There is some good news in all this from an export controls perspective. First, with recent changes as part of the US Export Control Reform efforts, information is not needed with respect to all company employees, or even all company employees (or subcontractors) with access to a particular part of your IT system where controlled technical information is stored. A new rule published September 8, 2016, confirms that the US State Department no longer views theoretical or potential access as an export or re-export in and of itself. Rather, an individual would need to actually access ITAR-controlled technical data for authorization to be required. (The US Commerce Department has always required actual access in order to find that an export, re-export or release had occurred.) If there is no release or re-export, no authorization is required. As a result, information about employee nationalities need only be obtained for those employees who may have actual access to controlled technology.
The current European Privacy Directive 95/46/EC, as well as the EU General Data Protection Regulation (or “GDPR” in short), entering into force in May 2018, contain strict rules regarding the transfer / export of personal data outside the European Economic Area (“EEA”). While personal data may in principle freely circulate within the EEA, the transfer of personal data to countries outside the EEA is as a rule prohibited, unless the receiving country’s legislation guarantees an appropriate level of data protection. If this is not the case, only limited legal grounds are available to support the transfer of such information. Keep Reading
The European Commission published its long debated proposal for the recast of the Dual-Use Regulation.
The proposal, which remains close to the draft that was leaked earlier in July, sets out important changes, likely to impact EU businesses.
By Megan Gajewski Barnhill, 27 September 2016
The latest developments include the designation by the US Department of the Treasury, Office of Foreign Assets Control (OFAC) of 133 persons and entities under its Russia sanctions program. Of those designations, 17 individuals and 20 entities were added to OFAC’s List of Specially Designated Nationals and Blocked Persons (SDN List), whose assets are blocked and with which US persons are generally prohibited from dealing. OFAC also revised the information (adding new name, address and company information) for Bank Rossiya, an entity already designated on the SDN List.