I agree with Alasdair and Fiona Maccoll: the assumption that employment
contracts and implied consent (or even consent) solve the problems of
finding a legal basis for transferring employee data to the U.S. is not
tenable. I doubt that the U.S. Department of Commerce and the European
Commission would have negotiated for two and a half years, including clear
recognition that employee data transfers need to be addressed in Safe
Harbor, if it were all so simple.
There are only two viable bases available today for companies wanting to
transfer employee data lawfully from the EU to a parent company in the U.S.:
Safe Harbor and model contracts. Consent is at most required in certain
situations, in some jurisdictions; it is not sufficient.
The slow take-up on Safe Harbor has many reasons, of which the most
prominent is the lack of enforcement actions in the EU. The official
standstill in such actions during the Safe Harbor discussions, extended in
the notion of a grace period for companies considering and/or preparing to
join Safe Harbor, has led many companies to hold off as long as possible.
After all, why take on significant responsibilities, and liabilities, if you
don't have to? This is likely to change as more enforcement actions, like
those coming out of Spain, occur and are communicated more widely here in
the U.S.
A significant increase in the number of major companies signed up for Safe
Harbor can be anticipated as we get closer to the June meeting of the
European Commission.
On a more practical level, I would suggest contacting the UK Privacy
Commissioner's office, for advice on what she considers to be an appropriate
basis for employee data transfers to the U.S.
Don Harris
* * * * * * * * * * * * * * * * * *
Dr. Donald F. Harris
Chair, IHRIM's Privacy Committee
President, HR Privacy Solutions
1201 Lexington Avenue, Suite 318
New York, NY 10028
Phone/Fax: (212)396-1184
E-mail: [log in to unmask]
Website: www.hrprivacy.com
* * * * * * * * * * * * * * * * * *
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
If you wish to leave this list please send the command
leave data-protection to [log in to unmask]
All user commands can be found at : -
www.jiscmail.ac.uk/user-manual/summary-user-commands.htm
all commands go to [log in to unmask] not the list please!
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|