GDPR

Subscribe to GDPR via RSS

The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations.

By Christian F. McDermott, Myria Saarinen, Calum Docherty, Charlotte Guerin, Jiou (Alex) Park, and Amy Smyth

The use of card, contactless, and innovative digital payment solutions has significantly increased in recent years, fueled by the immediate impacts of the ongoing COVID-19 pandemic and the longer-term growth of e-commerce and open banking. In this context, the legal and regulatory environment around payment data is no longer limited to traditional actors in the banking sector or the long-established ambit of banking secrecy rules. As such, stakeholders from fintech startups to established technology giants face an increasing patchwork of compliance obligations.

As contactless transactions boom, EU regulators publish draft guidelines on the interplay between the GDPR and PSD2.

By Fiona M. Maclean, Christian F. McDermott, Calum Docherty, and Amy Smyth

Last year, more than half of all payments in the UK were made by card and contactless methods, while cash made up less than a quarter of all payments for the first time, according to the trade association UK Finance. The COVID-19 pandemic has accelerated the shift towards a cashless society, as governments across Europe encourage citizens and businesses to adopt cashless solutions. At the start of the lockdown, in the spring, ATM transaction volumes in the UK fell 62% year on year, while the daily cash transaction volumes dropped by as much as 90% in Spain, according to the Financial Times.

The FCA is considering whether alternative data could introduce new risks to market integrity.

By Rob Moulton, Fiona Maclean, Stuart Davis, and Charlotte Collins

The FCA’s recently published Insight article explores how alternative data might give rise to market abuse risks. The article reports a significant increase in spending on alternative data in recent years, leading to questions about whether access to such data might provide recipients of the data with an unfair informational advantage over other market participants.

While traditional sources of data, such as a company’s financial statements, may contain inside information and must be treated appropriately before they are made public, the nature of alternative data is less clear-cut. Alternative data does not come from the company itself, and may derive from (or be extrapolated from) a number of sources. Alternative data may allow those with access to know things about a company that others in the market do not know, or that the company itself does not know. This may be the case, even if, as is frequently the case, the pool of structured/unstructured data used by the analytics engine is in the public domain. Evidently, this could provide trading opportunities that put the holder of such information at an advantage, as compared with other market participants.

A key example of where alternative data has raised concerns recently is in relation to so-called “secret polling”. The government has had exchanges with the FCA concerning the potential use of private polling data to obtain a trading advantage in advance of election results. The regulator’s view is that, while the Market Abuse Regulation (MAR) might be engaged by such activities, MAR would only apply if the underlying information were to constitute inside information. This is unlikely to be the case, unless the information met the MAR recital 28 test of information “routinely expected by the market” to be published, such as weekly BBC opinion polls. Therefore, MAR does not restrict the sharing of polling information that is not inside information. However, this position clearly raises political questions of fairness, as those able to pay for and access the data may well gain an advantage in the market, and those providing the data may not understand the use to which it will be put.