The future of the EU-U.S. Privacy Shield data-sharing arrangement is shaky at best. On June 12, 2018, a resolution was passed by the European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs (LIBE) calling for the suspension of the Privacy Shield, unless the U.S. demonstrates full compliance with the requirements of the program by September 1, 2018. And today, following the recommendation of the LIBE, Parliament itself voted 303 to 223 (with 29 abstentions) in favor of suspension “unless the U.S. is fully compliant” by September 1st.

The European Parliament took this action in response to a number of recent data breaches affecting Privacy Shield Certified-U.S. companies, causing concern over the effectiveness of the regulatory oversight of the framework, as well as well as over the sufficiency of the Shield’s certification requirements which are designed to protect the personal data of EU residents. If suspended, certified U.S. companies will no longer be able to leverage the benefits afforded to them by the Privacy Shield, forcing them to find new compliance mechanisms by which to transfer data from the EU in order to satisfy the requirements of the GDPR.

Starting your own business can be a mammoth undertaking, especially when it comes to managing expenses while working (often tirelessly) to build momentum, and eventually, a revenue stream. Many new business owners grapple with the right time to hire an attorney. Although the thought of engaging an attorney from Day 1 may seem cost-prohibitive, it is a smart business decision even for the smallest companies. Of course, you’ll want a lawyer who is fairly-priced and efficient, and who has experience working with startups.

The Massachusetts Act to Establish Pay Equity (“MEPA”) takes effect on July 1, 2018. The goal of the new law is to reduce pay differentials among men and women doing comparable work. The penalties for violating the new law include back wages, benefits and other compensation, and attorney’s fees. For an overview of MEPA, please see Part I of this two-part series on MEPA.

Introductory note: In addition to my role as on-demand general counsel at Outside GC, I am also the co-founder of Public Safety Network, a new firm providing business and operational expertise to established and start-up companies entering the public safety tech market which has been recently accelerated by the creation of FirstNet, the independent government authority responsible for bringing the first nationwide prioritized broadband wireless network to public service professionals. In the below article, I've shared some key principles on how to empower your workforce. Not only have these principles defined my approach throughout my management career, but they continue to guide my experience as a member of Outside GC's team, and lie at the core of the legal and business advice I provide to all of my clients so as to maximize desired business outcomes. I hope you enjoy! Jason

Complying with the EU’s New Data Privacy Law

On May 25, 2018, the European Union (EU)'s General Data Protection Regulation (GDPR) comes into force, broadening the scope of privacy obligations for companies doing business in or with Europe. The GDPR applies to all businesses that collect and use personal information of EU residents, including organizations located outside the EU.

U.S. companies, including Data Processors in the United States, may be subject to the GDPR if they offer products or services to EU residents or if they monitor the behavior of such residents even if they do not have a physical presence in the EU.

It’s no surprise that start-ups and small businesses are mindful of their budgets. Occasionally, however, cost-consciousness can lead a company to question the need for a contract or contract review, particularly when a transaction involves a small dollar amount or simple service offering. By assuming a lower risk of liability in these situations, the cost of hiring a lawyer to write, or review, a contract can seem unnecessary. This is a misconception.