Legal Variations Make Employee Data Tricky for Multinational Employers
U.S. companies face a minefield in using electronic information for background checks on would-be employees around the world, lawyers said Wednesday in an American Bar Association seminar. There’s draft federal legislation in Germany to ban the use of information from social networks, Boris Dzida of Freshfields Bruckhaus Deringer in Hamburg said in the webcast and teleconference. That’s “extraordinary” in relation “to the open book we have” in the U.S., said moderator Philip Berkowitz of Nixon Peabody. But contrary to the position of German unions, the measure would allow searches of other publicly available information, such as with Google, Dzida said.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
"Background checks aren’t going to be as robust” in other countries as in the U.S. for practical reasons, too, said Christine Lyon of Morrison & Foerster. India, for example, doesn’t have the kind of centralized databases that Americans are used to, she said.
Other pitfalls abound for international employers because privacy protections vary greatly from one country to another and some are much stricter than those in the U.S. and elsewhere, the lawyers said. The Sarbanes-Oxley Act has a requirement for anonymous whistleblower hotlines concerning corporate accounting and auditing matters, Lyons said. The Internet as well as phones can be used as a channel. But many countries require people accused to be notified of the allegations and some give them a right of access to the information, Lyons said. Spain takes a strong stand against anonymous reporting in general, and others allow it but don’t allow employers to make that known to employees, she said.
"Each European country has different rules” for hotlines like this, Dzida said. In France, a company must seek approval for its setup from a national data-privacy authority unless the employer complies with a template that the agency has outlined, he said. In Greece and Hungary, a company must just report to officials that it’s setting up this kind of mechanism, Dzida said. In Germany and Spain, the workers council at a company must give approval, but not in the U.K., he said.
An emerging area of regulation internationally concerns the use of location-based information, from Wi-Fi or GPS, about employees, said Andrea Blander, Oracle’s managing counsel for privacy and security. The EU has many legal guidelines and privacy groups are promoting the adoption of similar restrictions in the U.S., she said.