CPSC Finalizes Ban on Certain Children’s Toys and Child Care Articles

On October 27, 2017, the U.S. Consumer Product Safety Commission (“CPSC”) issued a final rule prohibiting children’s toys and child care articles that contain concentrations of more than 0.1 percent of certain phthalates.

What’s Prohibited

The final rule states children’s toys and child care articles containing concentrations of more than 0.1 percent of diisononyl phthalate (“DINP”), diisobutyl phthalate (“DIBP”), di-n-pentyl phthalate (“DPENP”), di-n-hexyl phthalate (“DHEXP”), and dischyclohexyl phthalate (“DCHP”) are prohibited.

Section 108 of the Consumer Product Safety Improvement Act (“CPSIA”) prohibits the manufacture for sale, offer for sale, distribution in commerce, or importation into the U.S. of any children’s toy or child care article that contains these concentrations of certain phthalates.  Children’s toys include consumer products designed or intended by the manufacturer for a child 12 years or younger for use by the child when the child plays.  A child care article is a consumer product designed or intended by the manufacturer to facilitate sleep or the feeding of children age 3 and younger, or to help such children with sucking or teething.

What Are Phthalates

The most common phthalate, DINP, is added to some plastics to make them flexible and is commonly found in automobile interiors, wire and cable insulation, gloves, tubing, garden hoses, and shoes.  DINP is also found in flexible vinyl materials that are used in the production of bedding, garments, outdoor products such as tents and book binders.  Non-PVC or vinyl products include inks, adhesives, sealants, paints and lacquers.  DINP is also a listed substance known to cause cancer under California’s Proposition 65 and products must provide a warning about exposure.

The CPSC determined that because DIBP, DPENP, DHEXP, and DCHP aren’t widely used, few manufacturers will be impacted and need to reformulate their products.  Examples of products containing these phthalates are coating products, fillers, plasters, binding agents, paints, adhesives,

Who’s Affected

The final rule expanded the interim rule concerning DINP to cover all children’s toys, not just those that can be placed in a child’s mouth.  Children’s toys that can be placed in a child’s mouth and child care articles containing more than 0.1 percent of DINP have been prohibited since 2009.  Manufacturers won’t have to reformulate products in these categories.  Only manufacturers of children’s toys that cannot be placed in a child’s mouth will be affected by the final rule.

The final rule applies to both domestic manufacturers and importers and will not be a barrier to international trade.  The prohibition involving DINP applies regardless of the origin of the DINP or the phthalate formulation used.  Children’s toys and child care articles containing DINP in concentrations greater than 0.1 percent are prohibited even if DINP was not intentionally added.

The final rule becomes effective April 25, 2018 and applies to products manufactured or imported on or after that date.

This post was written by Ayako Hobbs of Squire Patton Boggs (US) LLP., © Copyright 2017
For more legal analysis go to The National Law Review

Sears Seeks to Modify FTC Order on Online Tracking

In 2009, Sears Holding Management settled with the Federal Trade Commission (FTC) over allegations that the company’s online tracking activity exceeded what they told consumers. Now, Sears has submitted a petition requesting that the FTC reopen and modify its settlement order, arguing that changing technology since 2009 has made the order’s definition of “tracking applications” too broad and has put them at a competitive disadvantage.

The 2009 FTC complaint charged that Sears “failed to disclose adequately the scope of consumers’ personal information it collected via a downloadable software application, telling consumers that the software would track their “online browsing,” without telling them that it also collected information from third-party websites consumers visited such as their shopping cart information, online bank statements, and drug prescription records. Sears was required to stop collecting data from participating consumers and to destroy what they’d collected.

Sears now argues that the definition of “tracking application” in the FTC’s order now applies to most software on nearly all platforms, making them “out of step with current market practices without a corresponding benefit in combatting threats to consumer privacy.” The definition of tracking applications is so broad, Sears claims, that it “encompasses all of Sears’ current mobile apps, forcing Sears to handle disclosures differently than other companies with mobile apps and disadvantaging Sears in the marketplace.” Sears claims that modification of the order would allow the retailer to align with current tracking practices used by their competitors.

 This post was written by Sheila A. Millar ,Tracy P. Marshall Nathan A. Cardon of Keller and Heckman LLP.,© 2017
For more legal analysis, go to The National Law Review 

So…Everyone’s Been Compromised? What To Do In The Wake of the Equifax Breach

By now, you’ve probably heard that over 143 million records containing highly sensitive personal information have been compromised in the Equifax data breach. With numbers exceeding 40% of the population of the United States at risk, chances are good that you or someone you know – or more precisely, many people you know – will be affected. But until you know for certain, you are probably wondering what to do until you find out.

To be sure, there has been a lot of confusion. Many feel there was an unreasonable delay in reporting the breach. And now that it has been reported, some have suggested that people who sign up with the Equifax website to determine if they were in the breach might be bound to an arbitration clause and thereby waive their right to file suit if necessary later (although Equifax has since said that is not the case). Others have reported that the “personal identification number” (PIN) provided by Equifax for those who do register with the site is nothing more than a date and time stamp, which could be subject to a brute-force attack, which is not necessarily reassuring when dealing with personal information. Still others have reported that the site itself is subject to vulnerabilities such as cross-site scripting (XSS), which could give hackers another mechanism to steal personal information. And some have even questioned the validity of the responses provided by Equifax when people query to see if they might have been impacted.

In all the chaos, it’s hard to know how to best proceed. Fortunately, you have options other than using Equifax’s website.

1. Place a Credit Freeze

Know that if you are a victim of the breach, you will be notified by Equifax eventually. In the meantime, consider placing a credit freeze on your accounts with the three major credit reporting bureaus. All three major credit reporting bureaus allow consumers to freeze their credit reports for a small fee, and you will need to place a freeze with each credit bureau. If you are the victim of identity fraud, or if your state’s law mandates, a credit freeze can be implemented without charge. In some states, you may incur a small fee. Lists of fees for residents of various states can be found at the TransUnionExperian, and Equifax websites. Placing a freeze on your credit reports will restrict access to your information and make it more difficult for identity thieves to open accounts in your name. This will not affect your credit score but there may be a second fee associated with lifting a credit freeze, so it is important to research your options before proceeding. Also, know that you will likely face a delay period before a freeze can be lifted, so spur-of-the-moment credit opportunities might suffer.

Here is information for freezing your credit with each credit bureau:

Equifax Credit Freeze

  • You may do a credit freeze online or by certified mail (return receipt requested) to:

            Equifax Security Freeze

            P.O. Box 105788

            Atlanta, GA 30348

  • To unfreeze, you must do a temporary thaw by regular mail, online or by calling 1-800-685-1111 (for New York residents call 1-800-349-9960).

Experian Credit Freeze

  • You may do a credit freeze online, by calling 1-888-EXPERIAN (1-888-397-3742) or by certified mail (return receipt requested) to:

            Experian

            P.O. Box 9554

            Allen, TX 75013

  • To unfreeze, you must do a temporary thaw online or by calling 1-888-397-3742.

TransUnion Credit Freeze

  • You may do a credit freeze online, by phone (1-888-909-8872) or by certified mail (return receipt requested) to:

            TransUnion LLC

            P.O. Box 2000

            Chester, PA 19016

  • To unfreeze, you must do a temporary thaw online or by calling 1-888-909-8872.

After you complete a freeze, make sure you have a pen and paper handy because you will be given a PIN code to keep in a safe place.

2. Obtain a Free Copy of Your Credit Report

Consider setting up a schedule to obtain a copy of your free annual credit report from each of the reporting bureaus on a staggered basis. By obtaining and reviewing a report from one of the credit reporting bureaus every three or four months, you can better position yourself to respond to unusual or fraudulent activity more frequently. Admittedly, there is a chance that one of the reporting bureaus might miss an account that is reported by the other two but the benefit offsets the risk.

3. Notify Law Enforcement and Obtain a Police Report

If you find you are the victim of identity fraud (that is, actual fraudulent activity – not just being a member of the class of affected persons), notify your local law enforcement agency to file a police report. Having a police report will help you to challenge fraudulent activity, will provide you with verification of the fraud to provide to credit companies’ fraud investigators, and will be beneficial if future fraud occurs. To that end, be aware that additional fraud may arise closer to the federal tax filing deadline and having a police report already on file can help you resolve identity fraud problems with the Internal Revenue Service if false tax returns are filed under your identity.

4. Obtain an IRS IP PIN

Given the nature of the information involved in the breach, an additional option for individuals residing in Florida, Georgia, and Washington, D.C. is to obtain an IRS IP PIN, which is a 6-digit number assigned to eligible taxpayers to help prevent the misuse of Social Security numbers in federal tax filings. An IP PIN helps the IRS verify a taxpayer’s identity and accept their electronic or paper tax return. When a taxpayer has an IP PIN, it prevents someone else from filing a tax return with the taxpayer’s SSN.

If a return is e-filed with a taxpayer’s SSN and an incorrect or missing IP PIN, the IRS’s system will reject it until the taxpayer submits it with the correct IP PIN or the taxpayer files on paper. If the same conditions occur on a paper filed return, the IRS will delay its processing and any refund the taxpayer may be due for the taxpayer’s protection while the IRS determines if it is truly the taxpayer’s.

Information regarding eligibility for an IRS IP PIN and instructions is available here and to access the IRS’s FAQs on the issue, please go here.

Conclusion

Clearly, the Equifax breach raises many issues about which many individuals need to be concerned – and the pathway forward is uncertain at the moment. But by being proactive, being cautious, and taking appropriate remedial measures available to everyone, you can better position yourself to avoid fraud, protect your rights, and mitigate future fraud that might arise.

 This post was written by Justin L. Root Sara H. Jodka of Dickinson Wright PLLC © Copyright 2017
For more legal news go to The National Law Review

CFPB Proposes Additional Changes to the Prepaid Rule

On June 15, 2017, the CFPB announced that it is proposing for public comment certain modifications to its prepaid rule. The rule, which was issued in final form in October 2016, limits consumers’ losses for lost and stolen prepaid cards, requires financial institutions to investigate errors, and includes enhanced disclosure provisions.

The final rule unexpectedly granted Regulation E error resolution rights to consumers holding unregistered prepaid accounts, a provision that was not part of the CFPB’s original proposal. Financial institutions criticized this aspect of the final rule, arguing that providing error resolution rights to holders of unregistered accounts would invite and open new avenues for fraud. Financial institutions also argued that it would be difficult, if not impossible, to investigate alleged errors if they have little to no information about the purchasing customer. As a result, financial institutions have claimed that, if the CFPB retains error resolution rights for unregistered prepaid accounts, they would no longer provide immediate access to funds on such accounts.

To address these concerns, the current proposal would require consumers to register their prepaid accounts to qualify for Regulation E error resolution rights, including the right to recoup funds for lost or stolen cards. Under the CFPB’s proposal, however, Regulation E error resolution rights would apply to registered accounts even if the card was lost or stolen before the consumer completed the registration process.

The proposal also requests comment on provisions that would create an exception for certain digital wallets. Under the proposed exception, customers using digital wallets linked to a traditional credit card product would continue to receive Regulation Z’s open-end credit protections and would not receive the protections of the credit-related provisions of the prepaid rule.

As discussed in a prior post, in April 2017, the CFPB extended the compliance date for the prepaid rule from October 1, 2017, to April 1, 2018. In the latest proposal, the CFPB requests comment on whether it should extend the compliance date even further.

The proposal also includes other adjustments and clarifications regarding the definition of a prepaid account, pre-acquisition disclosure requirements, submission of prepaid account agreements to the CFPB, and unsolicited issuance of access devices. Along with its proposal, the CFPB has released an updated version if its Prepaid Rule Small Entity Compliance Guide.

Comments on the CFPB’s proposal are due 45 days after publication in the Federal Register.

This post was written by Lucille C. Bartholomew of Covington & Burling LLP.

Coming Soon to a Lawbook Near You – New Cosmetic Requirements

Cosmetics, Personal Care Products

Back in April 2015, Senators Dianne Feinstein (D-CA) and Susan Collins (R-ME) introduced the Personal Care Products Safety Act (S.1014).  More recently, on September 22, 2016, the Senate Health, Education, Labor, and Pensions Committee received testimony from Senators Feinstein and Collins in support of this bipartisan legislation.  The HELP Committee also heard from experts in the cosmetics industry about product developments and health standards.

Witnesses in favor of the Personal Care Products Safety Act stated that the FDA has not done enough to ban endocrine-disrupting chemicals in cosmetic products and that industry-financed review programs should not substitute government regulatory programs in collecting chemical toxicity data.  They contrasted FDA’s inability to ban products unless they are “adulterated” with the more expansive authorities of similar regulatory agencies in Canada, Japan, and the European Union.

Witnesses against the proposed legislation described chemical toxicity testing procedures already place, such as the Human Repeat Insult Patch Test (HRIPT).  They also noted the proposed legislation would have a disproportionate impact on smaller companies, as stricter national standards for the entire industry are expected to increase the costs of producing and distributing all kinds of personal care and cosmetic products.

As we described last year when the bill was first introduced, the Personal Care Products Safety Act would introduce significant changes to the current U.S. regulatory system for cosmetics.  Among other provisions, the bill would require cosmetic manufacturers to register with FDA annually and submit ingredient information to the agency, and for larger firms registration would be accompanied by a user fee.  Such a registration and user fee system would be similar to what is currently mandated for drug and device manufacturers.  Registered cosmetic firms would also be required to comply with Good Manufacturing Practices for their products, analogous to what drug and device companies must comply with today; such “cosmetic GMPs” would need to be developed by FDA through notice-and-comment rulemaking so that industry and other stakeholders have an opportunity to provide feedback before the rules are finalized.  In addition, S. 1014 would give FDA mandatory recall authority over cosmetics (an authority that the agency only recently obtained for food products under the Food Safety Modernization Act of 2011), and cosmetic firms would be required to report serious adverse events to FDA within 15 business days of becoming aware of the event.

Despite some opposition, congressional aides say the proposed legislation is likely to see movement next year.  FDA, too, welcomes the opportunity to increase its regulatory power over the cosmetics and personal care products.  Citing recent adverse event reports about WEN hair products, the Agency has stressed the need to do away with voluntary reporting for adverse events so that companies are required to report serious adverse events as they become aware of them.  FDA also has raised concerns about studies done by the industry self-regulatory process called Cosmetic Ingredient Review (CIR), claiming they are summaries of voluntary data rather than analyses of raw data from clinical trials.  Overall, therefore, FDA is supportive of the Senate’s effort to expand the agency’s cosmetic oversight power.  Many industry members also support the bipartisan compromise legislation, as do consumer protection groups who view some strengthening of the U.S. regulatory system as “better than nothing.”

contributed to this article.

©1994-2016 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

Upcoming European Chemical Restrictions in Apparel Raise Concerns

European Chemical RestrictionsThe European Commission intends to ban the use in apparel of hundreds of Cat. 1A and 1B carcinogenic, mutagenic and toxic for reproduction substances (“CMRs”) within the next year. To do so, the Commission expects to use the so-called “fast-track” procedure to ban CMRs under Regulation 1907/2006 (“REACH Regulation”), instead of the standard procedure for prohibiting substances. Historically, the fast-track procedure has been reserved for mixtures that contain CMRs and are intended for the general public.  The Commission has indicated that its proposal to ban the use of CMRs in apparel is a “test-case” of its intention to also ban Cat. 1A and 1B CMRs in articles (i.e., objects) intended for consumers on a regular basis in the near future.  This fast-track procedure allows less scientific input from the European Chemicals Agency (“ECHA”) and industry, and the related restrictions would create significant barriers to international trade.

“Standard” vs. “Fast-Track” Procedure

Title VIII of the REACH Regulation empowers the European Commission to restrict the use in mixtures (e.g., inks, paints) and articles (e.g., apparel) of substances that pose an unacceptable risk to human health or the environment.  Restricted substances are listed in Annex XVII of the Regulation, which is regularly updated.

There are two different procedures for adding new restrictions: the “regular” and the “fast-track” procedure. In both cases, the Commission proposes the restrictions, and its final proposal is then adopted through “comitology” (i.e., a process involving the input of Member States).  The road towards the final Commission proposal, however, is very different for each procedure:

  • Standard procedure: The standard procedure is generally highly regarded for the sound scientific input it gathers. Articles 69 – 73 of the REACH Regulation include important steps, such as ECHA’s or a Member State’s preparation of an Annex XV dossier analyzing the restrictions, assessments by the Agency’s Risk Assessment Committee (“RAC”) and Socio-Economic Assessment Committee (“SEAC”), and consultation of the Forum for Exchange of Information on Enforcement (“Forum”).
  • Fast-Track Procedure: Article 68(2) of the REACH Regulation, however, empowers the Commission to ban the use of substances that are classified as Cat. 1A or 1B CMRs in mixtures and articles that could be used by consumers without the preparation of a dossier, the opinions of the RAC and SEAC or the consultation of the Forum. As the Commission recognized in its Article 68(2) Paper of 2014, the legislation provides little to no guidance on the use of this procedure.

Indeed, the fast-track procedure was originally intended, and until now has been used solely, to restrict the use of mixtures intended for consumers that contain Cat. 1A or 1B CMRs in concentrations above specific thresholds. Entries 28 to 30 of Annex XVII contain the general ban for mixtures containing Cat. 1A and 1B CMRs, and the Commission has regularly updated them by amending their Appendixes.

The procedure was historically intended for mixtures due to the potential high exposure of consumers using them. In contrast, there is scientific uncertainty on the risk of exposure of consumers to CMRs contained in articles.  As the Commission recognizes in its Article 68(2) Paper, the “main difference between articles and substances and mixtures is that there might be cases where there is no or very limited possibility of exposure of consumers to a CMR substance contained in an article.

The Proposed CMR Restrictions

The Commission’s long term strategy is to use the REACH fast-track procedure to restrict the use of Cat. 1A and 1B CMRs in a broad range of consumer products. The upcoming ban in apparel is intended as a “test-case”.

Following concerns raised by the industry, the Commission recently announced that it intends to restrict the use of Cat. 1A and 1B CMRs in textiles in two phases. First, it will restrict CMRs in textiles that are in direct contact with the skin.  This concerns primarily apparel, but also products such as footwear and bed linen.  We understand that these restrictions could be adopted by spring or summer of 2017.

Second, the Commission will restrict Cat. 1A and 1B CMRs in textiles that are not in direct contact with the skin, such as accessories (e.g., buttons), floor coverings, and carpets.  The Commission will not start this second phase until it presents its final proposal for textiles that are in direct contact with the skin.

It is still unclear which Cat. 1A and 1B CMRs the Commission will target. Initially, it had proposed to restrict 286 CMRs.  The Commission should only restrict those substances for which there are validated detection and measurement methods.

Analysis of the Planned Restrictions

The Commission’s initial proposal to restrict no less than 286 CMRs in a wide category of textile products raises significant concerns. These include:

Duplication: Of the CMRs that the Commission intends to restrict under the fast-track procedure, several are already subject to other restrictions in the REACH Regulation. The resulting double bans or restrictions might create confusion and duplication. The Commission indicated last June that it is aware of this issue and that it “is committed to avoid double regulation for the same substance and use.”

  • Trade implications: Extensive restrictions could create unnecessary barriers to trade and violate the EU’s commitments under the Agreements of the World Trade Organization. The apparel industry is a global industry; a rapidly-imposed ban on CMRs in apparel may lead operators in this sector to temporarily or permanently stop marketing certain products in the EU.
  • Socio-economic impact: It is questionable whether the Commission has sufficiently considered the cost of compliance with the upcoming restrictions. Widespread and simultaneous restrictions may represent a significant burden for industry, including numerous small and medium-sized enterprises (“SMEs”), and increase the price of apparel for consumers.

Next Steps

What lies ahead? The Commission has agreed to gather additional expert input over the next few months.  This will include input from the Forum, ECHA, and a group of experts, including industry representatives.  Subsequently, the Commission will open its proposal for a public consultation, likely by the end of 2016 or early 2017.  Once this public consultation is closed, the Commission will adopt its final proposal.

Although much remains to be decided, it is clear that a ban of hundreds of CMRs in all skin contact textiles will significantly affect apparel and footwear companies that market their goods in the EU and EEA. In the mid-long term, the Commission’s plans will likely also have a significant impact on the wider global textile and consumer goods industry.

ARTICLE BY Charlotte Ryckman of Covington & Burling LLP
Roberto Yunquera Sehwani, a Stagiaire at Covington & Burling LLP and attends the Universidad Autónoma de Madrid, also contributed to this post.

Massive Consumer Product Safety Commission IKEA Recall Leaked to Press by “CPSC Source” Prior to Official Agency Announcement

IKEA recallToday the U.S. Consumer Product Safety Commission (“CPSC”) and Health Canada announced a massive joint recall with IKEA involving over 35 million pieces of furniture that can pose a tip over hazard to small children. While we would normally write about the recall itself, a troubling development has caught our attention.  A CPSC employee prematurely leaked the recall to staff reporter Tricia Nadolny at the Philadelphia Enquirer.

The CPSC and IKEA officially announced the recall this morning, but the Philadelphia Enquirer prematurely broke the story yesterday afternoon. The reporter confirmed in the story that her source works for the CPSC and did not have clearance to discuss the recall publicly. Additionally, the story included quotes from consumer advocates and other interested parties reacting to the recall—indicating that the reporter had the information for a decent amount of time prior to publishing the story.

After the Enquirer article was published, multiple other media outlets began reporting the recall. This likely put IKEA (and the CPSC) in an incredibly difficult situation of having to quickly make decisions about the release of information about the recall. For companies and legal counsel negotiating a recall—especially one of this magnitude—this is a nightmare scenario.

Even if a company has a contingency plan in the event a recall is leaked early (something we usually recommend for higher profile recalls), the carefully negotiated messaging and CPSC agreed rollout of the recall will have been thrown out the window and replaced by the leaked information. The company will be forced to scramble to respond to media questions while also not spoiling the originally planned announcement.

Additionally, and even more problematic, consumers who may have recalled units will start calling and emailing the company before they know the company’s official 800 number to call and before the company has sufficient staff to start fielding those calls. With over 29 million units involved in this specific recall, that could add up to quite a lot of phone calls and emails.

There are many compelling reasons why the CPSC and companies agree to not only the content of a recall, but also its timing. For a recall of this magnitude to be leaked to the media is a very troublesome precedent and cause for concern to companies negotiating higher profile recalls with the CPSC. Companies have not historically had much to fear in terms of recall information leaking from the agency, but this development potentially calls that into question.

Not only is it a violation of CPSC’s own statutes and regulations for recall information to be prematurely leaked to the press (and potentially could lead to employee sanctions), but it is also potentially disruptive to the effectiveness of the recall itself. The CPSC should take steps to ensure such leaks do not occur in the future.

©1994-2016 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.