Safe Harbor in the United States

In the ordinary course of business, American companies operating abroad collect, store, use and transmit certain types of information that are subject to different laws and regulations. In particular, data security and data protection laws and regulations that U.S. companies operating abroad we are subject to often vary by jurisdiction and include, without limitation, the E.U. Data Protection Directive and various U.S. state regulations. These laws and regulations are continuously evolving.

In October 2015, the Court of Justice of the European Union invalidated a safe harbor framework that allowed American companies operating abroad to meet certain European legal requirements in connection with transfers of personal data from Europe to the United States. Although European Union and U.S. authorities announced an agreement in February 2016 for a proposed new data transfer structure called Privacy Shield which is intended to replace the safe harbor framework, the details have not yet been released, further regulatory approvals are needed before it can become effective and uncertainty remains around transfer of personal data from the European Union to other jurisdictions.

Existing and proposed legislation and regulations, including changes in the manner in which such legislation and regulations are interpreted by courts, may conflict on a global basis (such as the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act and similar laws).