Category: Legislation

No Copyright Case Too Small: Content Creators Rejoice or Casual Infringers Beware?

An office jokester emails a funny meme she copied off Google to a colleague. A tourist snaps a picture of a painting in an art gallery and posts it to his travel blog. A teacher prints copies of a recently published Internet article and distributes to his class. A teen reposts his friend’s Instagram picture on his own social media page. To these casual infringers, no harm has been done and there’s certainly no reason to “make a federal case out of it.” But to the copyright owners, these small acts of infringement mean something. Perhaps not enough to justify the expense and time required for a federal claim, but action may be worth pursuing on a smaller scale.

Enter the pending CASE Act, intended to protect the “creative middle class,” and a potential boon to small businesses and individual content creators, while simultaneously presenting a threat to the “micro-infringements” committed by the ordinary person throughout the day. Last week, the US House of Representatives approved the Copyright Alternative in Small-Claims Enforcement Act of 2019 (CASE Act) by a landslide 410-6 vote. The bill is intended to create a Copyright Claims Board within the US Copyright Office that would hear copyright claims of up to $15,000 per work infringed, with statutory damages capped at a total of $30,000.

If passed by the Senate, the CASE Act is likely to be a welcome avenue for graphic designers, bloggers, photographers, authors, vloggers, and other individual and small business copyright owners to protect their works. Currently, pursuing copyright infringement litigation is limited to filing suit in federal courts, the cost of which can be prohibitive for many small businesses. The proposed Copyright Claims Board provides a more affordable avenue—effectively, a copyright small claims court—to enforce copyright ownership.

Supporters say that small businesses have long needed a more efficient and affordable means to enforce their copyrights. To this point, much of the unauthorized exchange and use of Internet-based works or smaller-scale copyrighted works has been difficult to police. In fact, June Besek, the executive director of the Kernochan Center for Law, Media and the Arts at Columbia Law School, recently told the ABA Journal that many infringers knowingly exploit copyrighted material because they are confident they will never be challenged. (Anyone remember the flagrant use of Napster and LimeWire by teens in the late 1990s and early 2000s to illegally download music—excuse me, “file share”—with little fear of repercussions for their “small-scale” acts of infringement?). A number of organizations, including the American Bar Association, have expressed support for the CASE Act.

But that support, while widespread, is not universal. The American Civil Liberties Union opposes the proposed CASE Act on the grounds that it will stifle free speech and the open sharing of information. Other critics say that by lowering the threshold for infringement claims, lawmakers also are opening the door for “copyright trolls” to file nuisance infringement claims with the Copyright Claims Board. And many are less than keen on the idea that inadvertently unanswered copyright infringement complaints could cost ordinary Americans up to $30,000 in default judgments per proceeding—perhaps a small sum to a business, but potentially life-changing to many individuals—with very limited ability to appeal, under the currently proposed language of the Act.

Notably, as currently written, the small-claims tribunal established under CASE will be entirely voluntary, meaning the complaining party can elect to use the Copyright Claims Board, and the defending party may choose to opt out. But critics point out that the opt-out window is only 60 days long, and easily could be missed by an unwitting defendant.

Next, the Senate will consider the CASE Act, but observers believe it will pass with bipartisan support. The final language of the Act may be somewhat different from its current form, so stay tuned for more updates as the CASE Act makes its way through the legislature.

What the proposed CASE Act could mean for you:

Would-be plaintiffs (or defendants) appearing before the proposed Copyright Claims Board are encouraged to do so with licensed legal representation. Some have suggested that this small claims court format will allow parties to represent themselves without needing to incur the fees of legal representation. However, it is important to remember that, though the monetary stakes may be lower than in federal court, the complex legal nuances of copyright law, not to mention jurisdiction, service, discovery, evidence, joinder of parties, and expert testimony, remain the same and are best addressed by experienced legal counsel.

Owners of large copyright portfolios may find the CASE Act to allow greater leeway in defending their works against smaller-player infringers. Businesses with larger portfolios may wish to take stock of their protected works and develop an enforcement strategy, taking into account this more accessible avenue for enforcement.

Smaller companies or individual content creators, too, may find the proposed CASE Act to provide the freedom to assert their copyrights more aggressively than they have done previously. These companies and individuals also are encouraged to take stock of their copyright portfolios, and consider setting up infringement alerts through their legal representatives or third party vendors in order to take a more offensive stance.

On the opposite side of the court room, copyrighted work users are cautioned to think carefully about their use of protected works. Businesses and schools may want to consider updating policies on use and distribution of protected works, with a more conservative mindset. The relative ease of filing suit with the Copyright Claims Board may give rise to a more litigious “creative middle class.” And while the damages may be smaller-scale, the attendant legal costs may not be, and damages from multiple suits may add up quickly.

 

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.

ARTICLE BY Kristin Lamb of  Womble Bond Dickinson (US) LLP.
For more copyright infringement regulation, see the National Law Review Intellectual Property law page.

AB 1291 Forces California Cannabis Companies To Sign “Labor Peace Agreements” With Unions, But Statute May be Unconstitutional

 

On October 12, 2019, Governor Newsom signed Assembly Bill 1291 (“AB 1291”) into law, which requires companies to sign a so-called “labor peace” agreement with a union or risk losing their cannabis license; thereby, strengthening already union-friendly statewide cannabis law. AB 1291 was supported and endorsed by various unions, including the United Food and Commercial Workers Western States Council, a 170,000-member branch representing thousands of cannabis workers. This bill, as well as other California statutes and local laws, signals a growing insistence by state and local regulators that employers doing business in California accept pro-union requirements. However, many of these new pro-union laws, including AB 1291, may be unconstitutional.

The main takeaways of AB 1291 are as follows:

  1. Effective January 1, 2020, California cannabis license applicants must sign so-called labor peace agreements with a union within 60 days of their 20th hire or risk losing their cannabis license.
  2. Employers and business associations seeking to challenge AB 1291, and other similar state or local union-related ordinances, are encouraged to speak with experienced labor counsel to discuss their options.
  3. Employers seeking to comply with AB 1291 and sign labor peace agreements should conduct due diligence on the labor unions they are considering entering into negotiations with. Not all unions are the same. Additionally, businesses should be thoughtful about what they agree to put into a labor peace agreement to satisfy the requirements under California’s cannabis laws. For example, these agreements are frequently mistakenly referred to as “neutrality agreement.” Neutrality agreements typically contain a commitment from the employer to remain “neutral” through a union organizing campaign. In contrast, AB 1291 does not use the term “neutral(ity)” and, thus, arguments can be made that strict “neutrality” is not required under the statute and may not need to be included in the labor peace agreement. Thus, employers should speak with experienced labor counsel before negotiating labor peace agreements with unions.

Background

Since its adoption into law in 2018, the Medicinal and Adult Use of Cannabis Regulation and Safety Act (“MAUCRSA”) has required applicants for state cannabis licenses with 20 or more employees to “provide a statement that the applicant will enter into, or demonstrate that it has already entered into, and abide by the terms of a labor peace agreement.”1 (Cal. Bus. & Prof. Code § 26015.5(a)(5)(A).) A labor peace agreement, as defined under California’s cannabis laws, must contain the following commitments, at a minimum:

  1. Employer shall not “disrupt” efforts by the union to “communicate with, and attempt to organize and represent” the employer’s employees;
  2. Employer shall give the union “access at reasonable times to areas in which the employees work, for the purpose of meeting with employees to discuss their right to representation, employment rights under state law, and terms and conditions of employment;” and
  3. Union and its members shall not engage in picketing, work stoppages, boycotts, and any other economic interference with the employer’s business.

(Cal. Lab. & Prof Code § 26001(x).)

Effective January 1, 2020, AB 1291 requires an applicant for a state license under MAUCRSA with 20 or more employees to provide a notarized statement that the applicant will enter into, or demonstrate that it has already entered into, and abide by the terms of a labor peace agreement. If the applicant has less than 20 employees and has not yet entered into a labor peace agreement, AB 1291 requires the applicant to provide a notarized statement as a part of its application indicating that the applicant will enter into and abide by the terms of a labor peace agreement within 60 days of employing its 20th employee. By expanding the scope of the crime of perjury, AB 1291 imposes a state-mandated local program and authorizes the Bureau of Cannabis Control, the Department of Food and Agriculture, and the State Department of Public Health to revoke or suspend a license for a violation of these requirements.

AB 1291 May Be Unconstitutional

AB 1291 poses substantial questions as to whether it is unconstitutional due to preemption by the National Labor Relations Act (“NLRA”) under two complementary preemptions doctrines: Garmon and Machinists. In San Diego Building Trades Council v. Garmon, 359 U.S. 236 (1959), the U.S. Supreme Court declared that the states are constitutionally barred by the U.S. Constitution’s supremacy clause from regulating conduct that NLRA protects, prohibits, or arguably protects or prohibits. Garmon preemption exists to protect the National Labor Relations Board’s (“NLRB”) primary jurisdiction and to preclude a state’s interference with its interpretation and enforcement of the integrated regulatory scheme that is the NLRA. Indeed, Congress delegated exclusive authority to the NLRB because it sought to establish a single, uniform national labor policy that would be unaffected by the vagaries of state law or shaped by local attitudes or prejudices. (Garner v. Teamsters Union, 346 U.S. 485, 490 (1953).) In Machinists v. Wisconsin Employment Relations Comm’n, 427 U. S. 132 (1976), the U.S. Supreme Court similarly declared that the NLRA forbids states to regulate conduct that Congress intended “to be unregulated because left ‘to be controlled by the free play of economic forces.’” Together, Garmon and Machinists preempt state and local policies that would otherwise interfere with the “integrated scheme of regulation” and disrupt the balance of power between labor and management embodied in the NLRA.

It appears AB 1291’s purpose is to afford unions greater rights than provided under the NLRA and make it easier for unions to organize cannabis employers. AB 1291 arguably presents the type of state interference in labor-management relations that Garmon and Machinists preemption forbids. For example, in Golden State Transit Corp. v. City of Los Angeles (“Golden State I”), 475 U.S. 608, 616 (1986), the Supreme Court held that while the NLRA “requires an employer and a union to bargain in good faith, … it does not require them to reach agreement,” nor does it demand a particular outcome from labor negotiations.” The substance of labor negotiations, and the results therefrom, are among those areas Congress intentionally left to the free play of economic forces when it legislated in the field of labor law. (Id.) In that case, the Supreme Court found that Machinists preempted the City of Los Angeles’ (“City”) refusal to renew a taxi cab company’s license when it failed to reach an agreement with striking union members. By conditioning the renewal of the taxi cab franchise on the acceptance of the union’s demands, the City effectively imposed a timeline on the parties’ negotiations and undermined the taxi cab company’s ability to rely on its own economic power to resist the strike. (Id. at 615.) The Supreme Court held that the City could not pressure the taxi cab company into reaching a settlement and thereby “destroy[] the balance of power designed by Congress, and frustrate[] Congress’ decision to leave open the use of economic weapons.” (Id. at 619.)

The facts of Golden State I are instructive here. Like the taxi cab company in Golden State I, California cannabis businesses now face a Hobson’s “all or nothing” choice under AB 1291. If a cannabis business refuses to negotiate a labor peace agreement with a labor organization, it effectively loses the right to do business in California. But if the cannabis business negotiates a labor peace agreement, the union knows full well that it can hold out for significant concessions in exchange for its members giving up one of their most valuable economic weapons – the power to strike.

The U.S. Supreme Court’s decision in Chamber of Commerce v. Brown, 554 U.S. 60 (2008) is also instructive. At issue in Brown was California’s Assembly Bill 1889 (“AB 1889”), prohibiting certain private employers from using state funds to “assist, promote, or deter union organizing.” (Id. at 63 [quoting Cal. Govt. Code §§ 16645.1–16645.7].) The Court held that AB 1889 was unconstitutional. As explained by the Court, the current text of Sections 7 and 8 of the NLRA are amendments made to the NLRA in 1947 as part of the Labor Management Relations Act, also known as the Taft Harley Act, for the purpose of overturning earlier NLRB precedent. The NLRA was amended in in several key respects. First, it emphasized that employees “have the right to refrain from any or all” union activities. (29 U.S.C. § 157.) Second, it added Section 8(b), which prohibits unfair labor practices by unions. (29 U.S.C. § 158(b).) Third, it added Section 8(c), which protects speech by both unions and employers from regulation by the NLRB. (29 U.S.C. § 158(c).) Specifically, Section 8(c) provides:

The expressing of any views, argument, or opinion, or the dissemination thereof, whether in written, printed, graphic, or visual form, shall not constitute or be evidence of an unfair labor practice under any of the provisions of this subchapter, if such expression contains no threat of reprisal or force or promise of benefit.

With the amendments, Section 8(c) “manifested a “congressional intent to encourage free debate on issues dividing labor and management.” (Id. at 6-7.) That Congress amended the NLRA, rather than leaving to the courts the task of correcting the NLRB’s decisions on a case-by-case basis, is “indicative of how important Congress deemed such ‘free debate.’” (Id. at 7.) In addition, Sections 8(a) and 8(b) “demonstrate that when Congress has sought to put limits on advocacy for or against union organization, it has expressly set forth the mechanisms for doing so.” (Brown, 554 U.S. at 67.) Moreover, “the amendment to §7 calls attention to the right of employees to refuse to join unions, which implies an underlying right to receive information opposing unionization.” (Id.) “[T]he addition of §8(c) expressly precludes regulation of speech about unionization so long as the communications do not contain a ‘threat of reprisal or force or promise of benefit.” (Id. [internal quotation omitted].) Thus, based on these overriding principles, the Court concluded that “California’s policy judgment that partisan employer speech necessarily interfere[s] with an employee’s choice about whether to join or to be represented by a labor union” and struck down AB 1889. (Id. at 68 [internal quotation omitted].)

AB 1291 is arguably no different. By forcing unwilling cannabis businesses to negotiate and accept labor peace agreements, AB 1291 compels a result Congress deliberately left to the free play of economic forces. The NLRA does not allow state and local governments to interfere with employer rights to communicate with employees regarding unionization under Section 8(c). Nor does it allow state and local governments to “introduce some standard of properly balanced bargaining power . . . or to define what economic sanctions might be permitted negotiating parties in an ideal or balanced state of collective bargaining.” (Machinists, 427 U.S. at 149-50.) Yet, this is exactly what AB 1291 appears to do. Accordingly, AB 1291 may be unconstitutional.

1 A labor peace (aka a labor harmony agreement) is essentially a contract between an employer and an organized labor union in which the employer agrees to help the union organize the employer’s workforce (i.e., unionize) by providing, for example, certain information or agreeing not to interfere with the union organizing efforts, in exchange for the union’s agreement not to strike or cause other disruption in the employer’s workforce during a union organizing campaign. Because these agreements open the door to union activity within the workplace, they should not be entered into casually. Rather, unionization may result in increased labor costs, contractual contributions to union pension plans, loss of flexibility, and adherence to union rules set forth in a legally binding contract. In addition, once a union is recognized or certified as the collective bargaining representative of employees, it is practically impossible to terminate that relationship. Indeed, only after a costly and divisive decertification election can a workforce return to the merit-based and flexible non-union environment.

Copyright © 2019, Sheppard Mullin Richter & Hampton LLP.

For more on union regulation, see the National Law Review Labor & Employment law page.

CCPA Alert: California Attorney General Releases Draft Regulations

On October 10, 2019, the California Attorney General released the highly anticipated draft regulations for the California Consumer Privacy Act (CCPA). The regulations focus heavily on three main areas: 1) notices to consumers, 2) consumer requests and 3) verification requirements. While the regulations focus heavily on these three topics, they also discuss special rules for minors, non-discrimination standards and other aspects of the CCPA. Despite high hopes, the regulations do not provide the clarity many companies desired. Instead, the regulations layer on new requirements while sprinkling in further ambiguities.

The most surprising new requirements proposed in the regulations include:

  • New disclosure requirements for businesses that collect personal information from more than 4,000,000 consumers
  • Businesses must acknowledge the receipt of consumer requests within 10 days
  • Businesses must honor “Do Not Sell” requests within 15 days and inform any third parties who received the personal information of the request within 90 days
  • Businesses must obtain consumer consent to use personal information for a use not disclosed at the time of collection

The following are additional highlights from each of the three main areas:

1. Notices to consumers

The regulations discuss four types of notices to consumers: notice at the time of collection, notice of the right to opt-out of the sale of personal information, notice of financial incentives and a privacy policy. All required notices must be:

  • Easy to read in plain, straightforward language
  • In a format that draws the consumer’s attention to the notice
  • Accessible to those with disabilities
  • Available in all languages in which the company regularly conducts business

The regulations make clear that it is necessary, but not sufficient, to update your privacy policy to be compliant with CCPA. You must also provide notice to consumers at the time of data collection, which must be visible and accessible before any personal information is collected. The regulations make clear that no personal information may be collected without proper notice. You may use your privacy policy as the notice at the time of collection, but you must link to a specific section of your privacy policy that provides the statutorily required notice.

The regulations specifically provide that for offline collection, businesses could provide a paper version of the notice or post prominent signage. Similar to General Data Protection Regulation (GDPR), a company may only use personal information for the purposes identified at the time of collection. Otherwise, the business must obtain explicit consent to use the personal information for a new purpose.

In addition to the privacy policy requirements in the statute itself, the regulations require more privacy policy disclosures. For example, the business must include instructions on how to verify a consumer request and how to exercise consumer rights through an agent. Further, the privacy policy must identify the following information for each category of personal information collected: the sources of the information, how the information is used and the categories of third parties to whom the information is disclosed. For businesses that collect personal information of 4,000,000 or more consumers, the regulations require additional disclosures related to the number of consumer requests and the average response times. Given the additional nuances of the disclosure requirements, we recommend working with counsel to develop your privacy policy.

If a business provides financial incentives to a consumer for allowing the sale of their personal information, then the business must provide a notice of the financial incentive. The notice must include a description of the incentive, its material terms, instructions on how to opt-in to the incentive, how to withdraw from the incentive and an explanation of why the incentive is permitted by CCPA.

Finally, the regulations state that service providers that collect personal information on behalf of a business may not use that personal information for their own purposes. Instead, they are limited to performing only their obligations under the contract between the business and service provider. The contract between the parties must also include the provisions described in CCPA to ensure that the relationship is a service provider/business relationship, and not a sale of personal information between a business and third party.

2. Consumer requests

Businesses must provide at least two methods for consumers to submit requests (most commonly an online form and a toll-free number), and one of the methods must reflect the manner in which the business primarily interacts with the consumer. In addition, businesses that substantially interact with consumers offline must provide an offline method for consumers to exercise their right to opt-out, such as providing a paper form. The regulations specifically call out that in-person retailers may therefore need three methods: a paper form, an online form and a toll-free number.

The regulations do limit some consumer request rights by prohibiting the disclosure of Social Security numbers, driver’s license numbers, financial account numbers, medical-related identification numbers, passwords, and security questions and answers. Presumably, this is for two reasons: the individual should already know this information and most of these types of information are subject to exemptions from CCPA.

One of the most notable clarifications related to requests is that the 45-day timeline to respond to a consumer request includes any time required to verify the request. Additionally, the regulations introduce a new timeline requirement for consumer requests. Specifically, businesses must confirm receipt of a request within 10 days. Another new requirement is that businesses must respond to opt-out requests within 15 days and must inform all third parties to stop selling the consumer’s information within 90 days. Further, the regulations require that businesses maintain request records logs for 24 months.

3. Verification requirements

The most helpful guidance in the regulations relates to verification requests. The regulations provide that a more rigorous verification process should apply to more sensitive information. That is, businesses should not release sensitive information without being highly certain about the identity of the individual requesting the information. Businesses should, where possible, avoid collecting new personal information during the verification process and should instead rely on confirming information already in the business’ possession. Verification can be through a password-protected account provided that consumers re-authenticate themselves. For websites that provision accounts to users, requests must be made through that account. Matching two data points provided by the consumer with data points maintained by the business constitutes verification to a reasonable degree of certainty, and the matching of three data points constitutes a high degree of certainty.

The regulations also provide prescriptive steps of what to do in cases where an identity cannot be verified. For example, if a business cannot verify the identity of a person making a request for access, then the business may proceed as if the consumer requested disclosure of only the categories of personal information, as opposed to the content of such personal information. If a business cannot verify a request for deletion, then the business should treat the request as one to opt-out of the sale of personal information.

Next steps

These draft regulations add new wrinkles, and some clarity, to what is required for CCPA compliance. As we move closer to January 1, 2020 companies should continue to focus on preparing compliant disclosures and notices, finalizing their privacy policies and establishing procedures to handle consumer requests. Despite the need to press forward on compliance, the regulations are open to initial public comment until December 6, 2019, with a promise to finalize the regulations in the spring of 2020. We expect further clarity as these draft regulations go through the comment process and privacy professionals, attorneys, businesses and other stakeholders weigh in on their clarity and reasonableness.

Copyright © 2019 Godfrey & Kahn S.C.

For more on CCPA implementation, see the National Law Review Consumer Protection law page.

The Fairness for High-Skilled Workers Act May Endanger Economy

The Fairness for High-Skilled Workers Act has passed the House of Representatives, and is pending before the Senate where it may pass by unanimous consent (i.e., with no actual vote or hearing).

On its face, the Fairness Act seems fair. By eliminating the 7% per country cap, Indian nationals and Chinese nationals who have been waiting and would continue to wait for years to capture green cards would be placed at the front of line. But this would be at the expense of workers from other countries who are also important to the United States.

About 25% of all STEM workers in the U.S., including those in the fields of healthcare, physical science, computer, and math, are foreign-born and that figure is on the rise. One quarter of all doctors in the U.S. are foreign-born — many from sub-Saharan Africa — and are particularly important in poor, rural areas of the country where physicians are scarce. One in five pharmacists and one in four dentists are foreign-born. Other types of healthcare workers come from Asia, Mexico, Central America, and the Caribbean and our need for these workers rises as baby boomers age.

If the Fairness Act were to pass, recruiting from countries other than India and China might become more difficult, and this talent may well turn elsewhere. New Zealand, Ireland, Australia and the UK are also dependent on foreign-trained doctors.

High-tech workers from India and China are also important to the U.S. and its economy; but our current immigration system is driving them out as well. This started in 2008, when it became difficult for high-tech companies to get the number of H-1B visas they needed. That frustration has grown with the increased scrutiny of H-1B petitions and the long green card waiting lines. Indian and Chinese talent is heading for other countries, and Canada is welcoming them and their companies with open arms. South Africa, Argentina, India, Chile, Japan, Hong Kong, South Korea, Israel, Australia, and Ireland also are popular competitors.

Quotas of one kind or another have been part of the U.S. immigration system since the early part of the 20th century. Literacy requirements limited immigration from some of the poorer countries of the world. Country-of-birth quotas benefited those from the UK, Ireland, and Germany at the expense even of those born in southern and eastern Europe. The 1965 Immigration and Nationality Act (the Hart-Celler Act), which is the basis of our current system, abolished national origin quotas (to eliminate discrimination) and focused on family reunification. The 7% annual ceiling on the number of immigrants from any one country was established. The ceiling was not meant to be quota, but rather a “barrier against monopolization.”

Senator Rand Paul, who opposes the Fairness Act, introduced the BELIEVE Act (Backlog Elimination, Legal Immigration and Employment Visa Enhancement Act) (S. 2091) on July 11, 2019. That bill would simply quadruple the number of employment-based visas by doubling the number available annually and exempting dependents from being counted toward the annual quota of visas. His bill also would exempt all shortage occupations from green card limits.

The Fairness Act may be just an interim solution. Rather than pitting family-based immigration against employment-based immigration and rather than pitting one country against another or one industry against another, perhaps it is time for legislation like the BELIEVE Act that would simply increase the number of green cards available to everybody.

Jackson Lewis P.C. © 2019

For more on green card legislation, see the National Law Review Immigration law page.

The CCPA Is Approaching: What Businesses Need to Know about the Consumer Privacy Law

The most comprehensive data privacy law in the United States, the California Consumer Privacy Act (CCPA), will take effect on January 1, 2020. The CCPA is an expansive step in U.S. data privacy law, as it enumerates new consumer rights regarding collection and use of personal information, along with corresponding duties for businesses that trade in such information.

While the CCPA is a state law, its scope is sufficiently broad that it will apply to many businesses that may not currently consider themselves to be under the purview of California law. In addition, in the wake of the CCPA, at least a dozen other states have introduced their own comprehensive data privacy legislation, and there is heightened consideration and support for a federal law to address similar issues.

Below, we examine the contours of the CCPA to help you better understand the applicability and requirements of the new law. While portions of the CCPA remain subject to further clarification, the inevitable challenges of compliance, coupled with the growing appetite for stricter data privacy laws in the United States generally, mean that now is the time to ensure that your organization is prepared for the CCPA.

Does the CCPA apply to my business?

Many businesses may rightly wonder if a California law even applies to them, especially if they do not have operations in California. As indicated above, however, the CCPA is not necessarily limited in scope to businesses physically located in California. The law will have an impact throughout the United States and, indeed, worldwide.

The CCPA will have broad reach because it applies to each for-profit business that collects consumers’ personal information, does business in California, and satisfies at least one of three thresholds:

  • Has annual gross revenues in excess of $25 million; or
  • Alone or in combination, annually buys, receives for commercial purposes, sells, or shares for commercial purposes, the personal information of 50,000 or more California consumers; or
  • Derives 50 percent or more of its annual revenues from selling consumers’ personal information

While the CCPA is limited in its application to California consumers, due to the size of the California economy and its population numbers, the act will effectively apply to any data-driven business with operations in the United States.

What is considered “personal information” under the CCPA?

The CCPA’s definition of “personal information” is likely the most expansive interpretation of the term in U.S. privacy law. Per the text of the law, personal information is any “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

The CCPA goes on to note that while traditional personal identifiers such as name, address, Social Security number, passport, and the like are certainly personal information, so are a number of other categories that may not immediately come to mind, including professional or employment-related information, geolocation data, biometric data, educational information, internet activity, and even inferences drawn from the sorts of data identified above.

As a practical matter, if your business collects any information that could reasonably be linked back to an individual consumer, then you are likely collecting personal information according to the CCPA.

When does a business “collect” personal information under the CCPA?

To “collect” or the “collection” of personal information under the CCPA is any act of “buying, renting, gathering, obtaining, receiving, or accessing any personal information pertaining to a consumer by any means.” Such collection can be active or passive, direct from the consumer or via the purchase of consumer data sets. If your business is collecting personal information directly from consumers, then at or before the point of collection the CCPA imposes a notice obligation on your business to inform consumers about the categories of information to be collected and the purposes for which such information will (or may) be used.

To reiterate, if your business collects any information that could reasonably be linked back to an individual, then you are likely collecting personal information according to the CCPA.

If a business collects personal information but never sells any of it, does the CCPA still apply?

Yes. While there are additional consumer rights related to the sale of personal information, the CCPA applies to businesses that collect personal information solely for internal purposes, or that otherwise do not disclose such information.

What new rights does the CCPA give to California consumers?

The CCPA gives California consumers four primary new rights: the right to receive information on privacy practices and access information, the right to demand deletion of their personal information, the right to prohibit the sale of their information, and the right not to be subject to price discrimination based on their invocation of any of the new rights specified above.

What new obligations does a business have regarding these new consumer rights?

Businesses that fall under the purview of the CCPA have a number of new obligations under the law:

  • A business must take certain steps to assist individual consumers with exercising their rights under the CCPA. This must be accomplished by providing a link on the business’s homepage titled “Do Not Sell My Personal Information” and a separate landing page for the same. In addition, a business must update its privacy policy (or policies), or a California-specific portion of the privacy policy, to include a separate link to the new “Do Not Sell My Personal Information” page.

A business also must provide at least two mechanisms for consumers to exercise their CCPA rights by offering, at a minimum, a dedicated web page for receiving and processing such requests (the CCPA is silent on whether this web page must be separate from or can be combined with the “Do Not Sell My Personal Information” page), and a toll-free 800 number to receive the same.

  • Upon receipt of a verified consumer request to delete personal information, the business must delete that consumer’s personal information within 45 days.
  • Upon receipt of a verified consumer request for information about the collection of that consumer’s personal information, a business must provide the consumer with a report within 45 days that includes the following information from the preceding 12 months:
    • Categories of personal information that the business has collected about the consumer;
    • Specific pieces of personal information that the business possesses about the consumer;
    • Categories of sources from which the business received personal information about the consumer;
    • A corporate statement detailing the commercial reason (or reasons) that the business collected such personal information about the consumer; and
    • The categories of third parties with whom the business has shared the consumer’s personal information.
  • Upon receipt of a verified consumer request for information about the sale of that consumer’s personal information, a business must provide the consumer with a report within 45 days that includes the following information from the preceding 12 months:
    • Categories of personal information that the business has collected about the consumer;
    • Categories of personal information that the business has sold about the consumer;
    • Categories of third parties to whom the business has sold the consumer’s personal information; and
    • The categories of personal information about the consumer that the business disclosed to a third party (or parties) for a business purpose.
  • Finally, a business must further update its privacy policy (or policies), or the California-specific section of such policy(s), to:
    • Identify all new rights afforded consumers by the CCPA;
    • Identify the categories of personal information that the business has collected in the preceding 12 months;
    • Include a corporate statement detailing the commercial reason (or reasons) that the business collected such personal information about the consumer;
    • Identify the categories of personal information that the business has sold in the prior 12 months, or the fact that the business has not sold any such personal information in that time; and
    • Note the categories of third parties with whom a business has shared personal information in the preceding 12 months.

What about employee data gathered by employers for internal workplace purposes?

As currently drafted, nothing in the CCPA carves out an exception for employee data gathered by employers. A “consumer” is simply defined as a “natural person who is a California resident …,” so the law would presumably treat employees like anyone else. However, the California legislature recently passed Bill AB 25, which excludes from the CCPA information collected about a person by a business while the person is acting as a job applicant, employee, owner, officer, director, or contractor of the business, to the extent that information is collected and used exclusively in the employment context. Bill AB 25 also provides an exception for emergency contact information and other information pertaining to the administration of employee benefits. The bill awaits the governor’s signature – he has until October 13, 2019 to sign.

But not so fast – Bill AB 25 only creates a one-year reprieve for employers, rather than a permanent exception. The exceptions listed above will expire on January 1, 2021. By that time, the legislature may choose to extend the exceptions indefinitely, or businesses should be prepared to fully comply with the CCPA.

California employers would thus be wise to start considering the type of employee data they collect, and whether that information may eventually become subject to the CCPA’s requirements (either on January 1, 2021 or thereafter). Personal information is likely to be present in an employee’s job application, browsing history, and information related to payroll processing, to name a few areas. It also includes biometric data, such as fingerprints scanned for time-keeping purposes. Employers who collect employees’ biometric information, for example, would be well advised to review their biometric policies so that eventual compliance with the CCPA can be achieved gradually during this one-year grace period.

Notwithstanding this new legislation, there remains little clarity as to how the law will ultimately be applied in the employer-employee context, if and when the exceptions expire. Employers are encouraged to err on the side of caution and to reach out to experienced legal counsel for further guidance if they satisfy any one of the above thresholds.

What are the penalties for violation of the CCPA?

Violations of the CCPA are enforced by the California Attorney General’s office, which can issue civil monetary fines of up to $2,500 per violation, or $7,500 for each intentional violation. Currently, the California AG’s office must provide notice of any alleged violation and allow for a 30-day cure period before issuing any fine.

Are there any exceptions to the CCPA?

Yes, there are a number of exceptions. First, the CCPA only applies to California consumers and businesses that meet the threshold(s) identified above. If a business operates or conducts a transaction wholly outside of California then the CCPA does not apply.

There are also certain enumerated exceptions to account for federal law, such that the CCPA is pre-empted by HIPAA, the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act as it applies to personal information sold to or purchased from a credit reporting agency, and information subject to the Driver’s Privacy Protection Act.

Would it be fair to say that the CCPA is not very clear, and maybe even a bit confusing?

Yes, it would. The CCPA was drafted, debated, and enacted into law very quickly in the face of some legislative and ballot-driven pressures. As a result, the bill as enacted is a bit confusing and even contains sections that appear to contradict its other parts. The drafters of the CCPA, however, recognized this and have included provisions for the California AG’s office to provide further guidance on its intent and meaning. Amendment efforts also remain underway. As such, it is likely that the CCPA will be an evolving law for at least the short term.

Regardless, the CCPA will impose real-world requirements effective January 1, 2020, and the new wave of consumer privacy legislation it has inspired at the state and federal level is likely to bring even more of the same. It is important to address these issues now, rather than when it is too late.

© 2019 Much Shelist, P.C.

For more on the CCPA legislation, see the National Law Review Consumer Protection law page.

New Jersey and New York Further Strengthen Wage and Hour Laws to Protect Employees: Part 1 – NJ Developments

On August 6, 2019, New Jersey substantially amended its wage and hour laws in several critical respects by, among other provisions, expanding the statute of limitations, increasing damages and criminal penalties, strengthening anti-retaliation provisions and, overall, making it easier and more lucrative for employees to prevail on wage and hour claims. The new “Wage Theft” Law is effective immediately, except for one provision identified below. Here is a summary of the key provisions:

    • The Statute of Limitations Expands from 2 to 6 years – The amendment triples the amount of time available to file claims for unpaid minimum wage and overtime payments, thereby tripling the potential damages available to employees. New Jersey now joins New York in implementing a 6-year statute of limitations for such claims. In contrast, the statute of limitations under federal law remains at 2 years or 3 years, depending on whether a willful violation was committed.

    • Liquidated Damages – The amendment provides that, in addition to having to pay earned, unpaid wages, employers also will be liable for liquidated damages of up to 200% of the wages owed. Previously, liquidated damages were not available under New Jersey law. A limited “good faith” defense will be available to first-time violators under certain circumstances.

    • Anti-Retaliation – The amendment expands the anti-retaliation provisions by making it a disorderly persons offense to take retaliatory action by discharging or otherwise discriminating against an employee for making a complaint, instituting an action, or informing other employees about their rights concerning wages and hours of work.There is a rebuttable presumption of retaliation for adverse actions taken within 90 days of an employee filing a complaint with the Department of Labor or a court action. Liquidated damages are available for claims of retaliation.

    • Fines and Penalties – It is now a disorderly persons offense for an employer to (i) knowingly fail to pay wages, compensation or benefits when due, (ii) take retaliatory action, or (iii) fail to pay agreed-upon wages within 30 days of the date when payment is due. An employer who commits any such offense must pay wages due plus 200% of that amount in liquidated damages, reasonable costs and attorneys’ fees, a fine of $500 for a first offense (which increases for subsequent offenses) and, under certain circumstances, an additional penalty of 20% of wages due and/or imprisonment. The amendment provides for a broad definition of “employer” to include officers of a corporation and “any agents having the management of that corporation.”

    • Creation of a New Crime – The amendment creates a new crime of “pattern of wage nonpayment” for a person convicted of violating certain provisions of the Criminal Justice Code and/or wage and hour laws on two or more occasions. Though this is classified as a “3rd – degree” crime, there is no presumption of nonimprisonment. This provision will become effective three months from the August 6 enactment date.

    • Joint and Successor Liabilities – The amendment expands the circumstances under which organizations may now be held liable as joint or successor employers.

    • Failure to Maintain Records – The amendment provides that employers who fail to produce required records are subject to a rebuttable presumption that allegations by the employee concerning the time period the employee was employed and the wages that are due are true.

    • Employer Notice Requirement – The amendment imposes a new written notice obligation on employers. NJ employers will be required to distribute both to current employees and new hires a form the NJ Department of Labor and Workforce Development will publish.

Take Aways

Wage and hour compliance has long been a vulnerable area for employers, and New Jersey employers must now contend with wage and hour protections that are among the strongest in the nation. It is more imperative than ever for New Jersey employers to (i) properly classify workers, where warranted, as employees rather than as independent contractors, (ii) properly classify employees as exempt or non-exempt from overtime requirements, (iii) timely pay employees all wages, compensation and benefits due, including overtime, and (iv) maintain required wage and hour records for at least 6 years.

 

© Copyright 2019 Sills Cummis & Gross P.C.
For more wage-hour laws, see the National Law Review Labor & Employment law page.

Zero Waste Act Introduced By U.S. Representative Omar

On July 25, 2019, U.S. Representative Ilhan Omar (D-MN) introduced the Zero Waste Act, which intends to create a federal grant program to invest in solutions that address waste. The bill, if passed, will go towards recycling infrastructure or the creation of partnerships with local businesses focused on waste reduction. Representative Omar believes the bill will not only create jobs, but also reduce greenhouse gas (GHG) emissions, grow domestic manufacturing, clean waterways, save energy, ensure safety from health hazards, and grow the U.S. economy.
Omar’s bill has been endorsed by several organizations, including the City of Minneapolis, Eureka Recycling, Climate Generation, and Surfrider Foundation, among others. Presenting this bill through the lens that waste is an environmental justice issue, Representative Omar stated that “[a]ddressing the waste crisis is critical to preventing further damage to our climate—it is integral to racial justice and a clean, equitable future.” At a time where climate change debates have been of high interest to the U.S. population, in particular as the presidential candidate debates continue, it will be interesting to see whether this bill is passed. The full text of the bill can be accessed here.
©2019 Bergeson & Campbell, P.C.
For more environmental legislation see the Environmental, Energy & Resources page on the National Law Review.

Hawaii Decriminalizes Possession of Small Amounts of Marijuana

On July 9, 2019, Hawaii became the 26th state to decriminalize possession of small amounts of marijuanaHB 1383 (the “Law”), which became law when Governor David Ige allowed the veto deadline to pass without signing or striking down the bill, decriminalizes the possession of up to three grams of marijuana. It will go into effect on January 11, 2020.

Under the Law, those caught with up to three grams of marijuana will no longer face jail time but will still face a fine of $130. This is the smallest amount of marijuana that any state has decriminalized so far. Currently, possession of any amount of cannabis is punishable by up to 30 days in jail, a criminal record, and a $1,000 fine.

The Law also provides for the expungement “of criminal records pertaining solely to the possession of three grams or less of marijuana.” The state has amended its expungement statute in order to reflect this change, noting that courts must grant an expungement order, provided the individual is not facing any other criminal charges, and provided that the amount of marijuana possessed was three grams or less.

The Law establishes a “Marijuana Evaluation Task Force,” in an effort to examine other states’ laws, penalties and outcomes related to the decriminalization and legalization of marijuana. The task force, which will be active until June 30, 2021, will make recommendations on further changing marijuana laws in Hawaii.

The Law does not provide employment protections for recreational users, nor does it modify Hawaii’s Medical Use of Cannabis Law, which was amended last year in part to form a working group to evaluate potential discrimination against medical cannabis users and the employment protections made available in other states.

Employers and health care professionals should be ready to handle issues that arise with the potential conflict between state and federal law in devising compliance programs, both in terms of reporting and human resources issues, including practices and policies addressing drug use and drug testing. States continue to consider – and pass – legislation to decriminalize and legalize cannabis (both medicinal and recreational), and we are slowly marching toward 50-state legalization. All organizations – and particularly those with multi-state operations – should review and evaluate their current policies with respect to marijuana use by employees and patients.

This post was written with assistance from Radhika Gupta, a 2019 Summer Associate at Epstein Becker Green.

 

©2019 Epstein Becker & Green, P.C. All rights reserved.
For more on marijuana deregulation, please see the Biotech, Food & Drug law page on the National Law Review.

Wide-Ranging Senate Bill Aims to Streamline Post-Grant Proceedings and Block Trolls

On Wednesday, Senator Coon—of 101 hearings fame—and five co-sponsors introduced the Stronger Patents Act in the Senate (“Support Technology & Research for Our Nation’s Growth and Economic Resilience”). About 22 of the bill’s 40 pages involve amendments to IPR, PGR and ex parte reexamination that limit appeals and clarify overlapping court and PTO actions. These provisions have been ably summarized by Joshua Rich in a post at PatentDocs, but there are other interesting amendments to 35 U.S.C. so I thought I would start toward the last half of the bill.

Section 106 of the bill, entitled “Restoration of Patents as Property Rights,” amends section 283 to require that a court that finds infringement to presume that further infringement would cause irreparable injury and that remedies available at law are inadequate to compensate for that injury. These are the circumstances that encourage the court to issue an injunction against the infringer.

Section 42 of 35 U.S.C. would be amended to end USPTO fee diversion into the general fund by providing that any fees collectable by the Director shall be “available to the Director” and used to operate the PTO. Remaining unobligated funds are to be maintained in the “USPTO Innovation Promotion Account.”

Section 123(d) would be amended to clarify that a mircoentity includes an applicant who receives the majority of his income for a institution of higher education, or applicant has, or is under an obligation to assign, grant or convey a license or other ownership interest to said institution or the applicant is the institution or the applicant is a 501(c)(3) “nonprofit organization” that holds title to the institution’s patents “for the purpose of facilitating commercialization of the technologies” of the IP.

The bill establishes a pilot program whereby no fewer than six district courts will receive one additional law clerk or secretary who is tasked, with the assistance of the Federal Judicial Center, with helping  the court “develop expertise in patent and PVPA cases”…”for the purpose of expanding the [patent cases pilot program] to address special issues raised in patent infringement suits against individuals or small business concerns.”

The bill introduces Title II—”Targeting Rouge and Opaque Letters” and defines “Unfair or Deceptive Acts or Practices in Connection with the Assertion of a United States Patent” (section 202). The bill makes it an “unfair or deceptive act or practice,” as defined by the ITC, to send written communications that the recipient is or was an infringer of “the patent” and bear liability or owe compensation to another, if the sender, in bad faith (high probability of deceit and intentional avoidance of the truth—defined in more detail in the bill—sends communications regarding 15 specific assertions regarding infringement, licensing and prior suits, or failure to identify the sender.

These bad acts or failures to act are a laundry list of the approaches patent trolls use to intimidate recipient targets or to mask their identities. Bad acts include falsely representing that sender has the right to enforce the patent, that a civil action has been filed against the recipient or other parties, that recipient will be sued, that third parties have taken licenses, including failure to disclose that the other licenses are not to the allegedly infringing acts, that recipient’s alleged infringement has been investigated by sender or that sender has filed an action that sender knew had failed.

A sender cannot seek compensation for infringement of a claim that has been held unenforceable or invalid, acts by recipient after the patent has expired or recipient’s acts that the sender knew were properly licensed.

A sender in bad faith, cannot fail to include the identity of the person asserting the right to license or to enforce the patent, including ultimate parent entities. The patent asserted to be infringed upon must be identified, as must the product or activity of the recipient alleged to be infringing. The name of a contact person must be given to the recipient.

While the sender can argue that any of these acts or failures to act was due to an honest mistake, enforcement is by the FTC and the fines can be as high as $5 million.

Section 204 preempts State laws regarding “transmission or contents of communication relating to the assertion of patent rights,” but does not preempt other State laws relating to state trespass, contract or tort law. The FTC can intervene in suits brought by States and, if the FTC has instituted a civil suit, the State cannot begin an action under section 202.

While I am sure that there are freedom of speech and commerce clause arguments to be made, this bill elevates its prohibitions to the level of shouting “fire!” in a crowded theater. Combined with the proposed traffic laws meant to limit the use of multiple IPR filings, and their associated appeals at every turn in the litigation road, this seems to be a reasonable attempt to untangle the tortuous relationship between district court litigation and post-grant PTO proceedings.

Senator Coons played an important role in the recent Senate subcommittee hearings on the misguided expansion of patent ineligibility under Section 101. He may have found this part of the Patent Statute to be easier to untangle than defining a “natural phenomenon” or an “abstract idea” but I hope that this issue remains on his IP to-do list.

© 2019 Schwegman, Lundberg & Woessner, P.A. All Rights Reserved.
For more on patent laws & legislation see the National Law Review Intellectual Property page.

House Financial Services Committee Passes Credit Reporting Bills

Four bills dealing with credit reporting were passed last Thursday by the House Financial Services Committee.  While there has been bipartisan support for credit reporting reform, none of the bills received any Republican votes.

The bills, which are listed below, would make various amendments to the FCRA (Fair Credit Reporting Act), including those described below:

  • The “Improving Credit Reporting for All Consumers Act” would impose new requirements for conducting reinvestigations of consumer disputes and related standards, require consumer reporting agencies to create a webpage providing information about consumer dispute rights, require furnishers to retain records necessary to substantiate the accuracy and completeness of furnished information, create a right for consumers to appeal the results of a reinvestigation, prohibit automatic renewals of consumer reporting and credit scoring products and services, and require a credit scoring model to treat multiple inquiries for a credit report or credit score made in connection with certain consumer credit products within a 120-period as a single inquiry.
  • The “Restoring Unfairly Impaired Credit and Protecting Consumers Act” would shorten the time period during which adverse information can stay on a consumer report, require the expedited removal of fully paid or settled debts from consumer reports, impose restrictions on the reporting of information about medical debts, require a consumer reporting agency to remove adverse information relating to a private student loan where the CFPB has certified that the borrower has a valid “defraudment claim” with respect to the educational institution or career education program, allow victims of financial abuse to obtain a court order requiring the removal of adverse information, and prohibit a credit scoring model from taking into account in an adverse manner the consumer’s participation in certain credit restoration or rehabilitation programs or the absence of payment history for an existing account resulting from such participation.
  • The “Free Credit Scores for Consumers Act of 2019” would expand the information that must be given to consumers about credit scores, require nationwide consumer reporting agencies to provide a free credit score when providing a free annual consumer report requested by the consumer, and require free consumer reports and credit scores to be provided under certain circumstances.
  • The “Restricting Use of Credit Checks for Employment Decisions Act” would prohibit the use of consumer reports for most employment decisions other than where the person using the report is required by federal, state, or local law to obtain the report or the report is used in connection with a national security investigation.

The House Financial Services Committee is scheduled to mark up more bills dealing with credit reporting today.

 

Copyright © by Ballard Spahr LLP
For more financial legislation, please see the Financial Institutions & Banking page of the National Law Review.