Category: Consumer Protection

Administration Action Could Unravel the De Minimis Exception for Goods From China

Many e-commerce retailers are closely monitoring increasing bipartisan criticism of the Section 321 de minimis program. This program, which provides an exemption for goods valued at $800 or less destined to a single person on a given day, allows these goods to enter the US duty and tax-free without formal entry.

While this expedited clearance process has been beneficial for many retailers, critics argue that it creates loopholes that can be exploited, particularly by foreign sellers, to bypass tariffs and import restrictions. Addressing US Congress’ inability to pass de minimis reform legislation, on September 13, the Biden-Harris Administration took decisive action to address these concerns. They announced a notice of proposed rulemaking aimed at reducing de minimis import volumes and strengthening trade enforcement through the following measures:

  • Limiting De Minimis Exemptions for Products Subject to Other Trade Remedies: Removal of the de minimis exemption for shipments that contain products subject to additional tariffs under Sections 201 and 301 of the Trade Act of 1974 and Section 232 of the Trade Expansion Act of 1962 (e.g., from China).
  • Increased Disclosure Requirements for De Minimis Shipments: Additional information would be required for de minimis shipments, including the 10-digit tariff classification and identification of the person claiming the exemption.
  • Compliance Requirements for the CPSC: All importers of consumer products must file Certificates of Compliance (CoC) with the US Consumer Product Safety Commission (CPSC).

It is unclear when the proposed rule will be published.

The Administration also calls on Congress to implement legislation to further reform the de minimis program. Earlier this year, the House Ways and Means Committee introduced H.R. 7979 – End China’s De Minimis Abuse Act, which would similarly limit the use of this program for products subject to Sections 201, 301, and 232 and require a 10-digit Harmonized Tariff Schedule of the United States declaration. There have been several other de minimis reform bills proposed however, Congress has struggled to pass comprehensive legislation to reform the program. This announcement may be the push Congress needs to pass legislation during the lame duck session, but we will see…

Although these measures are primarily aimed at restricting Chinese e-commerce giants like Shein and Temu, these government actions could have long-term implications for direct-to-consumer sales. Any changes to the program will impact other US retailers that benefit from Section 321, small start-up companies, as well as consumers who might experience longer wait times and higher costs for their online orders due to these changes.

What’s the Problem?

Over the past decade, the rise of online shopping has led to a sevenfold increase in the number of shipments that enter the United States through the de minimis exemption. The US Department of Homeland Security (DHS) has reported that nearly 4 million de minimis shipments enter the United States per day. This volume makes it impossible for the government to properly screen the shipments for import violations. The government is concerned because contraband, including drugs, counterfeit goods, goods violating the Uyghur Forced Labor Prevention Act (UFLPA), and undervalued shipments are allegedly entering the United States through this program. DHS reported that as of July 30, 89% of cargo seizures in fiscal year 2024 originated as de minimis shipments. We have previously reported on proposed legislation and government actions aimed at addressing the alleged misuse of this program to import contraband or improperly declare shipments, particularly those originating from China.

A Focus on China

Most of these shipments are sold on e-commerce platforms and originate in China. As a result, many of these shipments would normally be subject to additional duties under the Section 232, 301, or 201 programs. According to the Administration’s announcement, Section 301 tariffs apply to 40% of US imports, including 70% of textile and apparel goods from China. The Administration’s proposed rule would significantly limit the scope of goods eligible for the Section 321 de minimis program.

Enhancing Transparency in De Minimis Shipments

To assist in targeting problematic shipments and expediting the clearance of lawful shipments, the Administration will also solicit comments on a proposed rule that would require submission of more detailed information in order to use the de minimis exemption. Currently, these shipments can be entered through informal entries by providing the bill of lading or a manifest that outlines the shipment’s origin, the consignee, and details about the merchandise’s quantity, weight, and value. The additional data points required would include the tariff classification number and the identity of the individual claiming the exemption. The Administration asserts that these requirements will protect US business from unfair competition against imported goods that would otherwise be subject to duties and will facilitate US Customs and Border Protection’s (CBP) ability to detect the illicit goods at the border.

Protecting Consumers From De Minimis Shipments

The Administration also announced that the CPSC plans to propose a final rule that would require importers of consumer products to electronically file CoC with CBP and CPSC upon entry, including de minimis shipments. This action is intended to prevent foreign companies from exploiting the de minimis exemption to circumvent consumer protection testing and certification requirements.

Focus on Textiles

The Administration has committed to prioritizing enforcement efforts to prevent importation of illicit shipments of textile and apparel imports through increased targeting of de minimis shipment, more customs audits and verification, as well as the expansion of the UFLPA Entity List.

The Administration’s focus on the textile and apparel industry follows DHS’s enforcement initiative to curb illicit trade to support American textile jobs. Since the DHS announcement in April, we have seen a notable increase in enforcement actions such as CBP requests for information, risk assessment questionnaires, and detentions under the UFLPA.

Potential Legislative Implications

The Administration has also advocated for further legislative action by Congress including:

  • Exclusion of import-sensitive products such as textiles from the de minimis exemption, the exclusion of shipments containing products covered by certain trade enforcement actions, and the passage of previously proposed de minimis reforms.
  • Legislation that would expedite the process of excluding products covered by Sections 301, 201, and 232 from the de minimis exemption.
  • Reforms in the previously introduced Detect and Defeat Counter-Fentanyl Proposal, which would require more data from shippers under the de minimis program and strengthen the CBP’s ability to detect and seize illicit drugs and raw materials.

What This Means for Retailers and How We Can Help

The Administration’s notice of proposed rulemaking suggests that changes to the de minimis program are on the horizon. For e-commerce retailers, these changes could mean a shift in how they manage their imports. Stricter eligibility criteria and enhanced enforcement may require more diligent documentation and compliance efforts. Retailers should stay informed about these proposed changes and prepare to adapt their operations accordingly.

© 2024 ArentFox Schiff LLP
For more on De Minimis Exception, visit the NLR Antitrust Trade Regulation section

Application of New Mental Health Parity Rules to Provider Network Composition and Reimbursement: Perspective and Analysis

On September 23, 2024, the U.S. Departments of Labor, the Treasury, and Health and Human Services (collectively, the “Departments”) released final rules (the “Final Rules”) that implement requirements under the Mental Health Parity and Addiction Equity Act (MHPAEA).

The primary focus of the Final Rules is to implement new statutory requirements under the Consolidated Appropriations Act of 2021, which amended MHPAEA to require health plans and issuers to develop comparative analyses to determine whether nonquantitative treatment limitations (NQTLs)—which are non-financial restrictions on health care benefits that can limit the length or scope of treatment—for mental health and substance use disorder (MH/SUD) benefits are comparable to and applied no more stringently than NQTLs for medical/surgical (M/S) benefits.

Last month, Epstein Becker Green published an Insight entitled “Mental Health Parity: Federal Departments of Labor, Treasury, and Health Release Landmark Regulations,” which provides an overview of the Final Rules. This Insight takes a closer look at the application of the Final Rules to NQTLs related to provider network composition and reimbursement rates.

Provider Network Composition and Reimbursement NQTL Types

A key focus of the Final Rules is to ensure that NQTLs related to provider network composition and reimbursement rates do not impose greater restrictions on access to MH/SUD benefits than they do for M/S benefits.

In the Final Rules, the Departments decline to specify which strategies and functions they expect to be analyzed as separate NQTL types, instead requiring health plans and issuers to identify, define, and analyze the NQTL types that they apply to MH/SUD benefits. However, the Final Rules set out that the general category of “provider network composition” NQTL types includes, but is not limited to, “standards for provider and facility admission to participate in a network or for continued network participation, including methods for determining reimbursement rates, credentialing standards, and procedures for ensuring the network includes an adequate number of each category of provider and facility to provide services under the plan or coverage.”[1]

For NQTLs related to out-of-network rates, the Departments note that NQTLs would include “[p]lan or issuer methods for determining out-of-network rates, such as allowed amounts; usual, customary, and reasonable charges; or application of other external benchmarks for out-of-network rates.”[2]

Requirements for Comparative Analyses and Outcomes Data Evaluation

For each NQTL type, plans must perform and document a six-step comparative analysis that must be provided to federal and state regulators, members, and authorized representatives upon request. The Final Rules divide the NQTL test into two parts: (1) the “design and application” requirement and (2) the “relevant data evaluation” requirement.

The “design and application” requirement, which builds directly on existing guidance, requires the “processes, strategies, evidentiary standards, or other factors” used in designing and applying an NQTL to MH/SUD benefits to be comparable to, and applied no more stringently than, those used for M/S benefits. Although these aspects of the comparative analysis should be generally familiar, the Final Rules and accompanying preamble provide extensive new guidance about how to interpret and implement these requirements.

The Final Rules also set out a second prong to the analysis: the requirement to collect and evaluate “relevant data” for each NQTL. If such analysis shows a “material difference” in access, then the Final Rules also require the plan to take “reasonable” action to remedy the disparity.

The Final Rules provide that relevant data measures for network composition NQTLs may include, but are not limited to:

  • in-network and out-of-network utilization rates, including data related to provider claim submissions;
  • network adequacy metrics, including time and distance data, data on providers accepting new patients, and the proportions of available MH/SUD and M/S providers that participate in the plan’s network; and
  • provider reimbursement rates for comparable services and as benchmarked to a reference standard, such as Medicare fee schedules.

Although the Final Rules do not describe relevant data for out-of-network rates, these data measures may parallel measures to evaluate in-network rates, including measures that benchmark MH/SUD and M/S rates against a common standard, such as Medicare fee schedule rates.

Under the current guidance, plans have broad flexibility to determine what measures must be used, though the plan must ensure that the metrics that are selected reasonably measure the actual stringency of design and application of the NQTL with regard to the impact on member access to MH/SUD and M/S benefits. However, additional guidance is expected to further clarify the data evaluation requirements that may require the use of specific measures, likely in the form of additional frequently asked questions as well as updates to the Self-Compliance Tool published by the Departments to help plans and issuers assess whether their NQTLs satisfy parity requirements.

The Final Rules require plans to look at relevant data for network composition NQTLs in the aggregate—meaning that the same relevant data must be used for all NQTL types (however defined). As such, the in-operation data component of the comparative analysis for network composition NQTLs will be aggregated.

If the relevant data indicates a “material difference,” the threshold for which the plan must establish and define reasonably, the plan must take “reasonable actions” to address the difference in access and document those actions.

Examples of a “reasonable action” that plans can take to comply with network composition requirements “include, but are not limited to:

  1. Strengthening efforts to recruit and encourage a broad range of available mental health and substance use disorder providers and facilities to join the plan’s or issuer’s network of providers, including taking actions to increase compensation or other inducements, streamline credentialing processes, or contact providers reimbursed for items and services provided on an out-of-network basis to offer participation in the network;
  2. Expanding the availability of telehealth arrangements to mitigate any overall mental health and substance use disorder provider shortages in a geographic area;
  3. Providing additional outreach and assistance to participants and beneficiaries enrolled in the plan or coverage to assist them in finding available in-network mental health and substance use disorder providers and facilities; and
  4. Ensuring that provider directories are accurate and reliable.”

These examples of potential corrective actions and related discussion in the Final Rules provide an ambitious vision for a robust suite of strategies that the Departments believe that plans should undertake to address material disparities in access as defined in the relevant data. However, the Final Rules put the onus on the plan to design the strategy that it will use to define “material differences” and remedy any identified disparity in access. Future guidance and enforcement may provide examples of how this qualitative assessment will play out in practice and establish both what the Departments will expect with regard to the definition of “material differences” and what remedial actions they consider to be sufficient. In the interim, it is highly uncertain what the practical impact of these new requirements will be.

Examples of Network Analyses Included in the Final Rules

The Final Rules include several examples to clarify the application of the new requirements to provider network composition NQTLs. Unfortunately, the value of these examples for understanding how the Final Rules will impact MH/SUD provider networks in practice may be limited. As a result, given the lack of detail regarding the complexity of analyzing these requirements for actual provider networks, as well as the fact that the examples fail to engage in any meaningful discussion of where to identify the threshold for compliance with these requirements, it remains to be seen how regulators will interpret and enforce these requirements in practice.

  • Example 1 demonstrates that it would violate the NQTL requirements to apply a percentage discount to physician fee schedule rates for non-physician MH/SUD providers if the same reduction is not applied for non-physician M/S providers. Our takeaways from this example include the following:
    • This example is comparable to the facts that were alleged by the U.S. Department of Labor in Walsh v. United Behavioral Health, E.D.N.Y., No. 1:21-cv-04519 (8/11/21).
    • Example 1 is useful to the extent that it clarifies that a reimbursement strategy that specifically reduces MH/SUD provider rates in ways that do not apply to M/S provider rates would violate MHPAEA. However, such cut-and-dried examples may be rare in practice, and a full review of the strategies for developing provider reimbursement rates is necessary.
  • Example 4 demonstrates that plans may not simply rely on periodic historic fee schedules as the sole basis for their current fee schedules. Here are some key takeaways from this example:
    • Even though this methodology may be neutral and non-discriminatory on its face, given that the historic fee schedules are not themselves a non-biased source of evidence, to meet the new requirements for evidentiary standards and sources, the plan would have to demonstrate that these historic fee schedules were based on sources that were objective and not biased against MH/SUD providers.
    • If the plan cannot demonstrate that the evidentiary standard used to develop its fee schedule does not systematically disfavor access to MH/SUD benefits, it can still pass the NQTL test if it takes steps to cure the discriminatory factor.
    • Example 4 loosely describes a scenario where a plan supplements a historic fee schedule that is found to discriminate against MH/SUD access by accounting for the current demand for MH/SUD services and attracting “sufficient” MH/SUD providers to the network. Unfortunately, however, the facts provided do not clarify what steps were taken to achieve this enhanced access or how the plan or regulator determined that access had become “sufficient” following the implementation of the corrective actions.
  • Example 10 provides that if a plan’s data measures indicate a “material difference” in access to MH/SUD benefits relative to M/S benefits that are attributable to these NQTLs, the plan can still achieve compliance by taking corrective actions. Our takeaways from this example include the following:
    • The facts in this example stipulate that the plan evaluates all of the measure types that are identified above as examples. Example 10 also states that a “material difference” exists but does not identify the measure or measures for which a difference exists or what facts lead to the conclusion that the difference was “material.” To remedy the material difference, this example states that the plan undertakes all of the corrective actions to strengthen its MH/SUD provider network that are identified above as examples and, therefore, achieves compliance. However, this example fails to clarify how potentially inconsistent outcomes across the robust suite of identified measures were balanced to determine that the “material difference” standard was ultimately met. Example 10 also does not provide any details about what specific corrective actions the plan takes or what changes result from these actions.

Epstein Becker Green’s Perspective

The new requirements of the Final Rules will significantly increase the focus of the comparative analyses on the outcomes of the provider network NQTLs. For many years, the focus of the comparative analyses was primarily on determining whether any definable aspect of the plan’s provider contracting and reimbursement rate-setting strategies could be demonstrated to discriminate against MH/SUD providers. The Final Rules retain those requirements but now put greater emphasis on the results of network composition activities with regard to member access and require plans to pursue corrective actions to remediate any material disparities in that data. This focus on a robust “disparate impact” form of anti-discrimination analysis may lead to a meaningful increase in reimbursement for MH/SUD providers or other actions to more aggressively recruit them to participate in commercial health plan networks.

However, at present, it remains unclear which measures the Departments will ultimately require for reporting. Concurrent with the release of their Notice of Proposed Rulemaking on July 23, 2023, the Departments published Technical Release 2023-01P to solicit comments on key approaches to evaluating comparability and stringency for provider network access and reimbursement rates (including some that are referenced as examples in the Final Rules). Comments to the Technical Release highlighted significant concerns with nearly all of the proposed measures. For example, proposals to require analysis of MH/SUD and M/S provider reimbursement rates for commercial markets that are benchmarked to Medicare fee schedules in a simplistic way may fail to account for differences in population health and utilization, value-based reimbursement strategies, and a range of other factors with significant implications for financial and clinical models for both M/S and MH/SUD providers. Requirements to analyze the numbers or proportions of MH/SUD and M/S providers that are accepting new patients may be onerous for providers to report on and for plans to collect and may obscure significant nuances with regard to wait times, the urgency of the service, and the match between the provider’s training and service offerings to the patient’s need. Time and mileage standards highlighted by the Departments not only often fail to capture important access challenges experienced by patients who need MH/SUD care from sub-specialty providers or facilities but also fail to account for evolving service delivery models that may include options such as mobile units, school-based services, home visits, and telehealth. Among the measures identified in the Technical Release, minor differences in measure definitions and specifications can have significant impacts on the data outcomes, and few (if any) of the proposed measures have undergone any form of testing for reliability and validity.

Also, it is still not clear where the Departments will draw the lines for making final determinations of noncompliance with the Final Rules. For example, where a range of different data measures is evaluated, how will the Departments resolve data outcomes that are noisy, conflicting, or inconclusive? Similarly, where regulators do conclude that the data that are provided suggest a disparity in access, the Final Rules identify a highly robust set of potential corrective actions. However, it remains to be seen what scope of actions the Departments will determine to be “good enough” in practice.

Finally, we are interested in seeing what role private litigation will play in driving health plan compliance efforts and practical impacts for providers. To date, plaintiffs have found it challenging to pursue litigation on the basis of claims under MHPAEA, due in part to the highly complex arguments that must be made to evaluate MHPAEA compliance and in part to the challenge for plaintiffs to have adequate insight into plan policies, operations, and data across MH/SUD and M/S benefits to adequately assert a complaint under MHPAEA. Very few class action lawsuits or large settlements have occurred to date. These challenges for potential litigants may continue to limit the volume of litigation. However, to the extent that the additional guidance in the Final Rules does give rise to an uptick in successful litigation, it is possible that the courts may end up having a greater impact on health plan compliance strategies than regulators.

ENDNOTES

[1] 26 CFR 54.9812- 1(c)(4)(ii)(D), 29 CFR 2590.712(c)(4)(ii)(D), and 45 CFR 146.136(c)(4)(ii)(D).

[2] 26 CFR 54.9812- 1(c)(4)(ii)(E), 29 CFR 2590.712(c)(4)(ii)(E), and 45 CFR 146.136(c)(4)(ii)(E).

©2024 Epstein Becker & Green, P.C. All rights reserved.
For more on Mental Health, visit the NLR Health Law Managed Care section

White House OSTP Releases PFAS Federal R&D Strategic Plan

The White House Office of Science and Technology Policy (OSTP) announced on September 3, 2024, the release of its Per- and Polyfluoroalkyl Substances (PFAS) Federal Research and Development Strategic Plan (Strategic Plan). Prepared by the Joint Subcommittee on Environment, Innovation, and Public Health PFAS Strategy Team (PFAS ST) of the National Science and Technology Council, the Strategic Plan provides a federal strategy and implementation plan for addressing the strategic areas identified in the 2023 Per- and Polyfluoroalkyl Substances (PFAS) Report (PFAS Report). The Strategic Plan is intended to be a companion document to the PFAS Report. The activities described in the Strategic Plan are reviewed through the Office of Management and Budget (OMB) annual budget process and subject to available resources.

Background

As reported in our March 16, 2023, blog item, the PFAS Report provides an analysis of the state of the science of PFAS and information that will be used to direct the development of a federal strategic plan. The PFAS Report focuses on the current science of PFAS as a chemical class, identifies scientific consensus, and portrays uncertainties in the scientific information where consensus is still sought. The PFAS Report identifies four key strategic areas that, when addressed, will generate actionable information to address PFAS: removal, destruction, or degradation of PFAS; safer and environmentally friendlier alternatives; sources and pathways of exposure to PFAS; and toxicity of PFAS. The gaps and opportunities identified in the PFAS Report were used to develop the Strategic Plan.

Strategic Plan

Based on the four strategic areas presented in the 2023 PFAS Report, the PFAS ST identified four strategic goals that will drive federal research and development (R&D) efforts regarding PFAS:

  • Provide relevant, high-quality scientific data that increase the understanding of PFAS exposure pathways to inform federal decisions that reduce risks to human health and the environment;
  • Effectively and equitably communicate federal work and results regarding PFAS R&D through engagement with impacted communities and federal, Tribal, state, and local agencies;
  • Identify research and technologies to address PFAS contamination and mitigate the adverse impacts on communities; and
  • Generate information that facilitates informed procurement decisions by federal agencies, manufacturers, and consumers regarding products that contain or use PFAS and PFAS alternatives to reduce adverse human health and environmental effects.

According to the Strategic Plan, the PFAS ST identified five R&D strategies within the strategic research areas that address the identified knowledge gaps. The R&D strategies and select tasks to achieve the objectives within each strategy include:

  • Understand PFAS exposure pathways to individuals and communities:
    • Further characterize potential PFAS exposures in the built environment, including schools, workplaces, and other indoor/household environments. According to the Strategic Plan, this would include the co-occurrence and use of consumer products and understanding the lifecycle of products with regard to PFAS exposure;
    • Initiate studies regarding PFAS co-exposure and potential interactions with other contaminants (including other PFAS) in environmental samples, such as nano- and microplastics, petroleum constituents, metals, pesticides, and pharmaceuticals;
    • Initiate and continue studies of the physical-chemical properties of PFAS and mixtures of PFAS;
    • Investigate additional pathways and routes of exposure, such as direct contact, dermal absorption, oral ingestion, and inhalation from indoor and outdoor environments (residential, consumer, and occupational exposures); and
    • Develop and support studies of PFAS exposures in indoor environments through collection of dust, air, consumer products, and other media where biomonitoring may also be conducted;
  • Address current PFAS measurement challenges through the development of standards, advanced sampling, and analytical methodologies:
    • Develop and refine analytical methods and data collection methods to evaluate PFAS content, migration, and emissions from consumer, commercial, and industrial products, and their impact on workplace and indoor environments;
    • Develop testing programs and methods related to quantifying PFAS content, migration, and emissions in animal/livestock feed, food and food packaging, indoor exposure (dust, home/office materials), workplace settings, and consumer products; and
    • Develop and validate real-time, rapid, and remote PFAS screening methods using analytical sensors, PFAS proxies, passive sampling devices, and other novel technologies for the detection of PFAS in media;
  • Understand the toxicological mechanisms, human and environmental health effects, and risks of PFAS exposure:
    • Develop scientifically supported classification schemes for PFAS with respect to adverse impacts on human health and the environment;
    • Develop and support research regarding the human toxicity and ecotoxicity testing of PFAS as mixtures with PFAS and other co-occurring chemicals;
    • Support research to understand further the mechanism of action of PFAS toxicity, advance development of adverse outcome pathways, and understand the impact of PFAS mixture toxicities when evaluating cumulative health effects;
    • Develop and support epidemiological studies designed to identify communities near significant sources of PFAS contamination that may have environmental justice concerns, including occupationally exposed populations and populations, communities, and/or lifestages that are more susceptible to PFAS exposure or adverse health outcomes;
    • Explore the development of a federal data-sharing strategy to use interagency toxicological and epidemiological data to determine human health endpoints of concern from PFAS exposure; and
    • Develop classification strategies that enable grouping of PFAS by hazard identification, exposure assessment, and dose-response studies in support of risk assessments;
  • Develop, evaluate, and demonstrate technologies for the removal, destruction, and disposal of PFAS:
    • Continue to support the foundational research that advances technologies for the destruction of PFAS by both thermal and non-thermal approaches;
    • Support the implementation of removal and destruction technologies that apply to discharge and releases at the point of manufacturing; and
    • Develop and implement models to evaluate technology performance, short-term and long-term costs, energy demands, scalability, and the composition of treated materials that are released to the environment;
  • Identify PFAS alternatives and evaluate their human health and environmental effects:
    • Engage with academic and private sector industrial researchers to support the development of novel, less toxic alternative chemistries and processes for sustainable PFAS alternatives;
    • Identify and evaluate critical and essential uses of PFAS within individual agencies and sectors;
    • Develop an interagency-aligned evaluation framework for prioritizing research on specific PFAS alternatives that includes considerations regarding sustainability; performance; viability and timeframe to transition; dependency on foreign sources of materials; criticality of the current product to national security, critical infrastructure, climate change mitigation, and public health; and criticality of the need for a replacement product or process;
    • Support research to advance sustainable manufacturing and circularity of PFAS-based processes and products to preserve current critical and essential uses, which will enable an orderly transition to PFAS alternatives in critical manufacturing sectors that are dependent on PFAS;
    • Develop a database of the current commercial inventory of alternative materials and products with relevant chemical and toxicological information, manufacturer production capacity, and performance comparison of the alternatives to PFAS-containing materials and products; and
    • Continue to assess human health and environmental effects posed by alternative materials and products for use in comparison to other product formulations, including PFAS-containing product formulations.

Commentary

Bergeson & Campbell, P.C. (B&C®) acknowledges that OSTP’s PFAS Strategy may benefit from the U.S. Environmental Protection Agency’s (EPA) regulatory activities under the Toxic Substances Control Act (TSCA) and other initiatives. We provide below representative examples of these activities.

Between 2022 and 2024, EPA issued TSCA Section 4 test orders requiring manufacturers and/or processors to perform various studies on four PFAS (i.e., 6:2 fluorotelomer sulfonamide betaine [6:2 FTSB], trifluoro(trifluoromethyl)oxirane [HFPO], 2,3,3,3-tetrafluoro-2-heptafluoropropoxy) propanoyl fluoride [HFPO-DAF], and 1,1,2,2,3,3,4,4,5,5,6,6,7,7,8,8,8-Heptadecafluoro-N-(2-hydroxyethyl)-N-methyloctane-1-sulfonamide [NMeFOSE]).

EPA also intends on initiating ten additional TSCA Section 4 test orders per year on PFAS between fiscal year (FY) 2024 and FY 2026 (i.e., October 1, 2024-September 30, 2027). EPA’s activities under TSCA Section 4 may lead to the development of data that provide a better understanding of the human health and environmental effects of specific types of PFAS.

The TSCA Section 8(a)(7) rule on the reporting and recordkeeping of manufacture and import of PFAS will provide additional information on PFAS uses, production volumes, disposal, exposures, and hazards. In addition, EPA’s publication of its updated PFAS category analysis may help frame how to use data on PFAS for which testing has been (or is in the process of being) completed to fill data gaps on related PFAS.

Further, EPA’s Office of Research and Development (ORD) and Office of Land Use and Emergency Management (OLEM) have made significant contributions on analytical methods for detecting PFAS in various media and guidance for destroying and disposing of PFAS and PFAS-containing materials, respectively. The TSCA Section 8(a)(7) information along with EPA’s advancements with identifying PFAS in environmental media may aid with identifying those PFAS and the associated uses that lead to the greatest environmental releases.

Collectively, EPA’s activities on PFAS will advance the objectives of OSTP’s PFAS Strategy. This information may also aid with differentiating the types of PFAS that present the greatest concerns to human health and the environment versus those chemistries that do not. After all, many chemical substances, including pharmaceuticals and pesticides, meet one or more of the existing definitions for PFAS and have clear public health benefits, yet do not present the same concerns as those PFAS that have significant concerns (e.g., perfluorooctanoic acid).

©2024 Bergeson & Campbell, P.C.
For more news on PFAS Federal R&D Strategic Plans, visit the NLR Environmental Energy Resources section.

Colorado AG Proposes Draft Amendments to the Colorado Privacy Act Rules

On September 13, 2024, the Colorado Attorney General’s (AG) Office published proposed draft amendments to the Colorado Privacy Act (CPA) Rules. The proposals include new requirements related to biometric collection and use (applicable to all companies and employers that collect biometrics of Colorado residents) and children’s privacy. They also introduce methods by which businesses could seek regulatory guidance from the Colorado AG.

The draft amendments seek to align the CPA with Senate Bill 41, Privacy Protections for Children’s Online Data, and House Bill 1130, Privacy of Biometric Identifiers & Data, both of which were enacted earlier this year and will largely come into effect in 2025. Comments on the proposed regulations can be submitted beginning on September 25, 2024, in advance of a November 7, 2024, rulemaking hearing.

In Depth

PRIVACY OF BIOMETRIC IDENTIFIERS & DATA

In comparison to other state laws like the Illinois Biometric Information Privacy Act (BIPA), the CPA proposed draft amendments do not include a private right of action. That said, the proposed draft amendments include several significant revisions to the processing of biometric identifiers and data, including:

  • Create New Notice Obligations: The draft amendments require any business (including those not otherwise subject to the CPA) that collects biometrics from consumers or employees to provide a “Biometric Identifier Notice” before collecting or processing biometric information. The notice must include which biometric identifier is being collected, the reason for collecting the biometric identifier, the length of time the controller will retain the biometric identifier, and whether the biometric identifier will be disclosed, redisclosed, or otherwise disseminated to a processor alongside the purpose of such disclosure. This notice must be reasonably accessible, either in a standalone disclosure or, if embedded within the controller’s privacy notice, a clear link to the specific section within the privacy notice that contains the Biometric Identifier Notice. This requirement applies to all businesses that collect biometrics, including employers, even if a business does not otherwise trigger the applicability thresholds of the CPA.
  • Revisit When Consent Is Required: The draft amendments require controllers to obtain explicit consent from the data subject before selling, leasing, trading, disclosing, redisclosing, or otherwise disseminating biometric information. The amendments also allow employers to collect and process biometric identifiers as a condition for employment in limited circumstances (much more limited than Illinois’s BIPA, for example).

PRIVACY PROTECTIONS FOR CHILDREN’S ONLINE DATA

The draft amendments also include several updates to existing CPA requirements related to minors:

  • Delineate Between Consumers Based on Age: The draft amendments define a “child” as an individual under 13 years of age and a “minor” as an individual under 18 years of age, creating additional protections for teenagers.
  • Update Data Protection Assessment Requirements: The draft amendments expand the scope of data protection assessments to include processing activities that pose a heightened risk of harm to minors. Under the draft amendments, entities performing assessments must disclose whether personal data from minors is processed as well as identify any potential sources and types of heightened risk to minors that would be a reasonably foreseeable result of offering online services, products, or features to minors.
  • Revisit When Consent Is Required: The draft amendments require controllers to obtain explicit consent before processing the personal data of a minor and before using any system design feature to significantly increase, sustain, or extend a minor’s use of an online service, product, or feature.

OPINION LETTERS AND INTERPRETIVE GUIDANCE

In a welcome effort to create a process by which businesses and the public can understand more about the scope and applicability of the CPA, the draft amendments:

  • Create a Formal Feedback Process: The draft amendments would permit individuals or entities to request an opinion letter from the Colorado AG regarding aspects of the CPA and its application. Entities that have received and relied on applicable guidance offered via an opinion letter may use that guidance as a good faith defense against later claims of having violated the CPA.
  • Clarify the Role of Non-Binding Advice: Separate and in addition to the formal opinion letter process, the draft amendments provide a process by which any person affected directly or indirectly by the CPA may request interpretive guidance from the AG. Unlike the guidance in an opinion letter, interpretive guidance would not be binding on the Colorado AG and would not serve as a basis for a good faith defense. Nonetheless, a process for obtaining interpretive guidance is a novel, and welcome, addition to the state law fabric.

WHAT’S NEXT?

While subject to change pursuant to public consultation, assuming the proposed CPA amendments are finalized, they would become effective on July 1, 2025. Businesses interested in shaping and commenting on the draft amendments should consider promptly submitting comments to the Colorado AG.

© 2024 McDermott Will & Emery
For more news on Colorado Privacy Law, visit the NLR Communications Media Internet and Consumer Protection sections.

Walgreens Settles for $106.8 Million Over FCA Violations

On September 13, the US Department of Justice (DOJ) announced that Walgreens Boots Alliance Inc. and Walgreen Co. (collectively, Walgreens) agreed to pay $106.8 million to resolve allegations of violating the False Claims Act (FCA) and state statutes. The allegations pertain to billing government health care programs for prescriptions that were never dispensed. The government alleged that from 2009 until 2020, Walgreens submitted claims to federal health care programs for prescriptions that were processed but never picked up by beneficiaries. This resulted in Walgreens receiving 10s of millions of dollars for prescriptions that were never actually provided to health care beneficiaries.

Under the resolution, Walgreens agreed to enhance its electronic pharmacy management system to prevent future occurrences and self-reported certain conduct. In addition, Walgreens refunded $66,314,790 related to the settled claims, which allowed Walgreens to receive credit under the DOJ’s guidelines for taking disclosure, cooperation, and remediation into account in FCA cases.

Under the settlement agreement, the federal government received $91,881,530, and the individual states received $14,933,259 through separate settlement agreements. The settlement will resolve three cases pending in the District of New Mexico, Eastern District of Texas, and Middle District of Florida under the qui tam, or whistleblower, provision of the FCA. Whistleblowers Steven Turck and Andrew Bustos, former Walgreens employees, will receive $14,918,675 and $1,620,000, respectively, for their roles in filing the suits.

The DOJ’s press release can be found here.

CVS Health Subsidiary Settles FCA Allegations for $60 Million

On September 16, Chicago company Oak Street Health, a subsidiary of CVS Health, agreed to pay $60 million to resolve allegations that it violated the FCA by paying kickbacks to third-party insurance agents in exchange for recruiting seniors to Oak Street Health’s primary care clinics from September 2020 through December 2022.

According to the DOJ, in 2020, Oak Street Health developed a program called the Client Awareness Program. Under the program, which was developed to increase patient membership, seniors who were eligible for Medicare Advantage received marketing messages designed to generate interest in Oak Street Health. Upon receipt of these messages, third-party insurance agents organized three-way phone calls with Oak Street Health employees for the interested seniors. Oak Street Health paid agents around $200 per beneficiary referred or recommended as part of this service. Instead of basing referrals and recommendations on the best interest of the seniors, these payments allegedly encouraged agents to base referrals and recommendations on Oak Street Health’s financial interests.

The DOJ’s press release can be found here.

Dunes Surgical Hospital Settles for $12.76 Million Over FCA Violations

On September 16, South Dakota companies Siouxland Surgery Center LLP, d.b.a. Dunes Surgical Hospital, United Surgical Partners International Inc. (USPI), and USP Siouxland Inc. agreed to pay approximately $12.76 million to settle FCA allegations related to improper financial relationships between Dunes and two physician groups. Since July 1, 2014, USPI has maintained partial ownership of Dunes through USP Siouxland, a wholly owned subsidiary of USPI. Following an internal investigation, Dunes and USPI disclosed the arrangements at issue to the government.

From at least 2014 through 2019, Dunes allegedly made financial contributions to a nonprofit affiliate of a physician group whose physicians referred patients to Dunes. According to the complaint, those payments allegedly funded the salaries of referring employees. Other allegations include that Dunes provided a different physician group with below-market-value clinic space, staff, and supplies. The DOJ alleged that these arrangements violated both the Anti-Kickback Statute and the Stark Law, which are “designed to ensure that decisions about patient care are based on physicians’ independent medical judgment and not their personal financial interest.”

Following Dunes’ and USPI’s internal compliance review and independent investigation, the companies promptly took remedial actions and disclosed such arrangements to the DOJ. The companies also provided the government with detailed and thorough written disclosures and cooperated throughout its investigation, resulting in cooperation credit for the companies.

Under the settlement, Dunes and USPI will pay $12.76 million to the federal government for alleged violations of the FCA, and approximately $1.37 million to South Dakota, Iowa, and Nebraska for their share of the Medicaid portion of the settlement.

The DOJ’s press release can be found here.

California Man Convicted for Paying Illegal Kickbacks for Patient Referrals to Addiction Treatment Facilities

On September 11, a federal jury convicted Casey Mahoney, 48, of Los Angeles, for paying nearly $2.9 million in illegal kickbacks for patient referrals to his addiction treatment facilities in Orange County, California. The facilities involved are Healing Path Detox LLC and Get Real Recovery Inc.

According to court documents and evidence presented at trial, Mahoney paid illegal kickbacks to “body brokers” who referred patients to his facilities. These brokers appeared to pay thousands of dollars in cash to patients to induce them to procure treatment at Mahoney’s facilities. Mahoney allegedly concealed these illegal kickbacks through sham contracts with the body brokers. The contracts purportedly required fixed payments and prohibited payments based on the volume or value of patient referrals, when in reality, payments were negotiated based on patients’ insurance reimbursements and the number of days Mahoney could bill for treatment. Mahoney also allegedly laundered the proceeds of the conspiracy through payments to the mother of one of the body brokers, falsely characterizing them as consulting fees.

The Eliminating Kickbacks in Recovery Act formed the basis of the charges against Mahoney. He was convicted of one count of conspiracy to solicit, receive, pay, or offer illegal remunerations for patient referrals, seven counts of illegal remunerations for patient referrals, and three counts of money laundering. He is scheduled to be sentenced on January 17, 2025, and faces a maximum penalty of five years in prison for the conspiracy charge, 10 years in prison for each illegal remuneration count, and 20 years in prison for each money laundering count.

The DOJ’s press release can be found here.

© 2024 ArentFox Schiff LLP

by: D. Jacques SmithRandall A. BraterMichael F. DearingtonNadia PatelHillary M. Stemple, and Rebekkah R.N. Stoeckler of ArentFox Schiff LLP

For more news on FCA Violations visit the NLR Criminal Law Business Crimes section.

Consumer Privacy Update: What Organizations Need to Know About Impending State Privacy Laws Going into Effect in 2024 and 2025

Over the past several years, the number of states with comprehensive consumer data privacy laws has increased exponentially from just a handful—California, Colorado, Virginia, Connecticut, and Utah—to up to twenty by some counts.

Many of these state laws will go into effect starting Q4 of 2024 through 2025. We have previously written in more detail on New Jersey’s comprehensive data privacy law, which goes into effect January 15, 2025, and Tennessee’s comprehensive data privacy law, which goes into effect July 1, 2025. Some laws have already gone into effect, like Texas’s Data Privacy and Security Act, and Oregon’s Consumer Privacy Act, both of which became effective July of 2024. Now is a good time to take stock of the current landscape as the next batch of state privacy laws go into effect.

Over the next year, the following laws will become effective:

  1. Montana Consumer Data Privacy Act (effective Oct. 1, 2024)
  2. Delaware Personal Data Privacy Act (effective Jan. 1, 2025)
  3. Iowa Consumer Data Protection Act (effective Jan. 1, 2025)
  4. Nebraska Data Privacy Act (effective Jan. 1, 2025)
  5. New Hampshire Privacy Act (effective Jan. 1, 2025)
  6. New Jersey Data Privacy Act (effective Jan. 15, 2025)
  7. Tennessee Information Protection Act (effective July 1, 2025)
  8. Minnesota Consumer Data Privacy Act (effective July 31, 2025)
  9. Maryland Online Data Privacy Act (effective Oct. 1, 2025)

These nine state privacy laws contain many similarities, broadly conforming to the Virginia Consumer Data Protection Act we discussed here.  All nine laws listed above contain the following familiar requirements:

(1) disclosing data handling practices to consumers,

(2) including certain contractual terms in data processing agreements,

(3) performing risk assessments (with the exception of Iowa); and

(4) affording resident consumers with certain rights, such as the right to access or know the personal data processed by a business, the right to correct any inaccurate personal data, the right to request deletion of personal data, the right to opt out of targeted advertising or the sale of personal data, and the right to opt out of the processing sensitive information.

The laws contain more than a few noteworthy differences. Each of the laws differs in terms of the scope of their application. The applicability thresholds vary based on: (1) the number of state residents whose personal data the company (or “controller”) controls or processes, or (2) the proportion of revenue a controller derives from the sale of personal data. Maryland, Delaware, and New Hampshire each have a 35,000 consumer processing threshold. Nebraska, similar to the recently passed data privacy law in Texas, applies to controllers that that do not qualify as small business and process personal data or engage in personal data sales. It is also important to note that Iowa adopted a comparatively narrower definition of what constitutes as sale of personal data to only transactions involving monetary consideration. All states require that the company conduct business in the state.

With respect to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), Iowa’s, Montana’s, Nebraska’s, New Hampshire’s, and Tennessee’s laws exempt HIPAA-regulated entities altogether; while Delaware’s, Maryland’s, Minnesota’s, and New Jersey’s laws exempt only protected health information (“PHI”) under HIPAA. As a result, HIPAA-regulated entities will have the added burden of assessing whether data is covered by HIPAA or an applicable state privacy law.

With respect to the Gramm-Leach-Bliley Act (“GLBA”), eight of these nine comprehensive privacy laws contain an entity-level exemption for GBLA-covered financial institutions. By contrast, Minnesota’s law exempts only data regulated by GLBA. Minnesota joins California and Oregon as the three state consumer privacy laws with information-level GLBA exemptions.

Not least of all, Maryland’s law stands apart from the other data privacy laws due to a number of unique obligations, including:

  • A prohibition on the collection, processing, and sharing of a consumer’s sensitive data except when doing so is “strictly necessary to provide or maintain a specific product or service requested by the consumer.”
  • A broad prohibition on the sale of sensitive data for monetary or other valuable consideration unless such sale is necessary to provide or maintain a specific product or service requested by a consumer.
  • Special provisions applicable to “Consumer Health Data” processed by entities not regulated by HIPAA. Note that “Consumer Health Data” laws also exist in Nevada, Washington, and Connecticut as we previously discussed here.
  • A prohibition on selling or processing minors’ data for targeted advertising if the controller knows or should have known that the consumer is under 18 years of age.

While states continue to enact comprehensive data privacy laws, there remains the possibility of a federal privacy law to bring in a national standard. The American Privacy Rights Act (“APRA”) recently went through several iterations in the House Committee on Energy and Commerce this year, and it reflects many of the elements of these state laws, including transparency requirements and consumer rights. A key sticking point, however, continues to be the broad private right of action included in the proposed APRA but absent from all state privacy laws. Only California’s law, which we discussed here, has a private right of action, although it is narrowly circumscribed to data breaches.  Considering the November 2024 election cycle, it is likely that federal efforts to create a comprehensive privacy law will stall until the election cycle is over and the composition of the White House and Congress is known.

©2024 Epstein Becker & Green, P.C. All rights reserved.
For more on Data Privacy, visit the NLR Communications Media Internet section.

EVERYTHING’S FINE: Big TCPA Win For Medical Debt Collector Suggests FCC Rulings Still Binding After Loper Bright–Let’s Hope it Stays That Way

Fascinating little case for you all today.

Consumer visits hospital for treatment. Provides phone number at admission. Receives treatment and is discharged.

Consumer fails to pay resulting invoices. Hospital and provider network turn account over to collections. Debt collector allegedly uses an ATDS to call consumer on the number she provided.

What result?

Prior to the Supreme Court’s Loper Bright decision the determination would be easy. The FCC held back in 2009 that providing a number in connection with a transaction permits autodialed calls to a consumer in connection with that transaction. And the Sixth Circuit Court of Appeals has directly held that providing a phone number on hospital intake documents permits later debt collection activity at that number–including via autodialer.

But the Loper Bright decision recently destroyed Chevron deference–meaning courts no longer have to yield to agency determinations of this sort. And while the Hobbs Act affords extra protections to certain FCC rulings, those protections only apply where certain procedural requirements were met by the Commission in adopting the rule.

So does the FCC’s rule from 2009 permitting informational calls to numbers provided in connection with a transaction still bind courts? According to the decision in Woodman v. Medicredit, 2024 WL 4132732 (D. Nv Sept. 9, 2024) the answer is yes!

In Woodman the defendant debt collector moved for summary judgment arguing the Plaintiff consented when she provided her number to the hospital. The Court had little problem applying the FCC’s 2009 order and precedent that came before Loper Bright to grant summary judgment to he defense. So just like that case is gone.

Great ruling for the defense, of course, and it makes me feel a bit better about the whole “no one knows what the law is anymore” thing, but the Woodman court didn’t really address the core issue– was the 2009 ruling enacted with sufficient APA pop and circumstance to merit Hobbs Act deference under PDR Resources. 

Really interesting question and one folks should keep in mind.

© 2024 Troutman Amin, LLP
For more news on Debt Collection TCPA Lawsuits, visit the NLR Consumer Protection section.

FTC Announces Final Rule Imposing Civil Penalties for Fake Consumer Reviews and Testimonials

On August 14, 2024, the Federal Trade Commission announced a Final Rule combatting bogus consumer reviews and testimonials by prohibiting their sale or purchase. The Rule allows the FTC to strengthen enforcement, seek civil penalties against violators and deter AI-generated fake reviews.

“Fake reviews not only waste people’s time and money, but also pollute the marketplace and divert business away from honest competitors,” said FTC attorney Chair Lina M. Khan. “By strengthening the FTC’s toolkit to fight deceptive advertising, the final rule will protect Americans from getting cheated, put businesses that unlawfully game the system on notice, and promote markets that are fair, honest, and competitive.”

The Rule announced on August 14, 2024 follows an advance notice of proposed rulemaking and a notice of proposed rulemaking announced in November 2022 and June 2023, respectively. The FTC also held an informal hearing on the proposed rule in February 2024. In response to public comments, the Commission made numerous clarifications and adjustments to its previous proposal.

What Does the FTC Final on the Use of Consumer Reviews and Testimonials Prohibit?

The FTC Final Rule on the Use of Consumer Reviews and Testimonials prohibits:

Writing, selling, or buying fake or false consumer reviews. 

The Rule prohibits businesses from writing or selling consumer reviews that misrepresent they are by someone who does not exist or who did not have actual experience with the business or its products or services, or that misrepresent the reviewers’ experience. It also prohibits businesses from buying consumer reviews that they knew or should have known made such a misrepresentation. Businesses are also prohibited from procuring from certain company insiders such reviews about the business or its products or services for posting on third-party sites, when the businesses knew or should have known about the misrepresentation. The prohibitions on buying or procuring reviews do not cover generalized review solicitations to past customers or simply hosting reviews on the business’s website. Neither will a retailer or other entity be liable for sharing consumer reviews unless it would have been liable for displaying those same reviews on its own website.

Writing, selling, or disseminating fake or false testimonials. 

Businesses are similarly prohibited from writing or selling consumer or celebrity testimonials that make the same kinds of misrepresentations. The are also prohibited from disseminating or causing the dissemination of such testimonials when they knew or should have known about the misrepresentation. The prohibition on disseminating testimonials does not cover the type of generalized solicitations to past customers discussed above with respect to reviews.

Buying positive or negative reviews.

Businesses are prohibited from providing compensation or other incentives contingent on the writing of consumer reviews expressing a particular sentiment, either positive or negative. Violations here include situations in which such a contingency is express or implied. So, for example, while it prohibits offering $25 for a 5-star review, it also prohibits offering $25 for a review “telling everyone how much you love our product.”

Failing to make disclosures about insider reviews and testimonials.

The Rule prohibits a company’s officers and managers from writing reviews or testimonials about the business or its products or services without clearly disclosing their relationship. Businesses are also prohibited from disseminating testimonials by company insiders without clear disclosures, if the businesses knew or should have known of the relationship. A similar prohibition exists for officer or manager solicitations of reviews from their immediate relatives or from employees or agents of the business, and when officers or managers ask employees or agents to seek such reviews from relatives. For these various solicitations, the Rule is violated only if: (i) the officers or managers did not give instructions about making clear disclosures; (ii) the resulting reviews – either by the employees, agents, or the immediate relatives of the officers, managers, employees, or agents – appear without clear disclosures; and (iii) the officers or managers knew or should have known that such reviews appeared and failed to take steps to have those reviews either removed or amended to include clear disclosures. All of these prohibitions hinge on the undisclosed relationship being material to consumers. These disclosure provisions also clarify that they do not cover mere review hosting or generalized solicitations to past customers.

Deceptively claiming that company-controlled review websites are independent.

Businesses are prohibited from misrepresenting that websites or entities they control or operate are providing independent reviews or opinions, other than consumer reviews, about a category of businesses, products, or services that includes their own business, product, or service.

Illegally suppressing negative reviews.

The Rule prohibits using unfounded or groundless legal threats, physical threats, intimidation or public false accusations (when the accusation is made with knowledge that it is false or with reckless disregard as to its truth or falsity) to prevent the posting or cause the removal of all or part of a consumer review. Legal threats are “unfounded or groundless” if they are unwarranted by existing law or based on allegations that have no evidentiary support, according to the FTC. Also, if reviews on a marketer’s website have been suppressed based on their rating or negative sentiment, the Rule prohibits that business from misrepresenting that the reviews on a portion of its website dedicated to receiving and displaying such reviews represent most or all submitted reviews.

Selling and buying fake social media indicators.

The Rule prohibits the sale or distribution of fake indicators of social media influence, like fake followers or views. A “fake” indicator means one generated by a bot, a hijacked account, or that otherwise does not reflect a real individual’s or entity’s activities or opinions, according to the FTC. The Rule also bars anyone from buying or procuring such fake indicators. These prohibitions are limited to situations in which the violator knew or should have known that the indicators were fake and which involved misrepresentations of a person’s or company’s influence or importance for a commercial purpose.

The Rule does not specifically refer to AI. However, according to the FTC, these prohibitions cover situations when someone uses an AI tool to generate the deceptive content at issue.

According to the FTC, case-by-case enforcement without civil penalty authority might not be enough to deter clearly deceptive review and testimonial practices. The Supreme Court’s decision in AMG Capital Management LLC v. FTC has hindered the FTC’s ability to seek monetary relief for consumers under the FTC Act. The Rule is intended to enhance deterrence and strengthen FTC enforcement actions.

The Rule will become effective 60 days after the date it’s published in the Federal Register.

Takeaway: The FTC will aggressively enforce the new Rule. The agency has challenged illegal practices regarding bogus reviews and testimonials for quite some time. In addition to investigations and enforcement actions, the FTC has also issued guidance to help businesses to comply. According to the agency, online marketplaces and social media companies could and should do more when it comes to policing their platforms.

© 2024 Hinch Newman LLP
For more news on FTC’s Final Rule on Fake Reviews, visit the NLR Consumer Protection section.

FCC’s New Notice of Inquiry – Is This Big Brother’s Origin Story?

The FCC’s recent Notice of Proposed Rulemaking and Notice of Inquiry was released on August 8, 2024. While the proposed Rule is, deservedly, getting the most press, it’s important to pay attention to the Notice of Inquiry.

The part which is concerning to me is the FCC’s interest in “development and availability of technologies on either the device or network level that can: 1) detect incoming calls that are potentially fraudulent and/or AI-generated based on real-time analysis of voice call content; 2) alert consumers to the potential that such voice calls are fraudulent and/or AI-generated; and 3) potentially block future voice calls that can be identified as similar AI-generated or otherwise fraudulent voice calls based on analytics.” (emphasis mine)

The FCC also wants to know “what steps can the Commission take to encourage the development and deployment of these technologies…”

The FCC does note there are “significant privacy risks, insofar as they appear to rely on analysis and processing of the content of calls.” The FCC also wants comments on “what protections exist for non-malicious callers who have a legitimate privacy interest in not having the contents of their calls collected and processed by unknown third parties?”

So, the Federal Communications Commission wants to monitor the CONTENT of voice calls. In real-time. On your device.

That’s not a problem for anyone else?

Sure, robocalls are bad. There are scams on robocalls.

But, are robocalls so bad that we need real-time monitoring of voice call content?

At what point, did we throw the Fourth Amendment out of the window and to prevent what? Phone calls??

The basic premise of the Fourth Amendment is “to safeguard the privacy and security of individuals against arbitrary invasions by governmental officials.” I’m not sure how we get more arbitrary than “this incoming call is a fraud” versus “this incoming call is not a fraud”.

So, maybe you consent to this real-time monitoring. Sure, ok. But, can you actually give informed consent to what would happen with this monitoring?

Let me give you three examples of “pre-recorded calls” that the real-time monitoring could overhear to determine if the “voice calls are fraudulent and/or AI-generated”:

  1. Your phone rings. It’s a prerecorded call from Planned Parenthood confirming your appointment for tomorrow.
  2. Your phone rings. It’s an artificial voice recording from your lawyer’s office telling you that your criminal trial is tomorrow.
  3. Your phone rings. It’s the local jewelry store saying your ring is repaired and ready to be picked up.

Those are basic examples, but for them to someone to “detect incoming calls that are potentially fraudulent and/or AI-generated based on real-time analysis of voice call content”, those calls have to be monitored in real-time. And stored somewhere. Maybe on your device. Maybe by a third-party in their cloud.

Maybe you trust Apple with that info. But, do you trust someone who comes up with fraudulent monitoring software that would harvest that data? How do you know you should trust that party?

Or you trust Google. Surely, Google wouldn’t use your personal data. Surely, they would not use your phone call history to sell ads.

And that becomes data a third-party can use. For ads. For political messaging. For profiling.

Yes, this is extremely conspiratorial. But, that doesn’t mean your data is not valuable. And where there is valuable data, there are people willing to exploit it.

Robocalls are a problem. And there are some legitimate businesses doing great things with fraud detection monitoring. But, a real-time monitoring edict from the government is not the solution. As an industry, we can be smarter on how we handle this.

© 2024 Troutman Amin, LLP
For more on the FCC, visit the NLR Communications Media Internet section

FDA Releases Summary Report on Fresh Herbs Sampling Assignment

  • On July 26, 2024, the U.S. Food and Drug Administration (FDA) released findings from its sampling assignment that collected and tested domestic and imported basil, cilantro, and parsley. FDA sought to estimate the prevalence of Cyclospora, Salmonella, and Shiga toxin-producing Escherichia coli (STEC) in these herbs as part of its ongoing effort to ensure food safety and prevent contamination.
  • From September 2017 to September 2021, FDA collected and tested 1,383 samples of fresh basil, cilantro, and parsley. The Agency detected Salmonella in 17 samples, detected Cyclospora in 18 samples, and detected STEC in 1 sample. The contaminated products were quickly removed from the market.
  • The sampling assignment was conducted in response to food-borne illness outbreaks of Cyclospora, Salmonella, and STEC. From 2000 through 2016, cilantro was potentially linked to at least three outbreaks in the US. And since 2017, the US has experienced at least six additional outbreaks involving basil, cilantro, and parsley. More than 1,200 illnesses and 80 hospitalizations were tied to these outbreaks.
© 2024 Keller and Heckman LLP
For more news on Food Safety, visit the NLR Biotech Food Drug section.