Italian Data Protection Authority issues new EU guidelines

This post was written by Cynthia O’Donoghue, Kate Brimsted, and Matthew N. Peters.

In early May the Italian data protection authority (“Garante”) issued “Simplified Arrangements to Provide Information and Obtain Consent Regarding Cookies” (“Guidelines”).  These are intended to provide clarity on the application of Legislative Decree No. 69/2012 (the “2012 Act”), which implemented the EU Cookie Directive in Italy.

The Guidelines synthesize the findings of a public consultation and set out simple methods for informing website users about the use of cookies and procuring their consent.

Key topics include:

i) Distinguishing technical cookies from profiling cookies: technical cookies only require users to be clearly informed and include browsing/session cookies, first-party analytics cookies and functional cookies; while profiling cookies require users’ consent to create a user profile and for the website operator and any third parties to carry out marketing and promotional activities.

ii) A ‘double decker’ approach to inform users and obtain consent by providing summary cookie by means of a ‘banner’ on a website landing page with more detailed information included in a full privacy notice that is linked to the banner.

iii) Links to third parties that also place cookies on a user’s device to each respective third party’s own consent and privacy notices so users remain fully informed and retain their ability to consent.   

iv) Implementation and sanctions: Garante has given data controllers one year from the date of publication of the Guidelines to meet these requirements. Failure to do so carries a range of sanctions, including a maximum fine of €300,000 and ‘naming and shaming’.

Foreign Investment in the United States: D.C. Circuit Reversal Could Lead to Increased Transparency for CFIUS

This post was written by Michael J. Lowell and Bethany R. Brown.

On July 15, the D.C. Circuit held that a presidential order requiring Ralls Corporation to divest its interests in Oregon windfarms because of national security concerns deprived Ralls of its constitutionally protected property interests without due process of law.  In doing so, the D.C. Circuit reversed a district court decision that had emphasized the president’s near-absolute, discretionary authority when responding to national security threats raised by foreign investment in the United States.  [link to Oct. 21, 2013 blog]

The presidential order was the end result of the Committee on Foreign Investment in the United States’ (“CFIUS”) review of the national security implications of Ralls’ acquisition of the four companies developing the windfarms.  Ralls – a Delaware corporation privately owned by two Chinese nationals – submitted the transaction to CFIUS for review after the acquisition had closed.  Following CFIUS’ review, President Obama ordered divestiture of Ralls’ acquisition of the membership interests in the four companies, citing national security concerns posed by the transaction.  Ralls brought suit against CFIUS, claiming, in part, that the presidential order deprived Ralls of its ownership interests in the companies without due process of law.  The case will now be returned to the district court for further review.

Though the decision does not affect the president’s ultimate power to order divestiture, the decision could have a significant impact on the manner in which CFIUS reviews proceed in the future.  Under the decision, CFIUS, before ordering divestiture, will be required to:  (1) inform the property owner about its action; (2) provide access to the unclassified evidence that supports its decision; and (3) provide the property owner with an opportunity to rebut the evidence.  This could lead to a review process that is much more transparent than current practice, wherein parties before CFIUS are often in the dark about the government’s concerns.

European Commission Releases Cloud Computing Service Level Agreements

This post was written by Cynthia O’Donoghue and Kate Brimsted.

Back in 2012, the European Commission (‘Commission’) adopted the Cloud Computing Strategy to promote the adoption of cloud computing and ultimately boost productivity. In June 2014, the Cloud Select Industry Group – Subgroup on Service Legal Agreements published Standardisation Guidelines for Cloud Service Level Agreements (‘Guidelines’) as part of this strategy.

To achieve standardisation of Service Level Agreements (‘SLAs’), the Guidelines call for action “at an international level, rather than at national or regional level”, and cite three main concerns. Firstly, SLAs are usually applied over multiple jurisdictions, and this can result in the application of differing legal requirements. Secondly, the variety of cloud services and potential deployment models necessitate different approaches to SLAs. Finally, the terminology used is highly variable between different service providers, presenting a difficulty for cloud customers when trying to compare products.

A number of principles are put forward to assist organisations through the development of standard agreements, including technical neutrality, business model neutrality, world-wide applicability, the use of unambiguous definitions and comparable service level objectives, standards and guidelines that span customer types, and the use of proof points to ensure the viability of concepts.

The Guidelines also cover the common categories of service level objectives (‘SLOs’) typically covered by SLAs relating to performance, security data management and data protection.  In particular, SLOs cover availability, response time, capacity, support, and end-of-service data migration, as well as authentication and authorization, cryptography, security incident management and reporting, monitoring, and vulnerability management.  Some of the important data-management SLOs cover data classification, business continuity and disaster recovery, as well as data portability. The personal data protection SLOs address codes of conduct, standards and certification, purpose specification, data minimization, use, retention and disclosure, transparency and accountability, location of the personal data, and the customer’s ability to intervene.

The Commission hopes the Guidelines will facilitate relationships between service providers and customers, and encourage the adoption of cloud computing and related technologies.

Indonesia's Presidential Elections Dispute and Idul Fitri 2014 - Are You and Your Company Prepared?

This post was written by Charles Ball, Paul Alfieri, John Tan, and Ruth M. Thomas.

On July 9, within just a few hours of the polls closing in the tightly contested presidential election in the world’s third-largest democracy – the Republic of Indonesia – the only two contestants running had claimed victory. Nearly 200 million people in the world’s fourth-largest country had turned out to vote for either the current Jakarta Governor Joko “Jokowi” Widodo or former military general Prabowo Subianto. Despite seven of the independently run “Quick Count” exit polls indicating that Jokowi had won the election by a margin of roughly 3 percent to 5 percent, Prabowo declared victory of his own citing three Quick Count results that supported his own victory by narrower margins.

Click here to read the full issued Client Alert.

OFAC Targets Russia's Financial and Energy Sectors in New Sectoral Sanctions

This post was written by Hena M. Schommer and Leigh T. Hansson.

As a result of the ongoing Crimea conflict, the U.S. Treasury Department’s Office of Foreign Assets Control (“OFAC”) has issued new sanctions targeting Russian banks and energy companies.  This week, OFAC issued a Ukraine-related Sectoral Sanctions Identifications List (“SSI List”) and Directives 1 and 2 pursuant to Executive Order 13662 (the “Directives”) that provide two lists of sectoral sanctions designations.  On or after July 16, 2014, the Directives, generally, prohibit U.S. persons – wherever located – from entering into “new debt” transactions, including “transacting in, providing financing for, or otherwise dealing in debt with a maturity of longer than 90 days…on behalf of, or for the benefit of the entities listed on the SSI List, their property, or their interests in property.” Directive 1 entities are also prohibited from entering into “new equity” transactions meeting the definition above. Entities included on the list are Russian banks and energy sector entities; the Directives also extend prohibitions to entities owned 50 percent or more by an entity designated on the SSI List.  According to OFAC’s website, transactions that will be caught under the “new debt” and “new equity” prohibitions include:

  • Debt defined as “bonds, loans, extensions of credit, loan guarantees, letters of credit, drafts, bankers acceptances, discount notes or bills, or commercial paper,” and
  • Equity defined as “stocks, share issuances, depositary receipts, or any other evidence of title or ownership” 

Further, the prohibitions in both Directives “extend to rollover of existing debt, if such rollover results in the creation of new debt with a maturity of longer than 90 days.”  Additionally, OFAC has issued General License No. 1, authorizing U.S. persons to engage in transactions of “derivative products whose value is linked to an underlying asset” that falls within the definition of the Directives.

OFAC has limited the scope of the SSI List by clarifying that the entities are not included on the OFAC Specially Designated Nationals List (“SDN List”), unless specifically designated by OFAC.  All prior designations on the SDN List and other trade restrictions that have not been lifted by OFAC remain in place.  Reed Smith’s other blog posts related to the U.S. Ukraine-related sanctions can be found here.

July Sanctions Update: Ukraine and Iran

This post was written by Siân Fellows, Lisa Mason, David Myers, Alexandra E. Allan, Alexandra Gordon, and Laith Najjar.

Since March 2014, we have been closely monitoring the developments relating to the situation in the Ukraine and reporting them as Client Alerts and blog updates.

We have set out below a summary of the recent changes in respect of the Ukraine as well as an update on the position regarding the “Joint Plan of Action” in respect of Iran.

For more detail on this topic, please see our Client Alert.

European Commission releases communication on building a data-driven economy, calling for a rapid conclusion to data-protection reform

This post was written by Cynthia O'Donoghue and Kate Brimsted.

In July, the European Commission (‘Commission’) published a communication titled “Towards a thriving data-driven economy” (‘Communication’), setting out the conditions that it believes are needed to establish a single market for big data and cloud computing. The Communication recognizes that the current legal environment is overly complex, creating “entry barriers to SMEs and [stifling] innovation.” In a press statement, the Commission also called for governments to “embrace the potential of Big Data.”

The Communication follows the European Council’s conclusions of 2013, which identified the digital economy, innovation and services as potential growth areas. The Commission recognizes that for “a new industrial revolution driven by digital data, computation and automation,” the EU needs a data-friendly legal framework and improved infrastructure.

Citing statistics about the amount of data being generated worldwide, the Commission believes that reform of EU data-protection laws and the adoption of Network and Information Security Directive will ensure a “high level of trust fundamental for a thriving data-driven economy.” To this end, the Commission seeks a rapid conclusion to the legislative process.

The Commission’s vision of a data-driven economy is founded on the availability of reliable and interoperable datasets and enabling infrastructure, facilitating value and using Big Data over a range of applications.

To achieve a data-driven economy, coordination among Member States and the EU is necessary. The key framework conditions are digital entrepreneurship, open data incubators, developing a skills base, a data market monitoring tool and the identification of sectorial priorities, and ensuring the availability of infrastructure for a data-driven economy, along with addressing regulatory issues relating to consumer and data protection, including data-mining and security.

In an atmosphere of increasingly complex regulation anticipated by the Draft Data Protection Regulation and rulings of Europe’s senior courts, a positive slant on the use of data should be refreshing to organisations that depend on it in their operations. The test for the recommendations will be in how the Commission and the EU seek to implement them.

Apps and Data Privacy - New Guidelines from the German DPAs

This post was written by Dr. Thomas Fischl and Dr. Alin Seegel.

Under the auspices of the Bavarian state data protection authority, the so-called Düsseldorfer Kreis (an association of all German data privacy regulators for the private sector) on June 23 published guidelines for developers and providers of mobile apps.  Since mobile applications increasingly become the focus of regulators, the guide points to data privacy and technical requirements regarding the field of app development and operation, and provides practical examples.

In spring, the Bavarian data privacy regulatory agency had randomly selected 60 apps for closer examination. In the process, the agency looked at privacy notices and compared them with the type of data that, at first glance, was transmitted.  In its conclusion, the agency noted that “every app provides some data privacy information, but that this information cannot be adequately reviewed.”  Based on this finding, the agency has more closely examined 10 apps, and subsequently created an orientation guide for app-developers and app-providers.

Among other things, the 33-page guide addresses the applicability of German data privacy laws, permit-related statements of fact regarding the collection and processing of personal data in the context of operating a mobile application, technical data privacy, and the notification obligations to be adhered to by the app provider. In addition to the legal notice, the latter include an app-specific privacy statement and other legal obligations.

With regard to app development, the guide of the German DPAs recommends that by utilizing data privacy preferences (“privacy by default”), one must ensure that the app can later be offered without deficiencies in data privacy.

Regarding technical data privacy, the guide elaborates on secure data transmission, as well as the application’s access to the location data of the respective device.

In addition to the above aspects, the guide addresses specific issues arising during the development of mobile applications, such as the integration of functions for payments or apps for young people and children.

For the future, regulators can be expected to be even more concerned with infringements related to apps, and will also be expected to initiate procedures to impose fines. The guidelines are a must-read for every app developer making apps available in Germany and throughout Europe.

EY Appeals Hong Kong Court Order To Produce Audit Working Papers Notwithstanding Holding That EY 'Deliberately Withheld From SFC' and State Secrets Not at Issue

This post was written by Joan Hon.

More than a year ago, we began following the so-called Ernst &Young (“EY”) State Secrets Case in Hong Kong.  On 23 May 2014, the High Court of Hong Kong finally concluded that there was no “reasonable excuse” for EY’s failure to comply with Securities and Futures Commission (“SFC”) notices seeking information and documents, and that EY had “deliberately withheld from SFC.” Though EY has since produced a disc of documents it held in Hong Kong, EY filed a Notice of Appeal 20 June taking issue with the Court’s position on documents held in the Mainland by its PRC affiliate, Ernst & Young Hua Ming (“HM”).

When this case kicked off in April 2013, many watched carefully, wondering how the Court might deal with Chinese state secrets and archives laws, in addition to others, that supposedly prevented the cross-border transmission of certain documents, and accordingly, EY’s ability to comply with the SFC notices.  These laws have also been the purported excuse for non-cooperation in regulatory investigations in the United States, and have resulted in bans and censures of Chinese accounting firms in the United States.*  However, the Hong Kong Court emphasized that it is “concerned with and only with the obligation of EY as a firm in Hong Kong to comply with the Notices issued under the SFO as part of the laws of Hong Kong,” suggesting a strong reluctance to interpret the controversial Chinese laws.

In an interesting “eve of trial” twist, EY suddenly discovered a laptop in Hong Kong that had been used by the EY partner involved in the engagement with HM.  Incidentally, identification of this engagement partner was only revealed by affirmation filed in relation to these proceedings, despite numerous previous requests by the SFC for such identification.  These “sudden,” last-minute discoveries, which included two additional hard drives, alongside EY’s production of a single witness who repeatedly claimed he either had no personal knowledge or memory of the relevant facts, led Mr. Justice Peter Ng Ka-fai to conclude EY had been deliberately withholding information. With respect to any documents HM may possess in the Mainland, the Court concluded that EY, subject to any legal restrictions on cross-border transmission, has a currently enforceable legal right under PRC laws to demand production of the audit working papers from HM. Thus, EY could not argue that it did not have possession – including custody or control – of the documents the SFC sought, whether in the Mainland or not.

As to whether there was any legal restriction on the cross-border transmission of documents in the Mainland, the Court was reluctant to comment on PRC laws, suggesting they were a “complete red herring” since any legal effect was hypothetical until any analysis of the actual contents of the audit working papers could be made:

The burden is on EY to show an applicable restriction on the transmission of the audit working papers and other relevant documents from the PRC to Hong Kong. If it cannot do that by showing the papers or other documents do contain State secrets or commercial secrets, that is the end of the matter, as far as EY’s case is concerned.

This begs the question as to how EY could possibly submit such evidence if its submission is that such transmission would be illegal. However, the Court accepted that if its finding on the absence of legal impediments under PRC laws is wrong, then it was EY’s (and not the SFC’s) burden to make an application to the China Securities Regulatory Commission for approval.

So far, no hearing date has been set for EY’s appeal. 

*  Incidentally, the Hong Kong Court made reference to these American cases, and have noted that the SFO does not purport to have any extraterritorial effect in the same way that section 106 of the U.S. Sarbanes-Oxley Act of 2002 does.

U.S. extraterritorial data warrants: yet another reason for swift Data Protection reform, says EU Commission

This post was written by Kate Brimsted.

In May, we reported that a U.S. magistrate judge had upheld a warrant requiring Microsoft to disclose emails held on servers in Ireland to the U.S. authorities. The ruling has now attracted the attention of Brussels, with the Vice-President of the European Commission, Viviane Reding, voicing her concern.

Microsoft had argued before the court that the warrant, which was issued under the Stored Communications Act, should be quashed. This was because it amounted to an extraterritorial warrant, which U.S. courts were not authorised to issue under the Act. In summary, the court ruled that the warrant should be upheld, noting that otherwise the U.S. government would have to rely on the “slow and laborious” procedure under the Mutual Legal Assistance Treaty, which would place a “substantial” burden on the government.

In a letter to Sophie in’t Veld, a Dutch MEP, Ms Reding noted that the U.S. decision “bypasses existing formal procedures”, and that the Commission is concerned that the extraterritorial application of foreign laws may “be in breach of international law”. In light of this, Ms Reding states that requests should not be directly addressed to companies, and that existing formal channels such as the Mutual Legal Assistance Treaty should be used in order to avoid companies being “caught in the middle” of a conflict of laws. She also advocates that the EU institutions should work towards the swift adoption of the EU data protection reform.  Ms Reding further reported that the Council of Ministers has agreed with the principle reflected by the proposed Regulation – and consistent with the recent Google Spain decision – that “EU rules should apply to all companies, even those not established in the EU (territorial scope), whenever they handle personal data of individuals in the EU”.

Florida Strengthens Data Breach Notification Law

This post was written by Divonne Smoyer and Christine N. Czuprynski.

Florida’s new data breach notification law, effective July 1, 2014, follows a recent trend of expanding the definition of personal information and requiring entities to notify state attorney general offices or other regulators. The Florida Information Protection Act, signed into law June 20, repeals the existing data breach notification law and imposes new requirements on covered entities.

First, the definition of personal information has been expanded. Personal information includes those data points that are present in most data breach notification laws – an individual’s name in combination with Social Security number, driver’s license number, or financial account number with a its corresponding security code or password – but also includes medical history and health insurance policy number. In addition, the definition now includes a user name or email address in combination with a password or some other information that allows access to an online account.

The Florida law requires notification to be made to the affected individuals, the state Department of Legal Affairs with the attorney general’s office, and credit reporting agencies, under certain circumstances. Notification to individuals and to the attorney general must occur within 30 days after determination of the breach or reason to believe a breach occurred. Florida already allows an entity to conduct a risk-of-harm analysis to determine if notification is required, and the new law retains that right. An entity is not required to notify individuals if it “reasonably determines that the breach has not and will not likely result in identity theft or any other financial harm to the individuals whose personal information has been accessed.” That determination must be documented in writing and maintained for five years, and must be provided to the attorney general within 30 days. If an entity determines that notification to individuals is required, such notification should include the date of the breach, a description of the information compromised, and contact information for the entity.

Notification to the attorney general must include a description of the breach, the number of Floridians affected, information regarding any services being offered, a copy of the notice, and contact information for an individual who can provide additional information. Upon request, an entity must also provide a copy of any police report or incident report, as well as a computer forensic report and internal policies relating to breaches. These sensitive documents – forensic reports and internal policies – do not have to be disclosed in any other state.

The new law also requires entities to take reasonable measures to protect and secure data in electronic form containing personal information.

Will Congress or the DOT enact stricter safety regulations for drivers of commercial motor vehicles?

This post was written by Christopher L. Rissetto and Robert Helland.

The recent accident on the New Jersey Turnpike that severely injured actor and comedian Tracy Morgan has focused attention – again - on issues of safety in the operations of commercial motor vehicles.  The driver in the accident which injured Morgan, killed comedian James McNair, and injured several others purportedly had not slept in 24 hours.  There are a number of regulations in place to help reduce driver fatigue which, in the aftermath of this accident, we expect federal regulators and Members of Congress to review in order to determine if they are working.   Federal  Hours of Services regulations establish daily and weekly limits on how much time can be spent behind the wheel.  To combat fatigued driving, drivers of property-carrying commercial motor vehicles (which was the type of vehicle involved in the Turnpike crash) face limits both on how much time they can spending behind the wheel both on a daily basis as well as cumulatively, during a 7 or 8 day period:  

I. Only 14 consecutive hours on duty with no more than 11 of those hours spent behind the wheel.   Once a driver begins a duty period, the clock starts ticking as to how much of that time on duty can also be spent behind the wheel of a property-carrying commercial motor vehicle.  The driver can only spend 11 hours of any 14 hour period behind the wheel, with a half hour break after 8 hours.  Once 14 consecutive hours on duty passes, the driver may not get behind the wheel, even if it is for the first time.  The driver can only start a new 14 hour shift after at least 10 consecutive hours off duty.  49 CFR § 395.3(a). 

II. Cumulative limits of 60 or 70 hours, depending on how frequently you drive.  In addition to the daily limits, federal regulations also limit the total hours drivers of property-carrying commercial motor vehicles may drive over the course of any 7 or 8 day period.  While described as limits based on a “set” work week, the FMCSA intends them instead to be based on a flexible period, i.e. the cumulative time spent on duty over the past 7 or 8 days, in order to better account for drivers who may not work on a daily basis.  

  • Those who are “on duty” - either behind the vehicle or performing other activities - but not every day of the week , cannot drive  a commercial vehicle after working 60 hours over 7 consecutive days. 
  • Those who are on duty on a daily basis cannot drive a commercial vehicle after working 70 hours over 8 consecutive days.  49 CFR § 395.3(b). 

III. 34 hour restart.  Once a driver reaches the cumulative limits described above, he or she must then spend time off duty for at least 34 consecutive hours before returning behind the wheel.  This must include 2 nights of rest (1 a.m. to 5 a.m.)and is known as the “34 hour restart”.      49 CFR § 395.3(c)(1-2). 

The 34 hour restart effectively ends a trucker’s workweek, requiring them to get a break that could be as long as 48 hours, when factoring in 2 nights or rest.  The two night rest requirement was added into the House of Services Regulations by the Federal Motor Carrier Safety Administration (“FMCSA”) in 2013. 

So how could someone spend more than 24 hours behind the wheel?  As noted, the driver in the in the Turnpike crash is alleged to have spent more than 24 hours behind the wheel, which would be in violation of federal Hours of Service Regulations.  .  To determine if this is true, we expect attention to focus on the logs  kept by the trucker, which are still in paper form.  One answer may lie in the fact that truckers are still required to keep a log of their records by paper.  The FMCSA  has proposed requiring electronic log books for truckers in a Supplemental Notice of Public Rulemaking, a so-called “black box” for truckers, with a comment period expected to end at the end of this month.   Senator Charles Schumer (D-NY)  has noted that the rule may not be made final until the beginning of 2017 and has urged the FMCSA to expedite the rulemaking process.  Also during the prior rulemaking, the FMCSA had considered – but rejected – lowering the daily driving limit from 11 hours to 10, noting the lack of evidence favor of this.  This proposal may come back, especially after the full details of the crash are known.   Also in the mix is a proposal by Senator Susan Collins (R-ME) to limit the 34 hour restart by suspending the two nights rest and allow more than one restart in a 7 day period.  The amendment was included in Senate version of the Fiscal Year 2015 Transportation, Housing and Urban Development Appropriations bill (S. 2438) by a vote of 21-9 on June 10, 2014. 

The Turnpike incident will trigger more debate and possibly provoke a strong response by federal regulators and Congress.

Supreme Court Clarifies Scope of Federal Bank Fraud Statute, But Leaves Some Questions

This post was written by Travis P. Nelson.

On June 23, 2014, the U.S. Supreme Court clarified – and arguably expanded – the reach of the federal bank fraud statute. In Loughrin v. U.S., petitioner Kevin Loughrin challenged the lower court’s interpretation of the federal bank fraud statute as not requiring that the government prove that the defendant specifically intended to defraud a bank. The Supreme Court disagreed.

This case originated in the petitioner’s check fraud scheme orchestrated at a Target Store. The petitioner, while pretending to be a Mormon missionary, went door-to-door in a neighborhood in Salt Lake City, where he rifled through residential mailboxes and stole any checks he found. (Why nobody thought it suspicious that a purported Mormon missionary was (1) working a mission project without a partner, and (2) doing so in what is arguably the U.S. city least in need of conversion to the LDS faith, will be left for another day.) The petitioner would then make the checks out to the retailer Target for amounts of up to $250. His modus operandi was to go into a local Target, posing as the account holder, and present the altered check to a cashier to purchase merchandise. After the cashier accepted the check, the petitioner would leave the store and walk back inside to return the goods for cash. In each case, the checks presented to Target were drawn on an account at a federally insured bank.

To read more, please click here

Proposed Minimum Wage Rule May Require Adjustments by Both Contractors and the Government

This post was written by Lorraine M. Campos and Joelle E.K. Laszlo.

On June 17, 2014, the U.S. Department of Labor issued proposed regulations to implement Executive Order 13658, which increased the federal minimum wage to $10.10 per hour beginning in 2015.  The proposed regulations cover a fairly broad cross-section of service and construction contracts and contract-like instruments, and their requirements are to be flowed down to subcontractors at all tiers.  The regulations also provide for the retroactive inclusion and application of minimum wage requirements inadvertently excluded from contracts covered by the Executive Order.  Although the new regulations will not take effect until next year, contractors should carefully review their current and hoped-for contracts to determine their compliance obligations. 

The proposed regulations contain an incredibly broad definition of the word “contract.” But to actually be subject to the new minimum wage requirement, a contract must meet two criteria.  First, it must be one of the following types:

  • A procurement contract for construction covered by the Davis Bacon Act
  • A contract for services covered by the Service Contract Act
  • A contract for concessions, even if it is not covered by the Service Contract Act
  • A contract to provide services to federal employees, their dependents, or the general public, on federal property or lands

Second, the wages paid under the contract must be governed by the Fair Labor Standards Act, the Service Contract Act, or the Davis-Bacon Act. 

Additionally, certain types of contracts are excluded from the proposed regulations.  For example, contracts excluded or exempted from any of the aforementioned Acts, contracts with Indian tribes, and federal grants are excluded from the proposed regulations.  The new minimum wage requirements also do not apply to contracts for manufacturing or furnishing materials, supplies, articles, or equipment to the federal government (e.g., contracts subject to the Walsh-Healey Public Contracts Act). 

As do other rules concerning wages and wage hours, the proposed regulations permit contractors to segregate hours worked by employees on contracts subject to the new requirements, from hours worked on other contracts.  In order to  take advantage of these provisions, however, a contractor must keep adequate records that clearly demonstrate each employee’s division of labor, or provide other “affirmative proof.” 

The government intends to include the new minimum wage requirements in every contract or solicitation for covered contracts issued on or after January 1, 2015.  However, if the new minimum wage requirements are mistakenly omitted from a covered contract, they may be incorporated into the contract and given retroactive effect to the contract’s start date.  This prospect may send chills down the spine of any contractor – especially since the proposed regulations note that  failure to meet the requirements may result in withheld payments and even administrative debarment.  Realistically, though, those provisions likely will be applied to contractors who flagrantly violate the requirements.  Contractors who fail to comply because they honestly and reasonably didn’t know they were required to do so until the requirements were added retroactively will be able to seek refuge and relief in the equitable adjustment clauses found in contracts subject to federal wage determinations.  Thus, a contractor that suddenly finds itself required to pay federal minimum wages that are higher than what it had been paying may not necessarily have to scramble for cash, though it will have to understand and comply with its new wage requirements.

It behooves any contractor who thinks it is, or thinks it may become, subject to the new minimum wage requirements, to understand what they are and when they apply.  A contractor concerned about the new requirements may also wish to comment on the proposed rulemaking.  Comments are due by July 17, and will be available for review at

EU Consortia Block Exemption extended for a further five years

This post was written by Marjorie C. Holmes, Angela Gregson, and Catherine Johnson.

The European Commission has announced the extension of the block exemption for certain liner shipping cooperation agreements until 2020. The extension of the Regulation follows a period of public consultation earlier this year during which time interested parties were invited to comment on the proposed extension.

Liner agreements will be able to continue to claim exemption from Article 101 subject to meeting the conditions set out in the Regulation.

For more detail on the extension of the block exemption, please see our Client Alert.