Document Preview
  • Full Text
  • Trade Journal

EMEA: all systems go

Jackson, Olly.  ; London (Apr 27, 2018).

Full text preview

The focus in Europe has been on the General Data Protection Regulation (GDPR) with the May deadline fast approaching. In what is arguably the biggest change to data protection, the regulation has got employers in a tailspin. Consent is perceived to be the most troubling aspect of GDPR, as the regulation dramatically raises the standard required for businesses to obtain consent from data subjects. But for businesses there could be an easier way and many are going own a different path: they are said to be retreating from consent as a legal basis and moving to other bases which potentially have less of an impact on business models. Providing that the necessary requirements are met, this seems like a sensible solution to minimise disruption.

In further GDPR related news, non-EU firms remain unaware of the need for compliance. The regulation has a very strong extraterritorial effect, sending a strong message that EU data must be protected around the world. Because of this, non-EU firms that process European data are moving data centres into the EU. It is unclear how the EU will enforce extraterritoriality but a case four years ago provides some clues. The Google Spain decision judged that Google's data processing was subject to Spanish law because it 'orientates its activity towards the inhabitants of the member state'. Non-EU firms should expect the standard of enforcement to be the same as if they were based in the EU.

The EU is planning on bolstering investor protection for green bonds, in an effort to meet its 2030 climate targets. The EU High-Level Group on Sustainable Finance has proposed ensuring that funds are exclusively used to finance or refinance green projects, in line with a new EU sustainability taxonomy. A new set of exclusive green bond standards and an external reviewer should...