EEM Label GDPR compliance considerations

At the heart of the Energy Efficient Mortgage Label (EEML) is the Harmonised Disclosure Template (HDT), which is intended to facilitate and improve access to relevant, consistent and comparable data on energy efficient mortgages within and between jurisdictions for investors, regulators and other market participants for due diligence purposes. During the course of discussions with lending institutions in preparation for the launch and development of the EEML, questions were raised about potential General Data Protection Regulation (GDPR) compliance concerns with regard to completion and disclosure of the Harmonised Disclosure Template (HDT).

Against this background, the Energy Efficient Mortgage Initiative (EEMI) instructed the law firm, Rutgers & Posch, to conduct an analysis of the compliance of the EEM Label and its HDT with GDPR requirements and draft guidance as necessary further to the analysis to address any obstacles. The analysis considers data collection and processing from the perspective of: (1) lending institutions (Direct Option) and (2) a data repository (Repository Option) from which lending institutions could extract data they require. In order to make the analysis as concrete and relevant as possible, the EEM National Hub in the Netherlands (EEM NL Hub) and the Dutch data protection framework, which is based on the EU-wide GDPR, was used as a ‘test case’.

The first memorandum examines the extent to which certain EU regulations – with a focus on the focusing on the Taxonomy Regulation, the Non-Financial Reporting Directive (NFRD) and the (proposed) Corporate Sustainability Reporting Directive (CSRD), the Sustainable Finance Disclosure Regulation (SFRD), the Prospectus Regulation, the Securitisation Regulation and the proposed European Green Bond Regulation – may impose legal obligations or give rise to legitimate interests which would permit the collection and processing of ‘Green Data’ pursuant to GDPR by mortgage originators which are members of the EEMI or by any local repository such as the proposed Dutch Sustainability Data Repository.

The second memorandum identifies Green Data as potentially personal data under the GDPR and therefore indicates that both the Direct Option and the operations of the Repository under the Repository Option relating to the collection and processing of Green Data would require a legal basis pursuant to GDPR in order to comply with applicable data protection laws in the Netherlands (and almost certainly beyond).

The third and final memorandum considers the potential liability risks for the EEM NL Hub and for a potential Dutch Repository from a Dutch civil law perspective and presents a series of recommendations to mitigate these risks where possible.

Sitemap

Contact info

Luca Bertalot
EEMI Coordinator
E-mail: info@hypo.org

The project DeliverEEM has received funding from the European Union’s LIFE 2023 programme under grant agreement No.101167431. The EeMAP, EeDaPP, EeMMIP projects have received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreements No. 746205, No. 784979 and No. 894117 respectively

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.

Necessary

Always Enabled

Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Functional

Performance

Analytics

Others