January 2020

January 2020 EU affairs newsletter

  • EU Work programme
    • EU Commission 2020 work program insists on data, digital and SMEs
  • Company reporting
    • EU Commission consults on its Roadmap on the revision of the Non-Financial Reporting directive
  • Public Sector Information
    • Documents from the last PSI Expert Group meeting available
  • Capital Markets Union
    • Council sets objectives for the deepening of the project
  • FinTech
    • EC Expert Group on Regulatory Obstacles to Financial Innovation produced report on action to FinTech regulation
  • Data Protection
    • French DPA CNIL consultation on its draft recommendations on the use of cookies
  • Late payments
    • CJUE ruling blames Italy for bad transposition of the late payments’ directive





EU Work programme

EU Commission 2020 work program insists on data, digital and SMEs


The European Commission has published its 2020 work program on 29th January 2020 and it clearly puts the focus on the EU data environment, on digital and on better enabling SME transformation and growth in the Internal Market.

The work program, which can be accessed here, also contains a number of annexes listing the current and planned regulatory initiatives for 2020 , and also the ones that the EU Commission proposes to repeal to avoid double legislation and to strive for simplification.

Among the new EU initiatives, some are of particular importance for FEBIS members such as:

-          The Digital Services Act, planned for Q4 2020

-          The Action Plan on FinTech including a Strategy on an Integrated EU Payments Market, planned for Q3 2020

-          The White Paper on Artificial Intelligence, planned Q1 2020

-          The European Strategy for Data, also planned for Q1 2020: this one will be of great importance for FEBIS members as it outlines the global EU approach to data management, policies, and data sharing and access.

-          The Action Plan on Anti-Money Laundering, planned for Q1 2020

The Commission also plans to re-evaluate some existing initiatives such as:

-          Evaluation of the 'SME Definition', to see if it needs revision

-          Fitness Check on Public Corporate Reporting by companies  : The aim of this fitness check is to assess whether EU legislation on regular and public reporting by companies continues to meet the stakeholders’ need for information on companies’ activities, performances, risks, and impacts

-          Commission Proposal to review Directive 2008/48/EC on credit agreement for consumers

Interestingly among the proposals that the EU Commission intends to withdraw is the draft Proposal for a regulation setting out the conditions and procedure by which the Commission may request undertakings and associations of undertakings to provide information in relation to the internal market and related areas.


Company reporting

EU Commission consults on its Roadmap on the revision of the Non-Financial Reporting directive


The European Commission just unveiled on January 30th a Roadmap consultation on the possible revision of the Non-Financial reporting directive.

This initiative will modify the requirements on some companies to publicly report certain non-financial information, including information about the environmental and social performance and impacts of the company. The aim is to ensure that investors, civil society organisations and other interested parties have access to the information that they need, while not imposing excessive reporting obligations on companies.

The consultation period runs from 30 January to 27 February 2020 and is about the question of the possible revision of the directive. After the consultation, the EC will hold formal consultations on the possible draft revised text, which is forecast for Q4 2020.

More information can be  found at https://ec.europa.eu/info/law/better-regulation/initiatives/ares-2020-580716


Public Sector Information

Documents from the last PSI Expert Group meeting available


The EC has just released publicly the documents from the last meeting of the PSI Expert Group, which is looking at the forthcoming Implementing Act on High-Value Datasets under the open data/PSI directive.
More information can be seen at :

It includes inter alia  the Agenda  and the  Minutes of the meeting of 29th October 2019.

Presentations available include :

·       PSI Group and subgroups: new roles following the establishment of the Open Data Committee by Elisabeth Bertrand, DG CNECT

·       European Data Portal – new developments in 2019 and first elements of the Maturity Report by Gianfranco Ceccioni, EDP

·       Czech Republic prior to HVDs by Jakub Malina, CZ Ministry of the Interior

·       Feedback received from the MS on the HVDs by Michal Kuban, DG CNECT

·       Basic Data Programme in Denmark by Adam Arndt, DK Agency for Digitisation

·       Public service of reference data in France by Perica Sucevic, ETALAB



Capital Markets Union

Council sets objectives for the deepening of the project


The Council adopted conclusions on the deepening of the capital markets union (CMU). CMU is an EU initiative which aims to deepen and further integrate the capital markets of EU member states. It is a crucial means to diversify businesses' sources of financing and can  make appropriate new investment opportunities for wider part of citizens, including retail investors, taking into account the low interest rate environment and the needs of the aging population. It also helps to provide better buffering of economic shocks through private channels, supports the international role of the euro, and facilitates the channelling of necessary private funding for the green transition. Together with the banking union, the CMU can help boost cross-border capital flows and thereby strengthen the EU economy.

The EU is close to having completed its original action plan from 2015. Almost all the legislative reforms that were set out have been adopted. They have contributed to enhancing both the EU's financing capacity and its financial stability. Nevertheless, regulatory and other barriers still hamper smooth movement of capital and access to financial products and services in the financial sector. That is why the Council considers it essential to continue and further deepen the CMU project.

The conclusions set out 5 main objectives for deepening the CMU, namely:

-            enhanced access to finance for EU businesses, especially SMEs,

-            removal of structural and legal barriers for increased cross border capital flows,

-            provide incentive and remove obstacles for well-informed retail savers to invest,

-            support the transition to sustainable economies,

-            embrace technological progress and digitalization,

-            strengthen global competitiveness.

Based on these overarching principles, the conclusions invite the Commission to assess and explore a list of possible further detailed measures and actions that could help to establish these objectives in practice.



EC Expert Group on Regulatory Obstacles to Financial Innovation produced report on action to FinTech regulation

The EC’s Expert Group on Regulatory Obstacles to Financial Innovation comprises representatives from BBVA, Axa, Barclays, ING, the University of Ireland and the London School of Economics among its 14-strong membership.

Big banks concerns have been addressed in the report, which urges the creation of a regulatory framework built on the principle that activities that create the same risks should be governed by the same rules, with a view to ensuring adequate regulation and supervision and maintaining a level playing field.

More broadly, the Expert Group has recommended four areas in which the bloc’s regulators need to focus their attention:

·       The need to respond to new and changed risks caused by the use of innovative technologies such as Artificial Intelligence (AI) and Distributed Ledger Technology;

·       The need to remove fragmentation across the EU and ensure a level playing field between different participants in the financial services sector as they leverage new technologies;

·       The necessity to reconcile data protection with the opportunities offered by fintech;

·       The need to consider the potential impacts of fintech on consumers, from the perspective of financial inclusion and the ethical use of data.


Excerpt from the report part on Access to data  (P.84)

The provision of technology-enabled financial services is highly dependent on data. Finance and banking are heavily reliant on information as part of the everyday business decision-making processes, from granting loans to managing investment portfolios. The financial sector generates vast amounts of data, which resides within financial institutions and does not circulate. The arrival of PSD2 will to some extent change that (i.e. with regard to payment account information). Additionally, firms seeking to enter the financial sector may leverage other forms of information (e.g. social media information). In addition, new technologies such as AI and machine learning are creating new possibilities for the transformation of vast and granular amounts of data into valuable information.  The blurring of different sectors and sources of information in the context of the provision of financial services will have disruptive impacts, as those companies that have the capability to transform data into valuable information and enrich it with other sources of data e.g. through use of social networks, will have a competitive advantage. As one of the distinctive aspects of European law, the protection of natural persons in relation to the processing of their personal data is recognised as a fundamental right. Both the Charter of Fundamental Rights of the European Union and the Treaty on the Functioning of the European Union provide that everyone has the right to the protection of their personal data. The GDPR, which has been in application since 25 May 2018, is an ambitious framework that harmonises data protection rules in the EU and empowers individuals by putting them in a position of control over their data, notably by reinforcing their rights, while also posing a number of challenges for the industry. It appears that the GDPR now serves as a guiding text for new data protection regulations in various jurisdictions, such as in Brazil (Lei Geral de Proteção de Dados), India (Indian Personal Data Protection Act) and California (California Consumer Privacy Act), which is particularly relevant for the development of the data economy.  Personal data may, according to the GDPR, be processed only in accordance with certain general principles (e.g. transparency, purpose limitation and data minimisation) and on the basis of a legitimate ground, respecting certain rights of the data subject, such as the right to be informed or the right to be forgotten. Depending on the origin of the personal data, one can distinguish between declared data (data actively and knowingly provided by the customer), observed data (created through customer activity); and inferred data, which is created by the data controller on the basis of the data ‘provided by the data subject’ e.g. data validation, analysis, profiling, etc. With respect to non-personal data, the Regulation on the free flow of non-personal data establishes a framework for the free movement of non-personal data in the EU, banning  unjustified restrictions related to requirements imposed by public authorities on the location of data for storage or processing. 

Recommendation 25 – GDPR and new applications of technology  

The EDPB should issue guidance on the application of the GDPR and other relevant legislation, in relation to the innovative use of technology in financial services, including the use of:

 – DLT/Blockchain, in particular how to satisfy the requirement for erasure, for example, using encryption;

 – Artificial Intelligence, in particular addressing the issue of specificity of consent.


Recommendation 26 – Regulatory Dialogue

The regular dialogue between the European Data Protection Board, the European Forum for Innovation Facilitators, national data protection authorities, national and EU competition authorities, national and EU financial regulators and financial supervisors and firms should be extended, with a view to keeping under review the practical application of relevant EU legislation concerning the processing of data (in particular GDPR and PSD2), taking account of technological developments within and beyond the financial sector. The objectives of this dialogue should be to:

- enhance knowledge-sharing about new technologies;

- share experiences and promote a common approach to the regulatory and supervisory approach to the practical application of relevant EU legislation concerning the processing of data;

- provide where appropriate clarification of or guidance on relevant EU legislation concerning the processing of data in a form that is publicly accessible.

Excerpt on the financial inclusions issue ( p 94)

There is also a mention of access to finance and an example of use case on credit scoring with AI and automation :

Use case *: Credit scoring

Credit-scoring describes the process of assessing the creditworthiness of a borrower based on statistical models. Credit scoring can be used as one of the criteria applied in decision-making processes regarding the provision of financial services, in particular consumer credit and mortgages. Where the credit scoring is the only criterion used in that decision, the process is tantamount to the actual decision to grant a loan. Banks traditionally rely, for the creditworthiness assessment of their clients requesting a loan, on “hard data”, i.e. objective and easily verifiable data, such as clients’ credit history (e.g. number and types of loan previously requested, re-payment delays, etc.), income and net-worth or, in case of entrepreneurs, balance sheet and business plan. This data has traditionally been evaluated by a relevant employee of the lender.  New technologies, in particular AI, machine learning and Big Data are understood to offer the potential for a broader, deeper and faster analysis of large data sets, including “soft data” (e.g. harvested from social media) relevant to the assessment of creditworthiness. As such, they purport to offer a more accurate prediction of the credit risk posed by the person seeking funds.  This has the potential to offer benefits for consumers and businesses seeking credit, as greater accuracy may lead to the provision of more suitable and tailored products. For lenders, these solutions can help protect from credit risk and fraud, reduce the cost of the credit assessment process, foster the development, distribution and monitoring of products, and enable better consumer/client interaction. Indeed, over time, these solutions could displace human intervention in the process presenting significant cost savings. In light of these potential benefits, AI, Big Data and machine learning solutions are being increasingly piloted and rolled-out in the financial sector

Data Protection

French DPA CNIL consultation on its draft recommendations on the use of cookies


France's data protection authority, the CNIL, has launched a consultation for its draft recommendations on the use of cookies. The CNIL conducted a separate consultation last fall to develop the recommendations, which would propose operational procedures to obtain consent. The current consultation will be opened for six weeks and is scheduled to end Feb. 25. The CNIL plans to create a new version of the draft recommendations and present it to the agency's members in a plenary session for final adoption.


In its draft recommendations, the CNIL insists that accepting or dismissing cookies should be made extremely simple and rely on informed consent for each data processing uses. This would mean that grouped buttons allowing to accept or set-up cookies settings at once for all uses (as used by a large number of current websites) would not be compliant, nor would general agreement of T&Cs be. Websites must show the various personalisation, the type of data collected and the list of data controller. Furthermore, the recommendations push for cookies choice to be done on browser settings, which has been a very contentious point opposed by Adtech and media industries in the current discussions on the draft e-privacy regulation. The DPA also recommends that data retention period for choice is set to 6 months.  Consultation is open until 25th February and recommendations will be taken onboard from next fall.  


Link to original article and consultation in French here.

Late payments

CJUE ruling blames Italy for bad transposition of the late payments’ directive

On 28 January, the European Court of Justice adopted its conclusions on the case 122/18 which was about the claim against the Italian government for bad transposition of the EU directive on combatting late payments ,  especially because it did not ensure that its public authorities avoid exceeding the periods of 30 or 60 calendar days applicable to the payment of their commercial debts.

In a nutshell, the Court recognises that the EC was right to blame Italy for this and that the Italian public authorities exceeded the payment deadlines of 30 or 60 days laid down by Article 4(3) and (4) of Directive 2011/7. The major conclusions are :

On those grounds, the Court (Grand Chamber) hereby:

1.      Declares that, by not ensuring that its public authorities effectively comply with the periods for payment prescribed in Article 4(3) and (4) of Directive 2011/7/EU of the European Parliament and of the Council of 16 February 2011 on combating late payment in commercial transactions, the Italian Republic has failed to fulfil its obligations under those provisions.

2.      Orders the Italian Republic to pay the costs.



The whole text of the judgement can be found here

Write a comment

Comments: 0