Upcoming European Chemical Restrictions in Apparel Raise Concerns

European Chemical RestrictionsThe European Commission intends to ban the use in apparel of hundreds of Cat. 1A and 1B carcinogenic, mutagenic and toxic for reproduction substances (“CMRs”) within the next year. To do so, the Commission expects to use the so-called “fast-track” procedure to ban CMRs under Regulation 1907/2006 (“REACH Regulation”), instead of the standard procedure for prohibiting substances. Historically, the fast-track procedure has been reserved for mixtures that contain CMRs and are intended for the general public.  The Commission has indicated that its proposal to ban the use of CMRs in apparel is a “test-case” of its intention to also ban Cat. 1A and 1B CMRs in articles (i.e., objects) intended for consumers on a regular basis in the near future.  This fast-track procedure allows less scientific input from the European Chemicals Agency (“ECHA”) and industry, and the related restrictions would create significant barriers to international trade.

“Standard” vs. “Fast-Track” Procedure

Title VIII of the REACH Regulation empowers the European Commission to restrict the use in mixtures (e.g., inks, paints) and articles (e.g., apparel) of substances that pose an unacceptable risk to human health or the environment.  Restricted substances are listed in Annex XVII of the Regulation, which is regularly updated.

There are two different procedures for adding new restrictions: the “regular” and the “fast-track” procedure. In both cases, the Commission proposes the restrictions, and its final proposal is then adopted through “comitology” (i.e., a process involving the input of Member States).  The road towards the final Commission proposal, however, is very different for each procedure:

  • Standard procedure: The standard procedure is generally highly regarded for the sound scientific input it gathers. Articles 69 – 73 of the REACH Regulation include important steps, such as ECHA’s or a Member State’s preparation of an Annex XV dossier analyzing the restrictions, assessments by the Agency’s Risk Assessment Committee (“RAC”) and Socio-Economic Assessment Committee (“SEAC”), and consultation of the Forum for Exchange of Information on Enforcement (“Forum”).
  • Fast-Track Procedure: Article 68(2) of the REACH Regulation, however, empowers the Commission to ban the use of substances that are classified as Cat. 1A or 1B CMRs in mixtures and articles that could be used by consumers without the preparation of a dossier, the opinions of the RAC and SEAC or the consultation of the Forum. As the Commission recognized in its Article 68(2) Paper of 2014, the legislation provides little to no guidance on the use of this procedure.

Indeed, the fast-track procedure was originally intended, and until now has been used solely, to restrict the use of mixtures intended for consumers that contain Cat. 1A or 1B CMRs in concentrations above specific thresholds. Entries 28 to 30 of Annex XVII contain the general ban for mixtures containing Cat. 1A and 1B CMRs, and the Commission has regularly updated them by amending their Appendixes.

The procedure was historically intended for mixtures due to the potential high exposure of consumers using them. In contrast, there is scientific uncertainty on the risk of exposure of consumers to CMRs contained in articles.  As the Commission recognizes in its Article 68(2) Paper, the “main difference between articles and substances and mixtures is that there might be cases where there is no or very limited possibility of exposure of consumers to a CMR substance contained in an article.

The Proposed CMR Restrictions

The Commission’s long term strategy is to use the REACH fast-track procedure to restrict the use of Cat. 1A and 1B CMRs in a broad range of consumer products. The upcoming ban in apparel is intended as a “test-case”.

Following concerns raised by the industry, the Commission recently announced that it intends to restrict the use of Cat. 1A and 1B CMRs in textiles in two phases. First, it will restrict CMRs in textiles that are in direct contact with the skin.  This concerns primarily apparel, but also products such as footwear and bed linen.  We understand that these restrictions could be adopted by spring or summer of 2017.

Second, the Commission will restrict Cat. 1A and 1B CMRs in textiles that are not in direct contact with the skin, such as accessories (e.g., buttons), floor coverings, and carpets.  The Commission will not start this second phase until it presents its final proposal for textiles that are in direct contact with the skin.

It is still unclear which Cat. 1A and 1B CMRs the Commission will target. Initially, it had proposed to restrict 286 CMRs.  The Commission should only restrict those substances for which there are validated detection and measurement methods.

Analysis of the Planned Restrictions

The Commission’s initial proposal to restrict no less than 286 CMRs in a wide category of textile products raises significant concerns. These include:

Duplication: Of the CMRs that the Commission intends to restrict under the fast-track procedure, several are already subject to other restrictions in the REACH Regulation. The resulting double bans or restrictions might create confusion and duplication. The Commission indicated last June that it is aware of this issue and that it “is committed to avoid double regulation for the same substance and use.”

  • Trade implications: Extensive restrictions could create unnecessary barriers to trade and violate the EU’s commitments under the Agreements of the World Trade Organization. The apparel industry is a global industry; a rapidly-imposed ban on CMRs in apparel may lead operators in this sector to temporarily or permanently stop marketing certain products in the EU.
  • Socio-economic impact: It is questionable whether the Commission has sufficiently considered the cost of compliance with the upcoming restrictions. Widespread and simultaneous restrictions may represent a significant burden for industry, including numerous small and medium-sized enterprises (“SMEs”), and increase the price of apparel for consumers.

Next Steps

What lies ahead? The Commission has agreed to gather additional expert input over the next few months.  This will include input from the Forum, ECHA, and a group of experts, including industry representatives.  Subsequently, the Commission will open its proposal for a public consultation, likely by the end of 2016 or early 2017.  Once this public consultation is closed, the Commission will adopt its final proposal.

Although much remains to be decided, it is clear that a ban of hundreds of CMRs in all skin contact textiles will significantly affect apparel and footwear companies that market their goods in the EU and EEA. In the mid-long term, the Commission’s plans will likely also have a significant impact on the wider global textile and consumer goods industry.

ARTICLE BY Charlotte Ryckman of Covington & Burling LLP
Roberto Yunquera Sehwani, a Stagiaire at Covington & Burling LLP and attends the Universidad Autónoma de Madrid, also contributed to this post.

E-Cigarette Explosion Injuries in California

E-CigaretteWe are seeing a rising number of incidents where E-Cigarettes are malfunctioning, catching fire or even exploding and causing serious bodily injury.  What started as an “alternative” to regular cigarettes, has now become a multi-billion dollar enterprise where these products are selling millions of units all over the world including California.  I am seeing more storefronts, especially in urban areas like Los Angeles, selling “electronic cigs” , “vapes” , “vapor pens”, “Vaping” and “Vapor” devices.  Unfortunately, these products have flooded into the marketplace in CA and across the U.S. without much early regulation or quality control.  This had led to issues where the products are heating up to a dangerous level, exploding and causing many types of injuries.

What is causing E-Cigs to Blow Up?

E-Cigarettes  are meant to mimic the sensation of traditional smoking by releasing a vapor to the user.  The process by which this takes place is a heating element inside the device that brings the liquid vapor solution to a boiling point.  This heating element must have a power source and that source in almost all types of vaping products is a lithium ion battery.  The problem arises when this heating process causes the electrolytes in the battery to overheat, expand and rupture.  The danger of such an explosion is further amplified by the fact that the batteries are located at the end of a cylindrical tube that is often made of either plastic or fairly low-strength metals like aluminum. The combustion can cause all or part of the E-Cigarette to be propelled outward and into the face, neck, hands or arms of the user.

Examples of E-Cigarette Malfunctions Causing Serious Injury

There have been numerous examples in California and around the U.S. where the malfunction and explosion of e-cigs have caused serious bodily harm including the following:

  • A 26 year old in Tustin, CA had to be rushed into emergency surgery when an e-cig exploded in his mouth.  A small piece of the apparatus was lodged in his mouth and had to be surgically removed.  He also sustained second degree burns to his face and lost several teeth.

  • A man in Bakersfield, CA had to have his left (dominant hand) index finger amputated when a device exploded as he was putting it to his mouth to smoke.

  • A jury in Riverside County awarded a lady $1.9 Million dollars against the distributor of e-cigarettes due to injuries sustained after the combustion of the device in use.

  • A retired Los Angeles Galaxy soccer player filed suit after suffered facial damage that made him “unrecognizable”.  This case is still pending in the Orange County Superior Court.

The potential legal responsibility for e-cigarette injuries

California, like most states, has laws that are meant to protect consumers and allow for compensation if they are injured by any type of product that is either negligently manufactured or negligent in its design.  Causes of action for recovery of damages may include so called “strict products liability”, failing to warn users of the potential dangers of product use and breaches of express or implied warranties.  The problem becomes that many of these products are being sold by “mom and pop” retailers that may not have insurance coverage.  Holding both the manufacturers and distributors are possible under California products liability laws, however, many of these devices are being manufactured in China and other places and tracing the origin of the product can be difficult. It may also be difficult enforcing a money judgment against a foreign company.  This leaves personal injury attorneys having to do a little further investigation into other possible defendants such as U.S. companies that import the products into the states.

Once litigation has commenced, other hurdles still remain.  One of the main counter arguments is that the victim was “comparatively at fault” for their own injury by their use or alleged “misuse” of the e-cigarette vaping devices.  These arguments can be overcome by a quality personal injury law firm familiar with product defect claims.  For example, there are many consumer products such as cell phones that are prone to heating up with use but, have not been found to explode.  Therefore, the average consumer would not consider this to be a likely scenario.

The bottom line is that e-cigarettes are being sold by the millions to consumers all over California from Los Angeles to the  San Francisco bay area. When used as a normal consumer would (i.e. in a manner same or similar to a regular cigarette), the devices should not heat up to the point where they explode and send shrapnel into the hands, face and body of the user.

Copyright © 2016 · Steven Sweat

Browsewrap Agreement Held Unenforceable – Website Designers Take Note!

browsewrap agreementIn Nghiem v Dick’s Sporting Goods, Inc., No. 16-00097 (C.D. Cal. July 5, 2016), the Central District of California held browsewrap terms to be unenforceable because the hyperlink to the terms was “sandwiched” between two links near the bottom of the third column of links in a website footer.  Website developers – and their lawyers – should take note of this case, part of an emerging trend of judicial scrutiny over how browsewrap terms are presented. Courts have, in many instances, refused to enforce browsewraps due to a finding of a lack of user notice and assent. In this case, the most recent example of a court’s specific analysis of website design, a court suggests that what has become a fairly standard approach to browsewrap presentment fails to achieve the intended purpose.

In Nghiem, the plaintiff brought claims under the Telephone Consumer Protection Act (TCPA) seeking statutory damages and an order certifying a class action.  The defendant Dick’s Sporting Goods (DSG) moved to compel arbitration based upon the DSG’s website terms of use.  The court denied the defendant’s motion, ruling that the plaintiff had no knowledge of the website terms and was not bound by the arbitration clause contained in DSG’s browewrap agreement.

The terms of use on DSG’s website were not presented in the typical clickthrough arrangement, where users are expressly presented with and required to assent to the terms before completing a purchase or registration.  Rather, DSG’s terms were presented as a browsewrap agreement, where a website’s terms and conditions are posted on the website via a hyperlink at the bottom of the screen and users are presumed to manifest assent to the terms by use of the website.

The district court noted that browsewrap agreements are enforced with “reluctance,” and only when a consumer has “actual or constructive knowledge of a website’s terms and conditions.”  Interestingly, DSG argued that because the plaintiff was an attorney whose former firm handled TCPA cases (including litigation against DSG), he should be charged with knowledge of the terms and arbitration clause.  The court rejected the argument that the plaintiff should be deemed to have actual knowledge of its terms based upon his vocation:

“[A]ctual knowledge is not something to be ‘safely assumed,’ as Defendants would have it, based on a plaintiff’s occupation. Instead, Defendants were required to put forth ‘evidence’ that Plaintiff had ‘actual knowledge of the agreement’ at issue. Defendants’ speculation regarding whether Nghiem reviewed, at some point in the past, DSG’s website Terms of Use is insufficient to meet this standard.” [citations omitted].

The court performed a detailed review of the website design to determine whether the plaintiff gained constructive knowledge of the website terms based upon, among other considerations, the placement of the link to the terms.  The court noted that DSG’s terms appeared at the bottom in the website footer of the home page (and on the page about its mobile alerts), and within a grouping of 27 other hyperlinks arranged in four columns that covered a variety of diverse topics (e.g., careers, gift cards, find a store, etc.).  The court noted that the hyperlink to the terms was “sandwiched between ‘Only at DICK’s’ and ‘California Disclosures’, near the bottom of the third column of links.”  As such, the court ruled that the placement was not conspicuous enough alone to put consumers on inquiry notice of the terms.

The ruling was not necessarily surprising in light of other recent decisions examining browsewrap agreements. For example, a recent California appellate court decision affirmed a ruling denying a motion to compel arbitration based upon website terms that were only viewable at the bottom of each page via a capitalized and underlined hyperlink (“TERMS OF USE”).  The hyperlink was displayed in a light green typeface on the site’s lime green background, and was among 14 other hyperlinks of the same color, font and size. (See Long v. Provide Commerce, Inc., 200 Cal. Rptr. 3d 117 (Cal. App. 2016)). The appellate court followed well-known precedent in reaching its holding.  See e.g., Nguyen v. Barnes & Noble, Inc., 763 F.3d 1171, 1178-79 (9th Cir. 2014) (“[W]here a website makes its terms of use available via a conspicuous hyperlink on every page of the website but otherwise provides no notice to users nor prompts them to take any affirmative action to demonstrate assent, even close proximity of the hyperlink to relevant buttons users must click on—without more—is insufficient to give rise to constructive notice”); Specht v. Netscape Communications Corp., 306 F.3d 17 (2d Cir. 2002) (declining to enforce an arbitration provision contained in a software licensing browsewrap agreement where the hyperlink to the agreement appeared on “a submerged screen” below the “Download” button that the plaintiffs clicked to initiate the download).

These recent cases should prompt companies to reexamine electronic contracting practices to ensure that consumers are offered notice sufficient to understand that use of a website will constitute agreement to the terms. One solution is the use of clickthrough agreements, which are generally upheld based upon now fairly-standard procedures for gaining notice and assent during user registration or purchase confirmation.  Ultimately, however, in designing a site, companies must balance concerns for user flow with the protections that come with an enforceable terms of use (though, it should be noted that in May 2016 the CFPB proposed a rule that would prohibit mandatory arbitration clauses that prevent class actions).

© 2016 Proskauer Rose LLP.

IRS Tax Treatment of Wellness Program Benefits

Business people doing yoga on floor in office

The IRS Office of Chief Counsel recently released a memorandum providing guidance on the proper tax treatment of workplace wellness programs. Workplace wellness programs cover a range of plans and strategies adopted by employers to counter rising healthcare costs by promoting healthier lifestyles and providing employees with preventive care. These programs take many forms and can encompass everything from providing certain medical care regardless of enrollment in health coverage, to free gym passes for employees, to incentivized participation- based weight loss programs. Due to the wide variation in such plans the proper tax treatment can be complicated. However, the following points from the IRS memo can help business owners operating or considering a wellness program evaluate their tax treatment.

First, the memo confirmed that coverage in employer-provided wellness programs that provide medical care is generally not included in an employee’s gross income under section 106(a), which specifically excludes employer-provided coverage under an accident or health plan from employee gross income. 26 USC § 213(d)(1)(A) defines medical care as amounts paid for “the diagnosis, cure, mitigation, treatment, or prevention of disease, or for the purpose of affecting any structure or function of the body,” transportation for such care, qualified long term care services, and insurance (including amounts paid as premiums).

Second, it was made clear that any section 213(d) medical care provided by the program is excluded from the employee’s gross income under section 105(b), which permits an employee to exclude amounts received through employer-provided accident or health insurance if it is paid to reimburse expenses incurred by the employee for medical care for personal injuries and sickness. The memo emphasized that 105(b) only applies to money paid specifically to reimburse the employee for expenses incurred by him for the prescribed medical care. This means that the exclusion in 105(b) does not apply to money that the employee would receive through a wellness program irrespective of any expenses he incurred for medical care. 26 CFR 1.105-2.

Third, any rewards, incentives or other benefits provided by the wellness program that are not medical care as defined by section 213(d) must be included in an employee’s gross income. This means that cash prizes given to employees as incentives to participate in a wellness program are part of the employee’s gross income and may not be excluded by the employer. However, non-money awards or incentives might be excludable if they qualify as de minimis fringe benefits (ones that are so small and infrequent that accounting for them is unreasonable or impracticable). 26 USC § 132(a)(4). The memo gives the example of a t-shirt provided as part of a wellness program as such an excludable fringe benefit, and notes that money is never a de minimis fringe benefit.

Fourth, payment of gym memberships or reimbursement of gym fees is a cash benefit, even when received through the wellness program, and must be included in gross income. This is because cash rewards paid as part of the wellness program do not qualify as reimbursements of medical care and cannot be a fringe benefit.

Fifth, where an employee chooses a salary reduction to pay premiums for healthcare coverage and the employer reimburses the employee for some or all of the premium amount under a wellness program, the reimbursement is gross income.

These points laid out in the IRS memo provide a solid foundation for understanding the tax treatment of workplace wellness programs and should be kept in mind by business owners deciding how to structure new wellness plans for their employees, or ensuring the tax compliance of existing plans.

Building a Book of Business and Advancing to Law Firm Leadership: Women who Have Navigated the Course Discuss Core Elements of Success

law firm leadership

At a time when only 4 percent of the 200 largest U.S. law firms have women in firm-wide leadership positions[1], only 19% of the equity partners at the “50 Best Law Firms for Women” are women and 96% of AmLaw firms report that their highest paid partner is male[2],  it seems opportune to see what women in leadership roles have to say about advancing to firm leadership, strategies for building a book of business, mentorship, and ways they have found and nurtured success. The National Law Review connected with attorneys Ann Zucker[3] and Anthoula Pomrening[4] at this year’s Managing Partner Forum’s Leadership Conference in Atlanta, GA.  We recently had the opportunity to speak them, as well as attorney Paula Fritsch, regarding their leadership roles at their firms.

Communication, Transparency and Trust Building at all Levels of the Firm

Navigating a leadership role can be a challenge, but communication and transparency go a long way.  Zucker, of Carmody Torrance Sandak & Hennessey LLP, points out that “Trust among the lawyers in our firm is based upon predictability, transparency and forthrightness….the leadership team can foster that atmosphere by modeling those traits.”  Along those lines, Fritsch of McDonnell Boehnen Hulbert & Berghoff LLP[5] says ” Communication is key . . . I’ve seen the biggest strides when the partnership can have open and frank discussions about an issue.  Issues that are decided through back channel and closed door discussions can result in division.” Zucker agrees, saying “Communicating with the partners and employees frequently about what is going on at the firm encourages an atmosphere of trust.”

But, trust building and effective communication doesn’t happen overnight; it is a long, strenuous process.  points out that it is not too early to begin building the trust, even if you aren’t in a position of power in your firm.  She says, “The trust building process is long term, it doesn’t begin when you start work on the Executive Committee.” Earlier leadership positions help build the trust, but being a presence at the firm and having relationships with colleagues, no matter where you are in the firm or where your career is at the moment is important.  As Pomrening,  of McDonnell Boehnen Hulbert & Berghoff LLP, points out, “I began as a law clerk 19 years ago; I have known many of these people for almost 20 years.”

In any leadership role, however, being able to tune into what is best for the firm as a whole is crucial.  Zucker says, “decisions in a law firm are tough because sometimes there are conflicts among what’s best for the client, what’s best for the firm and what’s best for the individual lawyer.  I think some of the blurriness disappears if you can identify the answer to each of those questions.”  Pomrening agrees, saying, “You have to think about the whole–what’s the best thing for the clients and the firm, rather than an individual attorney?  I try to stress that in whatever I do on a daily basis.  Whether it’s a pitch or identifying a leadership position for somebody else, I’m always looking at it in terms of what is best for the whole.”

Own Your Destiny – Build a Book of Business

One important thing for all attorneys and success in a law firm environment is being able to find ways to nurture and build your own book of business.  Being able to successfully generate new matters for the firm is an important step in finding success, wherever your career takes you.  Fritsch says, “You have to get yourself out there and make yourself visible.  Pick an area that interests you and become an expert in that area, and if that is in a niche space, even better.”   Ann Zucker emphasizes that the best way for individuals to generate business is to do what they like to do.  She says, “You have to do what you are comfortable doing.  If you do something you are not comfortable doing it’s going to show and it’s not going to be useful.  For example, if your thing is talking on panels on a specific topic, then do that. If you like to write articles, then focus your time on that. You don’t have enough time to do things that you don’t like or that you are not good at. But you need to figure out what’s best for you, where do you shine and focus your efforts there.”

Find Someone or a Group of Someones Who Can Help You Through the Process – Keep up Your End of the Relationship

Mentorship is also important when establishing yourself in a law firm, both in honing legal skills and building the relationships that are so crucial to generating business.  Though it can be tricky for some younger female associates to develop such relationships as the vast majority of practice groups leaders and other law firm management members are older males.  Zucker says, “A good mentor puts you in a position where you can grow and learn, and they are always going to be cognizant of that–if it’s taking you to court, bringing you to a client pitch, taking you along even if you are not necessarily needed–so you can develop relationships.  These are opportunities to develop legal skills, but also business–Clients get to see you and you have to get out there for people to get to know you.”  In order to make a mentor relationship work, it takes effort on both parts.  Paula Fritsch says, “A mentee should be open with the mentor about what they want out of the relationship, and the mentor may have different ideas for the relationship.”

As with everything, communication is key.  Zucker points out that the relationship requires time and effort, saying, “Both the mentor and the mentee need to take time to nurture the relationship.  Whether official or unofficial relationships, you need to spend time–lunch, cup of coffee, to check in to see how things are going, what opportunities they are looking for.”  As with any meaningful relationship, sometimes things need to be said that are hard to hear.  Fritsch suggests, “as a mentee, be prepared to take some criticisms from your mentor – they may have some things to share that are hard to hear, but a good mentor shares the good and the bad to help you grow.”

Another strategy Anthoula Pomrening suggests is to have a group of trusted colleagues as a sounding board.  These are individuals you can run ideas by, and try things out on to see how they sound or how to approach a problem.  By trying different approaches–out loud, you can get a sense of what resonates and perhaps more importantly, what doesn’t. Pomrening says, “This group can help you address certain situations that you aren’t sure how to approach, and it is very useful.”

Even though women and men enter law school in equal numbers, and work next to each other as associates in equal numbers, a huge disparity in leadership positions and income still exists at law firms. Women who have moved up in the ranks despite the odds, build trust and relationships early in their careers and as they advance. Young female law firm associates who want to advance and prosper generally do best when they find not only a mentor, but a sponsor or community of advisors who can help them navigate the hidden rules of advancement in their firm’s hierarchy and discover the tools necessary to build a book of business.

It’s been noted in numerous surveys and articles that female attorney’s median billable and total hours generally lag male attorneys at all levels.   However, for nonbillable hours, women above the associate level record significantly more hours than male attorneys.[6]    Many thanks to the women who took the time to contribute their thoughts, suggestions and nonbillable time to this article.

Copyright ©2016 National Law Forum, LLC

[1] Large Law Firms are Failing Women Lawyers, the Washington Post, February 18, 2014

[2] Catalyst.org March 3, 2015 Women in Law in Canda and U.S.

[3] Ann Zucker is the Managing Partner of Carmody Torrance Sandak & Hennessey LLP,  a  Connecticut-based business law firm.

[4] Anthoula Pomrening is an Intellectual Property partner with McDonnell Boehnen Hulbert & Berghoff LLP.

[5] Paula S. Fritsch, Ph.D. is an Intellectual Property partner with McDonnell Boehnen Hulbert & Berghoff LLP in Chicago.

[6] National Association of Women Lawyers and NAWL Foundation Releases Seventh Annual Survey, ABA Young Lawyers Division, October 22, 2012

Electric-Vehicle Infrastructure: Fertile Ground for P3’s

Electric-VehiclesIn 2006, the documentary “Who Killed the Electric Car?” hit the theaters. Ten years later, there remains substantial disagreement on the answer to that question, but one truth has emerged: the electric car lives again. As Electric-Vehicles (EV) range steadily increases while both charging times and prices continue to fall, it appears inevitable that an EV will someday be in every driveway. Yet one critical obstacle to widespread EV adoption remains. All of those EVs will need to be charged–not only at home, but at work, and on the go. And that requires brand-new infrastructure on a massive scale.

Public-private partnerships are proven model for delivering new infrastructure in a reduced timeframe and, in many cases, at a reduced cost. Because the public sector will inevitably play a significant role in EV use and EV infrastructure, there are many opportunities–now and on the horizon–for P3s. State and local governments will no doubt be procuring fleets of EV vehicles in the near future, and concessions for rapid charging stations (along with restaurants and other services to keep drivers occupied while their vehicles charge) will be needed along highways throughout the country. Although governments are beginning to plan for these procurements and facilities, Florida’s P3 statute permits interested private-sector partners to jump start the process by submitting an unsolicited P3 proposal.

At the federal level, the Obama Administration has just released a framework for fostering the adoption of electric vehicles, called “Guiding Principles to Promote Electric Vehicles and Charging Infrastructure.” Although the details have yet to be worked out, the framework contemplates P3s and innovative methods of procurement for federal, state, and local governments. Although federal funding and federal assistance will be a valuable asset (the results achieved through the Canadian federal government’s aid to provincial and local P3 procurements provide a vivid example of what can be accomplished), in many cases, the right P3 structure and procurement approach, along with the right private partner, will permit state and local governments to move forward with EV adoption and infrastructure right now.

© 2016 Bilzin Sumberg Baena Price & Axelrod LLP

Increased DOJ fines for Immigration-related Offenses go into effect August 1

New fines will apply to violations that occurred on or after Nov. 2, 2015 – Another good reason to conduct regular I-9 self-audits

The U.S. Department of Justice’s (DOJ) new penalties for immigration-related workplace violations including unlawful employment of aliens, I-9 paperwork violations and unlawful employment practices tied to immigration (discrimination) will take effect Aug. 1. The new penalties will cover activities that occurred on or after Nov. 2, 2015.

Penalties for unlawful employment of unauthorized workers – For the first offense, the minimum fine will increase from $375 to $539 per worker, while the maximum fine will increase from $3,200 to $4,313 per worker. Fines for second and subsequent offenses will also increase significantly, with a maximum fine possible of $21,563 per worker for companies with a poor track record.

I-9 self-audits
Penalties for Form I-9 paperwork violations
– For all Form I-9 paperwork violations, the minimum fine will increase from $110 to $216 per violation. The maximum fine will increase from $1,100 to $2,156 per violation. This is a significant increase which will impact employers even if they are not employing unauthorized workers or are not involved in unfair immigration-related employment practices.

Penalties for unfair immigration-related employment practices – For the first offense, the minimum fine will increase from $375 to $445 per violation, while the maximum fine will increase from $3,200 to $3,563 per violation. Fines for second and subsequent offenses will also increase significantly, up to a maximum fine of $17,816 per violation. In addition, the minimum fines for document abuse (requiring employees to provide more and/or different evidence of work authorization than what is required) will increase from $110 to $178 per violation, and the maximum fines will increase from $1,100 to $1,782 per violation.

With the increase in fines, employers need to be confident that they are following best practices when recruiting and hiring and completing the Form I-9. As always, reviews of employment practices and regular self-audits of company Form I-9s are a good way to make sure that your company is complying with federal law. We are always willing to help with any questions you have regarding your policies and practices.

Donald Trump, Want To Binge-Watch Anti-Trump Ads? You’ll Need Three Full Days And Nights

If you were to binge-watch every negative Donald Trump advertisement aired in 23 selected markets during the primary season, you would first want to make yourself comfortable.

How comfortable?  Extremely so. You’ll be sitting down for more than 3 days and nights.

Our analysis of Political TV Ad Archive data has found that the Republican presidential nominee was the subject of at least 4,963 minutes of negative advertisements between Nov. 20 and July 14, in television markets ranging from San Francisco to Washington, D.C. Cumulatively, the ads attacking Trump amounted to about 83 hours of air time.

Donald Trump, Election anti-trump ads

Screenshot of Our Principles PAC advertisement from the Political Ad Archive

By comparison, it would take about 11 hours to watch the airings of negative ads aimed exclusively at Hillary Clinton. The presumptive Democratic nominee only had one major primary candidate, Bernie Sanders, who, for the most part, stuck to his pledge of running a positive campaign. Republican groups sponsored all of the anti-Clinton spots.

The campaign against Trump is unusual. Most of the attack ads came from a super PAC backed by his own Republican party’s establishment.

Outsourcing negative ads

Although waning in influence, television advertisements still make up the single largest expense of any presidential campaign – nearly three of every four dollars spent. Most political ads are bought by campaign committees that are tied directly to an individual candidate.

Traditionally, those committees have been reluctant to sling mud for fear of angering voters. Instead they have outsourced the work of attacking opposing candidates to outside spending groups. Most negative ads are now sponsored by those groups, which include super PACs and “dark money” organizations that aren’t required to reveal their donors.

Archive records show that anti-Trump ads aired at least 7,811 times during the primary season. Our Principles, a super PAC backed by the Republican party’s establishment wing, paid for at least 1,795 airings of spots dedicated to attacking Trump individually — the most from a single group. Nearly 30% of that air time was devoted to one ad that attacked the Republican nominee’s history of using undocumented workers on construction projects.

Two super PACs affiliated with the campaign of U.S. Sen. Ted Cruz paid for at least 670 airings of anti-Trump ads. But the Texas Republican, who ran against Trump in the GOP presidential primary before dropping out of the race in May, used his own campaign funds to pay for 5 separate ads attacking Trump. One of those spots claimed Trump favored gender-neutral public bathrooms.

Conservative Solutions PAC, a super PAC affiliated with the unsuccessful campaign of U.S. Sen. Marco Rubio (R-Florida), who dropped out of the race in March, paid for nearly 600 airings of anti-Trump spots. All of those ads featured Trump boasting, “I love the poorly educated.”

Business As Usual

Of the 95 separate advertisements focused on Trump, the Political Ad Archive determined that 71 were unambiguously negative, while 22 ads were considered strictly positive. That means that roughly 3 out of every 4 ads featuring only Trump were negative.

Those figures are similar to the previous presidential primary season, when roughly 70 percent of the political ads aired through April of 2012 took a negative tone, according to researchers at the Wesleyan Media Project. In 2008, only 9 percent of presidential primary ads were negative.

A 2012 post-election report found that near the end of the campaign, the prevalence of negative ads threatened to swamp any positive marketing by candidates. Almost 90 percent of 2012 GOP nominee Mitt Romney’s general election advertisements were negative, according to Kantar Media CMAG; roughly 80 percent of Obama’s 2012 spots were attack ads.

Clinton’s allies have been attacking Trump since late November, according to archive records. Priorities USA Action, a Democratic-leaning super PAC that supported Obama and is now backing the former Secretary of State, has paid for 527 airings of attack ads focused only on Trump, including one spot that has run 415 times. Clinton’s own committee has already aired more than 130 anti-Trump ads, including one that consists entirely of Republicans criticizing Trump.

Methodology: analysis of Political TV Ad Archive data through July 14, 2016. The markets included in the Political TV Ad Archive include stations in Iowa (Des Moines-Ames; Cedar Rapids-Waterloo-Iowa City-Dubuque; and Sioux City), New Hampshire (Boston-Manchester), Nevada (Las Vegas and Reno), South Carolina (Columbia and  Greenville-Spartanburg), Colorado (Colorado-Springs-Pueblo and Denver), North Carolina (Charlotte and Raleigh-Durham-Fayetteville); Virginia (Roanoke-Lynchburg; Norfolk-Portsmouth-Newport News; and Washington, DC-Hagerstown), Ohio (Cleveland-Akron-Canton and Cincinnati), Florida (Tampa-St. Petersburg-Sarasota; Orlando_Daytona Beach-Melbourne; and Miami-Ft. Lauderdale), California (San Francisco), Pennsylvania (Philadelphia), and New York (New York City). More information about the data from the Political TV Ad Archive is available here.

ARTICLE BY MapLight of MapLight
© Copyright MapLight

EU-US Privacy Shield to Launch August 1, Replacing Safe Harbor

general data protection privacy shieldI. Introduction: Privacy Shield to Go Live August 1 (at Last)

The replacement for Safe Harbor is finally in effect, over nine months after Safe Harbor was struck down by the Court of Justice of the EU in the Schrems case. As most readers will be aware, Privacy Shield provides an important legal mechanism for transferring personal information from the EU to the US. The Department of Commerce (Commerce) has promised to launch a Privacy Shield website on August 1, 2016 that will allow companies to certify compliance with Privacy Shield.

The Privacy Shield documents are comprised of a 44-page “Adequacy Decision” and 104 pages of “Annexes” that contain key information concerning Privacy Shield’s standards and enforcement mechanisms. Companies that are considering certifying under Privacy Shield should review the entire Adequacy Decision and its Annexes, as well as the promised FAQs and other documents that the Department of Commerce will provide on the new Privacy Shield website. A good starting point for companies is Annex II, which contains the essential Privacy Shield “Principles” and a set of “Supplemental Principles” that clarify certain points and provide useful examples for putting Privacy Shield into practice.

Our summary aims to highlight key points and provide a basic roadmap as companies start to get to grips with the new Privacy Shield requirements.

II. Privacy Shield Principles

The Principles set out in Privacy Shield will be largely familiar to companies that had certified under Safe Harbor, but Privacy Shield contains a lot more detail and occasionally demands more stringent standards and actions than Safe Harbor.

1. Notice. Notice must be provided as soon as possible to the individual – preferably at the time the individual is asked to provide personal information. Notice must be given in “clear and conspicuous language.” The company must tell the individual that it participates in Privacy Shield, and must link to the Privacy Shield list that will be published on the Web by Commerce. The company must tell individuals what types of personal information are being collected, for what purposes, and with whom it may be shared. Individuals must be told how to make complaints to the company and its options for resolving disputes (which the company must select from a menu of limited alternatives, as discussed further below). The company must inform the individual of the company’s obligation to disclose personal information in response to lawful requests by public authorities, including for national security or law enforcement. A new requirement calls for the company to describe its liability with regard to transfers of the personal information to third parties (also discussed further below).

2. Choice. Choice comes into play primarily when the data controller wants to disclose personal information to a third party (other than agents under a contract) or use it for a purpose that is materially different than the purpose for which it was collected (which would have been communicated to the individual under the Notice principle). In many instances, consent can be obtained on an opt-out basis, provided that the new use or transfer has been disclosed clearly and conspicuously, and the individual is given a “readily available” means to exercise her choice. Critically, however, the transfer and processing of “sensitive” information requires the affirmative express consent of the individual, subject to a short list of exceptions described in the Supplemental Principles. An opt-out is not sufficient for sensitive information, which includes medical/health, race/ethnicity, political opinions, religious or philosophical beliefs, trade union membership, and information about sexuality. (As before, financial information is not considered sensitive, but companies should recall that risk-based security measures still need to be taken even if opt-out consent is used.)

3. Accountability for Onward Transfer. This Principle contains  some key differences from Safe Harbor and should be carefully reviewed by companies looking at Privacy Shield. Privacy Shield has tightened up the requirements for transferring personal information to a third party who acts as a data controller. It is not possible simply to rely on the transferee being Privacy Shield-certified. The transferor company must enter into a contract with the transferee company that specifies that the information will only be processed for “limited and specified purposes consistent with the consent provided by the individual” and that the transferee will comply with the Principles across the board. If the transferee is acting as the transferor’s agent (i.e., as a “data processor” in EU terminology) then the transferor must also take “reasonable and appropriate steps” to ensure that the transferee is processing the personal information consistently with the Principles. In all cases, the transferee must agree to notify the transferor if the transferee can no longer meet its privacy obligations. Commerce can request a summary or copy of the privacy provisions of a company’s contracts with its agents.

4. Security. The standard for data security is “reasonable and appropriate measures” to protect personal data from being compromised, taking into account the nature of the personal information that is being stored. It’s strongly implied that companies need to perform a risk assessment in order to determine precisely what measures would be reasonable and appropriate. The risk assessment and security measures should be documented in the event of an investigation or audit, and for purposes of the required annual internal review.

5. Data Integrity and Purpose Limitation. Indiscriminate collection of personal information is not permitted under Privacy Shield. Instead, personal information should be gathered for particular purposes, and only information that is relevant to those purposes can be collected. It’s not always possible to anticipate every purpose for which certain personal information might be used, so Privacy Shield allows use for additional purposes that are “not incompatible with the purpose for which it has been collected or subsequently authorized by the individual.” The benchmark for compatible processing is “the expectations of a reasonable person given the context of the collection.” Generally speaking, processing personal information for common business risk-mitigation reasons, such as anti-fraud and security purposes, will be compatible with the original purpose. Personal information cannot be retained for longer than it is needed to perform the processing that is permitted under this Principle. Additionally, companies have an affirmative obligation to take “reasonable steps” to ensure that the personal information they collect and store is “reliable for its intended use, accurate, complete, and current.” These requirements imply that periodic data cleaning may be necessary for uses that extend over a significant period of time.

6. Access. Individuals have the right to know what personal information a company holds concerning them, and to have the information corrected if it is inaccurate, or deleted if it has been processed in violation of the Privacy Shield Principles. There are a couple of exceptions: If the expense providing access is disproportionate to the risks to the individual’s privacy, or if another person’s rights would be violated by giving access, then a company can decline. Companies should use this option sparingly and document its reasons for refusing any access requests.

7. Recourse, Enforcement & Liability. One of the EU Commission’s main objectives in negotiating Privacy Shield was to ensure that the program had sharper teeth than Safe Harbor. Privacy Shield features more proactive enforcement by Commerce and the FTC, and aggrieved individuals who feel their complaints haven’t been satisfactorily resolved can bring the weight of their local DPA and Commerce to bear on the offending company. We describe the recourse, enforcement and liability requirements below in a separate section.

III. Privacy Shield Supplemental Principles

The Supplemental Principles in Annex 2 elaborate on some of the basic Principles (summarized above) and, in some cases, qualify companies’ obligations. The summary below highlights some significant points – but again, companies should read the Supplemental Principles in full to appreciate some of the nuances of the Privacy Shield requirements.

1. Sensitive Personal Data. This section sets out some exceptions to the affirmative opt-in consent requirement that mirror the exceptions in the EU Data Protection Directive.

2. Journalistic Exceptions. Privacy Shield acknowledges the significance of the First Amendment in US law. Personal information that is gathered for journalistic purposes, including from published media sources, is not subject to Privacy Shield’s requirements.

3. Secondary Liability (of ISPs, etc.) Companies acting as mere conduits of personal information, such as ISPs and telecoms providers, are not required to comply with Privacy Shield with regard to the data that travels over their networks.

4. Due Diligence and Audits. Companies performing due diligence and audits are not required to notify individuals whose personal information is processed incidental to the diligence exercise or audit. Security requirements and purpose limitations would still apply.

5. Role of the Data Protection Authorities. The Supplemental Principles describe the role of the DPA panels and the DPAs generally in greater detail. As discussed above, companies processing their own human resources information will be required to cooperate directly with the DPAs, and the Supplemental Principles seem to imply that cooperation includes designating the DPA Panels as those companies’ independent recourse mechanism. In addition to the fees attendant on this choice (capped at $500/year), companies will have to pay translation costs relating to any complaints against them.

6. Self-certification. This section outlines what the self-certification process should look like when the Privacy Shield enrollment website launches. It also contains information about what will happen when a Privacy Shield participant decides to leave the program.

7. Verification. Privacy Shield-certified companies must back up their claims with documentation. We discuss this further in the section below on enforcement.

8. Access. This section describes access requirements in more detail and also gives some guidance as to when access requests can be refused.

9. Human Resources Data. Companies planning to use Privacy Shield for the transfer of EU human resources data will want to review this section carefully. Privacy Shield does not replace or relieve companies from EU employment law obligations. Looking beyond the overseas transfer element, it’s critical to ensure that employee personal information has been collected and is processed in full compliance with applicable EU laws concerning employees.

10. Contracts for Onward Transfers.  US companies are sometimes unaware that all EU data controllers are required to have data processing contracts in place with any data processor, regardless of the processor’s location. Participation in Privacy Shield, by itself, is not enough. If a Privacy Shield-certified data controller wants to transfer the EU-origin personal information to another data controller, it can do so under a contract that requires the transferee to provide the same level of protection as Privacy Shield, except that the transferee can designate an independent recourse mechanism that is not one of the Privacy Shield-specific mechanisms. Companies will need to review their existing and new contracts carefully.

11. Dispute Resolution and Enforcement. We discuss this separately below.

12. Choice – Timing of Opt Out (Direct Marketing). This section focuses on opt-out consent for direct marketing. Companies should provide opt-out choices on all direct marketing communications. The guidance states that “an organization may use information for certain direct marketing purposes when it is impracticable to provide the individual with an opportunity to opt out before using the information, if the organization promptly gives the individual such opportunity at the same time (and upon request at any time) to decline (at no cost to the individual) to receive any further direct marketing communications and the organization complies with the individual’s wishes.” However, companies should keep in mind that the European standard for impracticability here may be tougher than we would expect in the US. In particular, US companies should consider EU requirements for direct marketing via e-mail or text, which typically requires advance consent unless the marketing is to an existing customer and is for goods or services that are similar to the ones previously purchased by the customer.

13. Travel Information. Common sense prevails with regard to travel data – when travel arrangements are being made for an EU employee or customer, the data transfer can take place outside of the Privacy Shield requirements if the customer has given “unambiguous consent” or if the transfer is necessary to fulfill contractual obligations to the customer (including the terms of frequent flyer programs).

14. Pharmaceutical and Medical Products. Pharma companies will want to review the fairly lengthy discussion of how Privacy Shield applies to clinical studies, regulatory compliance, adverse event monitoring and reporting, and other issues specific to the pharma industry. Privacy Shield is broadly helpful – and in some respects clearer than the pending GDPR.

15. Public Record and Publicly Available Information. Some, but not all, of the Principles apply to information obtained from public records or other public sources, subject to various caveats that make this section important to read in full.

16. Access Requests by Public Authorities. Privacy Shield companies have the option of publishing statistics concerning requests by US public authorities for access to EU personal information. However, publishing such statistics is not mandatory.

III. Recourse, Enforcement and Liability

A significant change in Privacy Shield from Safe Harbor is the addition of specific mechanisms for recourse and dispute resolution. One of the major perceived failings of Safe Harbor was that EEA citizens had no reasonable means to obtain relief or even to lodge a complaint. In order to satisfactorily self-certify, US companies will need to put processes in place to handle complaints.

Under Privacy Shield, at a minimum, such recourse mechanisms must include:

1. Independent Investigation and Resolution of Complaints: Readily available independent recourse mechanisms by which each individual’s complaints and disputes are investigated and expeditiously resolved at no cost to the individual … and damages awarded where the applicable law or private-sector initiatives provide;

2. Verification that You Do What You Say: Follow-up procedures for verifying that the attestations and assertions organizations make about their privacy practices are true and that privacy practices have been implemented as presented, and in particular, with regard to cases of non-compliance; and

3. You Must Fix the Problems: Obligations to remedy problems arising out of failure to comply with the Principles by organizations announcing their adherence to them and consequences for such organizations. Sanctions must be sufficiently rigorous to ensure compliance by organizations.

Prompt response to complaints is required and if a company uses an EU Data Protection Authority as a third party recourse mechanism and fails to comply with its advice within 25 days, the DPA may refer the matter to the FTC and the FTC has agreed to give priority consideration to all referrals of non-compliance from EU DPAs.

The verification requirement is more robust than under Safe Harbor. Companies may choose to either self-assess such verification or engage outside compliance reviews. Self-assessment includes certifying that its policies comply with the Principles and that it has procedures in place for training, disciplining misconduct and responding to complaints. Both outside compliance reviews and self-assessment must be conducted once a year.

Privacy Shield certifying organizations have responsibility for onward transfers and retains liability under the Principles if its third party processor violates the Principles, with some exceptions. Third party vendor management and contractual requirements for compliance with the Principles will be important components to manage the risk.

Dispute Resolution

There is ample ground for operational confusion under Privacy Shield, but none more so than with respect to dispute resolution. There are multiple methods available to data subjects (individuals) to lodge complaints, and companies subscribing to Privacy Shield must be prepared to respond through any of those. When companies certify under Privacy Shield, they need to choose an independent enforcement and dispute resolution mechanism. The choices are either:

  • Data Protection Authority Panels
  • Independent Recourse Mechanism

a. IndividualsIndividual data subjects may raise any concerns or complaints to the company itself, which is obligated to respond within 45 days. Individuals also have the option of working through their local DPA, which may in turn contact the company and/or the Department of Commerce to resolve the dispute.

b. Independent RecourseAs discussed above, the Privacy Shield requires that entities provide an independent recourse mechanism, either a private sector alternative dispute resolution provider (such as the American Arbitration Association, BBB, or TRUSTe) or a panel of European DPAs. NOTE THAT THE DPA PANEL IS MANDATORY IF YOU ARE APPLYING TO PRIVACY SHIELD TO PROCESS/TRANSFER HR DATA. For disputes involving HR data that are not resolved internally by the company (or any applicable trade union grievance procedures) to the satisfaction of the employee, the company must direct the employee to the DPA in the jurisdiction where the employee works.

c. Binding ArbitrationA Privacy Shield Panel will be composed of one or three independent arbitrators admitted to practice law in the US, with expertise in US and EU privacy law. Appeal to the Panel is open to individuals who have raised complaints with the organization, used the independent recourse mechanism, and/or sought relief through their DPA, but whose complaint is still fully or partially unresolved. The Panel can only impose equitable relief, such as access or correction. Arbitrations should be concluded within 90 days. Further, both parties may seek judicial review of the arbitral decision under the US Federal Arbitration Act.

Enforcement

In addition to the above discussion on the multiple avenues available to data subjects for complaints, there are other expanded types of enforcement under Privacy Shield. A certifying organization’s compliance may be directly or indirectly monitored by the US Department of Commerce, the FTC (or Department of Transportation), EU DPAs, and private sector independent recourse mechanisms or other privacy self-regulatory bodies.

Privacy Shield brings an expanded role to the Department of Commerce for monitoring and supervising compliance. If you have following Safe Harbor, one of the EU grounds for disapproval was the apparent lack of actual enforcement by US regulatory authorities against self-certifying organizations. The Department of Commerce has committed to a larger role and has greatly increased the size of the program staff.

Some of the new responsibilities of the Department of Commerce under Privacy Shield include:

  • Serving as a liaison between organizations and DPAs for Privacy Shield compliance issues;
  • Conducting searches for false claims by organizations that have never participated in the program and taking the aforementioned corrective action when such false claims are found.
  • Conducting ex officio investigations of those who withdraw from the program or fail to recertify to verify that such organizations are not making any false claims regarding their participation. In the event that it finds any false claims, it will first issue a warning, and then, if the matter is not resolved, refer the matter to the appropriate regulator for enforcement action; and
  • Conducting periodic ex officio compliance reviews which will include sending questionnaires to participating organizations to identify issues that may warrant further follow up action. In particular, such reviews will take place when the Department has received complaints about the organization’s compliance, the organization does not respond satisfactorily to its inquiries and information requests, or there is “credible” evidence that the organization does not comply with its commitments. Organizations will be required to provide a copy of the privacy provisions in their service provider contracts upon request. The Department of Commerce will consult with the appropriate DPAs when necessary;
  • Verifying self-certification requirements by evaluating, among other things, the organization’s privacy policy for the required elements and verifying the organization’s registration with a dispute resolution provider;

Private sector independent recourse mechanisms will have a duty to actively report organizations’ failures to comply with their rulings to the Department of Commerce. Upon receipt of such notification, the Department will remove the organization from the Privacy Shield List.

The above overview illustrates the complexity of Privacy Shield vs. Safe Harbor and the multiplication of authorities in charge of oversight, all of which is likely to result in greater regulatory scrutiny of and compliance costs for participating organizations. By way of contrast, when an organization relies on alternative transfer mechanisms such as the Standard Clauses, the regulatory oversight is performed by EU regulators against the EU company (as data exporter). Therefore, before settling on a transfer mechanism, organizations will want to consider the regulatory involvement and compliance costs associated with each option.

IV. Choosing Your Next Steps

Privacy Shield may not appeal to all US companies. Privacy Shield allows for a degree of flexibility in handling new data flows. However, that comes at the costs of fees, rigorous internal reviews and arguably much more onerous audits and enforcement than the two main alternatives, Binding Corporate Rules for intra-group transfers, and Standard Clauses for controller-to-controller or controller-to-processor transfers (regardless of corporate affiliation). Data transfers within corporate groups may be better addressed by Binding Corporate Rules that speak specifically to the groups’ global privacy practices – or even by the Standard Clauses, particularly for smaller corporations with only a few affiliates. Even outside corporate groups, the Standard Clauses may be adequate if the data flows are straightforward and unlikely to change much over time. An important point to note is that, in comparison to Safe Harbor, Privacy Shield requires more detailed company-to-company contracts when personal information is to be transferred – it’s no longer enough that both companies participate in the program. US companies should consider the potential operational benefits of Privacy Shield against its increased burdens.

It is important to consider timing. The Commerce Department Privacy Shield website will be “open for business” as of August 1. Lest you despair about the possibility of analyzing and updating those contracts that implicate the Accountability for Onward Transfer Principle in order to certify to Privacy Shield, Annex II has provided a bit of a “grace period” for what have been called early joiners.

The Privacy Principles apply immediately upon certification. Recognizing that the Principles will impact commercial relationships with third parties, organizations that certify to the Privacy Shield Framework in the first two months following the Framework’s effective date shall bring existing commercial relationships with third parties into conformity with the Accountability for Onward Transfer Principle as soon as possible, and in any event no later than nine months from the date upon which they certify to the Privacy Shield. During that interim period, where organizations transfer data to a third party, they shall (i) apply the Notice and Choice Principles, and (ii) where personal data is transferred to a third party acting as an agent, ascertain that the agent is obligated to provide at least the same level of protection as is required by the Principles.

If your company determines that Privacy Shield is the right choice, and you are diligent about the ground work required to accurately certify before that two-month window closes, you will be able to take advantage of the nine-month grace period to get those third party relationships into line.

Finally, US companies should stay alert to the legal challenges that the Standard Clauses are currently facing (again driven by concerns about mass surveillance), the possibility that EU regulators may start exacting further commitments when approving BCRs, and the very high likelihood that new legal challenges will be mounted against Privacy Shield shortly after it is implemented. Even if a company adopts Privacy Shield, or instead elects to stick with the Standard Clauses, it may want to get ready to switch if one or the other is struck down by the Court of Justice of the EU. Of course, if the Court of Justice strikes down both Privacy Shield and the Standard Clauses, it will be back to the drawing board for EU and US government negotiators.

New EEOC Hours Reporting Requirements

EEOC Hours Reporting RequirementsAs you may have heard, the Equal Employment Opportunity Commission (“EEOC”) released revised EEO-1 reporting guidelines on July 13, 2016 (for an overview of the new guidance in its entirety, see EEOC Issues Revised EEO-1 Proposal). These new guidelines apply to employers with 100 or more employees and require them to report, among other things, hours worked by exempt and non-exempt employees, subdivided by gender, race, ethnicity, job classification, and pay band.  For an example of the proposed new reporting form, click here. Although employers and other members of the public will have until August 15, 2016 to comment on the revised proposal, it is unlikely that any further substantive revisions will be made. Currently, it appears that employers will be required to submit the new EEO-1 form on March 31, 2018, giving them approximately a year and a half to prepare their recordkeeping systems to capture the newly required data.  Therefore, employers are advised to review, and update if necessary, internal recordkeeping systems to be prepared to report hours worked, and pay data, for calendar year 2017 when filing the EEO-1 on March 31, 2018.

What Are “Hours Worked” And Why Does The EEOC Want Them?

In response to employer requests for guidance concerning the definition of “hours worked,” the EEOC has specified that, for employees covered by the Fair Labor Standards Act (“FLSA”), their hours should be recorded as follows:

Non-exempt Employees: The EEOC should report “hours worked” as defined by the FLSA.  “Hours worked” includes time when the employee is actually working (either at the employer’s premises or remotely).  Therefore, “hours worked” would not include meal time, vacation, PTO or other leave, even if the non-exempt employee is paid for that time off, and even though the compensation for those hours will be reflected in the W2 data provided on the EE0-1 form.

Exempt Employees. Employers have two options: (1) provide the actual hours of work of exempt employees if the employer already maintains accurate records of this information, or (2) report a proxy of 40 hours per week for full time exempt employees and 20 hours per week for part-time exempt employees, multiplied by the number of weeks the individuals were employed during the reporting year.

The EEOC provides a few reasons for requiring disclosure of hours worked. First, if the EEOC discovers a pay disparity, it intends to use this information to it assess whether a disparity is caused by the part-time or full-time status of the respective employees, rather than by gender, race, or ethnicity.  Second, the EEOC intends to use the hours worked data to assess whether employees in protected classes are subject to discrimination in terms of hours instead of pay, with an employer habitually assigning more hours and overtime to some employees while denying it to others.

Next Steps For Employers

Employers are well-served to apply the same analysis that the EEOC intends to use while doing internal audits to determine if there are statistical concerns, and the reasons behind the patterns.  The employer can then consider if actions are warranted now to remediate any issues before 2017, or, be able to explain the legitimate business reasons for any disparities if called upon to defend pay practices.

Employers should also audit time-keeping protocols and policies to be sure that non-exempt employees are accurately recording “hours worked”.  Employers should also confirm that their HRIS systems can run reports of hours worked, that do not include paid timeEEOC Hours Reporting Requirements off.  Additionally, if employers intend to report actual hours worked for exempt employees, rather than the 40 hour proxy for full time employees, then the same recommendations apply.

©2016 Drinker Biddle & Reath LLP. All Rights Reserved