June 26, 2019

June 26, 2019

Subscribe to Latest Legal News and Analysis

June 25, 2019

Subscribe to Latest Legal News and Analysis

June 24, 2019

Subscribe to Latest Legal News and Analysis

Privacy Shield, Employee Inspection Rights: Weekly Data Privacy Alert – 22 August 2016

EU-US Privacy Shield: Three Weeks On

More than three weeks have passed since US companies were invited to start self-certifying their compliance under the EU-US Privacy Shield, and so far only 52 companies have managed to do so. The framework agreement, o cially launched on 12 July (see our previous alert here), allows US companies dealing with the trans-Atlantic transfer of European personal data to the US to certify their compliance with the terms of the agreement. A number of large companies are notable in their absence, with Microsoft being the only big cloud provider certi ed at present. The US Department of Commerce, the government agency overseeing Privacy Shield, maintains a record of the companies that have successfully completed the process. Outside of Microsoft, Workday and Salesforce, few global giants have self-certi ed.

Bavarian Government Adopts New Security Concept

In the wake of the recent attacks in Würzburg, Munich and Ansbach, the Bavarian Government has adopted a new security concept aimed at strengthening the police, the judiciary and the protection of the constitution. Amongst other initiatives, the plans will create a legal basis for decryption of encrypted internet communication, and extend data retention obligations and video surveillance of public spaces.

Federal Labour Court: Employee Right to Inspection

The Federal Labour Court has ruled that rights under §83 of the German Works Constitution Act (Betriebsverfassungsgesetz) allowing an employee to view their personnel le while accompanied by a member of the works council cannot be extended to an employee in the presence of their lawyer. The court held that neither the civil law obligations of the employer nor the constitutional right of the employee could justify the extension of these rights even if the employer had allowed the employee to make copies of their personnel le, as were the facts in the present case.

© Copyright 2019 Squire Patton Boggs (US) LLP


About this Author

Annette Demmel, Information Technology Attorney, Squire Patton Boggs Law Firm

Dr. Annette Demmel is a partner in our Data Privacy & Cybersecurity Practice Group in Berlin. For 20 years, Annette has advised national and international businesses in privacy law, technology law, telecommunications law, intellectual property law, media law and competition law.

In particular, she leads the implementation of privacy compliance programs and centralized software systems, and provides advice on policy and regulatory issues arising in the electronic communications and internet sectors. Annette also advises clients on legal...

+49 30 72616 8226
Caroline Egan Lawyer Squire Patton Data Protection

Caroline has extensive experience in commercial and information technology matters. Her particular specialism is UK and crossjurisdictional data protection and privacy law and UK freedom of information law. She regularly advises global clients on international transfers of data, and UK clients on complex and sensitive data protection and freedom of information issues. She also advises on major IT procurement and outsourcing projects.

Caroline lectures on domestic and cross-jurisdictional data protection issues, and was named a notable practitioner in data protection law in Chambers UK.


  • Advising a US based implementer of global HR databases utilising a cloud-based solution on the different forms of agreement required to satisfy EU compliance requirements, depending on the Safe Harbour status of its clients, and the capacity in which data is received from Europe, and on achieving Safe Harbour status as a pure processor and negotiating the relevant terms of individual agreements, with their clients.
  • Providing data protection training to clients in a variety of sectors, including IT, retail, leisure, customer services and financial services.
  • Advising businesses on all aspects of acquiring and lawfully using customer data, including usage in connection with advertising and marketing, both on and off line.
  • Advising a major US group with worldwide subsidiaries on a number of major international projects involving the transfer of personal data outside the EEA from 17 European jurisdictions. Projects have included outsourced IT projects, employment appraisal procedures, personnel administration, provision of international emergency assistance and insurance related matters. Caroline dealt with UK compliance and project-managed compliance across all affected jurisdictions, working both with data protection experts in our continental European offices and with independent lawyers in other countries. She also provided briefings, core summaries of requirements and training to key senior US and UK personnel.
  • Advising a leading global medical products company on compliance with European data protection law in its rollout of a global HR database, involving transfers of data to entities from a significant number of European countries outside the EEA both within the client group and to third party service providers.
  • Advising a number of major organisations in fields as varied as medical products, pensions and IT service providers on addressing data security breach issues, in some cases at UK level only, but in others involving the law of multiple jurisdictions.
  • Advising a number of global companies with US parents on the strategic advantages and disadvantages of Safe Harbour certification and use of the EC approved Model Clauses.
Francesca Fellowes, Squire Patton Boggs, intellectual property attorney, multi-jurisdictional project lawyer, commercial business regulatory legal counsel

Francesca Fellowes is a senior associate our Data Privacy & Cybersecurity team based in our Leeds office. She has a wealth of experience in advising on a wide spectrum of data privacy issues, including managing large-scale projects involving multiple data flows and advising on commercial arrangements involving complex issues of data ownership and use.

She is particularly experienced in managing cross-jurisdictional data privacy compliance projects for multinational clients, which deal with the compliance required throughout the client’s...