Monthly Archives: July 2020

Further Crimes Triggering “231” Liability

Legal news, , , , , ,

Italian corporations are subject to criminal liability arising from legislative decree 231 of 2001: more on the topic can be found here.

“231 crimes” triggering such liability are already a vast and varied list of crimes. They are not limited to corruption crimes, but range from manslaughter due to breach of safety on the workplace provisions to corporate crimes and tax crimes.

Nonetheless, the list of “231 crimes” continues to grow.

Effective on July 30, 2020 new crimes will be added, as law 75 of 2020 will come into force. The new crimes are mostly further nuances of the tax crimes, as well as new crimes (fraud in public suppliesfraud in agriculture and smuggling, misappropriation and abuse of office).

It’s time for companies  to update their organizational models again! (Perhaps enjoy your well deserved summer vacation first: it has been quite a year).

The European Court of Justice Strikes Down the EU-US Privacy Shield

Legal news

Yesterday, on July 16, 2020, in a landmark decision, the Court of Justice of the European Union ruled that the key data-sharing mechanism, the EU-US Privacy Shield, is invalid, as it failed to protect privacy and data protection rules.

The case behind the decision.

Maximillian Schrems, an Austrian national residing in Austria, who has been a Facebook user since 2008, lodged a complaint with the Irish supervisory authority seeking, in essence, to prohibit the transfer of his personal data by Facebook Ireland to servers belonging to Facebook Inc., located in the United States. In its recent decision, the Court expressed the view that «the limitations on the protection of personal data arising from the domestic law of the United States on the access and use by US public authorities of such data transferred from the European Union» are «not circumscribed in a way that satisfies requirements that are essentially equivalent to those required under EU law, by the principle of proportionality, in so far as the surveillance programmes based on those provisions are not limited to what is strictly necessary» (the full Court press release is available here: https://curia.europa.eu/jcms/upload/docs/application/pdf/2020-07/cp200091en.pdf.

According to the BBC, Max Schrems called it a win for privacy, stating that «it is clear that the US will have to seriously change their surveillance laws, if US companies want to continue to play a role in the EU market» he said, while the US Secretary of Commerce Wilbur Ross said his department was “deeply disappointed” by the decision and said he hoped to «limit the negative consequences to transatlantic trade worth $7.1 trillion (£5.6tn)» https://www.bbc.com/news/technology-53418898.

Impact and remedies.

The Court held that standard contractual clauses will continue to be a valid means for the transfer of data outside the European Union.

Therefore, companies currently benefitting from the EU-US Privacy Shield will likely transition to standard contractual clauses. Microsoft, for example, has issued a statement saying it already uses them and is unaffected by the recent Court decision (the full statement is available here: https://blogs.microsoft.com/eupolicy/2020/07/16/assuring-customers-about-cross-border-data-flows/.

While we are slightly surprised by the decision, we must confess it has been years since we last suggested a client to use the Privacy Shield: standard contractual clauses have always been an easier and more flexible tool.