French High Council for Statutory Auditors and U.S. Public Company Accounting Oversight Board Sign Agreement for the Exchange of Audit Information
Time 2 Minute Read
Categories: European Union, International

On March 5, 2013, the French Data Protection Authority (the “CNIL”) announced that the French High Council for Statutory Auditors (“H3C”) and the U.S. Public Company Accounting Oversight Board (“PCAOB”) signed a Statement of Protocol (the “Protocol”) on January 31, 2013, to govern the exchange of information, including personal data, between them.

This Protocol was required by the September 1, 2010 decision (the “Decision”) of the European Commission on the adequacy of the competent authorities of Australia and the U.S. pursuant to EU Directive 2006/43/EC on statutory audits of annual accounts and consolidated accounts. The Decision noted that the U.S. authorities (including the PCAOB) comply with the EU requirements for reciprocal access to audit documents. The Decision thus authorized the competent authorities of the EU Member States to conclude bilateral working arrangements with their U.S. counterparts to allow the exchange of audit working papers or other documents held by statutory auditors or audit firms.

The Protocol provides a legal basis for the transfer of information between H3C and PCAOB, and provides that joint inspections may be carried out in France and the U.S. of auditing firms subject to the regulatory jurisdictions of these authorities. The Protocol was accompanied by a specific agreement on the transfer of personal data between H3C and PCAOB in order to ensure compliance with the French Data Protection Act. These transfers of personal data were previously authorized by the CNIL in a decision on November 29, 2012.

Tags: Australia, CNIL, Data Protection Act, EU Member States, European Commission, France
Print Email Twitter/X Linkedin Facebook

You May Also Be Interested In

Time 2 Minute Read
European Commission Seeks Feedback on Draft Cyber Resilience Act Guidelines

On March 3, 2026, the European Commission published draft guidelines intended to clarify the application of the Cyber Resilience Act and opened a public consultation to gather feedback from stakeholders.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 2 Minute Read
Virginia AG to Enforce VCDPA Provisions Restricting Minors’ Use of Social Media

On February 18, 2026, Virginia Attorney General Jay Jones announced that his office intends to fully enforce new provisions of the Virginia Consumer Data Protection Act restricting minors’ use of social media.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 4 Minute Read
European Commission Announces New Cybersecurity Package

On January 20, 2026, the European Commission proposed a comprehensive new cybersecurity package aimed at strengthening the EU’s cybersecurity resilience and enhancing its capacity to manage evolving threats.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook
Time 3 Minute Read
Kentucky Attorney General Announces First Enforcement Action Under New Privacy Law

On January 8, 2026, the Kentucky Attorney General announced the first enforcement action against a company for alleged violations of the Kentucky Consumer Data Protection Act, just eight days after the law went into effect. The enforcement action is part of a larger legislative and regulatory focus on AI-powered chatbots used by minors.

Continue Reading ›
Print Email Twitter/X Linkedin Facebook

Search

Subscribe Arrow

Recent Posts

Categories

Tags

Archives

Jump to Page