In this issue:
Schrems II
Information Law analysis: The judgment of the Court of Justice in the case of Facebook Ireland and Schrems (commonly known as Schrems II) has been published. The judgment relates to two key mechanisms used to legitimise transfers to third countries under the General Data Protection Regulation, (the GDPR). In summary, the Court of Justice has invalidated the EU-US Privacy Shield mechanism and specified that any use of standard contractual clauses (SCCs) must offer an adequate level of protection of personal data in practice (based on a case by case assessment of the circumstances of the transfer). See News Analysis: , written by Bridget Treacy, partner, and James Henderson, associate, at Hunton Andrews Kurth.
The European Data Protection Supervisor (EDPS) has welcomed the Schrems II judgment and highlighted that it is the second time in five years ‘that a European Commission adequacy decision concerning the United States is invalidated by the Court’. The EDPS had previously shared criticisms regarding the Privacy Shield by emphasising the importance of ensuring a high level of protection of personal data once transferred from the EU to third countries. The EDPS has also welcomed the clarifications provided by the Court of Justice of the European Union in confirming the validity of Standard Contractual Clauses. See: and .
The EDPB also published Frequently Asked Questions regarding the judgment. See: .
The ICO has released a number of statements on the Schrems II judgment. It says it is considering the judgment and its impact on international data transfers, which are vital for the global economy. It stands ready to support UK organisations and will be working with UK government and international agencies to ensure that global data flows may continue and that people’s personal data is protected. See: .
It is reviewing its Privacy Shield and Standard SCC guidance. See: .
The ICO states that ‘this judgment has wider implications than just the invalidation of the EU-US Privacy Shield. It is a judgment that confirms the importance of safeguards for personal data transferred out of the UK.’ In its statement, it also confirmed that the FAQs, issued by the European Data Protection Board (EDPB), on the invalidation of the Privacy Shield and its effect on SCCs, still apply to UK controllers and processors. As such, a risk assessment should be conducted to determine ‘whether SCCs provide enough protection within the local legal framework’ for international transfers. In addition, the ICO is taking time to consider the role of supervisory authorities in the oversight of international transfers and are continuing to provide ‘practical and pragmatic advice and support’ alongside a ‘risk-based and proportionate approach in accordance with our Regulatory Action Policy.’ See: .
You can expect your organisation’s privacy notices to be more closely scrutinised in relation to transfers of personal data outside the UK/EEA. See updated Precedents: and .
See further Law360, London News Analysis: and .
Coronavirus (COVID-19)
The ICO has updated its regulatory approach during the coronavirus (COVID-19) public health emergency. UK Information Commissioner, Elizabeth Denham, has reiterated the importance for the ICO to respond ‘pragmatically and empathetically’ to the crisis. The regulatory approach has been updated with small additions, notably by reflecting the ability to conduct audit work remotely. See: .
MLex: UK businesses must resume their data protection obligations now that the coronavirus pandemic is no longer causing the same impact on their operations, a senior official at the ICO has said. Simon McDougall, the ICO’s executive director, also said that an investigation into the adtech industry would resume, after being put on hold during the crisis. See News Analysis: .
Binding corporate rules and Brexit
The EDPB has published an information note on BCRs for organisations which have the ICO as the competent supervisory authority, explaining steps they need to take if they wish to rely on their BCRs as a valid transfer mechanism for transfers of personal data outside the EEA after the end of the Brexit transition period. See: .
ICO annual report
The ICO has published its annual report for 2019–20. The activity period covered has been described by the Information Commissioner, Elizabeth Denham, as a ‘transformative period for privacy and data protection and broader information rights’. See: .
EDPS Opinion on money laundering and terrorism financing policy
The EDPS has published a press release on its Opinion, which reacts to the European Commission’s action plan for a comprehensive Union policy on preventing money laundering and terrorism financing (C(2020)2800 final). See: .
Review of revised FATF standards on virtual assets published
The Financial Action Task Force (FATF) has published a 12-month review of the revised FATF standards on virtual assets, as well as their service providers. See: .
EU anti-money laundering
In a resolution adopted on 10 July 2020, EU MEPs have welcomed the European Commission’s Action Plan on how to fight effectively against money laundering and terrorist financing, including giving the European Central Bank (ECB) more powers and creating an improved asset-freezing regime. See: , and News Analysis: , and .
The Global Legal Entity Identifier Foundation (GLEIF) has published a blog on the role of legal entity identifiers (LEIs) in the European Commission’s anti-money laundering (AML) and counter-terrorist financing (CTF) legislative reforms. See: .
The European Commission has extended the feedback period for its AML and CTF action plan to 26 August 2020. See: .
5MLD Trust Registration Service consultation
HMRC has announced the outcome of its technical consultation on the Fifth Money Laundering Directive and Trust Registration Service. The Money Laundering and Terrorist Financing (Amendment) (EU Exit) Regulations 2020, have now been laid for consideration by the European Statutory Instruments Committee in the House of Commons and the Secondary Legislation Scrutiny Committee in the House of Lords. See: .
Beneficial ownership registers
The Foreign & Commonwealth Office has announced that eight Overseas Territories are to introduce publicly accessible registers detailing who owns the companies in their territory. See: .
JMLSG guidance
The Joint Money Laundering Steering Group (JMLSG) has published new guidance on pooled client accounts and cryptoassets. There is also a minor amendment to paragraph 5.3.53 within Part I of the JMLSG guidancce. See: .
FCA Register
The Financial Conduct Authority (FCA) has launched its updated Financial Services Register. See: .
Gambling Commission coronavirus (COVID-19) emerging risks bulletin
The Gambling Commission has published its third coronavirus (COVID-19) emerging risks bulletin. See: .
Global Human Rights
The UK has launched the Global Human Rights regime, the UK's first sanctions regime operating under the through the Global Human Rights Sanctions Regulations 2020 (GHRSR), which came into force on 6 July 2020. The regime ensures that UK sanctions relating to serious human rights violations are effectively implemented through asset freezes and entry bans on the listed individuals and entities. So far, 47 individuals and two entities are on the list, a majority of those being individuals involved in the deaths of Sergei Magnitsky and Jamal Khashoggi. See: . The Foreign & Commonwealth Office has published guidance to help with the implementation of and compliance with the new regime. See: .
John Binns, partner at BCL Solicitors LLP and member of the Lexis®PSL Corporate Crime Consulting Editorial Board, discusses the new Global Human Rights Sanctions Regulations 2020, popularly referred to as ‘Magnitsky’ sanctions, and offers advice on the practical steps businesses and lawyers can take to comply with the sanctions. See News Analysis: . See also News Analysis: , written by Ben Smith, researcher at the House of Commons Library.
The US Department of State has released a response statement, written by the US Secretary of State Michael Pompeo, on the UK’s establishment of a Global Human Rights Sanctions Regime ‘commending’ the UK for its ‘continued global leadership on the promotion and protection of human rights’. See: .
OFSI guidance
The Office of Financial Sanctions Implementation (OFSI) has published the Sanctions Act licence application form. See: .
OFSI has also published new guidance for the maritime sector. See: .
Tax evasion
The Organisation for Economic Co-operation and Development (OECD) has issued a press release stating that the international community continues making tremendous progress in the fight against offshore tax evasion. See: .
Law360: The European Commission has begun a competition to build a think tank that would help the EU fight tax evasion, drawing on the expertise of tax professionals and non-governmental organisations. See News Analysis: .
Criminal records disclosure regime
The government has laid a Statutory Instrument to amend the filtering rules under the that govern what is automatically disclosed through standard and enhanced criminal records certificates issued by the Disclosure and Barring Service. This will amend current legislation to ‘remove the requirement for automatic disclosure of youth cautions, reprimands and warnings and remove the ‘multiple conviction’ rule, which requires the automatic disclosure of all convictions where a person has more than one conviction, regardless of the nature of their offence or sentence’. See: .
Cyber incidents
UK Finance has published a white paper intended to help financial services firms as they reflect on their cyber incident response plans. See: .
Deferred prosecution agreements
The Serious Fraud Office has announced that it has received final approval to enter into a deferred prosecution agreement (DPA) with G4S Case and Justice Services (UK) Ltd, which attempted to defraud the Ministry of Justice by concealing the true extent of profits from the provision of electronic monitoring of offenders services. See: , News Analysis: and, written by Quinton Newcomb, barrister, and Lucia Cabello, Spanish qualified lawyer, at Fulcrum Chambers, News Analysis: .
Bribery
The Serious Fraud Office (SFO) has convicted two former Unaoil executives for giving corrupt payments to public officials for oil contracts in Iraq. See: and News Analysis: .
The Home Office has released its year two update to its anti-corruption strategy. See: .
Economic crime levy
HM Treasury has opened a consultation on the subject of the economic crime levy, which the government intends to introduce to fund new government action to combat money laundering, and help deliver the reforms committed to in the 2019 Economic Crime Plan. The consultation closes on 14 October 2020. See: .
The Health and Safety Executive (HSE) has published five practical steps to be used by businesses in Great Britain to ensure they are 'COVID-19 secure'. See: .
Employment analysis: The ’Working safely during coronavirus (COVID-19)’ guidance published originally by BEIS has been updated three times in the last month, with updates variously across all workplace sectors that it covers to add advice on areas including local lockdowns, discouraging shouting, ventilation, use and disposal of face covering and PPE, keeping records of staff, customers and visitors, keeping records of staff shift patterns, opening customer restaurants and cafes and what to do in the event of a COVID-19 outbreak in the workplace. Two additional guides have also been published covering performing arts and providers of grassroots sports and gym/leisure facilities. See (in chronological order) News Analysis:
.
The Department of Health and Social Care has released guidance on the subject of how to recognise, contain and report incidents of coronavirus (COVID-19). See: .
* denotes a required field
0330 161 1234