The European Commission is considering modifying the standard contractual clauses (hereafter “SCCs”) established on December 27, 2001 and used by data controllers to transfer personal data to data processors located outside the EU. The new SCCs may introduce more flexibility in processing services and better reflect new business practices.
Cecile Martin
UK Data Protection Authority Publishes Draft Guidelines for Implementing Privacy Policies
By Cecile Martin on
The UK Information Commissioner Office ("ICO", the UK data privacy agency) has recently issued an informative code of practice to assist companies collecting personal data so that they can better draft clear privacy notices to data subjects about how the company intends to use personal data, and especially…
Focus on the EU and France — Can US Employers Collect Sensitive Data about Their Employees Resident in the EU?
By Cecile Martin on
US employers are sometimes required for diversity purposes to collect data regarding the race and ethnicity of their employees. However, collection of such “sensitive” data may infringe EU data protection laws under Article 8 of the EU Data Protection Directive. This blog post is designed to provide some basic information about Article 8 and its exceptions. It relates only to the collection of sensitive data from EU-based employees and does not address cross-border data transfer issues.
French Data Protection Agency Rules that Employees Are Entitled to View Their Evaluations
By Cecile Martin on
Earlier this year, CNIL, the French Data Protection Agency, issued a ruling that changed the confidentiality treatment accorded to employee evaluations under French law. CNIL ruled that employees must be able to review any evaluations written about them by their employers. The CNIL issued the ruling after receiving several complaints from employees of an (anonymous) multinational company, which refused to divulge the employees’ evaluations to employees upon request.