Category: Uncategorized

Be Thankful I Don’t Take It All – France Moves to Tax the Value of Data

Were the Beatles still recording today, they might have to add this verse to Taxman. As what will surely be the opening salvo in government efforts to find ways to recapture the value of the personal data upon which so much of our digital economy now seems to depend and return it to consumers, France is now set to become the first European country to implement what is effectively a “data tax”.

About 30 companies, mostly from the US, may soon have to pay a 3% tax on their revenues. The tax will mostly affect companies that use customer data to sell online advertising. Justifying the new tax, French Finance Minister Bruno Le Maire clearly drew the battle lines:

This is about justice . . . . These digital giants use our personal data, make huge profits out of these data . . . then transfer the money somewhere else without paying their fair share of taxes.

The bill would apply to digital companies with worldwide revenues over 750 million euros ($848 million), including French revenue over 25 million euros. Not surprisingly, Google, Amazon and Facebook are squarely in the crosshairs of the new tax.

According to European Commission figures, the FANG companies and their ilk pay on average 14 percentage points less tax than other European companies. France took unilateral action after a similar proposal at the EU level failed to get unanimous support from member states, although Le Maire said he would now push for an international deal by the end of the year.

Lest you think this is just a European phenomenon, you need only look west to California, where Governor Newsom has commissioned the study of “data dividends” to help address the digital divide. In fact, the much-discussed California Consumer Privacy Act already contains provisions encouraging digital companies to compensate consumers for the use of their personal data. See our recent alert on data dividends and the CCPA here.

There will be lots more action in the “value for data” space in coming days. While academics debate whether data is more like labor or more like capital, we expect state and federal regulators to look to the value of data as a means to address the challenges of artificial intelligence and income inequality.

 

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.
Read more international news on the NLR’s Global Type of Law Page.

The Definition of Film Fest Success– For Financiers and Filmmakers

The familiar annual rhythm of the major film festivals – Sundance in January, Berlin in February, Cannes in May and so on through Toronto in September – is well underway. And with Sundance and the Berlinale already in the rear-view, and SXSW right around the corner, it’s fair to say the 2019 sales environment looks to be very buoyant.

Although the single-film Sundance sale record was not eclipsed in 2019, the number of films that sold for eight figures was the highest ever, with numerous films racking up paydays in the $10-15 million range. Understandably, press reports out of Sundance tend to focus on these lofty (and once dreamlike) selling prices. It makes sense: the big numbers make great headlines, and the selling price is often the only deal information made publicly available.

But filmmakers – and in some situations, even film financiers – are not always best served by selling to the highest bidder. From a filmmaker perspective, the largest upfront payment, as great a thrill as it may be, does not necessarily translate into the best support for the film or most effectively accomplish the short- and long-term goals of the filmmakers. And even from a financier perspective, the biggest initial return does not always equate with maximizing the profitability of the film and the long-term interests of the financiers.

There are many other deal points that must be considered and carefully weighed. First, what type of distribution is being offered, and equally importantly, what level of support are the distributors promising in the chosen distribution channel or channels.

Is the distributor proposing a “conventional” initial theatrical release, such as might be expected from specialty theatrical distributors such as Fox Searchlight, Focus Features, Sony Pictures Classics, A24 and Roadside Attractions? Or is the buyer a streaming service such as Netflix, which may be offering no (or only a very limited) theatrical release and exclusive availability via their streaming service? Or is the proposed release a hybrid, offering both a substantial theatrical release and distribution via an early streaming release, as is common with Amazon Studios? For each distribution model, there’s a different mix of upfront payment and potential backend, with lots of variations available to a sophisticated negotiator, so the best selling price doesn’t always maximize ultimate revenue.

The level of distributor support for a film is also extremely important. If a theatrical release is involved, is the distributor committing to a minimum number of screens and markets and a minimum marketing spend? Even for exclusive streaming releases, the level of promotional support both in media and on platform can vary substantially. Whatever the distribution model, both the financiers and the filmmakers would like to know that their film is a high priority for the distributor and won’t get lost in the shuffle or suffer from lackluster promotion and advertising. (For example, is the title just another movie in the streaming service library, discoverable only via search, or is it heavily promoted on the home page and even supported by a media campaign, like Netflix’s Birdbox.) Indeed, this may be especially important to the filmmakers – and the director in particular – who may measure success at least as much based on how the film raises his or her profile as opposed to purely financial considerations.

This raises the obvious truth that the interests of filmmakers and financiers can diverge to a certain extent. Financiers may have a greater desire to recoup investment and protect the downside – after all, it’s their money on the line – whereas filmmakers may want to play for the upside as profit participants. As noted, the filmmakers may also be more focused on how the film release will affect their long-term career prospects than the shorter-term financial rewards.

Beyond the major deal points and strategic considerations covered in this alert – and just as importantly, everything not covered – it takes business savvy, industry knowledge and technical legal expertise to get these film sales deals optimally negotiated and properly documented. At MSK, we have the business, management, and executive-level operational experience in the industry which not only enables us to handle film distribution deals but also a wide variety of financing transactions such as production lending agreements, negative pick-up agreements, completion bond arrangements and interparty agreements. We also innovatively manage financial arrangements among producers, equity investors, distributors and other stakeholders. Most importantly, our broad experience and legal expertise enable us to represent both filmmakers and financiers, through every challenge and opportunity presented through the lifecycle of a film. Moreover, because we represent both financiers and filmmakers, we can often help balance their interests and make it easier for them to communicate and work together effectively. It’s our mission to be trusted strategic advisors to our clients, moving far beyond simply negotiating and drafting or reviewing documents.

In this environment, it’s more important than ever to think big picture and make sure you have expert advice.

 

© 2019 Mitchell Silberberg & Knupp LLP
This post was written by Steven G. Krone of Mitchell Silberberg & Knupp LLP.
Read more entertainment legal news on our Entertainment Type of Law Page.

Save the Internet Act of 2019 Introduced

On 6 March 2019, Democrats in the House and Senate introduced the “Save the Internet Act of 2019.” The three-page bill (1) repeals the FCC’s Restoring Internet Freedom Order released in early 2018, as adopted by the Republican-led FCC under Chairman Ajit Pai; (2) prohibits the FCC from reissuing the RIF Order or adopting rules substantively similar to those adopted in the RIF Order; and (3) restores the Open Internet Order released in 2015, as adopted by the Democratic-led FCC under Chairman Tom Wheeler.

Major Impacts:

  • Broadband Internet Access Service (BIAS) is reclassified as a “telecommunications service,” potentially subject to all provisions in Title II of the Communications Act.

  • The three bright line rules of the Open Internet Order are restored: (1) no blocking of access to lawful content, (2) no throttling of Internet speeds, exclusive of reasonable network management practices, and (3) no paid prioritization.

  • Reinstates FCC oversight of Internet exchange traffic (transit and peering), the General Conduct Rule that authorizes the FCC to address anti-competitive practices of broadband providers, and the FCC’s primary enforcement authority over the Open Internet Order’s rules and policies.

  • Per the Open Internet Order, BIAS and all highspeed Internet access services remain subject to the FCC’s exclusive jurisdiction and the revenues derived from these services remain exempt from USF contribution obligations.

  • The prescriptive service disclosure and marketing rules of the Open Internet Order, subject to the small service provider exemption, would apply in lieu of the Transparency Rule adopted in the RIF Order.

FCC Chairman Pai promptly issued a statement strongly defending the merits and benefits of the RIF Order.

KH Assessment

  • From a political perspective, Save the Internet Act of 2019 garners support from many individuals and major edge providers committed to net neutrality principles but faces challenges in the Republican-controlled Senate.

  • In comments filed in the proceeding culminating in the RIF Order, the major wireline and wireless broadband providers supported a legislative solution that codified the no blocking and no throttling principles but not the no-paid prioritization prohibition or classifying BIAS as a telecommunications service.

It is highly unlikely that the legislation will be enacted as introduced. Though still unlikely, there is a better chance that a legislative compromise may be reached.

 

© 2019 Keller and Heckman LLP.

Five Unanswered Questions on the Medicare for All Act

On February 27, 2019, Representative Pramila Jayapal (D-WA) and more than 100 co-sponsors in the House of Representatives introduced the Medicare for All Act (HR 1384). The bill, like its predecessors, creates a single payer, government-funded health care program. The new program would cover enumerated medical benefits, prescription drugs, vision, dental, mental health and substance abuse services.

As expected, progressive House Democrats are using Medicare for All to message their position on coverage expansion heading into the 2020 election. The legislation threatens to expose divides in the Democratic Party, with some Democratic leaders publicly silent on the bill as the left flank of the party tries to advance the proposal. In previous years, other Democrats introduced competing proposals aimed at tackling coverage, including Medicaid and Medicare Buy-In approaches. Messaging the future of the Affordable Care Act (ACA), covering the un- and underinsured, and reducing costs promise to dominate the airwaves in the lead-up to the 2020 presidential election.

It is unclear whether Medicare for All will see a vote on the House floor, either as a whole or in its component parts. Even if the bill were to pass in the House, it is almost certainly doomed in the Republican-controlled Senate. Regardless of the bill’s fate, stakeholders should take this opportunity to prepare for forthcoming conversations about how to address the uninsured population and the rising cost of health care.

Many components of the bill are consistent with versions introduced in previous congressional sessions. There are many questions raised by the legislation: This +Insight focuses on five big ones for stakeholders to consider as they evaluate Medicare for All:

1. Is Medicare for All the Democrats’ “Repeal and Replace”?

Since the enactment of the ACA, congressional Republicans have run on “Repeal and Replace” as a counter message to the Democrats’ signature legislative achievement. When the balance of power shifted in Washington after the 2016 election, pressure intensified on Republican lawmakers to come up with an alternative to the ACA. Ultimately, efforts to repeal and replace the ACA failed legislatively, and efforts to modify the law have been piecemeal and primarily regulatory.

Similarly, Medicare for All and other single payer proposals have largely been Democratic messaging tools, with many of the details unspecified or unaddressed, and many aspects of the proposals ambiguous. If Democrats were to see a presidential victory in 2020, will they be in the same “dog that caught the car” position?

2. How much time is necessary to revamp the US health care system?

Medicare for All is a fundamental, sweeping policy change to the way the United States pays for health care. The legislation reorganizes nearly one-fifth of the nation’s economy. Rep. Jayapal’s proposal envisions a very quick transition to the new system—a two-year period, with certain individuals eligible to enroll in Medicare for All beginning one year after the date of enactment. Other proposals, including Senator Bernie Sanders’ (I-VT) Medicare for All plan, have contemplated longer transition periods (four years in the case of the Sanders plan). In interviews following the bill’s release, Rep. Jayapal stated that the swift transition was necessary because a longer transition period would provide perverse incentives in the marketplace.

As a messaging tool, the short transition period serves its purpose: to illustrate that the bill’s supporters are serious and are taking quick action to reform the health care marketplace. Practically speaking, however, if this or a similar bill were to make it across the finish line, the aggressive timeline could create additional challenges. To ensure success while preventing delay requires a delicate balance.

For example, when the ACA passed in 2010, states were mandated to expand Medicaid coverage and given a four-year transition period to make the necessary changes.[1] That was a far smaller expansion than the one envisioned by Medicare for All, and lawmakers provided twice the time to implement it. Nine years later, legal complications and administration changes mean the outlook is still murky. At the same time, if the transition is too long, advocates risk giving opponents time to pressure Congress for delays, as evidenced by the repeated delays and suspension of some of the taxes imposed by the ACA.

3. What might supplemental coverage look like?

Like previous single payer bills, this bill outlaws the sale of private health coverage that duplicates the benefits provided under Medicare for All. It similarly prohibits an employer from providing benefits to employees, retirees and their dependents. The bill also covers many services currently served by a supplemental market—vision, dental, hearing, long-term care and prescription medication, for example.

The bill contains two provisions, however, that leave open the potential for a private market to exist. First, the bill allows the sale of insurance for additional benefits not covered by the Act.[2] Second, like others before it, this bill leaves significant discretion to the Secretary of Health and Human Services regarding coverage for certain categories of services. If the Secretary promulgates rules and regulations that provide minimal coverage, could a private supplemental market thrive? If the Secretary goes the other direction, what would be left for the private market to profitably cover?

4. What is the role of the states?

Under this legislation, states may provide additional benefits for their residents, and may provide benefits to individuals not eligible under the Act at the state’s expense, provided that the state’s rules provide equal or greater eligibility and access than the single payer plan.

States thus could potentially treat Medicare for All as a floor and build policies to expand services and coverage within state lines. However, this would all be on the state’s dime. The bill effectively ends the Medicaid program, which is where many states have the opportunity to innovate with service and coverage expansion. What would states be able to accomplish without a federal matching rate?

5. What becomes of value-based purchasing?

The legislation would require the Secretary to establish a national fee schedule for items and services provided under the Act. The Secretary is required to take into account the value of items and services provided and amounts currently paid. The Secretary will negotiate annually the prices to be paid for pharmaceuticals, medical supplies, medical technology and equipment.[3]

The legislation sunsets all federal pay-for-performance programs and terminates value-based purchasing, including the merit-based incentive payment system, incentives for meaningful use of electronic health records technology, alternative payment models, hospital value-based purchasing, payment adjustments for health-care-acquired infections, the Medicare Shared Savings Program, independence at home and the hospital readmissions reduction program.[4]

The bill’s approach of shifting back to fee-for-service payments (as evidenced by the programs the bill would eliminate) is interesting, coming as it does after years of congressional, administration and private market efforts to move toward a value-based payment system. Do the bill’s authors envision reinstituting these types of programs once the new system settles? Do the authors believe these programs are no longer necessary given the global payments approach included in the bill?

Conclusion

There will be ample opportunities to draw out the consequences (intended and unintended) of implementing this sweeping change in how health care is provided in the United States. The House Rules and Budget Committees have already confirmed intentions to hold hearings on this bill. The House Energy and Commerce and Ways and Means Committees, which notably are the committees of jurisdiction, do not have immediate plans to hold hearings on the bill as a whole, but they are already discussing specific policy provisions. The Democratic presidential primary will certainly keep this issue at the forefront of health care policy in 2019 and 2020.

[1] In National Federation of Independent Business v. Sebelius, the Supreme Court of the United States ruled that Congress could not require states to expand the Medicaid program. Medicaid expansion then became an option for states.

[2] Section 107.

[3] Section 616.

[4] Section 903.

 

© 2019 McDermott Will & Emery
This post was written by Mara McDermott and Rachel Stauffer from McDermott Will & Emery.

Cleaning Product Manufacturers Gear Up for Compliance with State Ingredient Disclosure Laws

Over the next year, California and New York will begin phasing in requirements for manufacturers of cleaning products – including household cleaners, as well as and clothes and dish detergents – to make extensive ingredient disclosures. This will eventually require disclosures on both product labels and manufacturer websites. Both laws involve complex questions regarding which ingredients must be disclosed, whether certain chemical identities may be withheld to protect confidential business information (CBI), and what else must be publicly disclosed (e.g., certain manufacturer studies). Manufacturers of in-scope products should gear up for compliance now.

Scope of Cleaning Products Covered

The California Cleaning Products Right to Know Act applies to general cleaning products (e.g., soaps and detergents for fabric, dishes, counters, and appliances); polish or floor maintenance products; certain air care products (e.g., indoor air fresheners); certain automotive products (e.g., cleaning, polishing, or waxing products for the exterior or interior of automobiles). The law does not apply to food; drugs; cosmetics (including personal care items such as shampoo, hand soap, and toothpaste); or industrial products specifically manufactured for, and exclusively used in, certain industries.

The New York law applies to products “containing a surfactant as a wetting or dirt emulsifying agent and used primarily for domestic or commercial cleaning purposes, including but not limited to the cleansing of fabrics, dishes, food utensils, and household and commercial premises.” The definition contains exclusions for food; drugs; cosmetics; and pesticides.

California Disclosure Requirements

The California law will impose separate disclosure requirements applicable to product labels (effective January 1, 2021) and manufacturer websites (effective January 1, 2020).

Label Requirements

The product labeling requirements go into effect on January 1, 2021. Determining whether the chemical identity of an ingredient needs to be disclosed on the label can be a complicated process necessitating answers to the following questions.

  • Is the ingredient on a designated list? The law requires disclosure of certain ingredients that appear on one or more lists maintained by environmental agencies worldwide, including California’s Proposition 65 list; the European Union list of Substances of Very High Concern (SVHCs); chemicals for which neurotoxicity is indicated by EPA’s Integrated Risk Information System; chemicals with certain EU classification (carcinogens, mutagens, or reproductive toxicants); chemicals identified as persistent, bioaccumulative, and toxic under the Canadian Environmental Protection Act; etc.
  • Has the ingredient been intentionally added to the product? The law defines “intentionally added ingredient” as: “a chemical that a manufacturer has intentionally added to a designated product and that has a functional or technical effect in the designated product, including, but not limited to, the components of intentionally added fragrance ingredients and colorants and intentional breakdown products of an added chemical that also have a functional or technical effect in the designated product.”
  • Is the ingredient a listed fragrance allergen? The law requires disclosure of certain fragrance allergens included on Annex III of the EU Cosmetics Regulation No. 1226/2009, as required by be labeled by the EU Detergents Regulation No. 648/2004.
  • Is the ingredient eligible for CBI protection? The law provides certain disclosure protections for ingredients that appear on the Toxic Substances Control Act Confidential Inventory or for which the manufacturer or its supplier claim protection under the Uniform Trade Secrets Act. CBI claims are not available for certain ingredients, including intentionally added ingredients that appear on a designated list.

The law also requires that a product label include the manufacturer’s phone number and website. If the list does not disclose all intentionally added ingredients in the product, the label must contain a statement similar to “For more ingredient information, visit [manufacturer’s website].”

Website Requirements

The website disclosure requirements go into effect on January 1, 2020. These are broader than the product label requirements, i.e., there may be some ingredients that must be disclosed on a website but need not be disclosed on the product label. Generally, all intentionally added ingredients must be disclosed on the manufacturer’s website (with certain exceptions, e.g., for CBI ingredients), as must any of 34 substances listed in the law if they are present at or above 100 parts per million, whether intentionally or not. Manufacturers’ websites also must contain additional information, for example Chemical Abstract Service numbers, the purpose of certain ingredients (e.g., fragrance, color, etc.), certain regulatory information, and links to safety data sheets.

New York Disclosure Requirements

New York law has long empowered the Department of Environmental Conservation (DEC) to require manufacturers of household cleaning products to disclose certain information. N.Y. Envtl. Conserv. Law § 35-0103. Until recently, DEC’s disclosure requirements were largely limited to phosphorous-containing ingredients and to other ingredients above 5% concentration. In 2017, DEC proposed expanded disclosure requirements and solicited stakeholder input on the proposal. Future reporting requirements, to be phased in starting this year, will significantly expand the scope of disclosures manufacturers must make.

DEC originally announced the deadline for initial disclosures to be July 1, 2019. DEC recently announced, however, that it would not begin enforcing any violations until October 2, 2019, making the new de facto compliance deadline October 1, 2019. By that date, manufacturers of in-scope products should complete and submit DEC’s Certification Form, as well as make the required disclosures on its website. The Certification Form must be re-submitted at a minimum every two years thereafter, and additionally when a triggering event occurs (e.g., change in formulation).

The first round of disclosure will require the identification of all intentionally added ingredients other than fragrance ingredients, as well as all nonfunctional ingredients present above trace quantities. The law allows manufacturers to assert CBI claims to protect the identity of certain chemicals. Disclosure requirements for additional ingredients will be phased in on July 1, 2020 and January 1, 2023.

Manufacturers must also disclose additional information, including:

  • Whether ingredients are present on one or more lists of concern (e.g., certain substances regarded by the EU as SVHCs, etc.), regardless of whether the identity of the chemical is withheld due to a CBI claim;
  • Whether ingredients are nanoscale materials;
  • The function of ingredients (e.g., fragrance, color, etc.); and
  • Information regarding investigations and research the manufacturer has conducted or directed regarding environmental or health effects of ingredients.

Due to the complexity of the questions surrounding these disclosures, manufacturers would be wise to begin gathering the relevant information now.

 

© 2019 Beveridge & Diamond PC

Sex and the (Nursing) Facility

Intervening When Nursing Home Residents with Dementia Engage in Sexual Activity

If Carrie Bradshaw finds herself in a nursing home one day, what obligations will the nursing home have to oversee her sex life? The federal court of appeals in Chicago addressed that question recently, holding that skilled nursing facilities have an obligation to intervene when residents with dementia or Alzheimer’s disease engage in sexual activity.

In Neighbors Rehabilitation Center, LLC v. United States Department of Health and Human Services, three residents who suffered from dementia and/or Alzheimer’s disease engaged in what the facility viewed as consensual sexual activities. One 80-year-old resident suffered from dementia but functioned at a relatively high level. His care plan required staff to assess whether his behavior endangered other residents and to intervene as necessary. Another 65-year-old male resident with Alzheimer’s and dementia had significant cognitive impairments and had exhibited socially inappropriate behaviors, including asking staff to perform sex acts and inappropriately touching staff. The third resident, a 77-year-old female who suffered from Alzheimer’s, had low cognitive functioning and severe hearing impairment.

At various times, the nursing facility staff found two of these residents engaged in sexual activities but failed to intervene because staff viewed the acts as consensual. A survey by the Illinois Department of Public Health, acting for itself and for the Centers for Medicare & Medicaid Services (CMS), cited the nursing facility with an immediate jeopardy violation for failing to adequately supervise the residents and a level J violation of the federal nursing home standards. The surveyors alleged that the nursing facility allowed residents to have consensual sexual interactions and that supervisors told staff they should not intervene or report sexual interactions unless a participant showed outward signs of non-consent.

The nursing facility argued that even residents with cognitive impairments have the right to engage in consensual intimate relationships and that staff monitored the relationships in question as necessary.
The CMS administrative law judge upheld the survey findings after a hearing. In response, the CMS Appeals Board and the nursing facility appealed those decisions to the federal court.

The federal appeals court began its analysis by noting that the facility did not dispute that the sexual interactions had occurred. Rather, the facility only disputed whether its handling of the interactions was inadequate or hazardous under the applicable regulations.

The facility alleged that it had sufficiently monitored the residents’ interactions in a way that properly balanced the residents’ need for privacy against their right to safety and that the staff knew to look for signs that any interaction was not consensual. The court noted, however, that when nursing home residents have cognitive or physical impairments, a facility must ensure that such intimate relationships are, in fact, consensual and that the nursing facility had failed to exercise that level of care.

The court also noted that the facility records showed no evidence that it had undertaken any investigation into whether the interactions at issue were consensual or whether the residents had the capacity to consent.

The federal appeals court, therefore, upheld the finding by the CMS Appeals Board.  Because the facility failed to 1) talk to the residents about their feelings regarding these relationships, 2) document the residents’ capacity for consent and 3) obtain medical assessments of how the residents’ cognitive deficits affected their capacity to consent, the level J violation and the immediate jeopardy findings were correct.

Skilled nursing homes often have to balance residents’ right to privacy against their ability to consent to sexual activity. As with many other concerns faced by nursing facilities, the failure to document residents’ capacity to consent, consult with residents’ physicians and discuss the issue with the residents themselves is a recipe for disaster.

Carrie’s sex life will continue to be overanalyzed, even in her old age.

© 2019 Much Shelist, P.C.
This post was written by Robert K. Neiman of Much Shelist, P.C.

FTC Settlement with Video Social Networking App Largest Civil Penalty in a Children’s Privacy Case

The Federal Trade Commission (FTC) announced a settlement with Musical.ly, a Cayman Islands corporation with its principal place of business in Shanghai, China, resolving allegations that the defendants violated the Children’s Online Privacy Protection Act (COPPA) Rule.

Musical.ly operates a video social networking app with 200 million users worldwide and 65 million in the United States. The app provides a platform for users to create short videos of themselves or others lip-syncing to music and share those videos with other users. The app also provides a platform for users to connect and interact with other users, and until October 2016 had a feature that allowed a user to tap on the “my city” tab and receive a list of other users within a 50-mile radius.

According to the complaint the defendants (1) were aware that a significant percentage of users were younger than 13 years of age and (2) had received thousands of complaints from parents that their children under 13 had created Muscial.ly accounts.

The FTC’s COPPA Rule prohibits the unauthorized or unnecessary collection of children’s personal information online by internet website operators and online services, and requires that verifiable parental consent be obtained prior to the collecting, using, and/or disclosing personal information of children under the age of 13.

In addition to requiring the payment of the largest civil penalty ever imposed for a COPPA case ($5.7 million), the consent decree prohibits the defendants from violating the COPPA Rule and requires that they delete and destroy all of the personal information of children in their possession, custody, or control unless verifiable parental consent has been obtained.

FTC Commissioners Chopra and Slaughter issued a joint statement noting their belief that the FTC should prioritize uncovering the role of corporate officers and directors and hold accountable everyone who broke the law.

 

©2019 Drinker Biddle & Reath LLP. All Rights Reserved

Supreme Court Clarifies Copyright Law: “Application” v. “Registration” Finally Resolved

On Monday, March 4, 2019, the United States Supreme Court issued an opinion that clarified the long-standing issue of whether a plaintiff bringing a copyright infringement action has to have an issued registration or just a pending application. Justice Ginsburg, writing for a unanimous court, sided with the “registration approach,” which requires a litigant to have an issued registration, or a rejected application, subject to certain limited exceptions. For decades, copyright owners and their attorneys faced a patch-work of circuit and district court decisions that required either (i) an issued registration to institute an infringement action or (ii) merely have made an application to register the work(s) at issue. This decision provides certainty going forward.

In Fourth Estate Public Benefit Corp. v. Wall-Street.com, LLC, No. 17-571, the copyright owner Fourth Estate sued Wall-Street for use of news articles after a licensing agreement between the parties was terminated. Fourth Estate sued Wall-Street and its owner after it applied to register for copyright registrations for the news articles at issue but before any registrations issued. The District Court dismissed the action on defendants’ motion, the Eleventh Circuit affirmed, and the Supreme Court affirmed.

Under the Copyright Act of 1976, as amended, copyright protection attaches to “original works of authorship”— prominent among them, literary, musical, and dramatic works—“fixed in any tangible medium of expression.” 17 U.S.C. § 102(a). Before pursuing a claim for infringement, a copyright owner must comply with § 411(a)’s requirement that “registration of the copyright claim has been made.” Although rights exist before registration, the registration is a requirement that must be administratively exhausted before filing suit. An owner therefore must have an issued registration or a refusal to register from the Copyright Office. The Supreme Court referred to this as “an administrative exhaustion requirement.”

Limited exceptions apply. For example, for works that are particularly vulnerable to predistribution infringement, such as movies or musical compositions, an owner may apply for “preregistration” in which the Copyright Office conducts a limit review. Once a work is “preregistered” the owner may bring suit. However, the owner must also go on and fully register the work thereafter to maintain the action. Another exception covers live broadcasts. Suit may be brought before registration but must be made within three months of the first transmission.

For owners of copyright protected works, the take-away lesson from this decision is to register more of the works that could be subject to infringement. Strategies for protecting works, such as furniture, apparel, and musical works, have become more nuanced and strategic in recent years.

 

Copyright © 2019 Womble Bond Dickinson (US) LLP All Rights Reserved.
Read More IP news on the National Law Review’s IP Type of law page.

The Digital Revolution Takes on New Meaning: Among Calls for Heightened U.S. Data Privacy Measures, California is King

California’s ambitious new data privacy law, the California Consumer Privacy Act of 2018 (“CCPA”),[1] will go into effect on January 1, 2020, and promises to bring a new era of digital regulation to America’s shores. Financial institutions that just navigated their way through implementing the European Union’s General Data Protection Regulation (“GDPR”),[2] which became effective in May 2018,[3] may be uneasy about the prospect of complying with yet another new data privacy compliance regime. They will find some comfort in the fact that many of the systems and processes designed for GDPR compliance will serve their needs under the CCPA as well. However, between now and the go-live date of the CCPA, U.S. federal and state laws and regulations are likely to continue to evolve and expand, and financial institutions will need to prepare for CCPA implementation while staying abreast of other fast-moving developments. In this article, we provide some key takeaways for how firms can be as prepared as possible for the continuing evolution of U.S. data privacy law.

  1. The New California Data Privacy Law Will Apply Broadly to Financial Institutions with Customers in California

Financial institutions with customers who are California residents almost certainly fit within the types of businesses to which the CCPA will apply. A “business” subject to the CCPA includes for-profit sole proprietorships, partnerships, limited liability companies, corporations, associations, or any other legal entities that collect consumers’ personal information and that satisfy one or more of the following criteria:

  • has annual gross revenues in excess of $25 million;

  • alone or in combination annually buys, receives for the business’ commercial purposes, sells, or shares for commercial purposes, alone or in combination, the personal information of 50,000 or more consumers, households, or devices; or

  • derives 50% or more of its annual revenue from selling consumers’ personal information.[4]

The CCPA also applies to legal entities that control or are controlled by a CCPA-covered business, and where the two legal entities share common branding (such as a shared name, servicemark, or trademark).[5]

For U.S. businesses seeking to remain outside the purview of the CCPA, the available carve-out is extremely narrow. Businesses that collect or sell the personal information of a California resident are exempt from the CCPA only if “every aspect of that commercial conduct takes place wholly outside of California.” This requires that (a) the personal information must have been collected when the consumer was outside of California, (b) no part of the sale of the consumer’s personal information occurred in California, and (c) no personal information collected while the consumer was in California was sold. In practice, this means that any firm with a website or other digital presence visited by California residents will likely be ensnared by the CCPA even if they lack employees or a physical presence in the state.[6]

Businesses that fail to comply with the CCPA are subject to the possibility of a state enforcement action and consumer lawsuits (available only after providing notice to the business and the business fails to cure the violation within 30 days).[7] However, unlike the GDPR which can impose fines calculated as a factor of global revenue, the CCPA assesses penalties of up to $2,500 per violation and up to $7,500 per intentional violation.[8]

  1. California’s Expansive Concept of “Personal Information” Is Similar to the GDPR

When determining what consumer data will constitute personal information under the CCPA, firms can look to certain similarities with the GDPR.

Under the CCPA, “personal information” means “information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” This includes, but is not limited to, names, addresses, identification number (such as social security, driver’s license, or passport), email address, and Internet Protocol (IP) address. It also includes biometric information, internet activity information (such as web browser or search history, or information regarding a consumer’s interaction with a website), geolocation data, and employment-related or education information.[9] This definition is largely consistent with how the GDPR broadly defines “personal data” for residents of the EU.[10]

The CCPA does not apply to data that has been “deidentified,” which means personal information that cannot reasonably identify, relate to, describe, or be linked to a particular consumer.[11] This is akin to the GDPR’s exclusion for “anonymized” data which cannot be used to identify a data subject. In addition, the CCPA does not apply to “aggregate consumer information,” which is information that relates to a group or category of consumers, from which individual consumer identities have been removed, that is not linked or reasonably linkable to any consumer or household or device.[12]

One difference between the two regimes, however, is that the CCPA’s definition of personal information excludes “publicly available” information, which is information that is lawfully made available from federal, state, or local government records.[13] The GDPR does not have a similar exception and instead provides the same protections to personal data regardless of its source.

  • California Consumers Will Enjoy a New Bill of Rights Protecting their Personal Information

Another similarity between the CCPA and the GDPR is the recognition of several fundamental rights that consumers will soon enjoy relating to the collection, use, and sale of their personal information. Under the CCPA, these can effectively be described as:

  • Right of Disclosure. A business that collects a consumer’s personal information will be required, at or before the point of collection, to inform consumers as to the categories of personal information to be collected and the purposes for which the categories of personal information will be used.[14] A consumer, e., a “natural person who is a California resident,” will also have the right to request such a business disclose to that consumer the categories and specific pieces of personal information the business has collected.[15] Such a request must be complied with promptly, by mail or electronically, and free of charge to the consumer; however, businesses will not be required to provide such information per consumer request more than twice in a 12-month period.[16] Together with this right, consumers will also have the ability to request the business or commercial purpose for collecting or selling personal information, and the categories of third parties with whom the business shares personal information.[17] Finally, consumers will have the right to request that a business that sells the consumer’s personal information, or discloses it for a business purpose, disclose what personal information was collected and the categories of third parties to whom it was sold.[18]

  • Right of Deletion. A consumer will have the right to request that a business delete any personal information about the consumer which the business has collected from the consumer.[19] If a business has received such a request, it will be required not only to delete the consumer’s personal information from its records, but also to direct any service providers to do the same.[20] This obligation to delete personal information at consumer request is subject to several exceptions, including for the completion of a financial transaction, to detect security incidents or debug errors, and to comply with legal obligations.[21]

  • Right to “Opt Out.” A consumer will have the right to direct a business that sells personal information about the consumer to third parties not to sell the consumer’s personal information going forward.[22] Once a business has received such an instruction from a consumer, it may not resume selling that consumer’s personal information unless express authorized to do so.[23] This right of a consumer to “opt out” must be clearly communicated to consumers on a business’ website under a banner titled “Do Not Sell My Personal Information,” with an accompanying link that enables a customer to opt out of the sale of the consumer’s personal information.[24]

  • Right to Non-Discrimination. Businesses will be prohibited from discriminating against consumers who exercise their various rights under the CCPA by denying them goods or services, charging different prices, or providing a different level or quality of goods or services.[25]

  1. Financial Institutions Should Not Expect a Complete Carve-Out Under Federal Law

The CCPA will not apply to personal information that is collected, processed, sold, or disclosed under certain federal laws.[26] One such law is the Gramm-Leach-Bliley Act (“GLBA”),[27] which covers financial institutions that offer consumers financial products, like banks, and contains its own consumer privacy-related protections.[28] However, this is not a complete exception because the CCPA defines personal information far more broadly than the financial-transaction-related data contemplated by the GLBA, and includes such data as browser history and IP address. As a result, firms will need to contemplate what personal information they collect in addition to what is captured under the GLBA and be prepared to protect it accordingly under the CCPA.

  1. Conclusion

California may be the next big word on U.S. data privacy legislation, but it is unlikely to be the last. In recent years, Congress and other states have faced increased pressure to explore new cybersecurity and data privacy legislation due to a multitude of factors including a growing awareness of how businesses collect and use personal information as seen with Cambridge Analytica’s use of Facebook data, and public frustration with companies’ perceived lackluster responses to major customer data breaches.[29] A recent report from the U.S. Government Accountability Office further highlights America’s growing appetite for GDPR-like legislation, calling it an “appropriate time for Congress to consider comprehensive Internet privacy legislation.”[30]  And while the last Congress failed to enact any new national data privacy legislation into law, both the House and Senate have held hearings recently to receive testimony on guiding principles for a potential federal data privacy law, with a key question being whether any such law should preempt state laws like the CCPA.[31] So while a full-blown U.S. equivalent of the GDPR may not yet be in the cards, the current mood among the public and among lawmakers points in the direction of more rather than less intensive data privacy rules to come.

1  SB-1121 California Consumer Privacy Act of 2018 (Sept. 24, 2018), 

2 European Commission, General Data Protection Regulation (Regulation (EU) 2016/679) of the European Parliament.

3  See Joseph Moreno et al., The EU’s New Data Protection Regulation – Are Your Cybersecurity and Data Protection Measures up to Scratch?, Cadwalader, Wickersham & Taft LLP (Mar. 6, 2017), .

4   Cal. Civ. Code § 1798.140(c)(1).

5   § 1798.140(c)(2).

6   § 1798.145(a)(6).

7   § 1798.150(b).

8   § 1798.155(b).

9   § 1798.140(o)(1).

10  Article 4 of the GDPR defines “personal data” as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”

11  § 1798.140(h).

12  § 1798.140(a).

13  § 1798.140(o)(2). Under the CCPA, personal information loses its “publically available” designation if that data is “used for a purpose that is not compatible with the purpose for which the data is maintained and made available in the government records or for which it is publicly maintained.” Id.

14  § 1798.100(b).

15  § 1798.100(a).

16  § 1798.100(d).

17  § 1798.110(a).

18  § 1798.115(a).

19  § 1798.105(a).

20  § 1798.105(c).

21  § 1798.105(d).

22  § 1798.120(a).

23  § 1798.120(c).

24  § 1798.135(a)(1).

25  § 1798.125(a)(1).

26  § 1798.145(e).

27  15 U.S.C. §§ 6801-6809, 6821-6827.

28  Federal Financial Institutions Examination Council, Gramm-Leach-Bliley Summary of Provisions.

29  See Joseph Moreno, States Respond to Equifax Cyber Breach with Enforcement Actions and Calls for Enhanced Regulatory Powers, Cadwalader, Wickersham & Taft LLP (Oct. 13, 2017).

30  United States Government Accountability Office, Internet Privacy Additional Federal Authority Could Enhance Consumer Protection and Provide Flexibility (Jan. 2019), https://www.gao.gov/assets/700/696437.pdf.

31  U.S. House Committee on Energy & Commerce Subcommittee on Consumer Protection & Commerce, Hearing on “Protecting Consumer Privacy in the Era of Big Data(Feb. 26, 2019), ; U.S. Senate Committee on Commerce, Science, and Transportation, Policy Principles for a Federal Data Privacy Framework in the United States (Feb. 27, 2019), ; Alfred Ng, At Hearing on Federal Data-Privacy Law, Debate Flares Over State Rules, CNET (Feb. 26, 2019), ; Daniel R. Stoller, New FTC Powers Weighed in Senate Data Privacy Hearing (1), Bloomberg Law (Feb. 27, 2019), .

 

© Copyright 2019 Cadwalader, Wickersham & Taft LLP

Lactation Law Update: New York and Illinois

Recent developments require employers to reevaluate their lactation and nursing policies and practices to ensure that they are in compliance with newly enacted local laws in New York City and Illinois.

Changes to New York City Lactation Laws: Effective March 17, 2019

Since 2007, New York City employers with four or more employees have been required to provide reasonable unpaid break time (or to allow an employee to use paid break/meal time) to express breast milk in the workplace, for up to three years following the birth of a child, and to make reasonable efforts to provide a room, other than a restroom, to express milk in private.

Additional lactation-related obligations for New York City employers with four or more employees go into effect on March 17, 2019. For example, by that date, a covered employer must provide lactating employees with a sanitary “lactation room,” which is not a restroom, and which has, at minimum, an electrical outlet, a chair, a surface on which to place a breast pump and other personal items, and nearby access to running water. The lactation room must be made available to the employee for lactation purposes only when it is needed (and notice to other employees regarding the same is required), and a refrigerator and the room itself must be in “reasonable proximity” to the employee’s work area.

Notably, the required lactation room must be provided unless the employer can establish an “undue hardship,” in which case the employer must engage in a cooperative dialogue with the employee to determine alternative accommodations and issue a final written determination to the employee that identifies any accommodation(s) that were granted or denied.

In addition, by March 17, 2019, a covered employer in New York City must implement a written lactation room accommodation policy, which states that employees have the right to request a lactation room and identifies the process (as outlined in the Administrative Code) by which an employee may request a lactation room. All new employees must receive the lactation room policy upon hire.

Changes to Illinois’s Lactation Law: Effective August 2018

Like many employers in New York, Illinois employers with five or more employees have been required, since 2001, to provide employees with reasonable unpaid break time to express breast milk, in an appropriate room that is not a toilet stall.

Effective August 2018, the Illinois Nursing Mothers in the Workplace Act was amended. Now, Illinois employers with at least five employees must provide “reasonable break time” each time an employee needs to express breast milk, for up to one year following the child’s birth. While the break time “may” run concurrently with any other break time, the employee’s pay cannot be reduced due to the time spent expressing milk or nursing a baby – meaning, in effect, that any additional break time needed to express milk or nurse must be paid. Further, covered employers in Illinois who do not provide the requisite break time must show, if challenged, that providing the breaks is an “undue hardship” – a heightened burden than that previously imposed under the Act.

Employers should act quickly to ensure full compliance with all of the requirements of the new lactation laws.

 

© 2019 Vedder Price.
This post was written by Elizabeth N. Hall and Grace L. Urban