The European Data Protection Supervisor (EDPS) published opinions on MAD II, MiFID II and CRAs

17 February 2012

In the financial sector, the EDPS is particularly concerned about the data protection issues raised by the new powers of the supervisory authorities, especially in relation to access to communication data and inspection of private premises.

The opinions on 1) the legislative package for the revision of the banking legislation, 2) the Market Abuse Directive and regulation (MAD/MAR), 3) the Regulation and the Directive on Markets in Financial Instruments (MiFID/MIFIR), and 4) the revision of the credit rating agencies regulation (CRA) all raise similar data protection concerns. The EDPS therefore recommends:

•  inserting substantive provisions emphasising the applicability of existing data protection legislation;
  • adding specific safeguards to the provisions concerning transfer of data to third countries;
  • limiting access to private premises and records of telephone and data traffic to identified and serious violationsof the proposed legislation and clearly specifying the categories of telephone and data traffic records which are required to be retainedby financial institutions and/or provided to supervisory authorities;
  • assessing the necessity and proportionality of the proposed provisions on publications of sanctions. The publication obligation should be supported by adequate safeguards;
• ensuring that the identity of whistleblowers is protected;
• guaranteeing that appropriate procedures to ensure the right of the accused person to defence and to be heard as well as the right to seek effective judicial remedy against any decision or measure concerning him are put into place.

Opinions

Press release

© European Commission