Simon J. McMenemy on Employment Law

This thought leader is renowned for being outspoken and confident in his remit, having delivered several speeches internationally and educated many in his specialist subject, data privacy and protection.

Here, talking to Lawyer Monthly, Simon J. McMenemy, Managing Partner at Ogletree Deakins International LLP, sums up quite modestly the ‘red tape’ stigma of the EU’s General Data Protection Regulation (GDPR), and the overall attitude that has developed in recent years in regards to data privacy and protection.

Are there any particular legislative amendments to employment law you would like to see as a result of the Brexit decision?

I don’t think there is any great desire to ‘unpick’ the employment legislation that has been brought in over the last 20 years from EU Directives. I think most people would agree that anti-discrimination laws originating from the EU and now to be found in the Equality Act are a good thing and are here to stay. There may be some simplification on the rules around the Working Time Regulations and the Transfer of Undertakings but I don’t think many employment lawyers are expecting much to change. Just before the Brexit vote I heard a ‘Vote Leave’ campaigner declare how coming out of the European Union meant that employers would be unburdened from red tape citing as an example that they would not have to comply with new data protection requirements about to come out of Brussels. He was talking about the General Data Protection Regulation (GDPR) that comes into force in 2018. I remember thinking does he really believe that? And, if so, how badly served the average voter was by both campaigns in terms of the accuracy of the information they were putting out there. You also advise employers on data privacy in the workplace how do you think that will be affected by Brexit? Well, for starters it looks unlikely that the UK will have formally left the EU by May 2018 when the GDPR comes into effect. But even looking beyond our exit from the EU it is unthinkable that we will be allowed to reduce the adequacy of our data protection laws if we are to continue trading with our European neighbours, which of course we must. The fallout from the Schrems case last Autumn, the invalidation of the Safe Harbor framework with the US as a safe means of protecting transatlantic data flows, and the difficulties in launching EU-US Privacy Shield as its replacement, show how difficult it could be to try to have a scheme radically different to the one we have now, which of course is currently within the European ‘adequacy’ fold.

Being with a US based law firm specialising in employment law have you been involved in the rollout of The EU-US Privacy Shield?

Yes very much so. Nearly every US client of ours who has employees in Europe will at some point want to transfer some personal data about employees to the US. Although there are other legal means of transferring the data such as Binding Corporate Rules and the EU Model Clauses, Safe Harbor was the most popular, as I think Privacy Shield will be, but it is a much tougher regime and has specific requirements for the transfer of human resources data. In particular companies registering must undertake that the policies and procedures they publish during the registration process comply with local employment laws as well as the variation of data privacy laws across the 28 EU countries. That can involve a lot of work where they are Europe-wide.

Are you seeing much change in the way employers see data privacy and protection?

I’m seeing a change in the way everyone sees data privacy and protection. When the Data Protection Act was introduced in the UK I think generally employers saw it as more unnecessary ‘red tape’ coming out of Brussels. Germany was no doubt a big influencer in this area, with newly reunified East Germans having lived with the State watching their every move. But since its implementation around the time of the Millennium, which of course coincided with the explosion of the internet, who hasn’t been affected by someone trying to compromise their data, whether it is their financial data, their email account or receiving unwanted calls, emails or correspondence? I think people are now much more willing to do their bit to protect personal data in the expectation that others will be doing the same for them. Consumers expect it from service providers and employees expect it from their employers.