From Europe’s Privacy Regulators, Big Penalties But No Rules

In October of last year a European court invalidated the “Safe Harbor” that for 15 years had been the norm in defining how U.S. companies needed to handle Europeans’ personal data, but nothing definitive has yet replaced it. Writing in Today’s General Counsel, Kevin J. Grande, associate general counsel for Determine, Inc., looks at what’s happening in this arena and how companies can address it, as they continue operations in a period of uncertainty. He notes that the range of U.S. companies that are impacted by EU privacy regulations is far wider than most people realize, and includes companies that do electronic marketing to Europeans, software vendors with European customers, companies that have any operations in Europe (if, as is commonly the case, their HR data is processed in the United States), and even auto makers that sell cars in Europe but store their VIN numbers in the United States.