Sep 262023

New EU FIDA Proposal: How Does This Affect GDPR?

William RM Long, Francesca Blythe and Lauren Cuyvers
, , , ,

The European Commission issued the Financial Data Access Act (FIDA) proposal in June this year. FIDA will create a legislative framework that aims to “bring payments and the wider financial sector into the digital age” by facilitating the sharing of and access to customer financial data (whether of businesses or consumers).

Organisations across the financial services industry will be impacted, including, “financial information service providers”. Noncompliance with FIDA can give rise to fines up to 2% of annual worldwide turnover and a ban of up to 10 years for responsible individuals to exercise managerial functions at a financial information service provider.

FIDA is part of the broader EU digital finance and data strategy pursued by the Commission and is consistent with the EU’s overarching strategy to make “Europe fit for the digital age”, on the basis of which a number of other laws have been developed including the proposed EU Artificial Intelligence Act (AI Act), the EU Data Act and new cybersecurity laws such as the Digital Operational Resilience Act (DORA).

View Article

This post is as of the posting date stated above. Sidley Austin LLP assumes no duty to update this post or post about any subsequent developments having a bearing on this post.

William RM Long

London

wlong@sidley.com

Francesca Blythe

London

fblythe@sidley.com

Lauren Cuyvers

Brussels

lcuyvers@sidley.com

You might also like
Top 10 Questions on the EU AI Act

The EU AI Act will be the first standalone piece of legislation worldwide regulating the use and provision of AI in the EU, and will form a key consideration in AI governance programs. The AI Act will have a significant impact on many organizations inside and outside the EU, with failure to comply potentially leading to fines of up to 7% of annual worldwide turnover.

EU Formally Adopts Cyber Law for Connected Products

On 12 March 2024, the European Parliament approved the EU Cyber Resilience Act (“CRA”) with a large majority of 517-12 votes in favor of the legislation (with 78 abstentions). The CRA aims to ensure that “products with digital elements” (“PDE”) i.e., connected products such as smart devices, and remote data processing solutions, are resilient against cyber threats and provide key information in relation to their security properties.

Chambers 2024 Global Practice Guides for Data Protection & Privacy and Cybersecurity
The newest editions of the Chambers Global Practice Guides have been published and, once again, Sidley lawyers have contributed to two guides: Data Protection & Privacy 2024 and Cybersecurity 2024. These publications cover important developments across the globe and offer insightful legal commentary for businesses on issues related to data privacy and cybersecurity, such as regulatory enforcement and litigation, global cooperation to combat cybercrime, international agreement on ‘Software Security by Design,’ a global approach to policy on artificial intelligence, and more. Sidley partner Alan Charles Raul is a contributing editor to both guides in addition to authoring the introductions. The UK chapters of Cybersecurity 2024, covering “UK Law and Practice” and “UK Trends and Development” were authored by Sidley lawyers William Long, Francesca Blythe, Denise Kara, and Eleanor Dodding.