Search for:

In brief

On 16 July 2020, the European Court of Justice (“ECJ”) ruled that the EU Commission’s 2016 decision regarding the adequacy of data protection in the United States and the EU-US Privacy Shield (“Privacy Shield”)* are invalid. As a result, companies in the EU and United States relying on the Privacy Shield program are scrambling to determine the impact on their operations.  For a general alert issued by our data privacy colleagues on this topic, please click here Cristina Messerschmidt.


Contents

How will this impact share-based incentive programs?

Many US companies grant share-based awards to employees of their subsidiaries in the EU as a discretionary incentive separate from the employees’ local compensation and employment relationship with the respective EU subsidiary.

To administer such awards, companies have to collect, process, and transfer employees’ personal data, including transferring such data to the United States.  The transfer of personal data from the EU to the United States is permissible only if a valid justification exists, and one of such justifications was Privacy Shield.

If US companies rely on voluntary consent from employees of their EU subsidiaries or one of the other justifications regarding the cross-border transfer of their personal data to administer participation in the program, the decision of the ECJ has only limited impact.

Some US companies, however, have relied on Privacy Shield for the legality of cross-border transfers of employee personal data, including in the context of their share-based programs. These companies have to find a new compliance mechanism since 15 July 2020 – without any grace period.

Companies that have relied on alternative justifications are nevertheless reminded by the ECJ that they also need to assess their compliance with contractual and statutory commitments under data protection laws. This applies, for example, to companies that rely on the EU Standard Contractual Clauses.  Finally, it is noted that these obligations do not apply solely to companies in the United States, but also with respect to other countries outside the EU.

Next steps

Companies should review their practices with regard to data privacy, including in the context of operating their share-based incentive programs. Even if the ruling does not have any direct impact on your program, data privacy requirements around the globe are tightening and a regular review of your company’s approach to data privacy compliance is highly recommended. Please contact your Compensation attorney with questions or for assistance.

*****

Thank you to our data privacy colleagues Cristina Messerschmidt and Lothar Determann for their assistance with this alert.

* Privacy Shield is one approach adopted by US companies to address the cross-border data transfer restrictions under the EU General Data Protection Regulation (Regulation (EU) 2016/679).  Prior to the ECJ’s ruling, Privacy Shield served as an “adequacy” mechanism to protect cross-border transfers of personal data from the EU to the United States.

Author

Nicole Calabro is a partner in Baker McKenzie’s Employment & Compensation Practice, with a focus on global equity services. She advises multinational companies on all facets of employee equity plans. She regularly assists public and private companies in offering their employee equity plans around the world. Nicole is currently a member of the National Association of Stock Plan Professionals and the Global Equity Organization. Prior to joining the Firm, Nicole was a senior associate in the Global Equity Group at Mercer Human Resource Consulting LLC. Previously, she was a manager in the New York office of Deloitte Tax LLP.

Author

Barbara Klementz is the chair of Baker McKenzie’s North American Compensation Practice. She has practiced in the area of global equity and executive compensation for over 20 years. Barbara has authored several articles on global equity issues for the BNA Executive Compensation Journal, Journal of Corporate Taxation and San Francisco and Los Angeles Daily Journal, among others, and she is the author of a blog on global equity related topics called the Global Equity Equation. She is also a frequent speaker on a variety of global equity topics. Barbara is recognized as a ranked practitioner by Chambers USA. Chambers states that she "consistently delivers top-notch assistance and work product, and is a true expert in the field." Barbara is admitted to private practice in California and Düsseldorf, Germany.

Author

Lothar Determann has been helping companies in Silicon Valley and around the world take products, business models, intellectual property and contracts global for nearly 20 years. He advises on data privacy law compliance, information technology commercialization, interactive entertainment, media, copyrights, open source licensing, electronic commerce, technology transactions, sourcing and international distribution at Baker McKenzie in San Francisco & Palo Alto. He is a member of the Firm's International/Commercial Practice Group and the TMT and Healthcare industry groups.