|
|
|
Is it true that my company cannot freely transfer customer lists from its European subsidiary to the U.S. parent?
Yes. The European Union Data Protection Directive provides that personal data, meaning information relating to an identifiable natural person, such as name, address, telephone, etc., can only be transferred from Europe to a country that ensures an adequate level of protection (unless the data subject consents). The United States, relying on self-regulation, does not meet the standard, but a "safe harbor" exception has been created, permitting transfer if the U.S. company meets certain criteria and does a simple annual filing with the Commerce Department. A good privacy policy is part of such compliance.
|
|
