Category: Uncategorized

The European Union’s General Data Protection Regulation, or GDPR, went into effect on May 25, 2018.  These regulations apply to companies doing business in the European Union or to companies who have data of EU citizens for any reason, demanding compliance with stringent, uniform data regulations. GDPR creates a brand new framework with high expectations for the companies that it impacts. For many companies, compliance with GDPR is daunting.  Tanya Forsheit, Chair of the Privacy & Data Security Group at top law firm Frankfurt Kurnit Klein + Selz, a privacy and cybersecurity attorney with over 20 years of experience advising on these issues, says, “GDPR is completely different than anything we have in the US. There is really no comparison in the US to the GDPR.”

Forsheit elaborates: “GDPR requires companies who are subject to it to have very robust that allow individuals, consumers, employers to certain rights to access their data, to see their data, where it goes and how it is used.”  In many ways, GDPR was a wake-up call to companies–and in order to comply, the companies had to take a hard look at their data flows and processes.  Additionally, Forsheit points out, “Under GDPR, you don’t do anything unless you have a lawful basis for processing the data, or consent from individuals to do certain kinds of things, requiring a legitimate interest.”  Anything else–all the different ways data can be parsed and put to work, requires affirmative consent.  (For more information on consent under GDPR, check out our article GDPR on Consent)

Data Breaches: Inevitable?

Even before GDPR, companies lived in fear of a data breach.  Consumers are more sensitive to the cybersecurity of the companies that they interact with, and large companies have felt consequences–litigation, as well as a lack of trust and a decline in the public’s willingness to offer up their information of these data breaches.  With the increasing prevalence of our lives online, and the value of information has increased–hackers and data breaches are a part of doing business in today’s world.  In many instances, data breaches aren’t a matter of “if” anymore, it’s a matter of “when.”

In response, companies have begun to create cybersecurity action plans to streamline a response to a data breach incident.  In the United States, many states have implemented legislation requiring companies to inform consumers of data breach incidents within a set timeframe upon discovery of the incident.  As of now, all 50 states have a data breach notification law—Forsheit says, “US has had data breach laws since 2003, California was first, Alabama was the last” and the result is a patchwork of regulations companies must follow to remain compliant in the event of a data breach.

GDPR on Data Breach Notification: A High Standard

However, GDPR has kicked things up a notch by creating a sense of urgency with data breaches, requiring a 72 hour notice period after discovery of the breach. Data Breach notification under GDPR creates a high standard for notifying individuals of a data breach.  Article 33 of GDPR states the data breach notification requirements as:

• In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority competent in accordance with Article 55, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, it shall be accompanied by reasons for the delay.
• The processor shall notify the controller without undue delay after becoming aware of a personal data breach.

GDPR  goes on to explain that the notification of the data breach to the regulating authority should include broad information about who was affected by the breach as well as approximate numbers of records concerned, and the contact information for a point of contact where the regulator can obtain more information. Additionally, the data controller should also provide the possible consequences of the data breach, as well as efforts taken by the controller to rectify the situation, including any mitigating offers to those affected by the breach. If this information is not available immediately, it should be provided in phases in a timely manner. (For a discussion of some of the terms related to GDPR, please see our article on GDPR compliance.)

In some ways, the US is prepared for the data breach notification provision under GDPR.  Forsheit says, “We do have those kinds [data breach notification]  obligations under state laws, so that part of it is not new, however, it is completely different under GDPR.  GDPR has a 72 hour notification regulation to regulators, while in the US you must notify individuals.”  Additionally, GDPR has the wrinkle of not requiring notification if  “the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons” requiring an additional level of analysis.

The Wisdom of a Cyber-Incident Plan

These factors increase the importance of a Cyber-Incident Response Plan for companies and organizations. Forsheit says that many cyber-insurance providers require an incident plan before offering coverage.  With GDPR, such plans have only become more important.

A cybersecurity incident plan should start at the beginning, and outline the way that a data breach will be detected or even what constitutes a data breach. Forsheit also says a cybersecurity response plan should contain information on what to do when a breach is discovered, who to call, what vendors to contact and perhaps even have plans in place or companies on retainer for such an incident to avoid confusion and to save time.  Forsheit says, “There are benefits to negotiating with vendors before you have a problem.” A bit of preparation can be helpful during a stressful situation, and having a plan in place can help eliminate mistakes.  For more information on Cybersecurity response plans and their key components, check out our article Preparation and Practice: Keys to Responding to a Cyber Security Incident.

In the latest decision in the concerning standing in data breach cases, the Fourth Circuit has vacated a district court’s dismissal and reinstated putative class action data breach litigation against the  National Board of Examiners in Optometry Inc.,. (“NBEO”).  In Hutton v. National Board of Examiners in Optometry, Inc., the court ruled that the plaintiffs alleged sufficient injury to meet the Article III standing requirement by virtue of hackers’ theft and misuse of plaintiffs personally identifiable information (“PII”), notwithstanding the absence of any allegation that the misuse had resulted in pecuniary loss to the plaintiffs.  In so ruling, the Fourth Circuit struck a middle course on the question of when misuse of sensitive PII results in a sufficient injury to confer standing to sue in federal court.

Plaintiffs in Hutton were optometrist members of the defendant NBEO.  They brought the lawsuit after NBEO members learned that credit cards had been opened in their names.  Doing so required access to PII, including members’ correct social security numbers and birthdates.  Members surmised that the NBEO, which collected such PII from its members, was the likely source of the PII used to open the credit cards, and the lawsuit ensued.

NBEO moved to dismiss, arguing that because plaintiffs were held harmless for the fraudulent credit card accounts, they had suffered no injury as a result of the data theft and, therefore, lacked standing to sue.  The trial judge in the District of Maryland agreed, and dismissed plaintiffs’ claims.  In order to establish Article III standing, the district court reasoned, a plaintiff must have suffered an injury that is concrete and actual or imminent, is traceable to the defendant, and is remediable by a favorable judicial decision. The court found that the plaintiffs were not injured because they neither incurred fraudulent charges nor had been denied credit. Applying reasoning from a prior Fourth Circuit decision, Beck v. McDonald, the trial court concluded that although the plaintiffs’ PII was compromised, it was not accompanied by misuse and, therefore, plaintiffs failed to satisfy the injury-in-fact requirement for standing.

On appeal, the Fourth Circuit rejected the lower court’s finding that the plaintiffs suffered no injury. The appellate panel distinguished this case from Beck, focusing on the plaintiffs’ allegations that they were victims of identity theft and credit card fraud. The appellate panel in Hutton found that identity theft and credit card fraud constituted misuse of the compromised personal information sufficient to satisfy the injury requirement of Article III standing. Furthermore, the court recognized that the plaintiffs incurred out-of-pocket expenses related to the effects of the data breach. The court found that these costs further supported that the plaintiffs’ have standing.

The result falls somewhere in the middle of the divide among the federal appellate circuits as to whether stolen PII results in a sufficient injury to give rise to standing. The D.C. Circuit recently aligned with the Sixth, Seventh, and Ninth Circuits, which have held that the threat of misuse of personal data is an injury sufficient to confer standing. The Second, Third, and Eighth Circuits, however, require actual misuse of personal information in order for a plaintiff to establish standing. Hutton reinforces the Fourth Circuit stance that misuse must accompany the compromise of personal data, but departs from other circuits requiring misuse in that there need not be any pecuniary loss for the misuse to confer standing.  The inconvenience of having to rectify fraudulent credit card accounts was deemed sufficient injury to trigger standing.  This signals further development of the standing issue in the lower courts which could, over time, influence the Supreme Court to agree to weigh in on this question.

Thanks to San Diego summer associate Kyle Hess for his contributions to this post.

Wednesday, June 12, Lowenstein & Sandler’s offices in New York City hosted the Gro Pro 20/20 conference, an event where high-level discussion of leadership, strategy and how to best position professional services organizations in today’s market.  The sessions were on-point and the audience interaction was lively, as CMO’s from all over the country came together to discuss the issues facing their firms and seek insight and ideas from their peers. What follows is a quick wrap-up of three of the major themes that emerged from these discussions.

The Nature of Change & Disruption in Professional Services

It was widely agreed that change is the new normal in professional services organizations and that acting on those changes–taking steps now, to prepare for the changes that are en route is crucial for survival.  Through panel discussions, the changes within in-house legal departments came up:  the fact that in-house legal departments are increasing their size and their scope, and spending less on outside counsel.  For example, in 2015, in-house legal departments covered an average of 5 practice groups–now, in 2018, they cover an average of 11.  For working with these companies, ways of delivering not just the legal answer, but the business answer–in easy to digest, easy to use formats is crucial.

Along with the change that is already happening for professional services organizations, there is also the change that is to come–scanning the landscape, disruption is inevitable in the industry.  Through a panel discussion, attendees took a deeper look at disruption and what brings it about–what gives companies like Uber & Lyft, Netflix & Amazon, WeWork and Air b’n’b,  the opportunity to swoop in and change the way things have always been done–and it was determined that being annoyed, being frustrated, putting up with “$hit” was what created the groundswell that fuels disruptors.  With nods around the room, and a discussion of “early indicators” of disruption, it was agreed that our industry was ripe for disruption–and the organizations that can evolve will do well.

Process, Deliverables, and Collaboration with Clients

Related to the need to provide the legal services companies want in an efficient, digestible way, much of the discussion at Gro Pro centered on the process.  Through insightful examples, attendees saw real-life implications of how this can play out–how organizations can provide the types of solutions that companies want, usually in connection with those companies.  To do this, professional service organizations need to focus on innovation in how they deliver the information–through the technology available to them, how can they condense and package the information so it becomes a tool, and not a stack of paper to be searched through.

But how to get there?  Speakers encouraged attendees to go through a “process map” process, where they could look at how things are done in their organization–to be clear–how things are done, not how they are “supposed to be done” and this process usually leads to identification of places where there can be efficiency gains.  In addition, going through this process with a client can help professional services organizations identify needs that the client has that are not being addressed–which can present an opportunity for cross-selling.

Branding as Opportunity

An in-depth, memorable discussion of branding also took place at Gro-Pro 20/20.  While branding brings to mind long, drawn-out discussions incorporating the phrase “I don’t like the orange” and “Can we do this in blue?” panelists pointed out that is not the way it needs to be.  For the longest time, many professional services organizations were using their talent as their major marketing asset.; however, tweaking that formula to offer your entire organization as a solutions-provider may be the way to move forward, according to the discussion.

With Branding in professional service organizations, the process is most powerful if it involves all levels of the organization discussing and analyzing who they are and what they do.  If everyone is involved, the concepts discussed in the somewhat aspirational conversation are more likely to take root and authentically represent the organization. And by aspirational, it can be a discussion of not just “who we are” but “who we want to be”; a way to spark ideas for the organization.  Much more than a discussion of typeface, it is a way to ask important questions of the organization and forge a path forward, and it can provide a map of authentic principles that the organization can use to guide decisions that need to be made further down the line.

Conclusion

The above is a small piece of some of the insights delivered at Gro Pro 20/20.  The panels were all thoughtful and provided food for thought on how organizations move forward as new technologies and changing environments modify the professional services ecosystem.

Summary

The challenges that the government faces in litigating vertical mergers was illustrated in the DOJ’s recent loss in its challenge of AT&T’s proposed acquisition of Time Warner. The result provides guidance for how companies can improve their odds of obtaining antitrust approval for similar transactions.

In Depth

The US Department of Justice’s (DOJ) loss in its challenge of AT&T’s proposed acquisition of Time Warner demonstrates the difficulties the government faces in litigating vertical mergers and provides a guide for how companies can improve their odds of obtaining antitrust approval for such transactions. This was the first litigated vertical merger case in four decades and the largest antitrust merger litigation under the Trump administration. Last week AT&T received the go ahead from Judge Richard J. Leon to proceed with the deal and the parties already closed the transaction. It is still unclear whether the DOJ will appeal the decision. Although this was a significant loss for the DOJ, Judge Leon’s opinion was narrowly tailored to the particular facts of the industry. Therefore it is questionable whether the opinion will have a significant impact on future vertical merger enforcement by the US antitrust regulators.

The DOJ’s main theory in the case was that the combination of AT&T’s video distribution services, namely DirecTV’s satellite TV offerings, and Time Warner’s video content would provide Time Warner with increased bargaining leverage when negotiating with other video distributors who are AT&T’s competitors. According to the DOJ, AT&T would have increased leverage over competitor video distributors because (1) some of the distributors’ customers would depart due to the lack of Time Warner’s networks in the distributor’s offering and (2) of the customers that left, some would sign up for AT&T’s competing video distribution services, DirecTV. Since both parties to the negotiation would recognize this change in negotiating position, AT&T’s prices for Time Warner content would increase.

Judge Leon held that the DOJ failed to meet its burden to show that AT&T’s acquisition of Time Warner would harm competition due to an increase in Time Warner’s bargaining leverage. Judge Leon did not dispute the DOJ’s theories on key legal principles, such as the relevant market, the burden of proof, and whether the DOJ’s bargaining model was a viable theory to challenge a transaction. Instead, he found that the facts did not support a finding that the transaction would lead to a substantial lessening of competition. First, the key documents used by the DOJ were regulatory filings by AT&T or Time Warner in prior vertical mergers in the video distribution industry. The statements in these regulatory filings were made in an effort to prevent a competitor from completing its acquisition. Even so, the statements only suggest that vertical integration “can” create an unfair advantage in negotiations, without saying that vertical integration “will” lead to increased prices for video content. Second, Judge Leon gave little weight to the testimony from AT&T’s competitors because, unlike with horizontal transactions, the affected “customers” of Time Warner were competitors of DirecTV and thus had a natural bias to oppose the transaction. In addition, Judge Leon found that the customer testimony was comprised largely of speculative statements that they would be harmed in negotiations without any quantitative analysis to support their assertions. Finally, Judge Leon found the DOJ’s economic analysis was based on flawed assumptions not supported by the record. Importantly, Judge Leon found that prior vertical mergers in the industry had not led to higher prices for customers.

The obvious question remains: what does this mean for other vertical transactions facing US antitrust review? For companies considering vertical mergers, there are three main takeaways from the case.

1.       The DOJ Faces a High Burden to Prove Harm to Competition in Vertical Cases

Throughout the course of the trial, the differences in the legal standards governing a horizontal merger and a vertical merger became clear. Judge Leon’s opinion specifically notes that the DOJ’s “‘familiar’ horizontal merger playbook is of little use.” Of course what Judge Leon is referring to is the government’s typical strategy in horizontal merger cases, which is to establish a presumption of competitive harm by introducing evidence that a merger will lead to undue levels of market concentration. Essentially, if the government proves its market, it is almost home. Leon notes that because this presumption is not in play in a vertical case, the DOJ “must make a ‘fact-specific’ showing that the effect of the proposed merger ‘is likely to be anticompetitive.’” This showing is “highly complex” and “institution specific.” Unlike in a horizontal case where the main disputes often relate to market definition, in a vertical case the debate will center on the competitive effects analysis.

Further complicating matters, there are clear efficiencies in vertical transactions that the government does not dispute. Indeed, in AT&T/Time Warner the DOJ credited more than $350 million in annual efficiencies resulting from the elimination of double marginalization (EDM). Judge Leon refers to this type of efficiency as a “standard benefit” associated with vertical mergers because a merger between two companies operating at different levels in the supply chain almost automatically removes some margin. Since this type of efficiency is not disputed by the DOJ, any claimed price increase resulting from a vertical merger has to outweigh the claimed efficiencies.

In future cases, the DOJ will need substantial evidence from ordinary course business documents, more testimony from uninterested third party witnesses, and sound economic analysis of the likely competitive harms to be successful in a vertical merger challenge. Vertical cases, especially those not based on a foreclosure theory, cannot rely on simply alleging that the combined entity has an important product or a high market share. Rather the government needs to show clear harms that outweigh the credited efficiencies. Overall, this means that a vertical merger case presents more difficulties for the DOJ than a horizontal case and poses a higher risk for the agency should the case go to trial.

2.       The Effectiveness of Increased Bargaining Leverage as a Theory of Vertical Harm Remains Uncertain

The DOJ’s theory in AT&T/Time Warner generally differs from its prior vertical merger enforcement. The main difference is that the DOJ did not allege that the merger would result in either foreclosing a vital input from downstream competitors or foreclosing a group of customers from upstream competitors. Instead the DOJ’s main theory was that AT&T’s ownership of Time Warner would provide Time Warner with increased bargaining leverage in negotiations with video distributors who are AT&T’s competitors. This theory posits that by raising costs to AT&T’s rivals, the proposed acquisition would harm competition and lead to price increases overall. The DOJ did not allege that AT&T would not continue to supply Time Warner content to its competitors.

As Judge Leon notes in his opinion, the DOJ could not point “to any prior trials in federal district court in which the Antitrust Division has successfully used this increased-leverage theory to block a proposed vertical merger.” (The US Federal Trade Commission [FTC] has used this theory to challenge several horizontal hospital transactions.) After this decision, it remains true that no court has ever blocked a vertical merger where the government’s theory is based on alleged increased costs to a rival without additional foreclosure allegations.

Nonetheless, Judge Leon did not reject an increased bargaining leverage theory as the basis for a vertical merger challenge. His opinion merely found that the facts here do not support a conclusion that there would, in fact, be increased bargaining leverage leading to higher prices or that this would outweigh any efficiencies. In the future, the DOJ will likely look for cases with stronger facts, including evidence of price increases from prior vertical mergers in the industry and more substantial economic analysis to show anticompetitive effects. However, for now, the effectiveness of an increased bargaining leverage theory, without additional foreclosure allegations, remains quite uncertain.

3.       DOJ and FTC May Be More Open to Conduct Remedies to Address Vertical Concerns When Presented with Litigation Risk

Since taking control of the Antitrust Division, Assistant Attorney General (AAG) Makan Delrahim has made his mark through a stricter policy on vertical merger remedies. Previously, the DOJ and FTC frequently accepted conduct remedies, such as non-discrimination commitments and information firewalls, to address potential concerns in vertical transactions. AAG Delrahim has made it clear that these types of remedies are strongly disfavored since they result in significant government oversight in an industry. The Trump administration views antitrust as law enforcement and does not want to take on a regulatory role in an industry due to a consent decree with continued monitoring of conduct remedies.

AT&T/Time Warner ended up as the test case for this new policy on vertical merger enforcement. The DOJ sought a structural remedy in the form of an injunction preventing the parties from merging or requiring a divestiture of Time Warner’s key assets in Turner Broadcasting. In doing so, the DOJ ignored behavioral commitments made by AT&T in the form of an arbitration agreement that it sent shortly before the DOJ filed its complaint to all relevant Time Warner customers. This arbitration agreement mirrored behavioral remedies used by the DOJ in prior cases in this industry.

With the court’s ruling against the DOJ, it is possible that the DOJ and FTC will be more cautious with vertical merger enforcement going forward since additional unfavorable precedent could harm the Trump administration’s larger policy goals. In cases where the proof of vertical harm is not abundantly clear, the DOJ and the FTC are faced with the choice to (1) accept conduct remedies; (2) spend significant agency resources to litigate the transaction, with the potential to generate additional bad precedent; or (3) clear the transaction. This is a difficult choice, but the AT&T/Time Warner ruling may make the litigation option less appealing.

With these lessons in mind, parties to vertical transactions should consider the following strategies to improve the odds of obtaining US antitrust clearance:

1. It is critical that merging parties have a strong, well-supported pro-competitive story. Judge Leon’s opinion demonstrates the importance for merging parties to document and conduct a thorough efficiencies analysis. The regulators and courts are likely to give greater deference to the cost savings in vertical mergers as compared to horizontal mergers.

2. In dynamic industries, where new technology or new competitors, are having an impact on competition, the merging parties’ internal documents should reflect the new changes or competition. Although Judge Leon did not dispute the DOJ’s alleged product market, he spent a large portion of the opinion discussing how the media industry was changing due to new competition from companies, such as Netflix, Google and others. These findings appeared to influence Judge Leon’s views on the benefits and rationale of the transaction.

3. Because the government’s witnesses for vertical merger challenges are typically competitors, merging parties should consider early in the review whether they can address the competitors’ concerns through a long-term contractual commitment or similar type of remedy. Although the US antitrust regulators may be reluctant to enter into a formal settlement with behavioral remedies, the US antitrust regulators are less likely to challenge a vertical merger without competitor complaints and testimony.

We often cover cases in which false advertising claims brought under state law are challenged as preempted by a federal regulatory scheme.  Poland Spring was a recent target of state law false advertising claims, and successfully obtained the dismissal of those claims on the ground that they were preempted by federal statute.  Patane v. Nestle Waters N. Am., 2018 WL 2271161 (D. Conn. May 17, 2018).

In consolidated actions, putative class action plaintiffs alleged that Poland Spring water is not actually 100% “spring water” as defined under the Food, Drug and Cosmetics Act (FDCA).  The Food & Drug Administration’s regulations define spring water as “deriv[ing] from an underground formation from which water flows naturally to the surface of the earth,” with a “natural force causing the water to flow to the surface through a natural orifice.”  The water may be collected by a tap and with an external hydraulic force, so long as the water has all the physical properties of the water that naturally flows to the surface, and so long as the water is collected by a “hydrogeologically valid method.”  Since the FDCA does not provide a private right of action for the violation of the regulations in question, plaintiffs asserted fraud, breach of contract, and consumer deception claims under various state laws.

The district court (Judge Jeffrey A. Meyer) held that plaintiffs’ claims were preempted by § 337(a) of the FDCA, which provides that only the federal government—not private parties—may enforce FDCA violations.  According to the court, § 337(a) impliedly preempts any claim under state law based solely on a violation of the FDCA.  Plaintiffs’ principal complaint was that Poland Spring did not comply with the FDA’s standards for spring water, and plaintiffs tellingly proclaimed that they sought to enforce those standards in the FDA’s stead.  Since all claims for relief hinged on the alleged non-compliance with FDA standards, all claims were dismissed as impliedly preempted.

Plaintiffs were given leave to replead any proper state claims that are not preempted.  Though not essential to its holding, the court also expounded upon § 343–1(a)(1) of the FDCA, which expressly preempts any state law from imposing any definition of “spring water” that is not identical to the FDCA definition.  According to the court, implied preemption under § 337(a) and express preemption under § 343–1(a)(1) result in a broad preemptive effect under which only a narrow range of state law claims can survive:  “In order to survive preemption, a state law claim must rely on an independent state law duty that parallels or mirrors the FDCA’s requirement for ‘spring water,’ but must not solely and exclusively rely on violations of the FDCA’s own requirements.”  Given the court’s dicta on the combined effect of express and implied preemption, if plaintiffs’ claims in their amended pleadings are again preempted, we might expect dismissal with prejudice.  Watch this space for further developments.

At first blush, the passage of House Bill 5483, entitled the “Special Registration for Telemedicine Clarification Act of 2018” (the “Bill”), appears to address the issue concerning the lack of regulatory guidance regarding the “Special Registration” exception to the Ryan Haight Act of 2008; however, a deeper and more careful analysis reveals that the Bill may not be as effective as most health care practitioners may hope. The Bill, sponsored by Rep. Carter (R-Georgia), a pharmacist, Rep. Bustos (D-Illinois), and nine others, cleared the House on June 12, 2018 without objection. The Bill would require the federal Drug Enforcement Agency (“DEA”) to promulgate rules that would allow health care providers to apply for a “Special Registration” that would allow a provider to prescribe controlled substances via telehealth without first conducting an initial in-person examination of the patient. A transcript of the testimony in support of the Bill (“Transcript”) reveals enthusiasm by the sponsors of the Bill, as well as by Representatives Pallone (D-New Jersey) and Walden (R-Oregon), who called the Bill “a commonsense measure that cuts through the red tape to provide more treatment options to underserved communities through the use of telemedicine.” While Section 413 of the current version of S.B. 2680 would only give the DEA six months to promulgate such rules, the two bills are very similar and almost guarantee that a law will be signed in the coming months that will require DEA to promulgate rules that will finally create a Special Registration exception to the Ryan Haight Act. While the prospect of rules implementing the Special Registration may be exciting for many practitioners, it should be noted that the DEA has been obligated to create these regulations, and has ignored this obligation, for a decade.

Once enacted, the Ryan Haight Online Pharmacy Consumer Protection Act of 2008 (the “Act”) effectively banned the prescription of controlled substances via telehealth without an in-person examination of the patient. While there are exceptions to the Act, these exceptions are very technical and do not apply to the majority of treatment settings for which a controlled substance could be prescribed by a treating physician to a patient in his or her home. When the Act was passed, Congress appeared to have the foresight to know that the Act was restrictive and that the Act should have some mechanism by which its prohibitions could be relaxed, because the Act also created 21 U.S.C. § 831(h)(2), which orders the Attorney General of the United States and the DEA to “promulgate regulations specifying the limited circumstances in which a special registration under this subsection may be issued and the procedures for obtaining such a special registration.”  However, as we have previously discussed, the only related action the DEA has taken in the decade between the passage of the Act and today was, in 2016, to mark the creation of these rules a “Long-Term Action” that has not substantively been addressed. By suggesting that the DEA “understand[s] the need to implement this provision of law” Rep. Walden appears to be incognizant of the historical lack of the DEA’s movement to promulgate the Special Registration rules, despite the DEA having the authority to do so since the Act originally was passed in 2008. Mr. Walden also seems to advocate for the DEA, as he supports revising the Bill’s original 90-day deadline for the promulgation of rules to implement a one-year deadline on account of the DEA’s position it would be burdensome. As such, the question remains whether the DEA, who has avoided this exact obligation for nearly a decade, will at last take action within the year if the Bill becomes law.

Even if the DEA promulgates rules to create the Special Registration, there is no indication how broadly such rules will be written. In this regard, the transcript illustrates a fundamental difference in how Representatives Walden and Carter view the value of the DEA creating a Special Registration process and, importantly, what the scope of that Special Registration process should be from many psychiatrists and other practitioners. For example, Rep. Walden described the exception to the Act in narrow terms: “for emergency situations, like the lack of access to an in-person specialist” (a phrase also used by Rep. Carter). Mr. Carter stated as well that the original purpose of the Special Registration was for “legitimate emergency situations” as follows:

“The law included the ability for the Attorney General to issue a special registration to healthcare providers detailing in what circumstances they could prescribe controlled substances via telemedicine in legitimate emergency situations, such as a lack of access to an in-person specialist.”

Rep. Carter further stated that the Special Registration could serve as a tool to fight the opioid crisis “to connect patients with the substance use disorder treatment they need without jeopardizing important safeguards to prevent misuse or diversion,” but he did not speak of the Special Registration in broader terms. The statements by Reps. Walden and Carter mischaracterize the original language of the Act regarding the “Special Registration for Telemedicine,” which does not limit the Special Registration to emergency situations.  Rather, the Act explicitly authorizes the Attorney General to issue the Special Registration to a practitioner who “demonstrates a legitimate need for the special registration” without defining the phrase “legitimate need”. As such, “legitimate need” could include “emergency situations” but also could be interpreted to include circumstances under which a physician is authorized to prescribe a controlled substance via telehealth as long as such prescription is in accordance with the substance’s label or the applicable standard of care for treatment of the illness for which the prescription was issued to treat,

If the DEA takes its cues from the recent House testimony supporting the Bill, the agency may decide the Special Registration should be limited to certain declarations of emergencies, such as the declaration of the opioid crisis as a Public Health Emergency. Such a narrow definition may be fruitful in the fight against opioid use disorder, but may ultimately fall short of expectations held by telehealth practitioners interested in providing services to patients via telehealth that involve prescribing controlled substances.

TCPA defendants have enough to deal with without having to worry about secret limitations on their ability to call phone numbers supplied by customers. But, oh well!

In Benedetti v. Charter Communications, No.1:16-CV-2083 RLM-DLP, 2018 WL 2970998 (S.D. Ind. June 13, 2018) a customer supplied his nanny’s phone number to the Defendant in connection with his account. After the account went delinquent the Defendant began calling the phone number in an effort to collect. The nanny sued under the TCPA contending that the calls had been made to her without her express consent.

Charter sought summary judgment in the case arguing that it had permission to call the number supplied by its customer. Importantly, the nanny had admitted in deposition that she had given permission to the customer to provide the phone number to Charter. Thus, Charter argued, under the FCC’s presumed consent rule it had permission to make the informational calls at issue.

The Court disagreed. The nanny had testified that she only gave the customer permission to supply the phone number to Charter for a limited purpose–specifically for setting up the cable service and for troubleshooting if it was on the fritz. Because the record was barren respecting what the customer had actually told Charter in providing the phone number, the Court concluded that a jury might find that the customer told Charter that it could only call the number for those limited purposes. If that was the case, then the scope of consent would not have be broad enough to encompass debt collection calls. So summary judgment was denied.

Although the issue of what the customer did or did not say to Charter is obviously speculative given the poorly-developed record, the Court found that it was Charter’s job to prove the negative–i.e. that the customer didn’t tell it to call the number for a limited purpose. That’s always fun.

The take away here is that a caller receiving a third-party’s phone number from a customer must always be cautious for secret limitations imposed by the third-party. Absent documentation that the customer did not provide additional instruction related to the scope of consent, the third-party may sue the caller on the theory that the customer had exceeded the scope of his or her consent in providing the number to the caller. While a counterclaim would likely exist against the overreaching customer, that is of little comfort.

Of course if the customer never even reveals that the number belongs to a third-party in the first place things get even trickier. All the more reason to see the FCC adopt the “expected recipient” approach in defining the phrase “called party.” Keep your fingers crossed.

On June 11, 2018, an equally divided United States Supreme Court affirmed per curiam the Ninth Circuit’s decision in United States v. Washington, known as the “Culvert Case.” The lower courts had found that numerous road culverts blocked salmon access to habitat to an extent that violated treaty rights and necessitated their removal. The Supreme Court affirmed by an equally divided Court the decision with no written opinion. The divided per curiam decision means that the Supreme Court did not clarify the rules that could apply in similar situations down the road. Nevertheless, the Culvert decision is still likely to impact a wide range of regulatory and permitting issues in Washington and potentially throughout the Pacific Northwest in coming years. It could have broad implications for government and private entities that own, manage, and/or control structures, including tide gates, floodgates, and dams, which block or diminish salmon runs in Washington, as well as local, state, and federal permitting regimes.

The Ninth Circuit Decision

The Culvert Case is the most recent in a line of cases interpreting and defining the treaty-protected fishing rights of Northwest Indian tribes, commonly known as U.S. v. Washington. In 2001, twenty-one tribes (the “Tribes”) brought a new subproceeding alleging State-owned culverts blocking salmon from their spawning grounds infringe upon the Tribes’ treaty-protected fishing rights.

In 2017, the Ninth Circuit affirmed the district court’s injunction requiring the State to repair and replace State-owned culverts prohibiting free passage of fish to spawning grounds and other important habitats. The court interpreted the Tribes’ treaty right to take fish to include protection of fishery habitat from man-made degradation. It found that such degradation includes culverts owned by the State of Washington that block free passage of salmon. The court agreed with the district court’s finding of a significant decrease in salmon stocks in the state since 1985 and emphasized evidence showing that barrier culverts block hundreds of thousands of salmon from reaching their spawning grounds. [1]

Potential Implications for Regulators and Private Parties

Going forward, Washington tribes may ask courts within the Ninth Circuit, as well as state and federal regulators, to examine and consider whether other man-made environmental degradation of fish habitats in the region also violate their treaty protected fishing rights. As a result, although the Culvert Case applies solely to specific habitat-blocking culverts owned by Washington State, it could have broad implications for other government and private entities that own, manage, and/or control structures, including tide gates, floodgates, and dams, which block or diminish salmon runs in Washington, as well as local, state, and federal permitting regimes. While the treaties in Oregon and Idaho have some differences, the decision will likely impact regulatory decisions in those state as well.

Tribes may argue that the decision and principles announced in the Culvert Case should apply in the context of regulations, environmental review documents, and permit decisions affecting water temperature, ocean acidification, and bank hardening (both freshwater and near-shore tidal waters), and similar environmental conditions that might degrade salmon habitat or cause a decline in salmon runs. Indeed, regulators have already started invoking the Culvert decision to protect tribal rights not explicitly covered by the decision itself. The preamble to EPA’s 2016 revision of human health water quality standards applicable to Washington, for example, discusses the relevance of the Ninth Circuit’s decision, noting that the decision supports “the interpretation of tribal fishing rights to include the right to sufficient water quality to effectuate the fishing right.” [2]

There are limits, however, to the reach of the Culvert Case. It is still grounded in equitable principles that require a clear and distinct showing of an actual impact on fish passage and treaty-protected fishing rights and a balancing of the interests and hardships of the parties before the court. The facts of the Culvert Case were distinct because the State of Washington had identified road culverts as a substantial threat to salmon, and it is unclear how far the courts will extend the treaty right and remedy beyond the specific facts of this case. The Culvert decision does not contain clear guidance that would apply to other situations and the dissent to the denial of rehearing en banc suggest that future litigants may face challenges in expanding or applying the right outside of this specific context. Notably, the dissent — likely aimed at the Supreme Court — called the denial of rehearing a “regrettable choice” and emphasized that “rather than reining in a runaway decision” the court chose to do nothing, “tacitly affirming the panel opinion’s erroneous reasoning.” [3] Regulators and private parties must be aware of this limitation and take it into consideration when applying the Culvert Case to future scenarios and causes of action.

Conclusion

While the contours of the Culvert Case and its lasting impacts are still unclear, it has now survived Supreme Court review. The Supreme Court decision leaves in place a significant Ninth Circuit decision that requires the State of Washington to undertake a lengthy and expensive course of culvert removal. While the actual order in the Culvert Case is narrowly drawn, we expect it to resonate for years with both tribal and nontribal parties. Further, the Supreme Court’s inability to reach a majority decision is a missed opportunity for the Court to provide the tribes, regulators, and the regulated community with clear guidance on the extent of the treaty right to take fish in the context of man-made environmental impacts to salmon.

_{Notes:
[1] United States v. Washington, No. 13-35474, order and amended op. at 58 (9th Cir. Mar.2, 2017).
[2] EPA, Revision of Certain Federal Water Quality Criteria Applicable to Washington, 81 Fed. Reg. 228, 85424, fn. 39 (Nov. 28, 2016).
[3] United States v. Washington, No. 13-35474, order at 19 (9th Cir. May 19, 2017). Seven judges joined the dissent in full, and two judges joined the dissent in part.}