EU Rules Restricting the International Transfer of Non-Personal Data

February 29, 2024

The Case

While the EU GDPR regulates the international transfer of personal data, several recently enacted EU laws regulate the international transfer of non-personal data, which is any data that is not “personal data” under the GDPR. In other words, these new laws apply to data that does not relate to an identified or identifiable natural person, including anonymized data and data about industrial equipment, significantly expanding the types of data subject to international transfer restrictions.


Why Does This Matter?

The EU-US Adequacy Decision has been recently adopted. It will replace the Privacy Shield, which guides companies in transferring data between the two countries through self-certification under the EU-US Data Privacy Framework. 

The new Adequacy Decision Framework introduced significant improvements compared to the mechanism under the Privacy Shield.


InnReg's Experience

Since its inception in 2013, InnReg has developed deep expertise in compliance services related to customer data protection for EU-based fintechs.


Learn More About This Topic

For additional insights, read InnReg’s comprehensive guide to help with compliance towards EU regulations, as well as our analysis of the EU-US Adequacy Decision and its impact on GDPR.

Subscribe for Compliance Insights

Subscribe for Compliance Insights

Subscribe for Compliance Insights

In mid-February, the FTC announced a proposed settlement to resolve allegations that security software company Avast unfairly sold consumers’ granular and re-identifiable browsing information. This was after Avast informed consumers that its software would protect their privacy and that any disclosure of their browsing information would only be in aggregate and anonymous form.

On March 13, 2024, the European Union’s parliament formally approved the EU AI Act, making it the world’s first major set of regulatory ground rules to govern generative artificial intelligence (AI) technology.

From January 2018 to present, MMA failed to establish, maintain, and enforce a supervisory system, including written supervisory procedures (WSPs), reasonably designed to achieve compliance with rules governing outside business activities (OBAs). During this period, the firm failed to evaluate and document its evaluation of OBAs disclosed by its registered representatives as required by FINRA Rule 3270.

LinkedIn Innreg
X InnReg
Quora Innreg
Blog Innreg

© 2024 InnReg LLC

1101 Brickell Avenue
South Tower, 8th Floor
Miami, FL 33131

LinkedIn Innreg
X InnReg
Quora Innreg
Blog Innreg

© 2024 InnReg LLC

1101 Brickell Avenue
South Tower, 8th Floor
Miami, FL 33131