The U.S.-EU negotiations for a new privacy agreement to replace the Safe Harbor provision invalidated by the Schrems decision may have hit a snag. The New York Times has reported that several national privacy regulators in EU countries have voiced displeasure that the deal with the proposed Privacy Shield does not go far enough to protect personal information of internet users in Europe. While the focus of the regulators’ ire is more generally around such Internet behemoths as Facebook and Google, this may well have serious implications for any U.S. company doing business in Europe.
National privacy regulators from Germany, France, and other countries have reported concerns about the ability of American law enforcement officials to have access to personal financial information, e-mails, and other data that generally receives greater protection in Europe than in the United States. But more than simply delaying the implementation of the Privacy Shield agreement, these objections could open the United States to investigations and prosecutions from individual EU countries for data privacy violations.
While the political issues make clear that the European Union is far from speaking with one voice on this matter, it also speaks to the difficulties U.S. companies may face in performing an internal investigation for an alleged FCPA violation or even fulfilling their obligations under Sarbanes-Oxley to have an effective hotline in place. So while the debate seems focused on issues far less pedestrian than a company’s internal investigation of a whistleblower claim of bribery and corruption which might violate the FCPA, there are real implications to any U.S. company that might breach such national privacy laws.
If you couple these issues with the recent pronouncements from the Justice Department around its Pilot Program for additional credit to reduce fines and penalties under the FCPA, it may put anyone involved in an internal investigation under European scrutiny. This could be from the person who takes the whistleblower complaint to the CCO has triages the matter to the general counsel who initially investigates to the outside counsel who handles the full-blown investigation.
It can only be said that more will be revealed.
Continue the conversation at Compliance Week Europe: 7-8 November at the Crowne Plaza Brussels. Join us as we look at changes in global anti-corruption regulations, slave labour risks in your supply chain, and how to detect fraud, to name just a few topics. Learn more