analysis of the EU-US Adequacy Decision and its impact on GDPR.
The Consumer Financial Protection Bureau ("CFPB") issued a Consent Order against San Francisco-based fintech Chime Financial for allegedly withholding refunds beyond the 14-day window for closed accounts established in the Company's agreement with account holders.
The FTC recently took action against bill payment company Doxo and its co-founders, accusing them of deceptive “junk fee” practices that harmed consumers.
FINRA has fined Stifel Independent Advisors, alleging violations of rules regarding nontraditional exchange-traded products (NT-ETPs).
