Category: Consumer Protection

Inflation Woes: Four Key Ways for Companies to Address Inflation in the Supply Chain

The U.S. economy is grappling with the highest inflation in decades, with extensive inflation in the supply chain affecting companies worldwide. Supply chain disruptions undoubtedly have contributed to rising inflation, as extensive delays and skyrocketing costs continue to plague the industry.

In March 2022, the consumer-price index (or CPI) — a measure of the prices consumers pay for products — rose at an annual rate of 8.5%, which is the highest increase in 47 years.1 Meanwhile, the producer-price index (or PPI) — a measure of inflation meant to gauge the impact on suppliers — similarly rose significantly at an annual rate of 11.2%.2 Finally, the employer cost index (or ECI) demonstrates that, from March 2021 to March 2022, total compensation rose 4.5%, wages and salaries rose 4.7%, and benefit costs rose 4.1%.3

Because inflation increases the prices of goods or services, negotiations about who bears that risk in business partner relationships and the consequences of that risk allocation will have significantly greater financial impacts than we have seen in recent memory. As a result, ensuring your business teams are well versed on the impacts of and means of mitigating inflation in new contracts has a direct impact on your bottom line.

In this article, we provide ways for companies in the supply chain to address high inflation and alleviate associated pressures, including (1) how to revisit and use existing agreement provisions to address inflation risk, (2) approaches to negotiating new agreements and amendments to existing agreements, (3) approaches to limit inflationary exposure, and (4) strategies for cost reduction.

Figure 1:

Percent Change in CPI March 2021 versus March 2022

CPI March Chart

Bureau of Labor Statistics, U.S. Department of Labor, Consumer Price Index – March 2022, issued April 12, 2022

Four Key Ways to Mitigate the Effects of Increasing Inflation in the Supply Chain

1. Revisit and Use Provisions in Existing Agreements

Companies faced with rising costs must review their supply agreements to determine if they already contain mechanisms the company can use to address inflation. On the buy side, companies should look in their agreements for terms relating to fixed prices. On the sell side, companies should investigate ways to pass increased costs on to customers. Most supply contracts contain a variety of provisions that may assist in combatting inflationary pressures.

(a) Pricing Provisions

From a seller’s perspective, a contract may include index-based price escalation provisions, which tie contract prices to one or more indices. The underlying indices may be (i) broad economic indices such as the PPI or “market basket” indices tied to all items and all urban consumers, (ii) targeted indices such as ECI for a specific location, or (iii) tied to the cost of a specific commodity used in the underlying product. Contracts will sometimes incorporate several commodity indices based on the percentage those commodities are used in the product that is the subject of the agreement, in order to accurately reflect the costs associated with producing the good.

Allocations under these pricing provisions vary depending on negotiation power. They could put all of the risk on one party, share the risk equally, or share the risk according to particular percentages. The latter two options represent ways to avoid a “win/lose” approach.

Sellers will want to see whether their agreements allow for periodic negotiations for updated prices and take advantage of those opportunities. A buyer, meanwhile, may look for provisions that allow it the flexibility to limit the quantities ordered, enabling it to reduce costs as necessary or to seek a more cost efficient alternative. A buyer also will want to determine if the contract prohibits the seller from changing prices.

Regardless of the existing provisions, the real impact of inflation is likely to trigger commercial discussions to address rising costs; this is true both for hard goods supply agreements and indirect services agreements with longer terms such as outsourcing and managed services relationships.

(b) Force Majeure as a Mechanism to Adjust Price?

Outside of pricing provisions such as the above, however, a party may look to other contract provisions, such as force majeure, to see if its performance under the contract could be excused; increased costs alone are not enough to constitute a force majeure event. In order for a force majeure to arguably apply, the increase in costs must be caused by an event that itself is a qualifying force majeure event under the terms of the applicable contract (which may include events like a labor strike or pandemic).

Force majeure provisions are intended to excuse performance under a contract but not to act as a pricing adjustment mechanism. However, force majeure and its extra-contractual cousin, commercial impracticability, can be used as tools to bring the parties to the negotiating table where events beyond either party’s reasonable control are impacting the ability to produce and deliver products.

2. Negotiate Amendments to Existing Agreements

To the extent sellers have fixed-price contracts with their customers, sellers should consider negotiating with such customers to adjust these contracts in order to keep the prices they charge their customers in line with their input costs. When entering these discussions, companies that wish to implement a price adjustment, or eliminate fixed pricing entirely, should consider meaningful ways to incentivize their customers to agree to such changes. Would the customer be willing to agree to a price adjustment in order extend the agreement or adjust the quantity? Any items that maintain the relationship between the parties while also allocating cost increases in an equitable way should be considered.

Conversely, buyers faced with price-increase requests should carefully consider their options:

  • First, a customer receiving a price-adjustment request should confirm the request is actually tied to inflation and not just an attempt by a supplier to increase its bottom line. Seek detailed calculations supporting the price adjustments, and require suppliers to demonstrate how much their costs have increased above expectations.
  • Second, customers should consider what items they would like to request in return for accepting a given price-adjustment request, such as whether they would like to adjust their quantity or timing of delivery.
  • Third, a customer faced with a price increase request should consider whether the request should include the opportunity for the customer to obtain pricedowns in the future, in the event there are changes in the pricing environment.

3. Pricing Tied to Indexing and Other Ways to Limit Future Inflationary Exposure when Drafting New Agreements

When drafting new agreements, companies should consider how best to mitigate the effects of inflation.

For nearly 40 years, we have enjoyed relatively low and steady levels of inflation, which explains why existing agreements may not adequately address the allocation of significant and unexpected economic change.

Many of those at the upper echelons of leadership today have never dealt with a high inflationary environment. To put it in perspective, the CEO of Walmart, the No. 1 company on the Fortune 500 list for 2021, was 19 years old when inflation was last a newsworthy topic.

In the future, however, we expect far fewer agreements to have long-term fixed prices, as sellers negotiating agreements will want to incorporate a variety of strategies that allow for pricing flexibility and avoid longstanding, fixed prices. One such strategy is tying prices to an index. As discussed above, this could be a general index such as the CPI or PPI or be much more specific depending on the item sold. There are numerous indices for various products and commodities that parties may use to reflect accurately the costs of producing the goods that are the subject of their agreement. Parties may consider incorporating a mechanism for revisiting these provisions, especially in the event that inflation slows. Caps on inflation risk also may be incorporated as a backstop.

If not tying prices to an index, selling parties will want to shorten the term of their agreements or require the parties to renegotiate prices at set points throughout the duration of their agreements. Alternatively, parties may consider price increases of a certain percentage that are automatically implemented periodically. The seller may even want to leave the pricing open and establish pricing at the time the order is placed.

On the other hand, customers will want to incorporate provisions that cause the supplier to bear the inflationary risk. Principally, this means locking in prices for as long of a period as the seller will agree to and ensuring prices are fixed upon the issuance of purchase orders.

If and when sellers push back on extended fixed-pricing provisions, there are a variety of methods parties may use to meet in the middle:

  • Pricing arrangements that are tied to one or more indices may be capped to a certain percentage, ensuring the customer will know its upward exposure.
  • Include thresholds of index movement such that the price remains static unless and until the percentage threshold is exceeded.
  • Allocate increased cost exposure so a certain percentage range of index movement is allocated to one party and then the next percentage range is allocated to the other party. Parties then may share any exposure above those ranges.
  • Additionally, index-based pricing can be clarified to include both upward and downward movement, ensuring that customers, while risking inflationary costs, may also receive the benefits of deflationary environments.

4. Think Strategically to Reduce Costs

Aside from considering purely contractual methods to combat inflation, companies should think strategically about ways to reduce costs more efficiently.

  • Streamlining. In order to pursue this strategy, companies need to determine which areas are driving increased spending and consider ways those areas may be managed differently. For example, companies may consider whether there are different inputs that can be used to lower costs or processes that may be streamlined. Companies can review their inventory management, labor inputs, and other areas to determine where cost cutting may be an option without sacrificing product or service quality. This streamlining might include ending product lines with lower levels of profitability.
  • Technology & Innovation. In addition, with labor constituting such a high percentage of the cost increases companies are experiencing, a company may want to double down on technology and innovation that reduces headcount. Or, as prices rise, a company may pursue other pricing models. For example, a heavy equipment manufacturer may opt for a pay-per-use model in lieu of the traditional sale model.
  • Diversification of the Supply Chain. Another method companies may use is diversifying their supply chains, ensuring they provide the flexibility and sustainability needed to weather turbulent periods. Though adding links to supply chains will not lower costs in the near term, it can help ensure a business continues to function smoothly even in the event of price shocks, material shortages, or other disruptions.

The stressors driving inflation are unlikely to be relieved any time soon. Companies should use every resource available to leverage their current contracts and negotiate new terms to address inflation’s serious repercussions on their bottom line.

FOOTNOTES

1 How High Is Inflation and What Causes It? What to Know, Wall Street Journal (April 12, 2022).

2 Supplier Prices Rose Sharply in March, Keeping Upward Pressure on U.S. Inflation, Wall Street Journal (April 13, 2022).

3  Employment Cost Index – March 2022, U.S. Department of Labor, Bureau of Labor Statistics (April 29, 2022).

Article By Vanessa L. Miller, Kathleen E. Wegrzyn, Leah R. Imbrogno, James R. Kalyvas, and Austin R. Kissinger of Foley & Lardner LLP

For more financial institutions and banking news, click here to visit the National Law Review.

© 2022 Foley & Lardner LLP

Hackers Go Phishing in Beeple’s Deep Pool of Twitter Followers

“Stay safe out there, anything too good to be true is a … scam.” Beeple, a popular digital artist, tweeted to his followers, addressing the phishing scam that took place on May 23, 2022, targeting his Twitter account. The attack reportedly resulted in a loss of more than US$400,000 in cryptocurrency and NFTs, stolen from the artist’s followers on the social media website.

After hacking into Beeple’s Twitter account, perpetrators tweeted links from the artist’s page, promoting a fake raffle for unique art pieces. The links would reportedly take the user to a website that would drain the user’s cryptocurrency wallet of their digital assets.

Phishing scams for digital assets, including NFTs or non-fungible tokens, have steadily increased, with funds as large as $6 million being stolen. Various jurisdictions have adopted privacy and security laws that require companies to adopt reasonable security measures and follow required cyber incident response protocols. A significant part of these measures and protocols is training for employees in how to detect phishing scams and other hacking attempts by bad actors. This incident is a reminder to consumers to exercise vigilance, watch for red flags and not click on links without verifying the source.

The remaining summaries of news headlines are separated by region for your browsing convenience. 

UNITED STATES

Relaxed Deaccessioning COVID-19 Exemptions Expire

The global COVID-19 pandemic brought many changes, including dire financial consequences of the shutdowns for museums. In April 2020, the Association of Art Museum Directors (AAMD) made a decision to ease the rules that dictate how museums may use proceeds from art sales. Until April 2022, museums were permitted to use the funds for “direct care of collections” rather than to procure new artworks for their collections.

This relaxed policy and some of the museums that followed it met with backlash on more than one occasion; others, however, advocate for its continuation, citing considerations of diversity and inclusion. Some further argue that a policy born out of financial desperation should be continued to provide museums with the means to overcome any future financial issues that may arise.

Given that “direct care” is vague and open to interpretation, opponents of the relaxed rules counter giving museums such latitude to decide on the use of the proceeds, as it can lead to abuses and bad decisions. While AAMD has returned to its pre-pandemic regulations, and museums have followed suit, it appears that the public debate around deaccessioning is far from over.

Inigo Philbrick Sentenced to a Prison Term

Former contemporary art dealer Inigo Philbrick was sentenced by a federal court in New York to serve seven years in prison for a “Ponzi-like” art fraud, said to be one of the most significant in the history of the art market, with more than an estimated US$86 million in damages. Philbrick stood accused of a number of bad acts, including forging signatures, selling shares in artworks he did not own and inventing fictitious clients.

New York Abolishes Auction House Regulations

As the U.S. government is studying whether the art market requires further regulations to increase transparency and to combat money laundering, New York City repealed its local law that required auctioneers to be licensed and required disclosures to bidders, including whether an auction house had a financial stake in the item being auctioned. While the abolition of the regulation was ostensibly to improve the business climate after the pandemic, some commentators note that the regulations were outdated and not serving their purpose in any event. As an illustration, a newcomer to an auction will likely struggle to understand the garbled pre-action announcements or their significance. Whether the old regulations are to be replaced with new, clearer rules remains to be seen.

EUROPE

Greece and UK to Discuss Rehoming of Displaced Parthenon Marbles

The Parthenon marbles, also known as the Elgin marbles, have been on display in London’s British Museum for more than 200 years. These objects comprise 15 metopes, 17 pedimental figures and an approximately 250-foot section of a frieze depicting the birthday festivities of the Greek goddess Athena. What museum goers might not know is that these ancient sculptures were taken from the Acropolis in Greece in 1801 by Lord Elgin.

Previously, the British government, seeking to retain the sculptures, relied on the argument that the objects were legally acquired during the Ottoman Empire rule of Greece. However, for the first time, the UK has initiated formal talks with Greece to discuss repatriation of the Parthenon sculptures. These discussions are expected to influence future intergovernmental repatriation negotiations.

ASIA

Singapore High Court Asserts Jurisdiction over NFTs after Ruling Them a Digital Asset

The highest court in Singapore has granted an injunction to a non-fungible token (NFT) investor, Janesh Rajkumar, who sought to stop the sale of an NFT that once belonged to him and was used as collateral for a loan. The subject NFT from the Bored Ape Yacht Club Series is a rarity, as it depicts the only avatar that wears a beanie. Rajkumar now is seeking to repay the loan and have the NFT restored to his cryptocurrency wallet. The loan agreement specified that Rajkumar would not relinquish ownership of the NFT, and should he be unable to repay the loan in a timely manner, an extension would be granted. Instead of granting Rajkumar an extension, the lender, who goes by an alias “chefpierre,” moved to sell the NFT. The significance of the Singapore court’s decision is two-fold: the court has (1) recognized jurisdiction over assets cited in the decentralized blockchain, and (2) allowed for the freezing order to be issued via social media platforms.

THE MIDDLE EAST

Illegal Trading Leads to Raiding of Antique Dealer by the Israeli Authorities

A recent raid on an unauthorized antiquities dealer in the city of Modi’in by the Israel Antiquities Authority recovered hundreds of artifacts of significant historical value, including jewelry, a bronze statue and approximately 1,800 coins. One the coins is a nearly 2,000-year-old silver shekel of great historical significance. The coin is engraved with the name Shimon, leader of the 132–136 C.E. Bar Kokhba revolt.

Investigations are ongoing to determine where the antiquities were obtained. The Antiquities Robbery Prevention Unit intends to charge the dealer and their suppliers upon obtaining this information.

Article By Jana S. Farmer and Meenka Maharaj of Wilson Elser Moskowitz Edelman & Dicker LLP

For more entertainment, art, and sports news, click here to visit the National Law Review.

© 2022 Wilson Elser

Protection for Voice Actors is Artificial in Today’s Artificial Intelligence World

As we all know, social media has taken the world by storm. Unsurprisingly, it’s had an impact on trademark and copyright law, as the related right of publicity. A recent case involving an actor’s voice being used on the popular app TikTok is emblematic of the time. The actor, Bev Standing, sued TikTok for using her voice, simulated via artificial intelligence (AI) without her permission, to serve as “the female computer-generated voice of TikTok.” The case, which was settled last year, illustrates how the law is being adapted to protect artists’ rights in the face of exploitation through AI, as well as the limits of current law in protecting AI-created works.

Standing explained that she thinks of her voice “as a business,” and she is looking to protect her “product.” Apps like TikTok are taking these “products” and feeding them into an algorithm without the original speaker’s permission, thus impairing creative professionals’ ability to profit in an age of widespread use of the Internet and social media platforms.

Someone’s voice (and aspects of their persona such as their photo, image, or other likeness) can be protected by what’s called the “right of publicity.” That right prevents others from appropriation of one’s persona – but only when appropriation is for commercial purposes. In the TikTok case, there was commercial use, as TikTok was benefiting from use of Standing’s voice to “narrate” its users’ videos (with some user videos apparently involving “foul and offensive language”). In her Complaint, Standing alleged TikTok had violated her right of publicity in using her voice to create the AI voice used by TikTok, and relied upon two other claims:  false designation of origin under the Lanham Act and copyright infringement, as well as related state law claims. The false designation of origin claim turned on whether Standing’s voice was so recognizable that another party’s misappropriation of it could confuse consumers as to whether Standing authorized the Tik Tok use. The copyright infringement claim was possible because Standing created the original voice files for a company that hired her to record Chinese language translations. TikTok subsequently acquired the files but failed to get a license from Standing to use them, as TikTok was legally obligated to do because Standing was the original creator (and therefore copyright owner) of the voice files.

As with other historical technological innovations (one of the earliest being the printing press), the law often plays catch-up, but has proven surprisingly adaptable to new technology. Here, Standing was able to plead three legal theories (six if you count the state statutory and common law unfair competition claims), so it seems artists are well-protected by existing law, at least if they are alleging AI was used to copy their work or persona.

On the other hand, the case for protecting creative expression produced in whole or in part by AI is much more difficult. Some believe AI deserves its own form of copyright, since innovative technology has increasingly made its own music and sounds. Currently, protection for these sounds is limited, since only humans can be identified as authors for the purposes of copyright. Ryan Abott, a professor of law and health science at the University of Surrey in Britain, is attempting to bring a legal case against the U.S. Copyright Office to register a digital artwork made by a computer with AI as its author. The fear, says Abott, is that without rights over these sounds, innovation will be stifled — individuals will not have incentive to create AI works if they cannot protect them from unauthorized exploitation.

Article By Jeanne Hamburg of Norris McLaughlin P.A.

For more communications, media, and internet news,  click here to visit the National Law Review.

©2022 Norris McLaughlin P.A., All Rights Reserved

Thailand’s Personal Data Protection Act Enters into Force

On June 1, 2022, Thailand’s Personal Data Protection Act (“PDPA”) entered into force after three years of delays. The PDPA, originally enacted in May 2019, provides for a one-year grace period, with the main operative provisions of the law originally set to come into force in 2020. Due to the COVID-19 pandemic, however, the Thai government issued royal decrees to extend the compliance deadline to June 1, 2022. 

The PDPA mirrors the EU General Data Protection Regulation (“GDPR”) in many respects. Specifically, it requires data controllers and processors to have a valid legal basis for processing personal data (i.e., data that can identify living natural persons directly or indirectly). If such personal data is sensitive personal data (such as health data, biometric data, race, religion, sexual preference and criminal record), data controllers and processors must ensure that data subjects give explicit consent for any collection, use or disclosure of such data. Exemptions are granted for public interest, contractual obligations, vital interest or compliance with the law.

The PDPA applies both to entities in Thailand and abroad that process personal data for the provision of products or services in Thailand. Like the GDPR, data subjects are guaranteed rights, including the right to be informed, access, rectify and update data; restrict and object to processing; and the right to data erasure and portability. Breaches may result in fines between THB500,000 (U.S.$14,432) and THB5 million, plus punitive compensation. Certain breaches involving sensitive personal data and unlawful disclosure also carry criminal penalties including imprisonment of up to one year.

Article By Hunton Andrews Kurth’s Privacy and Cybersecurity of Hunton Andrews Kurth

For more communications, media & internet news, click here to visit the National Law Review.

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

Senate Bill to Revise and Reassess GRAS Program

  • On May 27, Senator Edward J. Markey (D-Mass.), alongside Senators Richard Blumenthal (D-Conn.) and Elizabeth Warren (D-Mass)., introduced the Ensuring Safe and Toxic-Free Foods Act, which is described as “comprehensive legislation that ensures the Department of Health and Human Services (HHS) fulfills its responsibility to promote the health and well-being of American families by directing the Food and Drug Administration (FDA) to strengthen the Substances Generally Recognized as Safe (GRAS) Rule, which exempts companies from seeking pre-market approval for food chemicals.” A summary of the legislation is available here.
  • The legislation would prohibit manufacturers from independently designating substances as GRAS (or manufacturing or selling food containing those substances) without supplying notice and supporting information to the Secretary of HHS. Substances that are carcinogenic or that have evidence of reproductive or developmental toxicity would be prohibited from receiving a GRAS designation. Further, the legislation would require that a GRAS Notice and all supporting information be publicly available online and subject to a 90-day review period.
  • The legislation would also direct the Secretary to create an Office of Food Chemical Safety Reassessment within FDA’s CFSAN. The new office would be responsible for reassessing the safety of existing food additives, food contact substances, color additives, and substances that had already received GRAS status. The office would be required to reassess at least 10 substances (or class of substances) once every three years. As included in the bill, the first 10 substances to be reviewed would be:
    • Perfluoroalkyl substances and polyfluoroalkyl substances
    • Ortho-phthalates
    • The class of bisphenols
    • Titanium dioxide
    • Potassium bromate
    • Perchlorate
    • Butylated hydroxyanisole (BHA)
    • Butylated hydroxytoluene (BHT)
    • Brominated vegetable oil (BVO)
    • Propyl paraben
  • With regard to the legislation, Senator Markey has said “The FDA too often falls short on their responsibility to promote food safety, highlighted recently by the baby formula crisis where FDA’s deputy commissioner for food policy did not learn about the whistleblower complaint for four months. It is long past time we revise existing food safety measures and close the loophole allowing manufacturers to self-regulate what new substances can enter our food supply.”

Article By Food and Drug Law at Keller and Heckman of Keller and Heckman LLP

For more biotechnology, life sciences, food and drug law news, click here to visit the National Law Review.
© 2022 Keller and Heckman LLP

DOJ Limits Application of Computer Fraud and Abuse Act, Providing Clarity for Ethical Hackers and Employees Paying Bills at Work Alike

On May 19, 2022, the Department of Justice announced it would not charge good-faith hackers who expose weaknesses in computer systems with violating the Computer Fraud and Abuse Act (CFAA or Act), 18 U.S.C. § 1030. Congress enacted the CFAA in 1986 to promote computer privacy and cybersecurity and amended the Act several times, most recently in 2008. However, the evolving cybersecurity landscape has left courts and commentators troubled by potential applications of the CFAA to circumstances unrelated to the CFAA’s original purpose, including prosecution of so-called “white hat” hackers. The new charging policy, which became effective immediately, seeks to advance the CFAA’s original purpose by clarifying when and how federal prosecutors are authorized to bring charges under the Act.

DOJ to Decline Prosecution of Good-Faith Security Research

The new policy exempts activity of white-hat hackers and states that “the government should decline prosecution if available evidence shows the defendant’s conduct consisted of, and the defendant intended, good-faith security research.” The policy defines “good-faith security research” as “accessing a computer solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability, where such activity is carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services.”

In practice, this policy appears to provide, for example, protection from federal charges for the type of ethical hacking a St. Louis Post-Dispatch reporter performed in 2021. The reporter uncovered security flaws in a Missouri state website that exposed the Social Security numbers of over 100,000 teachers and other school employees. The Missouri governor’s office initiated an investigation into the reporter’s conduct for unauthorized computer access. While the DOJ’s policy would not affect prosecutions under state law, it would preclude federal prosecution for the conduct if determined to be good-faith security research.

The new policy also promises protection from prosecution for certain arguably common but contractually prohibited online conduct, including “[e]mbellishing an online dating profile contrary to the terms of service of the dating website; creating fictional accounts on hiring, housing, or rental websites; using a pseudonym on a social networking site that prohibits them; checking sports scores at work; paying bills at work; or violating an access restriction contained in a term of service.” Such activities resemble the facts of Van Buren v. United States, No. 19-783, which the Supreme Court decided in June 2021. In Van Buren, the 6-3 majority rejected the government’s broad interpretation of the CFAA’s prohibition on “unauthorized access” and held that a police officer who looked up license plate information on a law-enforcement database for personal use—in violation of his employer’s policy but without circumventing any access controls—did not violate the CFAA. The DOJ did not cite Van Buren as the basis for the new policy. Nor did the DOJ identify any another impetus for the change.

To Achieve More Consistent Application of Policy, All Federal Prosecutors Must Consult with Main Justice Before Bringing CFAA Charges

In addition to exempting good-faith security research from prosecution, the new policy specifies the steps for charging violations of the CFAA. To help distinguish between actual good-faith security research and pretextual claims of such research that mask a hacker’s malintent, federal prosecutors must consult with the Computer Crime and Intellectual Property Section (CCIPS) before bringing any charges. If CCIPS recommends declining charges, prosecutors must inform the Office of the Deputy Attorney General (DAG) and may need to obtain approval from the DAG before initiating charges.

Article By Kyle R. Freeny, Linda Ricci, Jena M. Valdetero, and Brittany M. Fisher of Greenberg Traurig, LLP

For more data privacy and cybersecurity legal news, click here to visit the National Law Review.

©2022 Greenberg Traurig, LLP. All rights reserved.

NCLC Tells FCC “Callers can easily avoid making calls to telephone numbers that have been reassigned….” – But Is it That Simple?

The National Consumer Law Center is at it again.

In response to the Department of Health and Human Services’ recent letter to the FCC seeking clarity on whether the TCPA applies to texts it would like to make to alert Americans of certain medical benefits, the NCLC–an organization that nominally represents consumers, but really seems to represent the interests of the plaintiff’s bar–has filed a comment.

Unsurprisingly, the NCLC takes the position that HHS needs no relief. Government contractors are covered by the TCPA–it says–but the texts at issue in HHS’ letter are consented, so they’re fine. (Although it later clarifies that only “many” but not “all” of the enrollees whom HHS wishes to call have “probably” given their telephone numbers as part of written enrollment agreements–so perhaps not.)

Hmmmm. Feels like a trap. But we’ll ignore that for now.

The critical piece here though is what the NCLC–very powerful voice, for better or (often) worse–is telling the FCC about the effectiveness of the new Reassigned Number Database:

3. Callers can easily avoid making calls to telephone numbers that have been reassigned to someone other than the enrollee

A primary source of TCPA litigation risk has been calls inadvertently made to numbers that are no longer assigned to the person who provided consent. Courts have held the caller liable for making automated calls to a cell phone number that has been reassigned to someone other than the person who provided consent to be called.29

The Commission has implemented the Reassigned Number Database specifically to address that risk of liability, as well as to limit the number of unwanted robocalls:

The FCC’s Reassigned Numbers Database (RND) is designed to prevent a consumer from getting unwanted calls intended for someone who previously held their phone number. Callers can use the database to determine whether a telephone number may have been reassigned so they can avoid calling consumers who do not want to receive the calls. Callers that use the database can also reduce their potential Telephone Consumer Protection Act (TCPA) liability by avoiding inadvertent calls to consumers who have not given consent for the call.31

The database has been fully operational since November 1, 2021. It provides a means for callers to find out before making a call if the phone number has been reassigned. If the database wrongly indicates that the number has not been reassigned, so long as the caller has used the database correctly, no TCPA liability will apply for reaching the wrong party. 32 Thus, as long as HHS’s callers make use of this simple, readily available database, they can be confident that they will not be held liable for making calls to reassigned numbers.

While I steadfastly support both the creation and use of the RND, it also must be observed that there are myriad problems with the RND as it currently exists. Most importantly, the data sets in the RND are only comprehensive through October 1, 2021 and spotty back to February, 2021 (beyond which there are no records!)

So for folks like HHS–and servicers of mortgages, and retailers, and credit card companies–who want to reach customers who provided their contact information before 10/2021 or 2/2021 the RND is simply not helpful.

The NCLC’s over simplification of a critical issue is not surprising. They once told Congress that the TCPA is “Straightforward and Clear” after all.

Full comment here: NCLC Comments-c3

We’ll keep an eye on developments on HHS’ letter and all the FCC goings ons.

Article By Eric J. Troutman of Troutman Firm

For more TCPA and communications legal news, click here to visit the National Law Review.

© 2022 Troutman Firm

Comparing and Contrasting the State Laws: Does Pseudonymized Data Exempt Organizations from Complying with Privacy Rights?

Some organizations are confused as to the impact that pseudonymization has (or does not have) on a privacy compliance program. That confusion largely stems from ambiguity concerning how the term fits into the larger scheme of modern data privacy statutes. For example, aside from the definition, the CCPA only refers to “pseudonymized” on one occasion – within the definition of “research” the CCPA implies that personal information collected by a business should be “pseudonymized and deidentified” or “deidentified and in the aggregate.”[1] The conjunctive reference to research being both pseudonymized “and” deidentified raises the question whether the CCPA lends any independent meaning to the term “pseudonymized.” Specifically, the CCPA assigns a higher threshold of anonymization to the term “deidentified.” As a result, if data is already deidentified it is not clear what additional processing or set of operations is expected to pseudonymize the data. The net result is that while the CCPA introduced the term “pseudonymization” into the American legal lexicon, it did not give it any significant legal effect or status.

Unlike the CCPA, the pseudonymization of data does impact compliance obligations under the data privacy statutes of Virginia, Colorado, and Utah. As the chart below indicates, those statutes do not require that organizations apply access or deletion rights to pseudonymized data, but do imply that other rights (e.g., opt out of sale) do apply to such data. Ambiguity remains as to what impact pseudonymized data has on rights that are not exempted, such as the right to opt out of the sale of personal information. For example, while Virginia does not require an organization to re-identify pseudonymized data, it is unclear how an organization could opt a consumer out of having their pseudonymized data sold without reidentification.

ENDNOTES

[1] Cal. Civ. Code § 1798.140(ab)(2) (West 2021). It should be noted that the reference to pseudonymizing and deidentifying personal information is found within the definition of the word “Research,” as such it is unclear whether the CCPA was attempting to indicate that personal information will not be considered research unless it has been pseudonymized and deidentified, or whether the CCPA is mandating that companies that conduct research must pseudonymize and deidentify. Given that the reference is found within the definition section of the CCPA, the former interpretation seems the most likely intent of the legislature.

[2] The GDPR does not expressly define the term “sale,” nor does it ascribe particular obligations to companies that sell personal information. Selling, however, is implicitly governed by the GDPR as any transfer of personal information from one controller to a second controller would be considered a processing activity for which a lawful purpose would be required pursuant to GDPR Article 6.

[3] Va. Code 59.1-577(B) (2022).

[4] Utah Code Ann. 13-61-303(1)(a) (2022).

[5] Va. Code 59.1-577(D) (2022) (exempting compliance with Va. Code 59.1-573(A)(1) through (4)

[6] C.R.S. 6-1-1307(3) (2022) (exempting compliance with C.R.S. Section 6-1-1306(1)(b) to (1)(e)).

[7] Utah Code Ann. 13-61-303(1)(c) (exempting compliance with Utah Code Ann. 13-61-202(1) through (3)).

[8] Va. Code 59.1-577(D) (2022) (exempting compliance with Va. Code 59.1-573(A)(1) through (4)

[9] C.R.S. 6-1-1307(3) (2022) (exempting compliance with C.R.S. Section 6-1-1306(1)(b) to (1)(e)).

[10] Va. Code 59.1-577(D) (2022) (exempting compliance with Va. Code 59.1-573(A)(1) through (4)

[11] C.R.S. 6-1-1307(3) (2022) (exempting compliance with C.R.S. Section 6-1-1306(1)(b) to (1)(e)).

[12] Utah Code Ann. 13-61-303(1)(c) (exempting compliance with Utah Code Ann. 13-61-202(1) through (3)).

[13] Va. Code 59.1-577(D) (2022) (exempting compliance with Va. Code 59.1-574).

[14] Va. Code 59.1-577(D) (2022) (exempting compliance with Va. Code 59.1-574).

Article By David A. Zetoony of Greenberg Traurig, LLP

For more data privacy and cybersecurity legal news, click here to visit the National Law Review.

©2022 Greenberg Traurig, LLP. All rights reserved.

New Jersey Employers Are Now Required to Provide Written Notice Before Using Tracking Devices in Employee-Operated Vehicles

Earlier this year, New Jersey Governor Phil Murphy signed into law Assembly Bill No. 3950, which requires employers in the State to provide written notice to an employee before using a tracking device on a vehicle used by the employee. The new law, which went into effect on April 18, 2022, recognizes that employers may have a legitimate business interest in being able to track their workforce’s whereabouts—particularly when traveling or working offsite—while also reconciling that with the protection of workers’ privacy rights. At the very least, the days of covertly tracking employee vehicles appear to be a thing of the past.

The law defines “tracking device” as any “electronic or mechanical device which is designed or intended to be used for the sole purpose of tracking the movement of a vehicle, person, or device,” with a specific carveout for devices used solely for the purpose of documenting employee expense reimbursement.

Significantly, the written notice requirement applies to the use of tracking devices in any vehicles used by an employee. It does not matter whether it is an employee’s personal vehicle (whether owned or leased) or company-owned or provided. Written notice must be provided regardless.

Failure to comply with the law’s notice requirements can carry substantial penalties. An employer who knowingly makes use of a tracking device in a vehicle used by an employee without providing written notice to the employee shall be subject to a civil penalty up to $1,000.00 for the first violation, and then up to $2,500.00 for each subsequent violation. These fines can add up quickly, especially for service businesses with large vehicle fleets, among others. Additionally, it is possible that failure to comply with the law’s notice requirements may implicate employee privacy rights that could lead to further civil exposure.

Private employers within the State must ensure they have appropriate policies and procedures in place to comply with the new law’s requirements and insulate their businesses from potential liability for violations. While it does not specify what the required “written notice” must look like or how it must be conveyed to employees, at minimum employers should update their employee handbooks as well as provide a stand-alone, written notice to employees, with signed confirmation and acknowledgement of receipt. Additionally, rule and regulations regarding GPS tracking of employee vehicles may vary from state to state, so employers with a multi-state presence or service area need to be aware of the different laws that may apply to them depending on where their employees are working.

Employers who have not yet updated their forms and procedures should immediately contact counsel and take steps to ensure that they are in compliance. Similarly, it may be prudent for employers who drafted their own policies to have experienced employment counsel perform a policy or handbook review and provide advice and guidance regarding employer responsibilities and obligations, including but not limited to ensuring compliance with New Jersey’s new vehicle tracking device law.

COPYRIGHT © 2022, STARK & STARK
Article By Cory Rand with Stark & Stark.
For more articles about New Jersey Legislation, visit the NLR New Jersey law section.

Litigation Minute: Defending Consumer Class Action Claims Involving PFAS

WHAT YOU NEED TO KNOW IN A MINUTE OR LESS

Defending consumer class action claims alleging false and misleading product labeling based on the presence of per- and polyfluoroalkyl substances (PFAS) is similar to the defense of other food and beverage labeling class actions, but there are nuances the food and beverage industry should consider.

What Are PFAS?

As noted in last week’s edition, PFAS are per- and polyfluoroalkyl substances used for their flame-retardant and water-resistant properties. They are used in clothing, cosmetics, and food packaging. PFAS can also be found in municipal water supplies.

How Do PFAS Relate to Consumer Class Actions?

Plaintiffs’ counsel have brought consumer class actions against the makers and sellers of food and beverages alleging that the presence of PFAS in the labeled product renders the labeling false and misleading. Consumer class actions involving PFAS typically allege that the presence of PFAS renders affirmative representations on the product labeling false or misleading, or that the presence of PFAS must be disclosed on the label.

For example, both of these theories are at play in the case of Davenport v. L’Oreal USA, Inc. The complaint asserts that (1) the representations that L’Oreal’s waterproof mascaras are safe, effective, high quality, and appropriate for use on consumers’ eyelashes are false or misleading due to the presence of PFAS; and (2) L’Oreal failed to disclose to consumers that PFAS are present in detectable amounts in its waterproof mascaras.1

How is the Defense of PFAS Consumer Class Actions Similar to the Defense of Other Consumer Class Actions?

In most instances, the defense of consumer class actions involving PFAS allegations does not differ substantially from the defense of other types of consumer class actions. In the case of an alleged affirmative misrepresentation, the inquiry is the same on a pleadings challenge – whether the labeling is likely to mislead a reasonable person given the presence of PFAS in the product.

Moreover, plaintiffs typically assert a “premium price” theory, meaning the plaintiff claims he or she would not have purchased the item, or would have paid less, had the PFAS been properly disclosed. These allegations provide the defense with an opportunity to attack the damages model on class certification, similar to other types of consumer class actions.

How is the Defense of PFAS Consumer Class Actions Different From the Defense of Other Consumer Class Actions?

The defense of consumer class actions involving PFAS will differ from other consumer class actions in two key ways, depending on the allegations.

First, given the current lack of regulations governing the presence of PFAS in food and beverage products, the food and beverage industry should be aware that there is generally no duty to disclose the presence of PFAS in the absence of a relevant false or misleading statement on the product labeling. This lack of regulations provides an additional avenue for a pleadings challenge that may not otherwise succeed.

Second, scientific testing will be critical to determining whether there are any, or a uniform quantity of, PFAS present across the entire product line. PFAS variations between product exemplars may provide an additional avenue to defeat class certification.

Takeaway

Unfortunately, it appears that the food and beverage industry will see a new wave of class action litigation focused on the presence of PFAS in products. However, it also appears that many tried and true defense strategies will be applicable to such claims, and the unique nature of PFAS litigation will provide class defendants with additional strategies.

FOOTNOTES

1Davenport v. L’Oreal USA, Inc., No. 2:22-cv-01195 (C.D. Cal.).

Copyright 2022 K & L Gates
Article By Matthew G. Ball with K&L Gates.
For more articles about litigation, visit the NLR Litigation section.