EU Archives - Page 5 of 6 - The National Law Forum

ECJ Rules EU-US Safe Harbor Programme Is Invalid

The powers of EU data protection authorities are significantly strengthened by the decision, allowing them to suspend some or all personal data flows into the United States in certain circumstances.

In Maximillian Schrems v. Data Protection Commissioner (case C-362/14), the European Court of Justice (ECJ) has ruled^[1] that the European Commission decision approving the Safe Harbor programme is invalid. Further, the ECJ ruled that EU data protection authorities do have powers to investigate complaints about the transfer of personal data outside Europe (whether by Safe Harbor-certified organisations or otherwise, but excluding countries deemed as having “adequate” data protection laws according to the EU). Finally, the ECJ ruled that data protection authorities can, where justified, suspend data transfers outside Europe until their investigations are completed.

Safe Harbor Programme

According to the European Commission, the United States is a country with “inadequate” data protection laws. The European Commission and the US Department of Commerce, therefore, agreed in 2000 to a self-certification programme for US organisations that receive personal data from Europe. Pursuant to the self-certification programme, a US organisation receiving personal data from Europe must certify that it adhered to certain standards of data processing comparable with EU data protection laws such that the EU citizens’ personal data was treated as adequately as if their personal data had remained in Europe. The Safe Harbor programme is operated by the US Department of Commerce and enforced by the Federal Trade Commission. Over 4,000 organisations have current self-certifications of adherence to Safe Harbor principles.^[2]

The Schrems Case

Mr. Schrems complained in Irish legal proceedings that the Irish Data Protection Commissioner refused to investigate his complaint that the Safe Harbor programme failed to protect adequately personal data after its transfer to the US in light of revelations about the National Security Agency’s (NSA’s) PRISM programme. The question of whether EU data protection authorities have the power to investigate complaints about the Safe Harbor programme was referred to the ECJ. Yves Bot, Advocate General at the ECJ, said in an opinion released on 23 September 2015 that the Safe Harbor programme does not currently do enough to protect EU citizens’ personal data because such data was transferred to US authorities in the course of “mass and indiscriminate surveillance and interception of such data” from Safe Harbor-certified organisations. Mr. Bot was of the opinion that the Irish Data Protection Commissioner, therefore, had the power to investigate complaints about Safe Harbor-certified organisations and, if there were “exceptional circumstances in which the suspension of specific data flows should be justified”, to suspend the data transfers pending the outcome of its investigation.

The ECJ followed Mr. Bot’s opinion and, further, declared that the European Commission’s decision to approve the Safe Harbor programme in 2000 was “invalid” on the basis that US laws fail to protect personal data transferred to US state authorities pursuant to derogations of “national security, public law or law enforcement requirements”. Furthermore, EU citizens do not have adequate rights of redress when their personal data protection rights are breached by US authorities.

The EU-US Data Protection Umbrella Agreement

In the last two years, the European Commission and various data protection working parties have discussed ways to improve the Safe Harbor programme and strengthen rights for EU citizens in cases where their personal data is transferred to the United States. Recently, the United States and European Union finalised a data protection umbrella agreement to provide minimum privacy protections for personal data transferred between EU and US authorities for law enforcement purposes. The umbrella agreement will provide certain protections to ensure that personal data is protected when exchanged between police and criminal justice authorities of the United States and the European Union. The umbrella agreement, however, does not apply to personal data shared with national security agencies.

The umbrella agreement also provides that EU citizens will have the right to seek judicial redress before US courts where US authorities deny access or rectification or unlawfully disclose their personal data. Currently, US citizens have the right to seek judicial redress in the European Union if their data—transferred for law enforcement purposes—is misused by EU law enforcement authorities. EU citizens, however, do not have corresponding rights of redress in the United States. A judicial redress bill has been introduced in the US House of Representatives; adoption of the bill would allow the United States and European Union to finalise the umbrella agreement.

Key Findings of the ECJ Decision

The key findings of the ECJ decision are as follows (quotes indicate excerpts from the ruling itself):

“The guarantee of independence of national supervisory authorities is intended to ensure the effectiveness and reliability of the monitoring of compliance with the provisions concerning protection of individuals”.

The powers of supervisory authorities include “effective powers of intervention, such as that of imposing a temporary or definitive ban on processing of data, and the power to engage in legal proceedings”.

The Safe Harbor programme “cannot prevent persons whose personal data has been or could be transferred to a third country from lodging with the national supervisory authorities a claim. . .concerning the protection of their rights and freedoms”.

National courts can consider the validity of the Safe Harbor programme, but only the ECJ can declare that it is invalid.

Where the national data protection authorities find that complaints regarding the protection of personal data by Safe Harbor-certified companies are well-founded, they “must. . .be able to engage in legal proceedings”.

Organisations self-certified under the Safe Harbor programme are permitted to “disregard” the Safe Harbor principles to comply with US national security, public interest, or law enforcement requirements.

There is no provision in the Safe Harbor programme for protection for EU citizens against US authorities who gain access to their personal data transferred to the United States pursuant to the Safe Harbor programme. There is only a provision for commercial dispute resolution.

The EU Data Protection Directive^[3] “requires derogations and limitations in relation to the protection of personal data to apply only in so far as is strictly necessary”, but there is no such requirement applicable in the United States following the transfer of personal data pursuant to the Safe Harbor programme.

The Safe Harbor programme “fails to comply with the requirements” to protect personal data to the “adequate” standard required by the EU Data Protection Directive and is “accordingly invalid”.

Other Options to Transfer Personal Data to the United States

Safe Harbor-certified organisations should note that there are other options to transfer personal data to the United States, including express consent and the use of Binding Corporate Rules or EU-approved model clause agreements. Organisations using Safe Harbor-certified vendors may wish to discuss these other options with their vendors. There is, however, a risk that this decision could affect these other options, as national security derogations are likely to override the protection of personal data regardless of how it is transferred, with the only exception being the specific and informed consent of an individual to the transfer of his or her personal data to governmental authorities for national security purposes.

Conclusion

The ECJ decision is likely to take the European Commission by surprise.

The powers of national data protection authorities are significantly strengthened by this decision. They could allow data protection authorities to suspend some or all personal data flows into the United States in serious circumstances and where there is a justifiable reason to do so. There is a risk that a data protection authority could order that the data transfers by an international organisation outside of Europe be suspended from that jurisdiction, whereas data transfers in other European jurisdictions are permitted. To mitigate this risk, the European Commission is entitled to issue EU-wide “adequacy decisions” for consistency purposes.

The European Commission has today announced that it intends to release guidance for Safe Harbor-certified companies within the next two weeks.

Article By Stephanie A. “Tess” Blair, Dr. Axel Spies & Pulina Whitaker of Morgan, Lewis & Bockius LLP
Copyright © 2015 by Morgan, Lewis & Bockius LLP. All Rights Reserved.

_{[1] See Judgment of the Court (Grand Chamber) (6 October 2015)}

_{[2] See Safe Harbor List.}

_{[3] Directive 95/46/EC}

EU Official Calls for Invalidation of EU–U.S. Safe Harbor Pact

A European Court of Justice (ECJ) advocate general, Yves Bot, has called for the European Union–U.S. Safe Harbor Agreement to be invalidated due to concerns over U.S. surveillance practices (press release here, opinion here). The ECJ has discretion to reject the recommendation, but such opinions are generally followed. A final decision on the issue is expected to be issued late this year or next year.

The issue arises out of the claims of an Austrian law student, Max Schrems, who challenged Facebook’s compliance with EU data privacy laws. (The case is Schrems v. (Irish) Data Protection Commissioner, ECJ C-362/14.) He claims that the Safe Harbor Framework fails to guarantee “adequate” protection of EU citizen data in light of the U.S. National Security Agency’s (NSA) surveillance activities. Although the Irish data protection authority rejected his claim, he appealed and the case was referred to the ECJ.

The European Data Protection Directive prohibits data of EU citizens from being transferred to third countries unless the privacy protections of the third countries are deemed adequate to protect EU citizens’ data. The U.S. and EU signed the Safe Harbor Framework in 2000, which permits companies self-certify to the U.S. Department of Commerce (DOC) annually that they abide by certain privacy principles when transferring data outside the EU. Companies must agree to provide clear data privacy and collection notices and offer opt-out mechanisms for EU consumers.

In 2013, former NSA contractor Edward Snowden began revealing large-scale interception and collection of data about U.S. and foreign citizens from companies and government sources around the globe. The revelations, which continue, have alarmed officials around the world, and already prompted the European Commission to urge more stringent oversight of data security mechanisms. The European Parliament voted in March 2014 to withdraw recognition from the Safe Harbor Framework. Apparently in response to the concern, the Federal Trade Commission (FTC) has taken action against over two dozen companies for failing to maintain Safe Harbor certifications while advertising compliance with the Framework, and in some cases claiming compliance without ever certifying in the first place. For more, see here (FTC urged to investigate companies), here (FTC settles with 13 companies in August 2015), and here (FTC settles with 14 companies in July 2014).

Advocate General Bot does not appear to have been mollified by the U.S. efforts, however. He determined that “the law and practice of the United States allow the large-scale collection of the personal data of citizens of the [EU,] which is transferred under the [S]afe [H]arbor scheme, without those citizens benefiting from effective judicial protection.” He concluded that this amounted to interference in violation of the right to privacy guaranteed under EU law, and that, notwithstanding the European Commission’s approval of the Safe Harbor Framework, EU member states have the authority to take measures to suspend data transfers between their countries and the U.S.

While the legal basis of that opinion may be questioned, and larger political realities regarding the ability to negotiate agreements between the EU and the U.S. are at play, if followed by the ECJ, this opinion would make it extremely difficult for companies to offer websites and services in the EU. This holds true even for many EU companies, including those that may have cloud infrastructures that store or process data in U.S. data centers. It could prompt a new round of negotiations by the U.S. and European Commission to address increased concerns in the EU about surveillance.

Congressional action already underway may help release some tension, with the House Judiciary Committee unanimously approving legislation that would give EU consumers a judicial right of action in the U.S. for violations of their privacy. This legislation was a key requirement of the EU in an agreement in principle that would allow the EU and U.S. to exchange data between law enforcement agencies during criminal and terrorism investigations.

Although the specific outcome of this case will not be known for months, the implications for many businesses are clear: confusion and continued change in the realms of privacy and data security, and uncertainty about the legal rules of the game. Increased fragmentation across the EU may result, with a concomitant need to keep abreast of varying requirements in more countries. Change and lack of harmonization is surely the new normal now.

Article By Sheila A. Millar, Tracy P. Marshall & Nathan A. Cardon of Keller and Heckman LLP

FIVE MINUTES ON… Anti-Bribery and Corruption Laws in Europe

Anti-bribery and corruption has been a hot topic in the US for almost 40 years. The topic has historically however received much less attention within Europe. That is now changing as Europe is beginning to catch up and many European countries have already implemented anti-bribery laws much stricter than those in the US. Recent events have put the topic back on the agenda and we can expect further debate on the effectiveness and efficacy of enforcement in Europe.

The levels of perceived corruption within Europe are generally quite good. Transparency International publish an annual Corruptions Perceptions Index which shows the perceived levels of corruption in 175 countries globally. In its 2014 report, the average score across the EU and Western Europe was 66 (with 0 being highly corrupt and 100 being very clean), much better than the global average of 43. Even those countries with the lowest scores in the EU and Western Europe, being Greece, Romania and Italy, had a score of 43, consistent with the global average. Seven of the top 10 least corrupt countries are actually in Europe (Denmark, Finland, Sweden, Norway, Switzerland, Netherlands and Luxembourg).

Over the last five or so years, countries within Europe have been overhauling their existing, in many cases insufficient, anti-bribery regimes and some countries have implemented anti-bribery laws for the first time. We consider some of the specific regimes below along with their differences and similarities. The majority, if not all, are actually stricter than the laws in the US. The differences of the laws in Europe to the laws in the US have been somewhat of a surprise to many organisations who currently comply with the laws in the US and who don’t necessarily realise that they now need to enhance their practices to comply with more stringent regimes.

What’s Been Happening Across the Pond?

In the US, the Foreign Corrupt Practice Act (FCPA) came into force on 19 December 1977. The FCPA criminalises the paying or offering of a bribe to a foreign official, although the public official themselves do not commit an offence by receiving the bribe. The FCPA requires organisations to have accounting and other controls in place to prevent and detect bribery, but does not specifically require broader anti-bribery programmes. As well as US organisations, the FCPA has extraterritorial reach and catches any other organisation that uses any means of US commerce, including mails, emails, faxes, bank transactions, and similar acts.

Top of the Class: the Uk

Much of the change in approach within Europe and indeed further afield has arguably been led by the introduction in the UK of the Bribery Act 2010 (Bribery Act), which came into force on 1 July 2011, and which is thought to be the strictest anti-bribery legislation in the world.

Similarities between the FCPA and the Bribery Act Differences between the FCPA and the Bribery Act

Territorial Reach

The Bribery Act has a wide territorial reach. It extends not only to offences committed in the UK but also to offences committed outside the UK where the person committing them has a close connection with the UK by virtue of them being a British national or ordinarily resident in the UK, a body incorporated in the UK or a Scottish partnership. For corporations, the corporate offence in the Bribery Act extends to UK as well as non-UK organisations that carry on business or part of a business in the UK. So, for example, a Spanish company that exports to the UK can be in breach of the corporate offence for bribery occurring in Spain, even though that bribery does not involve any UK connected person.

Penalties

The penalties available for breaches of the Bribery Act are severe. They include an unlimited fine, up to 10 years in prison, and orders for directors to be disqualified. Companies can also be prohibited from public procurement and the proceeds from the bribe, for example the monies gained from a contract obtained through corruption, can be confiscated. Penalties under FCPA are slightly less severe with fines being capped to US$2 million (for corporations) and imprisonment for individuals being limited to a maximum of five years.

All Bribes Are Caught, Even Business-to-Business!

Arguably the single most important difference between the Bribery Act and the FCPA is that the Bribery Act prohibits the offering or receiving of a bribe and the bribery of Foreign Public Officials. Unlike the FCPA, the Bribery Act therefore captures private (business to business) bribery and also makes it an offence to receive a bribe as well as pay/offer to pay one. Directors and senior managers can also be found guilty of an offence if their organisation commits one of these offences with their consent or connivance.

Facilitation Payments

Facilitation Payments are payments made to expedite or secure the performance of a “routine government action”. The FCPA expressly authorises such payments. In the UK, such payments are prohibited under the Bribery Act.

The Corporate Defence

The Bribery Act also introduces a corporate offence of failing to prevent a bribe being paid, for which it will be a defence for an organisation to show that it has “adequate procedures” in place to prevent such bribery. Guidance produced by the UK Ministry of Justice explains that these “adequate procedures” need to be guided by six principles: Top-level commitment; Risk assessment; Proportionate procedures; Due diligence; Communication (including training) and Monitoring and review. As stated above, FCPA only requires accounting and other controls to prevent and detect bribery, nothing broader.

Other EU Member States

Most EU Member States have enacted anti-bribery laws with heavy fines. When compared to the Bribery Act, however, such laws are generally more limited in scope and tend to focus on bribery of public officials. Most are however at least consistent with FCPA.

In France, most of the French anti-corruption provisions relevant to businesses are laid down in the French Criminal Code and relate to both the public and private sector and both the offeror and the recipient. Like the UK, the law in France also has an extraterritorial reach and will interestingly apply amongst other situations, where the victim of the bribe is a French national. Penalties for breach of French laws include imprisonment for, in some cases, up to 15 years and financial penalties including, for companies, fines of, in some cases, up to €5 million or twice the amount of the proceeds stemming from the offence. Unlike the UK, there are in France, however, no legal requirements for implementing preventive procedures.

Germany’s anti-bribery laws are contained in the Criminal Code, which prohibits offering, paying or accepting a bribe in domestic or foreign transactions. Separately, civil liability can, if certain criteria are met, attach to companies for offences committed on their behalf due to the Administrative Offences Act. Owners/managers can also be found liable in certain situations. Penalties include five years’ imprisonment (10 years’ imprisonment in severe cases involving a member/official of a public body), a criminal fine and confiscation of monies obtained from the bribe. The Criminal Code also applies to offences committed abroad. One of the key cases to be enforced in Germany was that against Siemens AG, who paid German authorities almost €600 million in fines after they were investigated for paying bribes to secure public-works contracts in a number of countries. This was in addition to fines paid in the US for breaching FCPA.

In the Netherlands, anti-corruption and bribery laws are predominantly aimed at attempts to bribe public officials. Unlike the UK, Dutch law has relatively limited jurisdictional reach. For example, a foreign non-Dutch company that has committed acts of bribery of a non-Dutch foreign official outside the Netherlands is not subject to the criminal laws of the Netherlands. The maximum penalty under Dutch law is a fine of €740,000 for each case of bribery and for individuals, imprisonment for four years (one year for private commercial bribery) and a fine of up to €74,000.

Outlook

While most Member States have clearly improved their anti-bribery regimes in recent years, what seems to be the biggest hurdle is insufficient enforcement and the considerable differences in the enforcement levels across Europe, in particular when it comes to bribery abroad. Relying on the UK (or the US) will soon stretch the already limited resources that individual countries can bring to bear. It seems that the European Union itself will take action in the foreseeable future. Certainly there would be jurisdictional concerns as regards the criminal aspects for individuals, but the Commission’s war on cartels has shown that it is well-suited to enforcing policy. Currently, however, the Commission contends itself with issues in a biannual report on corruption in each Member State.

Given the extra-territorial reach discussed above, European businesses need to make sure that they are compliant with all the different antibribery laws that could affect their business. This is not only the laws in their own countries, but also the laws abroad. Many organisations acting internationally and globally are seeking compliance with the Bribery Act as compliance with the Bribery Act should be sufficient to also achieve compliance with any other anti-bribery legislation.

ARTICLE BY Rob Elvin, Louise Roberts & Tim Wünnemann of Squire Patton Boggs (US) LLP

EU Investigating Geo-Blocking of Online Video Games

On May 6, 2015, the European Competition Commission released a new Digital Single Market Plan, and simultaneously launched a broad antitrust investigation into e-commerce. The DSM plan, consisting of sixteen proposals, seeks to create a single digital European market where access to digital goods and services is unfettered across all 28 member states. The European Competition Commission will investigate whether firms’ restrictions on cross-border online trade violate the EU competition laws, and attempt to remedy them through enforcement mechanisms. High on the list is the geo-blocking of online content, including video games. The impending probe will likely target some large U.S. technology companies.

Geo-blocking is a technical barrier that allows online merchants to charge different prices or restrict users’ access based on physical location or credit card information. For example, a German resident may have to pay more for a pair of shoes purchased online from an Italian retailer than someone living in Italy. With respect to gaming, the investigation will focus on the geo-blocking of video games that are sold online for use on personal computers. The Digital Single Market plan is highly critical of geo-blocking―which it describes as violating the EU’s goal of free movement of commerce within its borders―and proposes to eliminate the practice altogether. But the Competition Commission cannot seek to change a firm’s business practice unless it violates EU antitrust law, necessitating a rigorous investigation.

To determine whether certain geo-restricting practices are anticompetitive, the Commission will analyze game publishers’ business practices, probing into their contractual limitations on the distribution of online video games. EU Competition Chief Margrethe Vestager said that geo-restrictions “are often the result of arrangements that are included in contracts between manufacturers and content owners on one side and their distributors on the other.” Accordingly, the Commission is willing to go as far as “examining the clauses in their contracts.” But the Commission also recognizes that companies use geo-blocking for legitimate and procompetitive reasons, like restricting information to paying customers and protecting copyrighted material.

The probe will begin with comprehensive questionnaires sent to companies involved in e-commerce within the EU and could potentially lead to formal inquiries and enforcement actions. Commissioner Vestager hopes to have preliminary findings by mid-2016.

The probe may target large U.S. technology companies, especially if they are suspected of abusing their dominant position to restrict trade. EU competition law places certain duties on companies that are “dominant” in their markets (a fairly low bar compared to US standards), and abuse of a dominant position can be illegal. American technology companies tend to be larger and more successful than their European counterparts, so they may trigger the Commission’s scrutiny. Accoring to Vestager, “every company that sells products online, including their suppliers and their technology providers, will be affected. Potentially, the scope will be very wide.” On the gaming front, the probe may affect large online game developers.

The Commission hopes that the creation of a single digital market will boost European startups by making it easier for them to launch and grow quickly across borders, similar to the advantage American companies have to rapidly gain a national user base in the U.S. “We want companies in Europe to use the Digital Single Market to scale up, not move out,” said Andrus Ansip, the EC’s Vice President of Digital Single Market. So it’s not surprising that the proposal and investigation come on the heels of the EU’s crackdown on American tech giants, the re-opening of the Google investigation being the most recent example. Indeed, some commentators have characterized the move as protectionist, given Europe’s recent concerns over the increasing power of large U.S. web companies.

The ramifications of the DSM plan are not yet clear, but game companies that use geo-blocking may have to look for other solutions in the future.

ARTICLE BY

Nadezhda Nikonova of Sheppard, Mullin, Richter & Hampton LLP

European Union’s New Regulation to Attach Bank Accounts Pre and Post Judgment

Applicable as of January 18, 2017, a recently adopted European regulation facilitates cross-border debt recovery by enabling creditors to obtain a “European Account Preservation Order” (the “EAPO”) given by one judge in a member state and attach a debtor’s bank accounts in another EU member state without further court proceeding. The EAPO will enable creditors to obtain an order (i) before the creditor initiates proceedings on the merits against the debtor, (ii) at any stage during the proceedings until a judgment or settlement is entered, and (iii) after a judgment or court settlement that requires the debtor to pay a claim. Before a judgment is entered, the national courts that have jurisdiction to rule on the merits will also have jurisdiction to issue an EAPO. If the creditor has already obtained a judgment, then jurisdiction lies with the courts of the member state where the judgment was obtained.

An EAPO is an alternative remedy. The order will only be available in matters that have cross-border implications and may only serve preservation purposes. This means the debtor’s bank account is provisionally frozen and the amount seized is transferred to a dedicated account kept by the competent enforcement authority. To get the pre-judgment order, the creditor must show that he will probably obtain a favorable judgment against the debtor in the proceedings on the merits. No notice is given in seeking the order. The debtor may also not be informed of the order before it is enforced. An EAPO will not apply where claims are against a debtor in bankruptcy and where funds are exempt from attachment under the laws of the member state of enforcement.

ARTICLE BY

Eric (Rick) S. Rein

Horwood Marcus & Berk Chartered

Is Obesity the Next Pivotal Employment Discrimination Issue Within the European Union?

Introduction

Obesity is one of the greatest health challenges worldwide. During the last decade, the population that is overweight in the European Union (EU) Member States has increased significantly, which has resulted in more than half of the EU population being overweight or obese.¹ According to a recent study published in The Lancet, more than one-third of the population worldwide is overweight or obese, of which 36.9 percent are men and 38 percent are women.² The aforementioned development has led to a growing discussion on how to deal with obese (severe overweight) employees in the workplace. That discussion includes the question whether obesity is a ground for unlawful discrimination.

In 2013, the European Court of Justice (ECJ) was asked in a preliminary ruling in a Danish case – for the first time – which provisions of EU law, if any, apply to discrimination based on obesity. The ruling of the ECJ is expected at the end of 2014. Meanwhile the Advocate General (AG) delivered his opinion on the matter on 17 July 2014.³ The AG’s opinion basically revolved around two questions:

can obesity be considered as a self-standing ground of unlawful discrimination under EU law?
does obesity fall within the scope of the notion of disability as referred to in the Equal Treatment Framework Directive (Directive)?⁴

The aforementioned Directive has the objective of creating a level playing field, where equality in employment and occupation in both the public and the private sectors are concerned.⁵ Based on recent case law, the ECJ appears to have adopted, following the approach of the UN Convention, a social and not a (purely) medical model of disability.⁶

In this respect, it is important to understand that the Directive provides for minimum rules to be implemented by EU Member States with regard to their national laws. Member States are free to implement and execute provisions more favorable than the Directive so long as they are in line with the Directive, specifically and and EU law, in general. As a result, there are a variety of laws in place in the respective EU Member States regarding this topic, among many others, in combination with general EU law.

Given these developments, the topic of obesity in the context of employment discrimination is receiving greater scrutiny, and thus, the Danish case being closely watched by the employment law community in Europe. Indeed, obesity might be the next frontier in employment discrimination law.

This article is intended to highlight the most relevant aspects of the Danish case. It is likely that some of the issues will seem surprising to readers in the United States, inasmuch as, since the 2008 amendments to the Americans with Disabilities Act, the Equal Employment Opportunity Commission and the courts have already begun to rule that severe or morbid obesity is a disability regardless of whether or not it was caused by a psychological disorder.⁷

Facts

An employee, Mr. Kaltoft, has been employed since 1996 as a childminder (taking care of other peoples´ children in their own homes) in the Municipality of Billund, Denmark. Mr. Kaltoft has been obese during the entirety of his employment. Although he performed his job to everyone’s satisfaction, he was dismissed in 2010. According to the notice of dismissal, the termination was due to a decline in the number of children to be taken care of.

The dismissal followed an internal hearing in which the obesity of Mr. Kaltoft was discussed. The parties disagree as to whether and if so, how, his obesity constituted part of the basis for the dismissal. Mr. Kaltoft argued that his employment was terminated due to his obesity, and that this amounted to discrimination based on obesity.

Obesity as a self-standing ground of unlawful discrimination?

Mr. Kaltoft basically argued that the open-ended nature of certain provisions in the European Charter of Human Rights (ECHR), Protocol 12 of the ECHR and the EU Charter of Fundamental Rights of the European Union (EU Charter) as well as other general EU law principles, requires the conclusion that any form of discrimination should be protected.

The AG disagrees. In his analysis, he asserts that EU legislation prohibiting discrimination addresses specific grounds of discrimination within specific subject areas without an existing general prohibition on discrimination. Thus, since obesity is not specifically mentioned as a prohibited ground of discrimination in the EU treaties, nor in any EU legislation, it cannot be seen as a self-standing ground of unlawful discrimination. If at all, according to the AG, obesity discrimination could only be grounded on Article 21 of the EU Charter, which prohibits ‘discrimination based on any ground such as (…).’ On this particular wording (such as) it might be argued that there is a general principle of non-discrimination in EU law covering grounds of discrimination not explicitly mentioned in the Charter. In this respect, the AG refers to an ECJ ruling in a previous case where the ECJ ruled that the discrimination within the scope of Directive 2000/78 should not be extended by analogy beyond those grounds listed- exhaustively – in Article 1 of the Directive.⁸ Therefore, the AG concludes that there is no general principle of EU law prohibiting discrimination in the labor market that would cover discrimination on grounds of obesity as a self-standing ground of unlawful discrimination.

Disability under Directive 2000/78

According to Article 1 of the Directive, discrimination on the grounds of disability is prohibited. The term ‘disability’ is not defined by the Directive, but a ‘notion’ of disability is being developed via case-law. This case-law is consistent with the concept of disability as laid down in Article 1 of the United Nations Convention on the Rights of Persons with Disabilities (U.N. Convention), which is an evolving concept, and the U.N. Convention’s case-law. The U.N. Convention has been approved by the EU in its Decision 2010/48 and as a result the provisions of the U.N. Convention are an integral part of the European Union legal order.9 This means that EU legislation, such as directives, have to be interpreted, as far as possible, in a manner that is consistent with the U.N. Convention.

According to the ECJ, this notion of disability must be understood as referring to a limitation which results, in particular, from (i) long-term (ii) physical, mental or psychological impairments (iii) which in interaction with various barriers (iv) may hinder (v) the full and effective participation of the person in professional life (vi) on an equal basis with other workers.¹⁰

As to the scope of the term “disability,” the ECJ has held that disability cannot be defined by reference to the source of the impairment, because that would run against the very aim of the Directive, which is to implement equal treatment.¹¹ Therefore, the notion of disability does not depend on whether the disability is self-inflicted or not. Disability can also include an illness, if the illness entails a limitation as described in the foregoing paragraph.¹² In this respect it should be noted that an illness requiring particular attention, continuous medication and control may be a psychological or psychosocial burden to the person concerned, but that in itself does not necessarily hinder participation on an equal basis in professional life in general.¹³ Moreover, the protected disability may even be that not of the employee, but of a person in the care of the employee who seeks to rely on the Directive.¹⁴ The latter situation is described as ‘associative discrimination.’

According to the AG, it is sufficient that a long term condition causes limitations in full and effective participation in professional life in general on equal terms with persons not having that condition. No link has to be made between the specific work concerned and the disability in issue as a precondition to application of the Directive.

With regard to the Danish case at issue here, one should note that the Municipality of Billund argued that it cannot be contended that Mr. Kaltoft’s obesity entails a limitation that may hinder his full and effective participation in professional life on an equal basis with other workers because he had already worked for 15 years as a childminder with the Municipality, and had participated in professional life on an equal footing with other childminders in the Municipality’s employ. In other words, the Municipality asserts, Mr. Kaltoft’s obesity cannot be deemed to have impeded his work as a childminder. On the other hand, in light of the AG’s position, as set forth above, an employee such as Mr. Kaltoft could assert that it does not matter whether he could carry on his work as a childminder before he asserts a claim under the Directive; rather, if the disability, here obesity, causes limitations on his ability to participate in professional life generally, he can assert a claim of disability discrimination pursuant to the Directive. Further, the notion of disability must be understood as referring to a hindrance to the exercise of professional activity, not only the impossibility of exercising such activity.¹⁵

Does obesity amount to a disability?

In addressing the question of whether obesity amounts to a disability, the AG refers to the Body Mass Index (BMI) classification of the World Health Organization.¹⁶ According to that measurement, persons can be divided in three categories: Obese class I (BMI of 30.00-34.99), Obese class II (BMI of 35.00 to 39.99) and Obese class III (BMI over 40.00). The latter category is also called ‘morbid obesity.’¹⁷ Although obesity is classified as an illness by the WHO, as set out above, an illness does not per se amount to a ‘disability’ as described in the Directive.¹⁸ With these categories in mind, the AG is of the opinion that most probably only WHO class III obesity (referred to by the AG as severe obesity) will create limitations that amount to a disability under the Directive and only when the situation fulfils all of the criteria set out in the ECJ’s case-law on the notion of disability. It is for the national Court to verify whether this is the case with respect to Mr. Kaltoft.¹⁹

Will the outcome matter for the Netherlands and the other EU Member States?

The Netherlands

The Directive was implemented in the Netherlands via the Equal Treatment Handicapped and Chronically Ill People Act (Act). According to this Act, discrimination on the grounds of handicap or chronical illness is prohibited. The terms ‘handicap’ and ‘chronical illness’ are not defined in the Act, and review of the legislative documents suggests that this omission was intentional, so as to be consistent with the Directive, which does not provide for a definition of ‘disability.’ Having said this, a handicap is considered to be irreversible and a chronical disease a long-term affliction.

As to the Dutch legal practice, it seems that the Act and the practice developed in the Netherlands are not completely in line with the ‘notion of disability’ in the sense of the Directive. There are elements that point in the direction of a wider scope, but there are also elements that seem to be narrower. The first (that is, a more expansive view) would be, as discussed earlier, permissible, while the latter (a narrower construct) would not. As an example, there are cases that seem to take the underlying (medical) cause into the equation in assessing whether the situation falls within the scope of a handicap or a chronic disease, which would seem to provide for analysis based on the source of the impairment, which, as described above, runs counter to the aim of the Directive.

Severe obesity is being interpreted as a chronic disease under Dutch case-law, by the Netherlands Institute for Human Rights (NIHR) as well as by the few courts that have rendered rulings on this topic so far. They all (directly or indirectly) refer to the aforementioned WHO classification regarding obesity and conclude that because morbid obesity is regarded as a chronical disease by the WHO it also qualifies as a handicap or chronical disease under the Act.²⁰ Having said this, whether the outcome of the Danish case before the ECJ will change current practice will have to be seen, and may well depend on specific wording. If the ECJ rules in line with the AG’s opinion, the Dutch practice with regard to morbid obesity will not be affected; however, if the ECJ goes further, the ruling could broaden the nature of the protection.

Elsewhere in the EU

As described above, the EU Member States all have their own national legislation and in case of ECJ developments in this area, each will need to assess whether or not they fulfil the obligations that arise from the Directive and its case-law. By way of example, in the UK ‘disability’ is one of the protected characteristics under the Equality Act. There has been case-law, which held that while obesity is not a disability in itself, it may lead to an impairment which, if it meets the ‘disability’ test, would amount to a disability. If the ECJ rules that obesity per se amounts to a disability under the Directive, the UK courts may have to interpret ‘disability’ as including obesity or consider whether any changes to legislation are required.

Practical considerations

Just to be clear, the Directive does not impose an obligation to maintain in employment an individual who is not competent to perform the essential functions of the position concerned, notwithstanding the obligation for the employer, as laid down in Article 5 of the Directive, to provide reasonable measures where needed in a particular case to enable a person with a disability to have access to, participate in, or advance in employment, unless such measures result in the imposition of a disproportionate burden on the employer.²¹ This also applies to impairments such as alcoholism and drug addiction where these conditions amount to an illness. An employer may expect employees suffering from obesity to take reasonable steps themselves to ensure that they carry out their work properly. If that is or might become a problem, both the employer and the employee should address this in a timely and adequate manner to improve the situation, which will be a joint responsibility. In this context, looking at EU case-law as it currently stands, it is advisable for employers to consider reasonable adjustments (e.g., ergonomics of the workplace) where obesity leads to an impairment having an impact on an individual’s ability to perform their job. Furthermore, employers may also want to ensure a safe environment, addressing (in)appropriate behaviors toward those who are obese, not only because harassment based on obesity may in the future qualify as discrimination on the grounds of a “disability,” but more importantly to ensure that the employees feel good about themselves and their working environment, which will enhance their commitment to their colleagues and their employer and hence will create better results for all involved. With the latter, and the previously cited statistics in mind, employers might want to consider creating a healthy working environment that goes further than the regular health and safety regulations by, for example providing for healthy (lunch) food, health club arrangements, awareness programs and well-being programs among their workforces.

ARTICLE BY

Jerrold F. Goldberg

Johan Nijmeijer

T.M.J. (Dorothé) Smits

Greenberg Traurig, LLP

¹_{According to: Eurostat, Statistics Explained: Overweight and obesity – BMI statistics (data from November 2011)}

²_{Global, regional, and national prevalence of overweight and obesity in children and adults during 1980-2013: a systematic analysis for the Global Burden of Disease Study 2013, The Lancet, Vol. 384, Iss. 9945, pages 766 – 781 (http://dx.doi.org/10.1016/S0140-6736(14)60460-8).}

³_{Karsten Kaltoft v. Municipality of Billund, Opinion of Advocate General Jääskinen 17 July 2014, Case C-354/13.}

⁴_{Directive 2000/78/EC of 27 November 2000.}

⁵_{ECJ 17 July 2008, Case C-303/06 (Coleman), EU:C:2008:415, par. 38 and 47.}

⁶_{ECJ 18 March 2014, Case C-363/12 (Z), EU:C:2014:159, par. 83-85.}

⁷_{Federal district courts in Louisiana and Mississippi and the Montana Supreme Court had already held that severe obesity not based on a physiological disorder can be deemed a protected disability (see EEOC v. Resources for Human Development, Inc., 827 F. Supp. 2d 688 (E.D.La. 2011); Lowe v. American Eurocoptor, LLC, 2010 U.S. Dist. LEXIS 133345 (N.D. Miss. Dec. 16, 2010); Feit v. BNSF Ry. Co., Op. 11-0436 (Mont. July 6, 2012).}

⁸_{ECJ 11 July 2006, Case C-13/05 (Chacón Navas), EU:C2006:456, par. 56.}

⁹_{Council Decision of 26 November 2009 concerning the conclusion, by the European Community, of the United Nations Convention on the Rights of Persons with Disabilities (2010/48/EC).}

¹⁰_{ECJ 11 April 2013, Joined Cases C-335/11 and C-337/11 (HK Danmark), EU:C:2013:222, par. 38 and 39.}

¹¹_{HK Danmark, par. 41.}

¹²_{Kaltoft, par. 58.}

¹³_{Z, par 79 and 80.}

¹⁴ _{Coleman, par. 56.}

¹⁵_{Z, par. 159.}

¹⁶_{Kaltoft, par. 50.}

¹⁷_{http://apps.who.int/bmi/index.}

¹⁸ _{HK Danmark, par. 44.}

¹⁹_{Kaltoft, par. 56 and 60.}

²⁰ _{See for example NIHR 13 May 2011, 2011-78 (regarding a hiring and selection process).}

²¹_{Chacón Navas, par. 49 and 50}

U.S. And EU Significantly Expand Sanctions and Export Control Restrictions Targeting Russia

In response to Russia’s continuing actions to destabilize Ukraine, the United States and EU took coordinated and significant steps on September 12, 2014, to expand and intensify sanctions targeting the Russian energy, defense, and financial services sectors. In tandem, the United States and EU also imposed additional restrictions on energy-related exports to certain entities in Russia, and the EU introduced new trade controls relating to certain dual-use exports.

In the United States, the Treasury Department’s Office of Foreign Assets Control (“OFAC”) and the Commerce Department’s Bureau of Industry and Security (“BIS”) took three steps that target the Russian energy sector:

First, OFAC imposed a prohibition on the following activities by U.S. persons or within the United States: the provision, export, or reexport of goods, services (other than financial services), or technology in support of deepwater, Arctic offshore, or shale exploration or production projects that: (1) have the potential to produce oil in or offshore of Russia; and (2) involve any of five major Russian energy companies: Gazprom, Gazprom Neft, Lukoil, Rosneft, or Surgutneftegas. U.S. parties impacted by these new sanctions have two weeks to wind down their activities with these Russian firms, under the terms of a new general license.
Second, BIS imposed a license requirement for the export, reexport, or foreign transfer to these same five Russian companies of any item subject to the U.S. Export Administration Regulations (“EAR”) if the exporter, reexporter, or transferor knows that the item will be used directly or indirectly in exploration for, or production from, deepwater, Arctic offshore, or shale projects in Russia. This action – achieved by naming these companies to the BIS Entity List – represents an expansion of the previous BIS restrictions relating to Russian deepwater, Arctic offshore, and shale oil and gas projects, which we reviewed in our e-alert of July 30, 2014.
Third, OFAC added two Russian energy companies–Gazprom Neft and Transneft–tothegroup of companies whose ability to issue new debt with a maturity of longer than 90 days is restricted. Those restrictions on new debt, which apply to U.S. persons and persons in the United States who transact in, provide financing for, or otherwise deal in such debt, were detailed in our e-alert of July 17, 2014.

U.S. actions targeting the Russian defense and financial services sectors include new or expanded “sectoral sanctions” and the designation of Russian defense companies to BIS’s Entity List and OFAC’s List of Specially Designated Nationals and Blocked Persons. BIS also noted that it will “require licenses for an additional group of items destined to military end-uses or end-users in Russia,” but did not provide further elaborate on what this may entail.

The new EU sanctions are set forth in two measures. First, Council Regulation No. 960/2014, which amends Council Regulation No. 833/2014 (described in our e-alert of August 4, 2014), introduces new restrictions on the access of certain Russian companies, including major Russian energy companies such as Rosneft and Gazprom Neft, to EU financing and financial markets. It also introduces new trade controls relating to certain dual-use and energy-related exports. Separately, Council Regulation No. 961/2014 designates 24 additional individuals for EU asset-freezing measures.

Collectively, the new U.S. and EU sanctions introduce a significant new range of trade controls, which will be of particular importance to companies in the energy, financial services, and defense sectors. The principal elements of the new sanctions are described below.

NEW U.S. SANCTIONS

A. New U.S. Sanctions Targeting the Russian Energy Sector

Perhaps the most significant of the new U.S. sanctions are those targeting the Russian energy sector. The new U.S. measures have implications for both U.S. and non-U.S. companies that do business with the Russian energy industry, though they will impact U.S. and non-U.S. companies in different ways. As noted above, OFAC and BIS have taken three new steps to target the Russian energy sector.

OFAC Directive 4 and General License No. 2

The first key action targeting the Russian energy sector is OFAC’s issuance of a new directive – Directive 4 – pursuant to Executive Order 13662. Directive 4 prohibits the following activities by U.S. persons or within the United States: providing, exporting, or reexporting, directly or indirectly, goods, services (except for financial services), or technology in support of exploration or production from deepwater (i.e., more than 500 feet), Arctic offshore, or shale projects that: (1) have the potential to produce oil in Russia or in maritime area claimed by Russia and extending from its territory; and (2) involve parties subject to Directive 4, their property, or their interests in property. These restrictions also extend to entities owned 50% or more by one or more sanctioned parties. Currently, five Russian energy companies are identified on the U.S. Sectoral Sanctions Identifications List (“SSI List”) as being subject to Directive 4 – Gazprom, Gazprom Neft, Lukoil, Rosneft, and Surgutneftegas. Directive 4 also makes clear that any conspiracy to violate any of its prohibitions is prohibited, and that any transaction that evades or avoids, has the purpose of evading or avoiding, causes a violation of, or attempts to violate any of Directive 4’s prohibitions is also prohibited.

At the same time that it issued Directive 4, OFAC expanded the guidance it offers on the sectoral sanctions through its Frequently Asked Questions. One of these “FAQs” (#412) explains that the prohibition on the exportation of services includes, but may not be limited to, drilling services, geophysical services, geological services, logistical services, management services, modeling capabilities, and mapping technologies. In contrast, Directive 4 does not prohibit the exportation or provision of financial services, such as clearing transactions or providing insurance related to the targeted activities. However, companies providing such financial services should ensure that those services do not constitute a prohibited dealing in new debt or new equity under Directives 1 or 2, which are addressed further below and apply independently of Directive 4.

Simultaneously, OFAC also issued General License No. 2 to authorize, for a limited time, certain wind down activities involving the Russian energy companies subject to Directive 4. Specifically, activities otherwise prohibited by Directive 4 are authorized until September 26, 2014, if they are “ordinarily incident and necessary to the wind down of operations, contracts, or other agreements involving persons determined to be subject to Directive 4 . . . that were in effect prior to September 12, 2014.” OFAC has made clear that General License No. 2 does not authorize the provision, export, or reexport of goods, services (other than financial services), or technology except as needed to cease operations involving the projects covered by Directive 4.

Any U.S. persons participating in transactions authorized by General License No. 2 are required, within 10 business days after the wind down activities conclude, to file a detailed report with OFAC covering the parties involved in the wind down activities and the date, type, and scope of such activities.

Finally, even if General License No. 2 appears to allow an export or reexport of goods, services, or technology related to wind down activities, companies should also confirm that there are no BIS restrictions applicable to the export or reexport before proceeding.

Expansion of BIS License Requirements for Certain Russian Deepwater, Arctic Offshore, and Shale Projects

The second key action targeting the Russian energy sector is BIS’s addition to its Entity List of the same five Russian energy companies currently subject to OFAC’s Directive 4 – Gazprom, Gazprom Neft, Lukoil, Rosneft, and Surgutneftegas. As a result of this action, BIS now requires all U.S. and non-U.S. persons to obtain a BIS license for the export, reexport, or foreign transfer to these five Russian companies of any item subject to the EAR if the exporter, reexporter, or transferor knows that the item will be used directly or indirectly in exploration for, or production from, deepwater, Arctic offshore, or shale projects in Russia. Moreover, applications for such licenses will be subject to a presumption of denial if the item will be used directly or indirectly in exploration for, or production from, a deepwater, Arctic offshore, or shale project in Russia that has the potential to produce oil. BIS previously issued guidance addressing the scope of the Entity List, including circumstances where an entity is owned or controlled by an entity on the Entity List. That guidance is available here.

This BIS action – which targets the export, reexport, or transfer of any item subject to the EAR – represents a significant expansion of the BIS export restrictions that were announced in early August, which targeted only certain enumerated items, not any item, subject to the EAR.

Addition of Two Russian Energy Companies to the SSI List as Subject to OFAC Directive 2

The third key action targeting the Russian energy sector is OFAC’s addition of two Russian energy companies – Gazprom Neft and Transneft – to the SSI List as subject to OFAC’s Directive 2. Directive 2 was originally issued on July 16, 2014, pursuant to Executive Order 13662, and prohibited the following activities by U.S. persons or within the United States: transacting in, providing financing for, or otherwise dealing in new debt of longer than 90 days maturity of entities identified on the SSI List as subject to Directive 2, their property, or interests in property.

Because Gazprom Neft and Transneft are now subject to Directive 2, transacting in, providing financing for, or otherwise dealing in new debt of longer than 90 days maturity of Gazprom Neft and Transneft, Rosneft and OAO Novatek (which were added to the SSI List as subject to Directive 2 in July), and any entities owned 50% or more by one or more sanctioned parties is prohibited as to U.S. persons and within the United States.

Notably, OFAC also issued General License No. 1A, which supersedes General License No. 1 of July 16, 2014, and which authorizes all transactions by U.S. persons and within the United States involving derivative products whose value is linked to an underlying asset that constitutes new debt with a maturity of longer than 90 days issued by a person subject to Directive 2.

It is important to highlight that Rosneft and Gazprom Neft are subject to both Directive 2 and Directive 4 (described above). OFAC has made clear that persons dealing with either Rosneft or Gazprom Neft must ensure that such dealings comply with Directive 2 and Directive 4 independently. For example, even if the provision of services to Rosneft is permissible under Directive 4 because the services qualify as “financial services,” the entity providing those services must separately ensure that the services do not run afoul of the prohibitions of Directive 2.

B. New U.S. Sanctions Targeting the Russian Defense Sector

OFAC Directive 3

OFAC expanded the sectoral sanctions targeting Russia to also cover the defense and related materiel sector. U.S. sectoral sanctions targeting Russia had previously focused only on the Russian financial services and energy sectors.

In particular, OFAC issued a new directive – Directive 3 – prohibiting the following activities by U.S. persons or within the United States: transacting in, providing financing for, or otherwise dealing in new debt of longer than 30 days maturity of entities added to the SSI List as subject to Directive 3, or their property or interests in property. Simultaneously, OFAC added Rostec, a Russia-based state- owned holding company for the Russian defense industry, to the SSI List as subject to Directive 3.

Like Directive 4, Directive 3 prohibits any transaction that evades or avoids, has the purpose of evading or avoiding, causes a violation of, or attempts to violate Directive 3’s prohibitions. Likewise, Directive 3 prohibits any conspiracy to violate any of its prohibitions.

Notably, OFAC also issued General License No. 1A, as discussed above, which authorizes all transactions by U.S. persons and within the United States involving derivative products whose value is linked to an underlying asset that constitutes new debt with a maturity of longer than 30 days issued by a person subject to Directive 3.

Addition of Five Russian Defense Companies to the SDN List and Entity List

Separately, OFAC added the following five entities that operate in the Russian defense sector to its SDN List pursuant to Executive Order 13661:

Almaz-Antey GSKB (aka Almaz-Antey Air Defense Concern Main System Design Bureau, JSC): a subsidiary of the Almaz-Antey Concern (which was itself added to the SDN List pursuant to Executive Order 13661 on July 16, 2014) that designs and manufactures air defense systems for the Russian Ministry of Defense.
Dolgoprudny Research Production Enterprise: primarily engaged in the production of weapons and ammunition, including the Buk (SA-11 or SA-17) missile system.
JSC NIIP (aka Tikhomirov Scientific Research Institute of Instrument Design): a subsidiary of the Almaz-Antey Concern that develops anti-aircraft defense systems, including on-board radar systems for MiG and Sukhoi fighters, and anti-aircraft missile systems for land forces, including the Kub and Buk systems.
Kalinin Machine Plant JSC: a state-run company involved in the production of special purpose products, including launchers, anti-air missiles, and artillery guns for infantry and anti-air defense.
Mytishchinski Mashinostroitelny Zavod OAO: has produced weaponry and equipment, primarily anti-aircraft missile systems and chassis for tracked military vehicles.

U.S. persons are prohibited from engaging in any dealings with these designated entities or any entities that are owned 50% or more by one or more of the designated entities. Additionally, any property or interests in property of these designated entities that comes within the United States or the possession or control of a U.S. person must be blocked.

Simultaneous with the OFAC designations, BIS added these same five entities to its Entity List, which means that any person – including non-U.S. persons – must obtain a BIS license for the export, reexport, or foreign transfer of any item subject to the EAR to the five designated entities. Applications for such licenses will be subject to a presumption of denial.

BIS noted in making these designations that it “will also require licenses for an additional group of items destined to military end-uses or end-users in Russia.” BIS did not further elaborate on what this may entail. We note – as explained in our e-alert of August 4, 2014 – that the EU previously imposed a prohibition on the sale, supply, transfer, or export of dual-use goods and technology to Russia if those items may be intended for “military use” or a “military end-user.”

C. New U.S. Sanctions Targeting the Russian Financial Services Sector

OFAC also has taken two key steps to expand and intensify the restrictions under Directive 1, which was originally issued on July 16, 2014, pursuant to Executive Order 13662 and which targets the access of certain entities in Russia’s financial services sector to U.S. capital markets.

First, OFAC amended Directive 1 to decrease the length of maturity of prohibited new debt from 90 days to 30 days. In its original form, Directive 1 prohibited the following activities by U.S. persons or within the United States: transacting in, providing financing for, or otherwise dealing in new debt of longer than 90 days maturity or new equity for persons identified on the SSI List as subject to Directive 1 (i.e., certain Russian banks), their property, or their interests in property. In its new, amended form, Directive 1 prohibits the following activities by U.S. persons or within the United States: transacting in, providing financing for, or otherwise dealing in new debt of longer than 30 days maturity or new equity of persons identified on the SSI List as subject to Directive 1, their property, or their interests in property.

Second, OFAC added Sberbank to the list of Russian banks subject to Directive 1. Thus, the prohibitions under Directive 1 are now applicable to new debt of longer than 30 days maturity and new equity of the Bank of Moscow, Gazprombank, the Russian Agricultural Bank, Sberbank, VEB, and VTB.

As noted above, OFAC also issued General License No. 1A, which authorizes all transactions by U.S. persons and within the United States involving derivative products whose value is linked to an underlying asset that constitutes new debt with a maturity of longer than 30 days or new equity issued by a person subject to Directive 1.

NEW EU SANCTIONS

The EU Council first agreed to the core framework of the sanctions on September 8, 2014. However, the cease-fire between the Ukrainian government and the pro-Russian armed militia — signed on September 5, 2014 — caused the EU Council to delay the entry into force of the new sanctions as the Council evaluated the cease-fire and the implementation of broader peace initiatives proposed earlier this month by the President of Ukraine.

The EU Council has signaled that it is prepared to take swift action to remove or reduce the new sanctions if the Russian Government demonstrates cooperation in resolving the conflict in Ukraine − or to further enhance the sanctions regime if Russia continues to contribute to the conflict.

The restrictions implemented on September 12, 2014 introduce a number of new measures, including features that do not have precedent in prior EU sanctions regulations. As in the case of the original version of Regulation 833/2014, the new provisions include a number of ambiguities that have already generated important questions from potentially affected companies, and the EU Member States will likely be called upon in the coming weeks to issue interpretive guidance relating to the new sanctions measures.

A. Additional Restrictions on Dual-Use Goods and Technologies

Regulation 960/2014 imposes a new prohibition − codified in Article 2a of the Amended Regulation 833/2014 − on the sale, supply, transfer, or export, directly or indirectly, of dual-use goods and technologies to any natural or legal person, entity, or body in Russia that is listed in Annex IV to the Regulation. Annex IV currently includes JSC Sirius, OJSC Stankoinstrument, OAO JSC Chemcomposite, JSC Kalashnikov, JSC Tula Arms Plant, NPK Technologii Maschinostrojenija, OAO Wysokototschnye Kompleksi, OAO Almaz Antey, and OAO NPO Bazalt. This new restriction on dual- use items supplements the existing prohibition, reflected in the original Regulation 833/2014, against the export of dual-use items to military end-users or for any military end-use in Russia.

Regulation 960/2014 also prohibits the provision to Annex IV parties of technical assistance, brokering services, or any “other services” related to dual-use items and to the provision, manufacture, maintenance, and use of those items. The provision to the Annex IV parties of financing or financial assistance for the sale, supply, transfer, or export of dual-use items, or for the provision of related technical assistance, brokering services, or other services is also prohibited.

The foregoing restrictions are expressed in the Regulation as prohibitions, rather than licensing requirements, thus implying that licenses will not be available to authorize transactions covered under the new restrictions. The new prohibitions are, however, subject to a number of important exemptions. Firstly, they do not apply to (i) the sale, supply, transfer, or export of dual-use items intended for the aeronautics and space industry, or the related provision of technical or financial assistance for non-military use and for a non-military end-user, or to (ii) the sale, supply, transfer, or export of dual-use items for maintenance and safety of existing civil nuclear capabilities within the EU, for non-military use, and for non-military end-users.

The foregoing provisions are also without prejudice to the execution of contracts or agreements concluded before September 12, 2014, and to the provision of assistance necessary to the maintenance and safety of “existing capabilities within the EU.” Regulation 960/2014 does not define the term “existing capabilities.”

B. New Oil and Gas “Services” Controls

Regulation 960/2014 also introduces a new Article 3a to Regulation 833/2014, prohibiting the direct or indirect provision of certain “services necessary for deepwater oil exploration and production, arctic oil exploration and production, or shale oil projects in Russia,” including (i) “drilling,” (ii) “well testing,” (iii) “logging and completion services,” and (iv) “supply of specialised floating vessels[.]” The new measures supplement existing restrictions, set forth in Articles 3 and 4 of Regulation 833/2014, concerning transactions associated with oil and gas equipment listed in Annex II to Regulation 833/2014. The new Article 3a restrictions are not, however, limited to Annex II items or to any other defined products, and the Regulation provides no definition or guidance concerning the scope of the restricted “services.” Moreover, in contrast to Regulation 833/2014 and to trade controls restrictions in other EU sanctions regulations, which distinguish restrictions on exports of goods and technology from restrictions on the provision of related support (e.g., technical assistance, brokering, financing, or financial assistance), the general reference to “services” in Article 3a has invited questions − which are not easily resolved from the text of the Regulation − concerning whether the new measures are intended to capture the supply of goods, the mere provision of technical or other support, or both.

The Article 3a prohibitions are without prejudice to the execution of an obligation arising from a contract or a “framework agreement” concluded before September 12, 2014, or ancillary contracts necessary for the execution of such contracts. The term “framework agreement” is not defined in Regulation 960/2014. However, it presumably carries a broader scope than the term “agreement” used in similar grandparenting provisions in Regulation 833/2014.

Finally, Article 3a exempts services that are necessary for the urgent prevention or mitigation of an event likely to have a serious and significant impact on human health and safety or the environment.

On a separate but related note, a recently published corrigendum to Regulation 833/2014 has clarified the scope of the restrictions on the provision of technical assistance, brokering services, financing, or financial assistance relating to the items listed on Annex II to that regulation. The corrigendum amends Article 4(4), correcting an error to the version of Regulation 833/2014 published on August 1, 2014, to make clear that competent Member State authorities may not authorize such assistance if the Annex II items are for Arctic or deepwater oil exploration or production or for a shale oil project unless the assistance concerns the execution of an obligation arising from a contract or an agreement concluded before August 1, 2014.

C. Additional Controls on Military Items

Regulation 960/2014 also amends Article 4 of Regulation 833/2014 to prohibit the provision of insurance and reinsurance relating to military items to Russian parties or for use in Russia; this prohibition applies in addition to the pre-existing prohibition against the provision of financing and financial assistance relating to military items.

D. Additional Financial Sector Restrictions

Regulation 960/2014 also amends Article 5 to Regulation 833/2014 to introduce a number of important new financial restrictions against designated Russian parties. The key amendments to Article 5 are as follows:

Regulation 960/2014 extends existing restrictions targeting “transferablesecurities” and “money market instruments” issued by Russian financial institutions listed on Annex III to Regulation 833/2014. Specifically, the new provisions introduce a restriction on the provision of “investment services” relating to those instruments, and lower the maturity period for covered instruments from 90 to 30 days (for instruments issued after September 12, 2014). Thus, Article 5 now renders it prohibited to “directly or indirectly purchase, sell, provide investment services for or assistance in the issuance of, or otherwise deal with transferable securities and money-market instruments with a maturity exceeding 90 days, issued after 1 August 2014 to 12 September 2014, or with a maturity exceeding 30 days, issued after 12 September 2014[.]”
The newly-introduced term “investmentservices” is defined as“ (i) reception and transmission of orders in relation to one or more financial instruments, (ii) execution of orders on behalf of clients, (iii) dealing on own account, (iv) portfolio management, (v) investment advice, (vi) underwriting of financial instruments and/or placing of financial instruments on a firm commitment basis, (vii) placing of financial instruments without a firm commitment basis, and (viii) any service in relation to the admission to trading on a regulated market or trading on a multilateral trading facility.”

The definition of “transferablesecurities” has been amended to exclude negotiable securities giving rise to a cash settlement.
The amended Article 5 also introduces similar prohibitions on dealings in “transferable securities” and “money-market instruments” with a maturity exceeding 30 days, issued after September 12, 2014, by (1) certain designated Russian military entities, as listed in the new Annex V to Regulation 833/2014, and (2) certain Russian entities active in the oil industry, as listed in the new Annex VI to Regulation 833/2014. Notably, the latter list includes major Russian oil and gas enterprises Rosneft, Transneft, and Gazprom Neft (the oil branch of Gazprom). Those new restrictions also extend to any entity established outside of the EU that is majority-owned by any entity designated in Annex V or Annex VI.
Similar to the restrictions imposed by Regulation 833/2014 against AnnexIIIbanks,the foregoing measures contain an important carve-out, as they do not apply to affiliates of the listed entities that are established within the EU. However, as with the Annex III bank restrictions, they extend to any entity “acting on behalf or at the direction of” the Annex V or Annex VI designated parties or their non-EU subsidiaries.
Finally, Regulation 960/2014 prohibits making or being part of any arrangement to make new loans or credit with a maturity exceeding 30 days available to any party listed on Annexes III, V, or VI after September 12, 2014. The Regulation exempts from that prohibition (i) loans or credit that have a specific and documented objective to provide financing for non-prohibited imports or exports of goods and non-financial services between the EU and Russia, and (ii) loans that have a specific and documented objective to provide emergency funding to meet solvency and liquidity criteria for legal persons established in the EU that are majority owned by Annex III banks.

As with the original Article 5, the foregoing restrictions are not asset-blocking measures — EU parties are not generally prohibited from conducting business with the Annex III, V, and VI parties if their activities do not trigger the specific restrictions outlined above.

E. Additional Parties Subject to the Asset-Freezing Restrictions

Regulation 961/2014 imposes travel bans and asset freezes on a further 24 individuals, including pro-Russian rebels, Russian lawmakers and state officials, and the chairman of the Russian Rostec conglomerate, Sergey Viktorovich Chemzov. This brings the total number of individuals subject to sanctions under this specific regime to 119, whilst the number of designated entities remains 23.

In the same manner as prior EU sanctions measures, all funds and “economic resources” belonging to, owned, held, or controlled by the newly designated parties must be frozen. “Economic resources” include “assets of every kind, whether tangible or intangible, movable or immovable, which are not funds, but which may be used to obtain funds, goods or services.” In addition, Regulation 961 prohibits making available funds or “economic resources,” directly or indirectly, to or for the benefit of the designated parties.

F. Jurisdictional Reach of the New Sanctions

Consistent with the pre-existing sanctions measures, the jurisdictional scope of the new sanctions extends (1) to conduct by EU-incorporated entities and EU nationals anywhere in the world; (2) to conduct by any party, irrespective of nationality, in connection with activities occurring in the territory of the EU or (with regard to legal persons) in respect of business “done in whole or in part within the Union”; or (3) conduct on board any aircraft or vessel under the jurisdiction of a Member State.

***

The new sanctions represent the latest, although perhaps not the last, restrictions relating to the crisis in Ukraine. The EU has signaled that it will closely monitor the implementation of the new restrictions and their impact, and it will consider supplemental measures if circumstances in Eastern Ukraine warrant and consensus among the 28 Member States can be reached. Likewise, the U.S. government has stated that additional sanctions targeting Russia could be forthcoming if Russia does not work toward a diplomatic resolution to the crisis in Ukraine.

We are following the above-mentioned sanctions and export control developments closely and will provide further updates as they evolve. We are particularly well-positioned to advise companies and individuals on compliance with the U.S. and EU sanctions related to the Ukraine crisis, as well as on the broader impact of the crisis on foreign investment in both Ukraine and Russia and other legal and commercial interests in the region.

ARTICLE BY

Covington & Burling LLP

European Commission Discusses Big Data

The European Commission (the Commission) recently issued a press release recognizing the potential of data collection and exploitation (or “big data”) and urging governments to embrace the positive aspects of big data.

The Commission summarized four main problems that have been identified in public consultations on big data:

Lack of cross-border coordination
Insufficient infrastructure and funding opportunities
A shortage of data experts and related skills
A fragmented and overly complex legal environment

To address these issues, the Commission proposed the following:

A public-private partnership to fund big data initiatives
An open big data incubator program
New rules on data ownership and liability for data provision
Mapping of data standards
A series of educational programs to increase the number of skilled data workers
A network of data processing facilities in different member states

The Commission stated that, in order to help EU citizens and businesses more quickly reap the full potential of data, it will work with the European Parliament and the European Council to successfully complete the reform of the EU’s data protection rules. The Commission will also work toward the final adoption of the directive on network and information security to ensure the high level of trust that is fundamental for a thriving data-driven economy.

Article By:

Barbara Murphy Melby

Doneld G. Shelkey

Of:

Morgan, Lewis & Bockius LLP

EU Sanctions And The International Oil And Gas Industry

The international oil and gas industry is continuously tasked with adapting to an ever evolving sanction-regulated environment. The level of sanction activity and implementation in recent years has been unprecedented, partly as a result of the political events which gave rise to the Arab Spring and the opposition to Iran’s nuclear programme. The recent crisis in the Ukraine, and associated sanctions against Russia, have sparked further debate around the need for effective, targeted punitive measures and the consequences they may have for Europe.

This article considers the EU’s sanction regime, explores the effect it has on international oil and gas companies and addresses the short-comings of the EU’s decentralised system.

What are sanctions?

Sanctions are political policy instruments used to encourage jurisdictions acting in contravention of international law to adopt standards supported by the wider global community. They impose measures designed to cause damage to the targeted government, non-state entity or individual (“Target”) in order to force it to undertake, or prevent it from undertaking, certain behaviour. They may inhibit the Target from accessing foreign markets for trade or deny it from pursuing financial and other forms of commerce. The professed ultimate objective of a sanction is to preserve or restore global peace and security.

What is the source of EU sanctions?

The UN Security Council imposes sanctions through Security Council resolutions which are binding on the EU. The EU implements all sanctions imposed by the UN Security Council through legislation enacted by the European Council. The process typically results in a European Council regulation which has direct effect in EU member states’ separate legal systems, creating rights and obligations for those subject to them, and overrides national law. Additionally, the EU may decide to impose self-directed sanctions or restrictive measures which go further than a UN Security Council resolution in circumstances in which the EU deems such action to be necessary.

Why do EU sanctions affect international oil and gas companies?

Over the past two decades, the EU has engaged in an active use of restrictive measures in the form of economic and financial sanctions, embargoes and restrictions on admission to a country. Economic and financial sanctions typically take the form of asset-freeze measures which involve the use of funds and economic resources by Targets or persons acting for and on behalf of Targets, and the provision of funds and economic resources to designated Targets. Embargoes may prohibit trade in certain goods, and activities relating to such trade, with Targets (including the flow of arms and military equipment). Visa or travel bans can be imposed preventing certain persons from entering the EU or transit through the territory of EU member states. These sanction measures are part of the EU’s strategy to support the specific objectives of the Common Foreign and Security Policy.

At the time of writing, the EU has announced asset freezes and travel bans against around twenty individuals in Russia and the Ukraine. Companies conducting their business in the oil and gas sector should be particularly vigilant to ensure they act in compliance with EU sanctions, as Ukrainian and Russian entities and individuals who operate in this industry may increasingly become sanction targets.

US sanctions are questionable under international law because they apply extra-territorially to third state parties involved in business activities with the Target. Unlike the US, the EU has refrained from adopting legislation with extra-territorial effect. However, the EU’s recent sanctions against Iran displayed a greater resemblance to those levied by the US than had previously been the case. For example, sanctions were imposed prohibiting the provision of key resources to various parts of the Iranian oil and gas industry, as well as the provision of financial services to that sector. As a result of EU financial sanctions most, if not all, banks and other financial institutions have declined from conducting any business relations with the Iranian regime.

It is clear that EU sanctions are wide reaching and their scope has a significant impact on business activities. They will apply to international oil and gas companies in the following situations:

within EU territory, including its airspace;
on board of aircrafts or vessels under the jurisdiction of an EU member state;
to EU nationals, whether or not they are in the EU;
to companies and organisations incorporated under the law of a member state, whether or not they are in the EU (this captures branches of EU companies in non-EU countries); and
to any business done in whole or in part within the EU.

The corporate behaviour, performance and conduct of international companies are powerful channels through which the objectives of sanctions against Targets are achieved. Since an international oil and gas company has little option but to observe EU sanctions to the extent such company falls within the EU’s jurisdiction, these restrictive measures are likely to play a big part in a company’s commercial decision making processes.

Why are EU sanctions difficult to manage?

A principal reason why EU sanctions are difficult for international oil and gas companies based in various EU member states to manage largely stems from the fact that the European Union lacks a centralised licensing body. Instead, the responsibility for implementing and enforcing EU sanctions is delegated to the relevant competent authorities of the EU member states. The potential for variance and discrepancy is rife in a system where there are twenty-eight EU member states, each with their individual national resource constraints and self-centred policy objectives.

Typically, the competent authorities of EU member states are responsible for:

granting exemptions and licences;
establishing penalties for sanction violations;
coordinating with financial institutions; and
reporting upon the implementation of sanctions to the European Commission.

There have been calls for a central EU licensing body which would produce a single licensing and exemption policy for EU member states. Although EU guidelines on sanctions and best practices for the effective implementation of restrictive measures go some way to plug the gap, arguably a more comprehensive regime for implementing sanctions is required to provide a better level of certainty to international businesses operating in the realms of the EU.

Managing the risks

International oil and gas companies have always had to function in politically active climates. As sanctions initiated by multilateral organisations such as the UN and EU become more fashionable, so too does the exposure to political risk that these companies will face. Given the considerable levels of investment that can only be recouped over extended periods of time, and in accordance with pre-determined contractual apportionments, international oil and gas companies need to be able to recognise, assess and manage these political risks effectively.

Oil and gas companies can relieve the risks imposed on them by sanctions through political lobbying, taking pre-emptive measures and by reacting quickly to sanctions once they are implemented. Commercial negotiations will need to focus on the allocation of risk as a result of one party’s failure to perform or withdrawal from the contract on the grounds of applicable sanctions.

International oil and gas companies need to be proactive and consider both the legal solutions and pre-cure safeguards. Time and effort should be spent focusing on drafting and negotiating the relevant contractual documentation, following a careful risk assessment, instead of deferring to dispute resolution provisions. For instance, careful construction of force majeure provisions can allocate each party’s obligations in the circumstance where an event outside of a party’s control causes contractual performance to become impossible. Thus, whilst conventional force majeure clauses relating to physical events afford relief to an affected party from its liabilities under the contract, oil and gas companies should consider expanding such contractual provisions to cover sanctions and other restrictive measures imposed on them by the UN and EU.

To avoid falling foul of existing EU sanctions, oil and gas companies should also consider putting in place comprehensive compliance procedures and systems to implement applicable sanction regimes. Penalties for breach of sanctions can be severe; a person guilty of a sanction-related offence may be liable on conviction to imprisonment and/or a fine. Falling foul of sanctions also means that a transaction can immediately become unlawful.

Conclusion

In view of the economic significance of the EU, the application of economic financial sanctions can be a powerful tool. But like a chain is no stronger than its weakest link, the effectiveness and success of the EU’s sanction regime depends on all EU member states applying, implementing and enforcing EU sanctions in a consistent manner.

The current EU sanction regime warrants a fully integrated approach which would undoubtedly benefit its policy objectives and move some way to reducing the unduly high economic cost that international oil and gas companies face when operating their businesses in the EU.

In voicing the sentiments of Henry Kissinger: “No foreign policy – no matter how ingenious – has any chance of success if it is born in the minds of a few and carried in the hearts of none”, perhaps now, in the dawn of the recent events which have taken place in the EU’s backyard in the Ukraine and Russia, the EU should further global security measures by tightening its ranks and implementing a more centralised, and better monitored, sanction regime.

Article By:

Rebecca Downes

Of:

Andrews Kurth

Dealing with Personal Information at the Water’s Edge… Re: U.S. Safe Harbor Program

Privacy and data security issues and concerns do not stop at the water’s edge. Companies needing to share personal information, even when the sharing will take place inside the same “company,” frequently run into challenges when that sharing takes place across national borders. In some ways, the obstacles created by the matrix of federal and state data privacy and security laws in the U.S. are dwarfed by the matrix that exists internationally. Most countries regulate to some degree the handling of data, from access, to processing, to disclosure and destruction. And, the law continues to develop rapidly, sometimes due to unexpected events. Take, for example, the U.S. Safe Harbor programthat was designed to facilitate the transfer of personal data of individuals in the European Union (EU) to the United States. Because the EU believes that the law in some countries, including the U.S., fails to provide “adequate safeguards,” the general rule is that personal data of EU persons cannot be sent to the U.S. unless an exception applies. One exception is based on a negotiated deal between the EU and the U.S., commonly known as the U.S. Safe Harbor, a program which currently is in some jeopardy due to the recent reports of NSA monitoring, Snowden, etc.

data information EU European Union world

Currently, to meet the Safe Harbor, a company must take certain steps, including (i) appointing a privacy ombudsman; (ii) reviewing and auditing data privacy practices; (iii) establishing a data privacy policy that addresses the following principles: notice, choice, onward transfer of data, security, integrity, access and enforcement; (iv) implementing privacy and enforcement procedures; (v) obtaining consents and creating inventory of consents for certain disclosures; and (vi) self-certifying compliance to the U.S. Department of Commerce.

A recent statement from Viviane Reding, European Commissioner for Justice, Fundamental Rights and Citizenship, quoted in The Guardian, October 17, 2013, signals some changes may be in store for the Safe Harbor:

The Safe Harbour may not be so safe after all. It could be a loophole because it allows data transfers from EU to US companies, although US data protection standards are lower than our European ones,” said Reding. “Safe Harbour is based on self-regulation and codes of conduct. In the light of the recent revelations, I am not convinced that relying on codes of conduct and self-regulation that are not policed in a strict manner offer the best way of protecting our citizens.

At the same time, the EU continues to update and strengthen its protections for personal data. Companies that operate globally need to be sensitive to not only complying with the laws specific to activities within a jurisdiction, but also to activities between jurisdictions. Common business decisions such as deciding where data will be stored, setting up global databases for employees medical, personnel and other information, arranging for enterprise-wide employee benefits or monitoring programs, can face significant obstacles relating to the interplay of the data privacy and security laws of the countries involved.

Article by:

Joseph J. Lazzarotti

By:

Jackson Lewis P.C.

Safe Harbor Programme

The Schrems Case

The EU-US Data Protection Umbrella Agreement

Key Findings of the ECJ Decision

Other Options to Transfer Personal Data to the United States

Conclusion

The ECJ decision is likely to take the European Commission by surprise.

Like this:

Like this:

What’s Been Happening Across the Pond?

Top of the Class: the Uk

Similarities between the FCPA and the Bribery Act Differences between the FCPA and the Bribery Act

Territorial Reach

Penalties

All Bribes Are Caught, Even Business-to-Business!

Facilitation Payments

The Corporate Defence

Other EU Member States

Outlook

Like this:

Share this:

Like this:

Like this:

Introduction

Facts

Obesity as a self-standing ground of unlawful discrimination?

Disability under Directive 2000/78

Does obesity amount to a disability?

Will the outcome matter for the Netherlands and the other EU Member States?

The Netherlands

Elsewhere in the EU

Practical considerations

Like this:

NEW U.S. SANCTIONS

A. New U.S. Sanctions Targeting the Russian Energy Sector

OFAC Directive 4 and General License No. 2

Expansion of BIS License Requirements for Certain Russian Deepwater, Arctic Offshore, and Shale Projects

Addition of Two Russian Energy Companies to the SSI List as Subject to OFAC Directive 2

B. New U.S. Sanctions Targeting the Russian Defense Sector

OFAC Directive 3

Addition of Five Russian Defense Companies to the SDN List and Entity List

C. New U.S. Sanctions Targeting the Russian Financial Services Sector

NEW EU SANCTIONS

A. Additional Restrictions on Dual-Use Goods and Technologies

B. New Oil and Gas “Services” Controls

C. Additional Controls on Military Items

D. Additional Financial Sector Restrictions

E. Additional Parties Subject to the Asset-Freezing Restrictions

F. Jurisdictional Reach of the New Sanctions

Like this:

Share this:

Like this:

What are sanctions?

What is the source of EU sanctions?

Why do EU sanctions affect international oil and gas companies?

Why are EU sanctions difficult to manage?

Managing the risks

Conclusion

Share this:

Like this:

Share this:

Like this: