EU-US Privacy Shield: Three Weeks On

More than three weeks have passed since US companies were invited to start self-certifying their compliance under the EU-US Privacy Shield, and so far only 52 companies have managed to do so. The framework agreement, o cially launched on 12 July (see our previous alert here), allows US companies dealing with the trans-Atlantic transfer of European personal data to the US to certify their compliance with the terms of the agreement. A number of large companies are notable in their absence, with Microsoft being the only big cloud provider certi ed at present. The US Department of Commerce, the government agency overseeing Privacy Shield, maintains a record of the companies that have successfully completed the process. Outside of Microsoft, Workday and Salesforce, few global giants have self-certi ed.

Bavarian Government Adopts New Security Concept

In the wake of the recent attacks in Würzburg, Munich and Ansbach, the Bavarian Government has adopted a new security concept aimed at strengthening the police, the judiciary and the protection of the constitution. Amongst other initiatives, the plans will create a legal basis for decryption of encrypted internet communication, and extend data retention obligations and video surveillance of public spaces.

Federal Labour Court: Employee Right to Inspection

The Federal Labour Court has ruled that rights under §83 of the German Works Constitution Act (Betriebsverfassungsgesetz) allowing an employee to view their personnel le while accompanied by a member of the works council cannot be extended to an employee in the presence of their lawyer. The court held that neither the civil law obligations of the employer nor the constitutional right of the employee could justify the extension of these rights even if the employer had allowed the employee to make copies of their personnel le, as were the facts in the present case.