Open source software (“OSS”) is now ubiquitous, providing community-vetted solutions to common requirements in the software industry. The widespread use of OSS is especially common with start-ups who are driven by the need to develop a minimum viable product as fast as possible in order to quickly enter the market and acquire market feedback.

Massachusetts has a new law that prohibits employers from requiring that certain types of employees sign non-competition or “forfeiture for competition” agreements (collectively “non-competition agreements”) and establishes minimum requirements that non-competition agreements must meet to be enforceable. The new law will take effect on October 1, 2018 and apply to agreements executed after that date. 

Tax-exempt organizations must become increasingly aware of the regulatory landscape in which they operate. In this ACC Docket article, Lakshmi Sarma-Ramani, a Member with our Washington D.C.-based team, provides an overview of state oversight areas that carry registration or reporting requirements. 

U.S. companies handling the personal data of EU residents should now be familiar with the requirements of the General Data Protection Regulation (GDPR), the new data protection law covering all countries in the EU, which went into effect on May 25, 2018. News about the GDPR has been plentiful, including Outside GC’s own alerts. However, compliance with EU privacy laws does not end with this regulation. There are other EU legislations covering privacy matters outside of the GDPR, such as the E-Privacy Directive 2002/58/EC of 2002 (a/k/a the “Cookies Directive”) and the “national derogations” of individual EU member state laws which impose additional responsibilities for U.S. companies that use the personal data of its residents as part of their business activities.

New York legislators have recently taken significant steps towards strengthening the sexual harassment laws in both the state and New York City. Employers in these areas should familiarize themselves with the state’s and the city’s new legal requirements and begin immediately to prepare for compliance.

The future of the EU-U.S. Privacy Shield data-sharing arrangement is shaky at best. On June 12, 2018, a resolution was passed by the European Parliament’s Committee on Civil Liberties, Justice, and Home Affairs (LIBE) calling for the suspension of the Privacy Shield, unless the U.S. demonstrates full compliance with the requirements of the program by September 1, 2018. And today, following the recommendation of the LIBE, Parliament itself voted 303 to 223 (with 29 abstentions) in favor of suspension “unless the U.S. is fully compliant” by September 1st.

The European Parliament took this action in response to a number of recent data breaches affecting Privacy Shield Certified-U.S. companies, causing concern over the effectiveness of the regulatory oversight of the framework, as well as well as over the sufficiency of the Shield’s certification requirements which are designed to protect the personal data of EU residents. If suspended, certified U.S. companies will no longer be able to leverage the benefits afforded to them by the Privacy Shield, forcing them to find new compliance mechanisms by which to transfer data from the EU in order to satisfy the requirements of the GDPR.