What Transatlantic Employers Need to Know About EU-US Data Transfers

  • Safe Harbor 2.0 will not be so useful because Schrems held that the EU Court of Justice lacks jurisdiction to enforce uniform standards.
  • Yesterday’s European Commission communication to the European Parliament confirms that Schrems is a serious problem for US employers with EU employees.
  • A key part of managing evolving privacy standards is the data governance practice of rigorously maintaining information provenance.  And, model contracts are in trouble but are the best bet today.

More on each below.

Continue reading “What Transatlantic Employers Need to Know About EU-US Data Transfers”

A Fatal Blow to Transferring Employee Data from the EU to the US?

Update 10/6/2015: Schrems is decided (here).  US law has structural deficiencies that prevent US from complying with safe harbor.  See paragraphs 94-5.  It’s hard to see how BCRs and Model Contracts are not in trouble, too.  After all, these provisions can’t protect against the NSA and other law enforcement either.  (To be clear: not commenting on the wisdom, politics, pragmatics or legality of NSA programs, just this decision).

Original post:

Employers who wish to transfer employee data from the EU should take notice of the recent opinion by the European Court of Justice’s Advocate General, Yves Bot.  (Schrems v the Irish Data Protection Commissioner (Case C-362/14).  It is wildly regarded as setting the Court up to deal a serious, if not fatal, blow to the EU-US Safe Harbor agreement which allows data transfer between the two, despite the US’s not being deemed an “adequate” data protector by the EU.

Even if an employer does not rely on safe harbor, it is very important to pay attention to this opinion because there will be serious damage to all forms of employee-data transfer to the US.

Continue reading “A Fatal Blow to Transferring Employee Data from the EU to the US?”

Employee Terminations: Handle with Care

Employee terminations – whether voluntary or not – must be handled properly in order to ensure optimal risk management.  Employment lawyers cannot leave the technology-related aspects of a termination to others.

Continue reading “Employee Terminations: Handle with Care”

Proactive Privacy

Employment lawyers should look beyond mere compliance with privacy regulation and engage in what I call “Proactive Privacy.”

Proactive Privacy is creating a privacy-aware corporate culture that educates all employees about privacy (and cybersecurity) and motivates them to be a part of that culture.  In short, it extends your privacy demands beyond the punitive and into the normative. (Of course, clear policies and expectations remain critical!).

Continue reading “Proactive Privacy”

An Employer’s Guide to the President’s Cybersecurity Recommendations

President Obama has released key provisions of his new cybersecurity plan (which he will discuss during his State of the Union address).   As discussion about this plan unfolds, employers should be aware of several important elements.  Please note: a number of commentators have taken a political position on this subject. I am not. 

According to the White House, these proposals are designed to:

  • Enhance cyber-threat information sharing within the private sector and between the private sector and the Federal Government;
  • Protect individuals by requiring businesses to notify consumers if personal information is compromised; and
  • Strengthen and clarify law enforcement’s ability to investigate and prosecute cyber crimes.

I will look at why each matters to employers.

Continue reading “An Employer’s Guide to the President’s Cybersecurity Recommendations”

8 Trends in the Transformation of Tech-Related Employment Law

2015 will see the broadening and deepening of the transformation of tech-related employment law.

Here are eight reasons why:

Continue reading “8 Trends in the Transformation of Tech-Related Employment Law”

Electronic Privacy in the New Restatement of Employment Law

The inaugural Restatement of Employment sets out ALI’s carefully considered (and what will likely be extremely influential) views concerning the law of employee privacy.*  There is a lot to unpack here (and the structure of this section of the Restatement is not as clear as it could be), so this post will provide a practical overview.

The basic idea: the new Restatement protects employee electronic privacy interests against “wrongful employer intrusions.” §7.01   Such interests include “…electronic locations, including work locations provided by the employer, in which the employee has a reasonable expectation of privacy.”  § 7.03  In addition, employees have a right to have information of a “personal nature” protected from employer view. § 7.04. Finally, employees also have a right to the “non-disclosure to third parties of the employee’s information of a personal nature disclosed in confidence to the employer.” § 7.05.

Some observations:

Continue reading “Electronic Privacy in the New Restatement of Employment Law”