Category: Global

Game Changing Reform to NSW Environment Protection Laws

The NSW Government has introduced the Environment Legislation Amendment Bill 2021 (NSW) (Bill) which proposes wide ranging reforms to NSW environmental laws to enable the NSW Environment Protection Authority (EPA) to “crack down” on environmental offenders.

The Bill makes good on Minister Matt Kean’s commitment to ensure that “the book [is] thrown at anyone who has done the wrong thing”. While the EPA has made it clear that the reforms are “aimed solely at those who deliberately choose to circumvent the law”, the amendments proposed by the Bill will materially increase environmental liabilities for all NSW operators.

This article outlines the key reforms proposed by the Bill which will amend a raft of environmental legislation, including the Protection of the Environment Operations Act 1997 (NSW) (POEO Act) and Contaminated Land Management Act 1997 (NSW) (CLM Act) and include:

  • the creation of new environmental offences;
  • increasing the penalties for a number of existing offences;
  • increasing the powers of the EPA and other environment regulators to hold to account those perceived to be responsible for pollution or contamination and to enforce environment protection licence conditions;
  • enabling the EPA to recover profits arising from the commission of environmental offences and the cost of remediating contaminated land from related bodies corporate and directors and managers of offending corporations; and
  • making it easier for the EPA to prove certain environmental offences.

The Bill is expected to be debated by Parliament in early 2022 and, if passed, will result in the largest overhaul of NSW environmental laws in over five years.

KEY REFORMS

Description Analysis
Greater Liability for Directors, Managers and Related Bodies Corporate
  • New power for the EPA and other environment regulators to issue clean-up notices and prevention notices to:
    • current and former directors and persons concerned in management; and
    • related bodies corporate, of companies responsible pollution or contamination, if the company does not comply with notices issued to it.
  • Making it an offence for a:
    • director or person concerned in management;
    • related body corporate; or
    • director or person concerned in management of a related body corporate,

to receive or accrue a monetary benefit as a result of certain proven environmental offences by a company.

  • New and expanded powers for the EPA and other prosecutors to obtain monetary benefit orders requiring:
    • directors or persons concerned in management;
    • related bodies corporate; and
    • directors or persons concerned in management of related bodies corporate,

to repay monetary benefits accrued as a result of certain proven environmental offences by a company.

If passed, the Bill will significantly increase potential liability of those concerned in the management of companies (including related bodies corporate) who commit environmental offences or fail to comply with environment protection notices in NSW.

Managers, directors and related bodies corporate could be put on the hook:

  • to clean up pollution or contamination caused by a company;
  • to carry out works required by a prevention notice to ensure that activities of the corporation are carried on in future in an environmentally satisfactory manner; and
  • to repay “monetary benefits” received as a result of any proven offence.

The proposed measures are not entirely unique to NSW. Queensland passed “chain of responsibility” environment legislation in 2016 and put it to use in the long-running Linc Energy matter.

However, the proposal for directors and related bodies corporate to be automatically liable for an offence if they profit from a proven offence of a corporation under environment protection legislation is likely to be the source of significant concern. This is especially the case as the Bill does not propose any defences. This means that a director or person concerned in management could potentially be liable even if they have taken all due diligence to prevent the commission of the offence by the company, although the EPA is unlikely to commence a prosecution in such circumstances.
New EPA Powers to Regulate Contaminated Land
  • New powers for the EPA to issue clean-up notices and prevention notices as soon as the EPA is notified of contamination of land, even before the EPA has determined that the land is “significantly contaminated”.
  • New power for the EPA to require financial assurances to ensure compliance with under ongoing maintenance orders, restrictions and public positive covenants.
 The new reforms demonstrate the importance on engaging with the EPA at an early stage and on an ongoing basis in relation to contaminated land.

If passed, the Bill would enable the EPA to take strong and proactive action without agreement even before it determines that the land is “significantly contaminated” and warrants contamination.
New Offence of Giving False or Misleading Information to the EPA
  • The Bill includes a new general offence of giving information to the EPA that is false or misleading in a material respect.
  • A defence applies where the person took all reasonable steps to ensure the information was not false or misleading in a material respect.
  • Greater penalties apply where the false or misleading information is provided knowingly.
  • Directors and other persons involved in the management of the corporation will be liable for any offence committed by the company under the new provision if they ought reasonably to know that the offence would be committed and failed to take all reasonable steps to prevent the provision of false and misleading information.

This new false and misleading information offence is significant because it applies regardless of whether the information was provided:

  1. voluntarily; or
  2. in circumstances where the information was known to be false or misleading.

The new offence is an apparent response to the decision in Environment Protection Authority v Eastern Creek Operations Pty Limited [2020] NSWLEC 182, where the defendant successfully resisted an EPA prosecution which alleged that the provision of false or misleading information by establishing that the notice in response to which the information was provided was legally invalid.

The new offence would create material new risks for entities regulated by the EPA, and highlights the need to take great care in taking “all reasonable steps” to ensure that information provided to the EPA is not false or misleading.
Higher Maximum Penalties for Some Environmental Offences
  • Substantial increases to some maximum penalties for offences under environment protection legislation, including the CLM Act, to more than double the current maximum penalties.
 The Second Reading Speech states that maximum penalties have been increased so that “they reflect the true cost of the crime”
Increased Liability for Suspected “Contributors” to Pollution
  • New power for the EPA and other environmental regulators to issue a clean-up notice to persons who is “reasonably suspected of contributing”, to any extent, to a pollution incident.
  • New powers for public authorities to recover costs and expenses of taking clean-up action from persons the authority “reasonably suspects contributed” to the pollution incident, in addition to occupiers and persons the authority reasonably suspects caused the pollution incident.
  • New right for person issued a clean-up notice to recover costs from others who caused or contributed to pollution incidents as a debt.

These new provisions are likely to be of significant concern, as they enable the EPA to issue clean-up notices requiring alleged contributors to pollution incidents to clean-up all of the pollution, at its cost. This has the potential to lead to the unintended result that:

  •  suspected contributors could be made liable for clean-up costs far exceeding their actual contribution; and
  • the EPA may seek to regulate the potential contributor with the “deepest pockets” – rather than the person most directly responsible.

While the Bill includes a right for a contributor to recover costs from others who caused or contributed to the pollution incident as a debt, this offers very limited protection to suspected contributors issued a clean-up notice, particularly if the person responsible or other persons responsible have limited financial capacity.
Expanded Environmental Licensing Powers
  • The Bill includes a new power for the EPA to require restrictions on the use of land or pubic positive covenants to enforcing environment protection licence conditions (including conditions imposed on the suspension, revocation or surrender of the licence). In line with this, the Bill also includes new provisions to enable a person other than the holder, or former holder, of a licence, to apply to vary the conditions of the suspension, revocation or surrender of the licence.
  • New ability for the EPA to deny environment protection licences to corporations where current or former directors of the corporation, related bodies corporate or for current or former directors of related bodies corporate have contravened relevant legislation.
 The proposed power to impose restrictions on use and public positive covenants to enforce licence conditions is material as, currently, licence condition only bind the holder of the environment protection licence. The changes proposed will enable the EPA to legally enforce conditions against land owners or occupiers, even if the activity regulated by the environment protection licence was conducted by a former land owner or tenant.

The EPA will now be able to take a deeper look at the overall environmental compliance history of an entity in licensing decisions, meaning that it will be even more important for corporations, directors and managers to maintain a strong environmental compliance history.
Consistent Court Powers including for Cost Recovery
  • Additional powers for public authorities including the EPA or other persons to recover costs, expenses and compensation from offenders in the Land and Environment Court.
  • Additional powers for the Land and Environment Court to make specific kinds of orders where environment offences are proven.
 The Bill proposes to have more consistent provisions across environment protection legislation in terms of the orders a court can make in relation to offenders, and the cost recovery that the EPA can seek from the Court.
New Offence to Delay Authorised Officers
  • The Bill contains a new offence of delaying, obstructing, assaulting, threatening or intimidating an authorised officer in the exercise of the officer’s powers, in addition to the existing offence of wilfully delaying or obstructing an authorised office.

This is an apparent response to the McClelland and Turnbull matters which involved the assault or delay of environment protection officers. The new offence is significant because the EPA would not be required to prove that the relevant delay or obstruction was willful, and so a person could be held liable for unintentional delays or obstructions.
Expanded Prohibition Notice Powers
  • Expanded power for the Minister to issue prohibition notices to occupiers of a class of premises or to a class of persons.
  • Expanded power to issue prohibition notices to directors, former directors or related bodies corporate of a corporation who has not complied with a prohibition notice.
 Currently, the Minister can only issue prohibition notices requiring occupiers or persons to cease carrying on an activity.

The Bill proposes to enable the Minister to prohibit occupiers of a class of premises or a class of persons from carrying on an activity. This would enable the Minister to shut down all of the premises of so-called “rogue operators”, if recommended to do so by the EPA. While it is likely to be rarely (if ever) used, the expanded power could potentially be relied on by the Minister where a pattern of non-compliance is identified across a specific industry or across multiple premises of one organisation.
Administrative Reforms to EPA
  • The Bill also proposes a range of administrative The most notable reform is to considerably reduce the Minister’s control of the EPA so that the EPA is no longer subject to the control or direction of the Minister, and that the Minister only has a limited power to issue directions of a general nature to the EPA.
 The EPA is generally regarded as an “independent” regulator, and the proposed reform formally reduces Ministerial control of the EPA thereby increasing its independence.

The Bill also includes some additional measures regarding board appointments to achieve greater diversity of collective skills, including expertise in human health and Aboriginal cultural values.

PUBLIC CONSULTATION ON POEO ACT REGULATIONS

In addition to the reforms contemplated by the Bill, the EPA is currently consulting on the following regulations under the POEO Act:

  • Protection of the Environment Operations (Clean Air) Regulation 2021 (NSW); and
  • Protection of the Environment Operations (General) Regulation 2021 (NSW).

Each of these regulations:

  • were remade with only minor amendments earlier this year, to avoid automatic repeal under the Subordinate Legislation Act 1989 (NSW); and
  • will be substantively amended in 2022. The EPA has committed to carrying out consultation on the proposed changes in 2022.

IMPLICATIONS

The reforms contained in the Bill demonstrate how important it is for all businesses which operate in NSW, and their related bodies corporate, directors and managers to:

  • take environmental compliance very seriously; and
  • work effectively with the EPA to address any pollution and contamination issues.

Copyright 2021 K & L Gates

Article by Kirstie Richards and Luke Salem with K&L Gates.

For more articles on climate change initiatives, visit the NLR Environmental & Energy section.

Continuing Effort to Protect National Security Data and Networks

CMMC 2.0 – Simplification and Flexibility of DoD Cybersecurity Requirements

Evolving and increasing threats to U.S. defense data and national security networks have necessitated changes and refinements to U.S. regulatory requirements intended to protect such.

In 2016, the U.S. Department of Defense (DoD) issued a Defense Federal Acquisition Regulation Supplement (DFARs) intended to better protect defense data and networks. In 2017, DoD began issuing a series of memoranda to further enhance protection of defense data and networks via Cybersecurity Maturity Model Certification (CMMC). In December 2019, the Department of State, Directorate of Defense Trade Controls (DDTC) issued long-awaited guidance in part governing the minimum encryption requirements for storage, transport and/or transmission of controlled but unclassified information (CUI) and technical defense information (TDI) otherwise restricted by ITAR.

DFARs initiated the government’s efforts to protect national security data and networks by implementing specific NIST cyber requirements for all DoD contractors with access to CUI, TDI or a DoD network. DFARs was self-compliant in nature.

CMMC provided a broad framework to enhance cybersecurity protection for the Defense Industrial Base (DIB). CMMC proposed a verification program to ensure that NIST-compliant cybersecurity protections were in place to protect CUI and TDI that reside on DoD and DoD contractors’ networks. Unlike DFARs, CMMC initially required certification of compliance by an independent cybersecurity expert.

The DoD has announced an updated cybersecurity framework, referred to as CMMC 2.0. The announcement comes after a months-long internal review of the proposed CMMC framework. It still could take nine to 24 months for the final rule to take shape. But for now, CMMC 2.0 promises to be simpler to understand and easier to comply with.

Three Goals of CMMC 2.0

Broadly, CMMC 2.0 is similar to the earlier-proposed framework. Familiar elements include a tiered model, required assessments, and contractual implementation. But the new framework is intended to facilitate three goals identified by DoD’s internal review.

  • Simplify the CMMC standard and provide additional clarity on cybersecurity regulations, policy, and contracting requirements.
  • Focus on the most advanced cybersecurity standards and third-party assessment requirements for companies supporting the highest priority programs.
  • Increase DoD oversight of professional and ethical standards in the assessment ecosystem.

Key Changes under CMMC 2.0

The most impactful changes of CMMC 2.0 are

  • A reduction from five to three security levels.
  • Reduced requirements for third-party certifications.
  • Allowances for plans of actions and milestones (POA&Ms).

CMMC 2.0 has only three levels of cybersecurity

An innovative feature of CMMC 1.0 had been the five-tiered model that tailored a contractor’s cybersecurity requirements according to the type and sensitivity of the information it would handle. CMMC 2.0 keeps this model, but eliminates the two “transitional” levels in order to reduce the total number of security levels to three. This change also makes it easier to predict which level will apply to a given contractor. At this time, it appears that:

  • Level 1 (Foundational) will apply to federal contract information (FCI) and will be similar to the old first level;
  • Level 2 (Advanced) will apply to controlled unclassified information (CUI) and will mirror NIST SP 800-171 (similar to, but simpler than, the old third level); and
  • Level 3 (Expert) will apply to more sensitive CUI and will be partly based on NIST SP 800-172 (possibly similar to the old fifth level).

Significantly, CMMC 2.0 focuses on cybersecurity practices, eliminating the few so-called “maturity processes” that had baffled many DoD contractors.

CMMC 2.0 relieves many certification requirements

Another feature of CMMC 1.0 had been the requirement that all DoD contractors undergo third-party assessment and certification. CMMC 2.0 is much less ambitious and allows Level 1 contractors — and even a subset of Level 2 contractors — to conduct only an annual self-assessment. It is worth noting that a subset of Level 2 contractors — those having “critical national security information” — will still be required to seek triennial third-party certification.

CMMC 2.0 reinstitutes POA&Ms

An initial objective of CMMC 1.0 had been that — by October 2025 — contractual requirements would be fully implemented by DoD contractors. There was no option for partial compliance. CMMC 2.0 reinstitutes a regime that will be familiar to many, by allowing for submission of Plans of Actions and Milestones (POA&Ms). The DoD still intends to specify a baseline number of non-negotiable requirements. But a remaining subset will be addressable by a POA&M with clearly defined timelines. The announced framework even contemplates waivers “to exclude CMMC requirements from acquisitions for select mission-critical requirements.”

Operational takeaways for the defense industrial base

For many DoD contractors, CMMC 2.0 will not significantly impact their required cybersecurity practices — for FCI, focus on basic cyber hygiene; and for CUI, focus on NIST SP 800-171. But the new CMMC 2.0 framework dramatically reduces the number of DoD contractors that will need third-party assessments. It could also allow contractors to delay full compliance through the use of POA&Ms beyond 2025.

Increased Risk of Enforcement

Regardless of the proposed simplicity and flexibility of CMMC 2.0, DoD contractors need to remain vigilant to meet their respective CMMC 2.0 level cybersecurity obligations.

Immediately preceding the CMMC 2.0 announcement, the U.S. Department of Justice (DOJ) announced a new Civil Cyber-Fraud Initiative on October 6 to combat emerging cyber threats to the security of sensitive information and critical systems. In its announcement, the DOJ advised that it would pursue government contractors who fail to follow required cybersecurity standards.

As Bradley has previously reported in more detail, the DOJ plans to utilize the False Claims Act to pursue cybersecurity-related fraud by government contractors or involving government programs, where entities or individuals, put U.S. information or systems at risk by knowingly:

  • Providing deficient cybersecurity products or services
  • Misrepresenting their cybersecurity practices or protocols, or
  • Violating obligations to monitor and report cybersecurity incidents and breaches.

The DOJ also expressed their intent to work closely on the initiative with other federal agencies, subject matter experts and its law enforcement partners throughout the government.

As a result, while CMMC 2.0 will provide some simplicity and flexibility in implementation and operations, U.S. government contractors need to be mindful of their cybersecurity obligations to avoid new heightened enforcement risks.

© 2021 Bradley Arant Boult Cummings LLP
For more articles about cybersecurity, visit the NLR Cybersecurity, Media & FCC section.

Get with The Program – China’s New Privacy Laws Are Coming

The People’s Republic of China (PRC) passed the Personal Information Protection Law (PIPL) on Friday the 20th of August 2021. The new privacy regime strengthens the protection around the use and collection of personal data and introduces a new requirement for user consent.

The PIPL, closely resembling the European Union’s General Data Protection Regulation, prevents the personal data of PRC nationals from being transferred to countries with lower standards of data security; a rule that may pose inherent problems for foreign businesses. The PIPL was introduced following an increase in online scamming and individual service price discrimination – where the same service is offered at different prices based on a user’s shopping profile. However, while businesses and some state entities face stronger collection obligations, the PRC state security department will maintain full access to personal data.

Although the final draft of the PIPL is yet to be released, the new law is set to commence on the 1st of November 2021. Companies will face fines of up to 50 million yuan ($7.6 million USD), or 5% percent of their annual turnover if they fail to comply. For an in-depth discussion of the Draft PIPL released in August 2020, see our K&L Gates publication here.

Ella Richards also contributed to this article.

Copyright 2021 K & L Gates
Article by Cameron Abbott with K&L Gates.
For more articles on international privacy law, visit NLR Section Cybersecurity Media & FCC.

COVID-19 Fears Prompt State Department ‘Do Not Travel’ Advisory for UK, Other Restrictions Continue

The State Department, in coordination with the CDC, raised its Travel Advisory for the United Kingdom to “Do Not Travel” because of COVID-19 (Level IV).

Coincidentally, the Department’s move came on the same day Prime Minister Boris Johnson lifted most COVID-19-related restrictions in the United Kingdom (yet, excluding Wales, Scotland, and Northern Ireland). He made this move as the case numbers are rising because most adults in the United Kingdom are fully vaccinated.

Despite the United Kingdom lifting its restrictions, the European Union has opened its borders to individuals from the United States (with various restrictions). Further, Canada is about to open its borders to fully vaccinated U.S. citizens and permanent residents. Moreover, the White House reported that the United States will not be lifting travel restrictions due to the spread of the Delta variant. Press Secretary Jen Psaki said that it is not clear how long the restrictions will last. As of July 23, 2021, the CDC announced that the seven-day average of COVID-19 cases in the United States was up over 46 percent from the prior week.

Therefore, despite lobbying efforts aimed at increasing summer tourism from Europe, the Presidential Proclamations restricting travel to the United States due to COVID-19 are likely to remain in effect throughout the tourist season and beyond. The travel restrictions were imposed more than a year ago, in January 2020, when President Donald Trump instituted the ban on travel from China. Further bans were instituted in 2020 and 2021 on individuals travelling from Iran, the United Kingdom, Ireland, the 26-member countries of the Schengen Zone, Brazil, South Africa, and, more recently, India. To overcome these restrictions those who need to travel to the United States but are subject to the bans must either “camp-out” in a non-banned country (if they can enter such a country) for 14 days before attempting to enter the United States or they must apply for and receive a National Interest Exception (NIE) to the relevant ban. Eligibility for NIEs is set forth in a web of complex and changing guidance from the Department of State and Customs and Border Protection.

Employers all over the country are suffering due to the bans. Their key employees cannot travel back and forth from or to the United States for important business purposes. The highly skilled or temporary, seasonal workers they need to boost their businesses and the economy cannot be hired. This is compounded by the fact that most U.S. consulates abroad are extremely back-logged and understaffed due to COVID-19.

Jackson Lewis P.C. © 2021

“Uber drivers are workers” says UK Supreme Court

This morning, 19 February 2021, the UK Supreme Court handed down judgment on the case of Uber v Aslam [2021] UKSC 5.

In a unanimous, landmark decision, the Supreme Court agreed that Uber drivers were “workers”, not self-employed contractors, for the purposes of UK employment law. Worker status entitles drivers to (amongst other things) 5.6 weeks of paid annual leave per year and sick pay and, crucially, to be paid at least the statutory minimum wage (which can be backdated).

The Supreme Court further clarified that Uber drivers are entitled to be paid minimum wage for the entirety of the period that they are logged into the app and are ready and willing to accept trips, and not just during the periods that they are driving passengers to their destinations.

The Court emphasised that what is important is the reality of the relationship between the parties, and noted the following:

  • Uber sets the fare for its drivers’ journeys, thereby dictating how much drivers are paid for their work;
  • Uber imposes its own contractual terms on drivers who wish to work through the app;
  • drivers’ choices about whether to accept ride requests are constrained by Uber;
  • Uber exercises significant control over the way in which drivers deliver their services; and
  • Uber restricts communications between its passengers and drivers.

The impact of this decision, to Uber, its drivers and the gig economy at large, cannot be understated. Going forward, and barring legislative intervention, Uber and other businesses operating in the platform or gig economy will need to fundamentally reassess both their labour relationships and the viability of their business models in light of this morning’s judgment. How Parliament and businesses choose to respond is sure to have significant and far-reaching consequences for the shape and future of the UK economy.

© 2020 Vedder Price
For more, visit the NLR Labor & Employment section.

International Air Travelers Entering the United States Must Have a Negative COVID-19 Test

Effective Jan. 26, 2021, all air passengers traveling to the United States will be required to get a viral test for current infection within the three days before their flight to the U.S. is scheduled to depart, and provide written documentation of their laboratory test results (paper or electronic copy) to the airline. In lieu of a negative test result in that timeframe, the passenger may provide documentation of having recovered from COVID-19 in the past three months and proof of having been cleared for travel by a licensed health care provider or health official.

How Will This Rule Be Enforced?

Airlines will be required to confirm the negative test result for all passengers (or documentation of recovery from COVID-19) before they board. Therefore, if a passenger cannot provide documentation of a negative test or recovery, or chooses not to take a test, the airline is required to deny boarding to the passenger.

A negative test result must be provided to the airline in order to return by air travel to the United States. All travelers must plan to allow for testing and receipt of laboratory test results when planning return travel to the United States.

Travelers may also be required to produce written documentation (either paper or electronic copy) of their test results upon request to any U.S. government official or a cooperating state or local public health authority.

Who Does the Testing Requirement Pertain To?

The testing requirement applies to all air travelers bound for the U.S., including U.S. citizens and is required for all airline passengers ages two and older. Even those individuals who already have received the COVID-19 vaccine must provide evidence of a negative COVID-19 test for travel.

NOTE: The rule does not apply to passengers on flights from the U.S. Virgin Islands and Puerto Rico, since those are U.S. territories.

Which Type of Test Do I Need?

Passengers will need to provide results from an antigen test or PCR (viral antigen or nucleic acid

amplification test). Antibody test results will not be accepted, because the test results must rule out current COVID-19 infection.

For those individuals who have recovered from COVID-19, they can provide documentation of having recovered from COVID-19 in the past three months (they can bring evidence of their previous positive test result, with proof that they have been cleared for travel by a licensed health care provider or health official).

Where Can I Get Tested in a Foreign Country?

Look for guidance from airlines, hotels, tourism bureaus and health care providers when booking travel.  Many countries post their current COVID-19 protocols and guidance for international travelers needing to be tested, as well.

How Long Will This Rule Be In Effect?

The rule is in place indefinitely, and likely will remain in place until the coronavirus surge has subsided or other controls are in place.

Additional CDC Recommendations

As always, the CDC also continues to advise travelers to also get tested again three to five days after arrival in the U.S. and to stay at home for seven days post-travel to help slow the spread of COVID-19 within U.S. communities.

© 2020 Dinsmore & Shohl LLP. All rights reserved.
For more, visit the National Law Review Coronavirus News section.

Japan Announces Process for Adding “Existing Substances” to PL

The Japanese Ministry of Health, Labour and Welfare (MHLW) has published a request for nominations for “existing substances” be included on the Positive List (PL) of “synthetic resins” for food-contact materials (FCMs) with corresponding submission forms. “Existing substances” include those marketed or used for food-contact utensils, containers and packages (UCP) in Japan prior to the effective date for the PL (i.e., June 1, 2020).  The deadline for filing such nominations is October 30, 2020.

For additional information on the PL system for “synthetic resins” that was MHLW published on April 28, 2020, see the PackagingLaw.com article, A Move to Mandatory: Japan Finalizes its Positive List for “Synthetic Resins”.)

As a component of MHLW’s process for nominating “existing substances,” the Ministry requires that companies include an attestation that such substances were marketed or used in food-contact UCP prior to June 1, 2020.  Submission forms are provided for each of the following materials:

  1. Base polymers (Plastics and Coatings);
  2. Minor monomers polymerized with base polymers; and
  3. Additives (including coating agents).

Additional information, including links to application form and submission instructions, is available here.

© 2020 Keller and Heckman LLP
For more articles on packaging law, visit the National Law Review Biotech, Food, Drug section.

Irish Data Case Against Facebook Could Complicate All Data Transfers to the US

Will the EU finally deny the right to transfer any personal data from its shores to the United States? Its privacy decisions have been inching closer to this determination for years, and an Irish case against Facebook may tip the balance.

For fifteen years, personal data being sent from the European Union (“EU”) to the United States were accepted under “Safe Harbor” principles. The Safe Harbor emerged in part to the EU’s 1995 Data Protection Directive being implemented and concerns that with the emergence of the internet, that the United States could not guarantee a sufficient level of protection for European citizens’ personal data.

In 2013, however, the Safe Harbor was challenged, due to Edward Snowden’s intelligence leak which indicated a significant American government surveillance program. The challenge to the Safe Harbor was rooted in the belief that the information of EU citizens stored in the US would be at risk of government surveillance. An Austrian citizen, Maximilian Schrems (“Schrems”), filed a complaint against Facebook with the Irish Data Protection Commission (“DPC”). The DPC declined to investigate the complaint, because the data transfer at issue was in adherence with the Safe Harbor.

Schrems proceeded to challenge the Irish DPC’s refusal to investigate the complaint in court. The Irish High Court referred this challenge to the Court of Justice of the European Union (“CJEU”).  Facebook, like many companies, relied on the Safe Harbor to process and transfer EU personal data. In October 2015, the CJEU declared the Safe Harbor invalid. In response, the United States and EU replaced the Safe Harbor with the U.S.-EU Privacy Shield, in order to allow companies to continue to transfer EU citizen’s personal data to the United States while still complying with the requirements outlined by the CJEU in the Schrems decision.

Recently, the CJEU invalidated the Privacy Shield mechanism for transferring data between the EU and United States. The basis for the decision was once again governmental access to personal data. The recent decision (“Schrems II”) preserved an alternate legal mechanism for companies, Standard Contractual Clauses (“SCC”), when the data exporter puts in place appropriate safeguards to ensure a high level of protection for data subjects. Some local European data authority decisions and recent actions by the DPC against Facebook created concern around the use of SCCs as well.

In the DPC’s annual report last year, it disclosed that it had launched 8 investigations involving Facebook for GDPR violations.  A September 9, 2020 article in the Wall Street Journal reported that the DPC had issued Facebook a preliminary order to suspend transfers of EU personal data to the United States.

A spokesman for the Commission declined to comment on the report. Ireland’s data regulator has sent Facebook a preliminary order to stop transferring user data from the EU to the U.S. Though the DPC did not provide comment, Facebook stated that the DPC had “commenced an inquiry into Facebook controlled EU-US data transfers, and has suggested that SCCs cannot in practice be used for EU-US data transfers.” Facebook is also seeking judicial review of the Irish Data Protection Commission’s preliminary decision because the SCC is a widely accepted tool for transferring EU data to the United States, sans Safe Harbor or Privacy Shield. This legal challenge will be significant to monitor as it has the potential to implicate every transfer of EU personal data to the United States going forward.

Copyright © 2020 Womble Bond Dickinson (US) LLP All Rights Reserved.
For more articles on data, visit the National Law Review Communications, Media & Internet section.

U.S. Senate Subcommittee on Investigations Recommends Regulation of the Art Market & Other Headlines

U.S. Senate Subcommittee’s Report Recommends Art Market Regulations

As part of its investigation into the effectiveness of sanctions against foreign persons and entities, the Permanent Subcommittee on Investigations of the United States Senate issued a report focused on lack of regulation and pervasive secrecy in the art market. Specifically, the report notes that the art industry is considered the largest legal industry in the United States that is not subject to the requirements of the Bank Secrecy Act, which mandates detailed procedures aimed at preventing money laundering and requires businesses to know their customers’ identity. The report further observes that under the unwritten rules of the art market, a large number of art sales happen through intermediaries, with purchasers and sellers frequently not inquiring into each other’s identities and sellers not asking about the origin of the purchase money. Art advisers are frequently reluctant to reveal the identity of their clients for fear of losing the business.

The 147-page report sets forth a case study of how the art market was used to evade sanctions imposed on Russia. Brothers Arkady and Boris Rotenberg, billionaire business tycoons and long-time friends of Vladimir Putin, were among a number of Russians placed under U.S. sanctions in 2014 as part of an effort to punish Putin and his associates for the annexation of Crimea. It is illegal for U.S. companies to do business with sanctioned persons, but there are no specific laws in place obliging a buyer or seller in a transaction for the sale of art to identify themselves. The Subcommittee’s report concludes that the Rotenbergs took advantage of the lack of transparency required in art transactions, successfully evading the sanctions imposed on them. It is alleged that through the use of shell companies and a Moscow-based art adviser and dealer, they hid their identities and purchased more than $18 million in art from U.S. dealers and auction houses while under sanction.

Of significance to all art market participants, the Senate Subcommittee’s report recommends, among other things, that Congress should amend the Bank Secrecy Act to add businesses handling transactions involving high-value art. While the term “high-value” is not defined, the report cites the recent European Anti–Money Laundering (AML) legislation, which requires businesses handling art transactions valued at €10,000 to comply with AML laws, including the Know Your Customer rule. The report further recommends that the Office of Foreign Assets Control (OFAC) of the U.S. Department of the Treasury issue a comprehensive guide on the steps auction houses and art dealers should take to ensure that they are not doing business with sanctioned individuals or entities.

Legislation will be necessary to amend the Bank Secrecy Act to apply to the art market. In fact, a bill proposing to do exactly that was previously introduced and is presently pending, proposing to regulate antiques dealers only in connection with transactions over $10,000.

White Supremacist Scientist’s Skull Collection to Be Reexamined by University

Last year, a group of students at the University of Pennsylvania presented findings that a collection of skulls kept by the university include crania from at least 55 enslaved individuals. The collection was the work of Samuel George Morton, a now-discredited physician, who used the skulls to come up with pseudoscientific justifications for slavery. Discovery Magazine has touted him as the “founding father of scientific racism.” After facing calls for the skulls to be repatriated or buried, the university moved the collection to storage. Repatriation may be difficult since little is known about the skulls’ origin other than that Morton obtained them from Cuba.

Outdoor Art Serves the Public until New York’s Museums Reopen

New York Governor Andrew Cuomo announced that New York City’s museums can reopen beginning August 24. In the meanwhile, New York City’s tourism and marketing division has put together a list of outdoor and open-air art available for viewing by the public throughout all five boroughs.

Two Museums Fear Their Gauguins May Be Fakes

Fabrice Fourmanoir, a Gauguin enthusiast, investigator and collector who exposed the J. Paul Getty Museum’s Gauguin sculpture as a fake has now set his astute gaze on paintings at the National Gallery of Art in Washington D.C. and the Museum of Fine Arts in Boston. Fourmanoir has alleged that both paintings are not Gauguins and were instead commissioned and sold by a Parisian art dealer. The museums are considering a scientific examination of the paintings to confirm their origin and authenticity.

EUROPE

Raphael’s True Cause of Death Revealed

Scientists have dispelled the myth that Renaissance painter Raphael, noted by historians as having had many trysts, died of the sexually transmitted disease syphilis. A new study conducted at the University of Milan Bicocca has concluded that the artist likely died instead from a pulmonary disease similar to pneumonia. Raphael’s physicians subjected him to bloodletting, a process wherein blood is drawn from a patient to rid the body of disease. As physicians of that period did not typically practice bloodletting for lung ailments, it is suspected that Raphael’s doctors failed to properly diagnose his symptoms. Moreover, it has been determined that rather than aiding in his recovery, the bloodletting likely contributed to and quickened his death. Raphael died in 1520 in Rome at the age of 37.

Selfie Menace Continues

Security camera footage has confirmed that an Austrian tourist broke two toes off of a sculpture by famed neoclassical sculptor Antonio Canova. The damage occurred at the Gipsoteca Museum in Possagno, when the tourist sat on a sculpture of Paolina (Pauline) Bonaparte, Napoleon’s sister, to take a selfie. The perpetrator surrendered to authorities. The work damaged was an original plaster cast model dating back to 1804, the marble version of which is kept at the Galleria Borghese in Rome. Artnet previously assembled a round-up of tragic cases of art being damaged by tourists angling for better selfies.

Building Decorated by Picasso Demolished, Triggering Protests

Despite ongoing protests, the Norwegian government has begun tearing down the Y-block office building in Oslo, part of its governmental headquarters in the city damaged in the 2011 terrorist attack by Anders Breivik, who detonated a car bomb. Prior to any demolition of the Y-block building, Picasso’s The Fishermen, a sand-blasted 250-ton section of the building’s facade, and The Seagull, a 60-ton floor-to-ceiling drawing in the building’s lobby, were removed and relocated. Opponents of the demolition argue that the Y-block building’s brutalist architecture should be preserved, and that Picasso’s works and the building “belong together.” They also argue that the demolition is, in essence, a symbolic completion of what Breivik wanted, to erase the symbols of democracy. Construction of the new governmental headquarters is expected to be completed in 2025.

Ancient Greek Architecture Likely Catered to the Handicapped

New research conducted at California State University suggests that the stone ramps featured on many ancient Greek temples were primarily built to accommodate the disabled and mobility impaired. While these ramps may have served other purposes, such as enabling transportation of materials, they were featured most prominently in quantity and size at temples dedicated to Asclepius, the Greek god of healing. As these sites drew in many visitors with disabilities, illnesses and ailments, who would have had difficulty navigating stairs, it is now thought that the ramps were specifically crafted to assist these guests.

Croatian Museums and Historic Sites Can’t Catch a Break

After the coronavirus forced churches, galleries and museums throughout Croatia to close, in March 2020, a 5.3 magnitude earthquake rocked the country, damaging its largest Gothic-style cathedral and many other landmarks, including the Archaeological Museum in Zagreb. The strongest earthquake recorded in the country in almost 150 years made many buildings structurally unsound, and museum owners began storing works in their facility basements. On July 24, 2020, that was no longer an option when a severe storm hit Zagreb, leading to massive flooding. As water surged into their basements, The Archaeological Museum and Museum of Decorative Arts, among others, struggled to protect their collections. The full extent of the damage from the storm is not yet known, but expected to be significant.

Restoration Plans for Notre Dame by Traditional Methods Finalized

After discussing the issue for more than a year, the decision was made to reconstruct the roof and spires of the renowned Notre-Dame de Paris cathedral to resemble their appearance prior to the April 2019 fire. Despite calls from French President Emmanuel Macron to rebuild these features in a contemporary style, they will be constructed using the original material and traditional methods to the extent possible. In addition to the roof and spires, the vault will need to be repaired and three of the cathedral’s gables will have to be dismantled and rebuilt. After this work is completed, the building’s statues, which fortunately were removed just days prior to the fire, will be returned. The reconstruction of Notre Dame is scheduled to be completed in 2024.

© 2020 Wilson Elser

For more art world news, see the National Law Review Entertainment, Art & Sports law section.

10 Reasons Why FCPA Compliance Is Critically Important for Businesses

  • The Foreign Corrupt Practices Act (“FCPA”) prohibits companies from bribing foreign officials in an effort to obtain or retain business, and it requires that companies maintain adequate books, records, and internal controls to prevent unlawful payments.
  • The FCPA was passed in response to an increase in global corruption costs.
  • Implementing an effective FCPA compliance program can benefit companies financially and socially, and it can help companies seize opportunities for business expansion.
  • In drafted and implemented appropriately, an FCPA compliance program will: serve as an invaluable tool against corruption, promote ethical conduct within the company, reduce the societal costs of corruption, and foster business expansion domestically and globally.
  • Company leaders should consider hiring experienced legal counsel to provide advice and representation regarding FCPA compliance.

What is the Foreign Corrupt Practices Act?

Enacted in 1977, the Foreign Corrupt Practices Act (“FCPA”) is a federal law that prohibits bribery of foreign officials in an effort to obtain or retain business. It also requires companies to maintain adequate books, records, and internal controls in their accounting practices to prevent and detect unlawful transactions.

Congress passed the FCPA in response to growing concerns about corruption in the global economy. The FCPA includes provisions for both civil and criminal enforcement; and, over the past several decades, FCPA enforcement proceedings have resulted in billions of dollars in penalties, disgorgement orders, and other sanctions issued against companies accused of engaging in corrupt transactions with government entities.

What are the Risks of FCPA Non-Compliance?

The U.S. Department of Justice (“DOJ”) and the Securities and Exchange Commission (“SEC”) are the primary agencies tasked with enforcing the FCPA. These agencies take allegations of FCPA violations very seriously, motivated in large part by the damage that bribery and corruption of foreign officials can cause to the interests of the United States. Prosecutions under the FCPA have increased in recent years, with both companies and individuals being targeted.

Due to the risk of federal prosecution, companies that do business with foreign entities must implement compliance programs that are specifically designed to prevent, detect and allow for appropriate response to transactions that may run afoul of the FCPA. In addition to helping to prevent and remedy FCPA violations, adopting a robust compliance program also demonstrates intent to follow the law and can create a positive view of your company in the eyes of federal authorities.

“Implementing an effective FCPA compliance program serves a number of important purposes. Not only can companies mitigate the risk of their employees engaging in corrupt practices, but they can also discourage corrupt conduct by other entities and demonstrate to federal authorities that they are committed to complying with the law.” – Dr. Nick Oberheiden, Founding Attorney of Oberheiden P.C.

If your company is targeted by the DOJ or SEC for a suspected FCPA violation, it will be important to engage federal defense counsel promptly. Having counsel available to represent your company during an FCPA investigation is crucial for protecting your company and its owners, executives, and personal against civil or criminal prosecution.

Why Should Companies Implement FCPA Compliance Programs?

Here are 10 of the most important reasons why companies that do business with foreign entities need to adopt comprehensive and custom-tailored FCPA compliance programs:

  1. The FCPA is an invaluable tool in the federal government’s fight against foreign corruption.
    • The FCPA is a massive piece of legislation that is designed to allow the DOJ and SEC to effectively combat corruption and bribery involving foreign officials. Ultimately, enforcement of the FCPA is intended to eliminate the costs of foreign corruption to the United States.
    • An effective and robust FCPA compliance program promotes these objectives while also protecting companies and individuals against civil liability and criminal prosecution.
  2. Anti-corruption laws like the FCPA promote ethical conduct.
    • Companies that have comprehensive policies against bribery and corruption send a strong message to other companies and foreign officials that they are committed to aiding in the federal government’s fight against corruption.
    • Foreign officials are less likely to ask for bribes from companies that promote an anti-corruption corporate environment through their compliance policies and procedures.
    • Compliance with anti-corruption laws promotes positive morale among company personnel who feel the pride of working for a company that is committed to transparency and ethical conduct.
  3. The FCPA allows companies to develop strong internal controls and avoid a slippery slope toward an unethical culture.
    • Companies that regularly utilize bribes in their business operations are likely to eventually encounter multiple problems, both in the U.S. and abroad.
    • Once a foreign official knows that a company is willing to pay bribes, that foreign official will request larger bribe amounts. In order to continue business operations in the relevant jurisdiction, company personnel may continue to accept the foreign official’s terms and pay larger bribes.
    • If left unchecked, corrupt practices can become so prevalent that they create enormous liability exposure for the company.
    • Maintaining a focus on FCPA compliance allows companies to develop effective internal controls that promote efficiency in their business operations.
  4. The FCPA reduces the societal costs of corruption.
    • Corruption increases costs to society. This includes political, social, economic, and governmental costs resulting from unethical business conduct.
    • By adopting and enforcing strong FCPA compliance programs, companies can help reduce these costs.
  5. The FCPA reduces the internal business costs of corruption.
    • Corporate success depends on certainty, predictability, and accountability. An environment where corruption is rampant costs companies time and money, and it can lead to disruptions in the continuity of their business operations.
    • FCPA compliance instills predictability in investments, business transactions, and dealings with foreign officials.
  6. Corruption and bribery create an unfair business environment.
    • Companies are more likely to be successful in an environment that emphasizes fair competition, and in which all competitors sell their products and services based on differentiation, pricing, and efficiency.
    • Corruption and bribery allow for unfair results in the marketplace. For instance, companies that utilize bribes can achieve increased sales and increased market share despite offering an inferior product at an uncompetitive price.
  7. The penalties under the FCPA encourage compliance and accurate reporting.
    • The penalties imposed under the FCPA incentivize the disclosure and reporting of statutory violations. These penalties include fines, imprisonment, disgorgement, restitution, and debarment.
    • Whistleblowers can receive between 10% and 30% of amounts the federal government recovers in FCPA enforcement litigation, and this provides a strong incentive to report violations as well.
    • The risk of significant penalties is an important factor for companies to consider when deciding how much time, effort, and money to invest in constructing an FCPA compliance program.
  8. Anti-corruption laws foster business expansion and stability both domestically and globally.
    • For companies that plan to expand domestically or internationally, success depends on the existence of a competitive environment in which companies compete fairly based on product differentiation, price, and other market factors.
    • Fair competition and growth opportunities are hampered when competitors can simply bribe their way to success. Therefore, FCPA enforcement is essential to maintaining fair competition.
    • DOJ and SEC investigations can severely disrupt efforts to maintain stability and predictability, and they can lead to significant financial and reputational harm.
  9. Corruption leads to human rights abuses.
    • Companies that regularly utilize corruption and bribery to achieve their business goals often resort to other illegal practices as well. This includes forced labor and child labor.
    • These types of human rights abuses are commonplace in countries where corruption and bribery are widespread.
    • To reduce the risk of these human rights abuses, it is crucial for company personnel to be educated on the potentially disastrous consequences of corruption and bribery.
    • Developing a robust compliance policy is the best way to educate personnel, reduce the risks of corruption and bribery, and eliminate the human rights abuses associated with these risks.
  10. The FCPA encourages open communication between companies and their legal counsel.
    • With regard to FCPA compliance, it is a legal counsel’s job to represent the best interests of the company and help the company foster an environment of ethical conduct. Achieving these objectives requires open and honest communication between the company and legal counsel.
    • Due to the severe sanctions imposed under the FCPA, companies are incentivized to hire counsel to advise them with regard to compliance and to adopt and implement effective FCPA compliance programs.

Effective FCPA Compliance Programs Help Companies Avoid Costs, Loss of Business Opportunities, and Federal Liability

Working with legal counsel to develop robust FCPA compliance policies and procedures can help prevent company personnel from offering bribes and engaging in other corrupt practices while also encouraging the internal disclosure of suspected violations. Failing to maintain adequate internal controls and foster a culture of compliance can be detrimental to a company’s operations, and FCPA violations can lead to civil or criminal prosecution at the federal level. As a result, all companies that do business with foreign entities would be well-advised to work with legal counsel to develop comprehensive FCPA compliance policies and procedures.

Oberheiden P.C. © 2020

For more on the Foreign Corrupt Practices Act see the National Law Review Criminal Law & Business Crimes section.