The European Union (EU) – the largest trading partner of the United States – has long been viewed as a reliable place to do business even as some might bemoan its reputation for seemingly endless bureaucracy. Many US-based companies have based much of their business upon the cultural and global security ties that bind North America and Europe to one another. Many have located their European headquarters in the United Kingdom due to common language, similarities in legal systems and the draw of London as the leading financial center within the EU.
In recent weeks, however, the EU’s reputation for stability has been severely challenged by the vote by the citizens of the United Kingdom to leave the European Union. While the aftershocks of the “Brexit” vote will likely continue for years, US-based companies doing business in the EU must also consider the new US/EU Privacy Shield and how it impacts the sharing of “personal information” between operations within an EU Member State and a US-based affiliate. Since both of these developments will affect how US-based companies conduct business within the EU, we have prepared this single update for your reference.
- Brexit from the EU – Trade Ramifications
Now that several weeks have passed since the United Kingdom’s historic vote to leave the European Union, some of the outlines of the exit process and the results of that process are becoming clearer.
The UK Government, led by new Prime Minister Theresa May, has announced that the Brexit vote will be respected and there will be no new referendum as some (including the challenger for leadership of the opposition Labour Party) have suggested. That said, the UK has yet to give formal notice of its intent to leave the EU under Article 50 of the Lisbon Treaty, thought the Government suggests that it will do so later this year. That position, however, has not been well received by other Member States of the EU including Germany and France.
Once the UK gives its Article 50 formal notice, a two-year clock will start to run, setting the deadline for conclusion of talks and (hopefully) reaching an agreement. Such an agreement could cover issues ranging from the access that UK-based companies will have to the single market and the extent to which citizens of the UK and of the EU’s remaining 27 Member States will be able to freely seek work and conduct business in each other’s countries. Notably, this two-year period may only be extended by the unanimous consent of all of the members of the European Council. In other words, any single European head of state or head of government can disallow an extension. Once that time has elapsed, therefore, the UK will cease to be a Member State of the EU and will lose all of the benefits that go with that status – unless a new agreement is in place. In the meantime, the UK will remain a member of the EU and will have to comply with EU Directives and regulations.
One possible resolution of this problem could be to have the UK rejoin the European Economic Area (“EEA”), which allows member countries of the European Free Trade Association (EFTA) access to the EU’s single market. However, EFTA and EEA membership would likely be controversial in the UK because it requires compliance with many EU regulations and free movement of people as well as goods and services across borders. Given that restricting in-bound immigration was a key issue for many UK voters, this approach might not succeed politically. An alternative is the “Swiss model,” which would require the UK to negotiate separate bilateral trade treaties with each EU Member State. The question of which approach should be used undoubtedly forms a key part of the agenda for Ms. May’s discussions this week with German Chancellor Angela Merkel and French President Francois Hollande.
Whatever approach the UK and EU take during the two-year negotiation period, the UK will need to concentrate on drafting and revising national laws necessary to replace EU-connected legislation and arrangements. (Some of these may require approval of the devolved national assemblies in Scotland, Wales and Northern Ireland as well.) The UK Government may focus particularly on rules governing movement of goods and persons, duty rates, import procedures, trade remedies, and export controls during this period. However, the Government will not be free to “start from scratch” in light of business’ adaptation to the EU regulatory scheme for trade. We believe it likely, for example, that the UK will choose to abide by the BTI ruling letters issues by all EU trade regulators, to govern issues such a classification of goods, during and after the Brexit negotiations.
Another area of flux will be the applicability of trade agreements between the EU and other countries. As the UK is not a party to many of these agreements, it will need either to obtain amendments making it a party or negotiate new trade agreements with these other countries and with global and regional trade regulation authorities. (Such amendments might also require the EU’s consent, another factor caught up in the Brexit negotiations.) For example, the UK will likely continue to utilize the WTO’s Harmonized System Tariff, but it may have to formally request approval of a proposed national tariff and related concessions since it currently uses the EU-wide tariff. While it is unlikely that the UK would seek to significantly alter the duty rates collected on foreign goods, the reaction of other trade partners cannot be predicted. Also, companies reliant on UK-made inputs to enjoy the benefits of a free trade agreement with other trading partners should begin evaluating their sourcing immediately.
The UK’s participation in ongoing trade negotiations, including most significantly the Transatlantic Trade and Investment Partnership (TTIP) being negotiated with the US, as well as free trade agreements with Canada and Japan, remains unclear. In particular, it remains to be seen whether the US will stick by President Obama’s threat that the UK would have to go to the “back of the queue” if it opted for Brexit. Whether the UK will enjoy trade preference arrangements worked out between the EU and various third-world trading partners looks doubtful at this time, without direct negotiations. The UK is likely, we believe, to revive interest in the trade aspects of the Commonwealth system, which links the UK and many of its former colonies.
The Brexit vote creates a great deal of uncertainty globally, but mostly for the UK and for companies doing business there. (We will not even attempt to address here the prospect that the UK could itself break up over Brexit, as some in Scotland and Northern Ireland have already suggested.) Given the markets’ aversion to uncertainty, particularly in the financial sector, it is unsurprising that several major banks have already announced the relocation of some key operations from London to Paris and Frankfurt. Some North American and Asian companies are likewise reviewing whether to downgrade existing European operational headquarters in the UK or even relocate these functions to other Member States. This analysis process will no doubt spread among other global companies as the Brexit process continues.
- New US/EU “Privacy Shield” Concerns
Several weeks ago, we discussed the then-apparent privacy implications of BREXIT for data transfers from the EU to the US, which consisted largely of an admonition to make no major changes in practice until there was greater visibility into the exit process
Companies wishing to avail themselves of the benefits of the Shield – and we expect most involved in transfers of consumer data to the US will desire to do so – must provide self-certification to the US Department of Commerce beginning August 1, 2016. To be clear, companies may begin such certification then, but failure to do on that date will NOT nullify the prospective availability of the Shield.
Participants should expect ongoing review by the Department of Commerce.
We are pleased to discuss the substantive nuances of the Shield and provide primary source materials upon request, but for now, we believe it to be most important for companies to update their published privacy policies to specifically refer to the Shield and the commitment to comply with its terms.
Companies doing so must carefully study and obtain advice on the very substantial differences between the Safe Harbor and the Shield. Among other things, this will also entail a commitment to a prescribed dispute resolution mechanism and acceptance of real responsibility for compliance failures. Concurrently, companies should anticipate changes in contracting practice where cross border transfers are involved to modify references to the Safe Harbor with references to the Shield and its terms.
Our Privacy partners are pleased to elaborate upon all of the foregoing including the certification process.
Kimberly D. Booher
Martin B. Robins
Ari D. Levine