Tipping the Scales :Balancing US Trade Controls’ Restrictions on Access with EU Labor and Privacy Rules (IV)


Business people talking

As discussed in our recent posts, it is necessary for purposes of complying with US export controls to understand the nationality of company employees who may access controlled technology so that proper export authorization can be arranged. Yet the company must also balance this need for information with the limitations on getting such information based on local labor and privacy laws.

By Susan Kovarovics and Bert Gevers12 October 2016

There is some good news in all this from an export controls perspective. First, with recent changes as part of the US Export Control Reform efforts, information is not needed with respect to all company employees, or even all company employees (or subcontractors) with access to a particular part of your IT system where controlled technical information is stored. A new rule published September 8, 2016, confirms that the US State Department no longer views theoretical or potential access as an export or re-export in and of itself. Rather, an individual would need to actually access ITAR-controlled technical data for authorization to be required. (The US Commerce Department has always required actual access in order to find that an export, re-export or release had occurred.) If there is no release or re-export, no authorization is required. As a result, information about employee nationalities need only be obtained for those employees who may have actual access to controlled technology.

Second, unlike under the prior approach taken by the US State Department, it is not necessary to gather information about the country of birth for those employees who will need authorization to access controlled technical information. The recently revised rules focus solely on citizenship and permanent residency. But, if access to ITAR-controlled data is at issue, take careful note of the fact that the State Department takes into account ALL citizenships ever held by an individual—past and present—even if the individually has formally renounced a citizenship. So, if the country in which someone was born grants citizenship as a matter of law to anyone who is born in the country (as is the case in the United States), then a person’s country of birth can still be relevant.

Further, both the Departments of State and Commerce have taken some steps to make it easier to balance the labor and privacy law requirements with the need to gather information to ensure proper authorization for sharing controlled technical information with company employees who are from a country other than the country in which the company is located (or in the case of the ITAR, may be dual- or third-country nationals). Primarily, they have shifted their approaches to allow the non-US parties receiving controlled technical information to determine which of their employees require access to such information and to vet those individuals internally for compliance with the ITAR and EAR requirements. This differs from earlier years when information about individual employees’ nationalities would have to be shared in some form with the US party seeking to obtain authorization from the US government to send the technical information overseas.

Under the EAR, Commerce will issue technology licenses with license conditions that indicate any limits on re-exports of the technology to “permanent and regular employees” of the non-US company who are nationals of a country other than the one in which the company is located (i.e., a Dutch national working for a Belgian company). Information about individual employees’ nationality need not be provided to the US party that is applying for the license. The non-US company can take steps internally to ensure that the individuals who have access to the controlled technology fall within the permitted categories allowed under the license.

Alternatively, both Commerce and State allow non-US companies to vet their own employees (provided they meet the definition for Commerce of “permanent and regular employee” and for State of “bona fide regular employee”). If a person has a security clearance approved by the host nation government of the entity outside the United States, further information is not needed from the individual. If confirmation can be obtained that the individual employee is a national only of countries that are members of NATO or the EU, or of Australia, Japan, New Zealand or Switzerland, and the transfer is occurring within one of those countries, additional information is not needed from the individual. Special provisions can also be relied on particularly for nationals of the United Kingdom, Canada, Australia and the Netherlands in certain circumstances. For other employees, additional information would need to be obtained from the individuals about their “substantive contacts” to countries subject to a policy of denial or an arms embargo under US export controls. Although this does require collection of additional information, the specific responses are not required to be given to the US applicant; the information does need to be made available to the US government if specifically requested.

Individuals who are not regular employees under the Commerce or State definitions are not eligible to receive controlled technical information under the above provisions. In such cases, additional information would need to be obtained about the person individually and other provisions of the ITAR or EAR relied upon to seek specific authorization.

Needless to say, although the rules may be more accommodating to the labor and privacy law concerns, they continue to be complex and warrant great attention to the details to ensure compliance.

Authors of this post are :

Susan Kovarovics
Bert Gevers
Susan Kovarovics

Susan Kovarovics

Susan Kovarovics is a partner in the International Trade group of Bryan Cave Leighton Paisner LLP. She counsels foreign and domestic parties regarding international business regulatory matters. Specifically, her practice focuses on providing practical legal advice that can be readily applied by in-house legal and business personnel in matters involving the International Traffic in Arms Regulations (ITAR), the Export Administration Regulations (EAR), sanctions administered by the Office of Foreign Assets Control (OFAC), U.S. anti-boycott laws, and the Foreign Corrupt Practices Act (FCPA).

Ms. Kovarovics designs and implements compliance programs and provides training sessions on export and defense trade controls, trade sanctions, customs, anti-corruption and anti-boycott matters. She also designs and leads internal audits and reviews to assess compliance in these areas.

Ms. Kovarovics assists clients with all aspects of the export license and agreement approvals processes at the Department of Commerce, State and Treasury. In addition, she guides clients through commodity jurisdictions and commodity classification requests for exports and ruling requests related to import matters. She also conducts due diligence reviews related to export controls, trade sanctions and anti-corruption matters.

Routinely, Ms. Kovarovics conducts internal investigations and advises clients on future actions based on results of investigations, including appropriate disciplinary and other corrective measures in response to violations of corporate policies and trade regulations. Moreover, she counsels clients on voluntary disclosure matters and represents clients in enforcement proceedings before federal authorities.

Susan’s Bar Admissions include the states of Virginia and the District of Columbia in the U.S.

Education: Susan earned her law degree from Georgetown University, cum laude (1996) and her undergraduate degree from Drew University, summa cum laude (1993).

Previous Story

Tipping the Scales: Balancing US Trade Controls’ Restrictions on Access with EU Labor and Privacy Rules (III)

Next Story

Modernization of the EU export control system: What’s next? (I)

Latest from Blog