French Regulator Says “Oui” to GDPR Fines for Under-Protected and Over-Retained Data

Alyssa ShauerBy Alyssa Shauer on Posted in Compliance

CNIL, the French data privacy regulator, issued a 400,000 euro ($448,358) fine against a company for GDPR violations stemming from sensitive information collected on its website. Investigating a complaint, the CNIL discovered that the online real estate company Sergic allowed customer information to be freely accessed online and kept that information longer than needed. By editing the text of a certain URL, a Sergic user could retrieve sensitive files that another home rental candidate had uploaded into the website. This security defect led the trove of nearly 300,000 tax and identity documents to be accessible to anyone who thought to change the text of that URL. The CNIL said that this website design flaw affected the confidentiality of data in violation of Article 32(1)(ii) of GDPR. Continue Reading

The Benefits of the International Commercial Courts of Paris in French-American Commercial Litigations

Karl BuhlerPierre Mousseron*By Karl Buhler and Pierre Mousseron* on Posted in International Litigation

On February 7, 2018, the Commercial and Appellate Courts of Paris officialized the creation, for each of them, of a chamber dedicated to resolving international commercial litigations. These chambers are known as the International Commercial Courts of Paris (the “ICCP”).

Proceedings before the ICCP have been revised recently to better meet the specific needs of foreign parties involved in international commercial litigations taking place in Paris, in a move to strengthen foreign investments in France, especially in the context of Brexit with a commercial litigation market that represented in 2016 $17.2 billion in the United Kingdom. Continue Reading

Revised EIN Application Process Permits only Individuals to Serve as the “Responsible Party”

Valérie DemontBrett Uslaner*By Valérie Demont and Brett Uslaner* on Posted in Corporate

An entity operating in the U.S. needs a U.S. Federal employer identification numbers (“EIN”) in order to open a bank account in the United States, act as an employer, file a tax return and complete certain other corporate tasks.

As of May 13, 2019, entities, other than governmental entities, applying for an EIN must list an individual as the responsible party on the application and in some instances must provide that individual’s Social Security number (SSN) or individual taxpayer identification number (ITIN). Prior to this, common practice had been to list an entity that already had an EIN (such as a parent entity) as the responsible party. Continue Reading

The Little Regulation That Will Make a Big Change in How You Do Business: Department of Commerce to Establish New Export Controls on Emerging Technologies

Reid WhittenJ. Scott MaberryCurtis DombekLisa MaysBy Reid Whitten, J. Scott Maberry, Curtis Dombek and Lisa Mays on Posted in International Trade

Key Takeaways:

  • Emerging technology sectors will soon be subject to new export controls.
  • Affected sectors include biotech, computing, artificial intelligence, positioning and navigation, data analytics, additive manufacturing, robotics, brain-machine interface, advanced materials, and surveillance.
  • New export controls on these sectors will likely require companies to obtain a license to export products to China and other destinations, and impose restrictions on sharing information with foreign nationals.
  • These sectors will also be added the list of industries subject to enhanced foreign investment scrutiny by the U.S. Committee on Foreign Investment in the United States (CFIUS).
  • The U.S. government has invited comments on the criteria to be used to establish new controls. The deadline for comments is December 19, 2018.

Export controls and other regulations often lag a step or two behind the times. That trend has accelerated with the pace of technological advancement. As a result, for many years, technical know-how in many cutting-edge technical fields has not been subject to export controls. This has meant that many commercial technical innovations could be freely exported without significant restrictions. As long as they were not designed for a military application, and no encryption technology involved, many new ideas developed in the United States were simply unaccounted for in the U.S. Export Administration Regulations (EAR).

But the U.S. Department of Commerce, Bureau of Industry and Security (BIS) is about to make up a lot of ground in a single, large leap. Continue Reading

Hiring Personnel in New York: Dos and Don’ts – Part 2

Karl BuhlerLindsay Colvin StoneBy Karl Buhler and Lindsay Colvin Stone on Posted in Labor

Part II: Offer Letters and Background Checks

In a previous article, we addressed certain pitfalls for numerous foreign employers seeking to hire personnel in New York State (see Part 1 regarding advertising and interviewing for a job). This article is the second and last in a two-part series, which will now discuss sensitive New York laws concerning (1) offer letters and (2) background checks.

Drafting an Offer Letter

Once an employer has decided to extend an offer of employment to an applicant, many use offer letters to communicate key terms of employment for the candidate’s consideration. Offer letters are a valuable tool in setting expectations and creating a relationship with a prospective employee. If not carefully drafted, however, offer letters can also be construed as an employment contract or agreement for a fixed term of employment, creating unintended obligations on the employer’s behalf. In New York, the default employment relationship is “at will,” meaning that either the employee or the employer can terminate the relationship at any time, with or without cause and with or without notice. To preserve this relationship status while accurately describing employment terms, employers should observe the following basic requirements when drafting offer letters: Continue Reading

Dramatic Increase in French Privacy Complaints Since GDPR

U.S. Legal Insights for French BusinessesBy Sheppard Mullin on Posted in Compliance

The French data protection authority CNIL has received 3,767 data protection complaints since EU’s General Data Protection Regulation (GDPR) came into effect on May 25, 2018. According to CNIL this is a 64 percent increase compared to the same four-month period last year. CNIL also reported that it has received 600 data breach notifications during the same period. CNIL is in the process of developing new French regulatory tools under GDPR. It has already developed and proposed strict new biometric privacy regulations, and has nearly finalized a certification program for company Data Protection Officers. It is now developing regulations related to customer relations, human resources, and health monitoring. Continue Reading

France Imposes Fine for Unauthorized Use of Fingerprint Timeclocks

U.S. Legal Insights for French BusinessesBy Sheppard Mullin on Posted in Compliance

French data protection authority CNIL has issued a fine against company Assistance Centre d’Appel related to the use of biometric technology in the workplace. During an audit at the end of 2016, CNIL found that the company was using fingerprint timeclocks to track employee hours without prior authorization from CNIL as required by the French Data Protection Act. In France, an employer may not use biometric data to monitor employees’ hours absent prior approval from CNIL, which is only granted in exceptional circumstances. During the 2016 audit, CNIL also found that the company was recording employee phone calls without informing the employees or other call participants, and lacked adequate workstation security. While the company has since ceased the use of fingerprint timeclocks, a 2018 audit by CNIL revealed that the company had failed to properly inform telephone call participants about call recording, and that workstations remained insecure. The fine was set at € 10,000, which was based upon the partial compliance of the company and its finances. The company only employs fourteen workers. In publishing its decision, CNIL stated that it sought to remind employees of their rights and employers of their obligations, particularly with respect to biometrics in the workplace. CNIL also intended to remind companies of the consequences for failing to respond to and comply with CNIL notices of default. Continue Reading

FIRRMA Takes Form as CFIUS Enacts a New Pilot Program Targeting “Critical Technologies”

Reid WhittenBrian WeimerDrew SvorEnumale AgadaBy Reid Whitten, Brian Weimer, Drew Svor and Enumale Agada on Posted in International Trade, Investment, Mergers and Acquisitions
  • On October 10, 2018, the Committee on Foreign Investment in the United States put into effect the first mandatory filing requirement ever imposed by CFIUS. The Department of Treasury’s summary of the Pilot Program is available here.
  • Effective November 10, 2018, CFIUS will require reviews of critical technology investments – including certain non-controlling investments – from any country.
  • A failure to file notice or a new short form declaration to CFIUS may result in a civil monetary penalty up to the value of the transaction.
  • The requirements will not apply to any transaction that is completed prior to November 10, 2018 or any transaction for which the material terms were established prior to October 11, 2018.

Background

On August 13, 2018, President Trump signed FIRRMA into law. FIRRMA is a transformational expansion of the authority of the Committee on Foreign Investment in the United States (CFIUS) to review certain transactions that previously eluded the Committee’s jurisdiction (discussed in our blog, here). Congress left many critical aspects of the FIRRMA framework to be addressed through regulations promulgated by the Department of Treasury. Although we do not expect final rules to be forthcoming until late 2019 or early 2020, Congress empowered the Department of Treasury to “test-drive” parts of FIRRMA through Pilot Programs. Those programs can be implemented simply, taking effect 30 days after publication of the program requirements in the Federal Register. The adoption and implementation of the Pilot Program for critical technologies represents the Department of Treasury’s first attempt to implement substantive parts of FIRRMA prior to issuing formal regulations. Continue Reading

Hiring Personnel in New York: Dos and Don’ts – Part 1

Karl BuhlerLindsay Colvin StoneBy Karl Buhler and Lindsay Colvin Stone on Posted in Corporate, Labor

Part I: Advertising and Interviewing

Foreign companies expanding their operations to the U.S. through New York usually handle their U.S. hiring process like the way they do back in their home country. They should not.

While many states place restrictions on the hiring process, New York offers extensive and singular protection to prospective employees whose content and scope is not necessarily in the mind of all U.S. employers; foreign-based ones should, therefore, be even more careful. From posting a job offer to running a background check, New York employment law constantly evolves and thus provides many pitfalls that can turn any hiring process into a costly and lengthy litigation. This article is the first in a two-part series that will address certain key New York laws regarding (1) advertising and interviewing for a job, and (2) offer letters and background checks. Continue Reading

“Que Je T’Aime”: L’affaire d’heritage de Johnny Hallyday

Adam StreisandBy Adam Streisand on Posted in Private Wealth Services

As a battle rages on in Nanterre, west of Paris, over the estate of Johnny Hallyday, who is best known as the “French Elvis”, and spills out across the pages of the tabloid press in France, we offer a view from Hallyday’s adopted home, Los Angeles, California. It is, after all, the central question of this affair whether a will and trust executed in California under California law, which was intended to dispose of assets that include Hallyday’s properties in Santa Monica and Los Angeles, will be respected or tossed aside as a violation of French forced-heirship laws. The saga of the Hallyday case is a cautionary tale for French nationals who reside outside of France or who have property or assets outside of France, or for foreigners who may be considered domiciliaries of France (or other nations with inheritance laws that differ from France), as well as for members of their families whose inheritance may be caught in between. Continue Reading

LexBlog