Choose the experimental features you want to try

This document is an excerpt from the EUR-Lex website

Document 52014XX0920(01)

    Executive summary of the Opinion of the European Data Protection Supervisor on the proposal for a Regulation of the European Parliament and of the Council on structural measures improving the resilience of EU credit institutions and on the proposal for a Regulation of the European Parliament and of the Council on the reporting and transparency of securities financing transactions

    OJ C 328, 20.9.2014, p. 3–4 (BG, ES, CS, DA, DE, ET, EL, EN, FR, HR, IT, LV, LT, HU, MT, NL, PL, PT, RO, SK, SL, FI, SV)

    20.9.2014   

    EN

    Official Journal of the European Union

    C 328/3


    Executive summary of the Opinion of the European Data Protection Supervisor on the proposal for a Regulation of the European Parliament and of the Council on structural measures improving the resilience of EU credit institutions and on the proposal for a Regulation of the European Parliament and of the Council on the reporting and transparency of securities financing transactions

    (The full text of this Opinion can be found in English, French and German on the EDPS website (www.edps.europa.eu))

    2014/C 328/03

    1.   Introduction

    1.

    On 29 January 2014, the Commission adopted two proposals on the regulation of the European banking system: a proposal for a Regulation of the European Parliament and of the Council on structural measures improving the resilience of EU credit institutions (‘the proposal on credit institution resilience’) (1), and a proposal for a Regulation of the European Parliament and of the Council on the reporting and transparency of securities financing transactions (‘the proposal on transparency of SFTs’) (2). The proposals form part of the wide-ranging overhaul of financial regulation and supervision which the EU has undertaken since the onset of the financial crisis. They set out rules for preventing the biggest and most complex banks from engaging in proprietary trading, they would give supervisors the power to require those banks to separate certain potentially risky trading activities from their deposit-taking business and would increase transparency of certain transactions in the shadow banking sector. They are accompanied by a single impact assessment and were adopted together as a package.

    2.

    Each proposal involves the processing of personal data including the publication of details about individuals who have been subject to sanctions for breaches of the proposed rules. It is regrettable therefore that the EDPS was not consulted prior to the adoption of the proposals, as required by Article 28(2) of Regulation (EC) No 45/2001 (3). The EDPS recognises the legitimate public policy goal behind these proposals, and welcomes the fact that some data protection safeguards are envisaged. However, there are several areas where greater attention to the rights of the individual is required.

    4.   Conclusion

    19.

    The EDPS is pleased to note that some account has been taken of data protection aspects in the proposals, and recommends a fuller integration of respect for the rights to privacy and the protection of personal data by means of the following changes:

    (a)

    the inclusion of a general provision for all processing of personal data pursuant to the proposed regulations to be subject to the rules laid down in Directive 95/46/EC and Regulation (EC) No 45/2001;

    (b)

    an appropriate maximum term in the proposal on transparency of SFTs for personal information to be retained by counterparties to an SFT;

    (c)

    regarding the provisions derogating from the obligation for confidentiality and professional secrecy in the proposal on transparency of SFTs: (i) clarification on whether or not personal data are within the scope of this derogation, and if so, the inclusion of a statement that those data may only be processed for compatible purposes and in accordance with applicable data protection rules; (ii) clarification whether personal data transfers to third countries are envisaged and if so, add a statement that such transfer may only take place in accordance with national provisions implementing Articles 25 and 26 of Directive 95/46/EC;

    (d)

    clarifying that the power to issue a public warning about identified individuals should not be exercised automatically but rather only on a case by case basis and where appropriate and proportionate;

    (e)

    regarding the provisions for publication of sanctions: (i) the inclusion of a requirement in both regulations to consider separately each case and its particular circumstances on the basis of necessity and proportionality prior to any decision to publish the identity of the person subject to a sanction; and (ii) specifying a maximum retention period for personal data published as part of information on sanction decisions on competent authorities' websites.

    Done at Brussels, 11 July 2014.

    Giovanni BUTTARELLI

    Assistant European Data Protection Supervisor


    (1)  COM(2014) 43 final.

    (2)  COM(2014) 40 final.

    (3)  See EDPS policy paper: ‘The EDPS as an advisor to EU institutions on policy and legislation: building on ten years of experience’, 4 June 2014, available on the EDPS website at www.edps.europa.eu


    Top