EDPB on Dark Patterns: Lessons for Marketing Teams

“Dark patterns” are becoming the target of EU data protection authorities, and the new guidelines of the European Data Protection Board (EDPB) on “dark patterns in social media platform interfaces” confirm their focus on such practices. While they are built around examples from social media platforms (real or fictitious), these guidelines contain lessons for all websites and applications. The bad news for marketers: the EDPB doesn’t like it when dry legal texts and interfaces are made catchier or more enticing.

To illustrate, in a section of the guidelines regarding the selection of an account profile photo, the EDPB considers the example of a “help/information” prompt saying “No need to go to the hairdresser’s first. Just pick a photo that says ‘this is me.’” According to the EDPB, such a practice “can impact the final decision made by users who initially decided not to share a picture for their account” and thus makes consent invalid under the General Data Protection Regulation (GDPR). Similarly, the EDPB criticises an extreme example of a cookie banner with a humourous link to a bakery cookies recipe that incidentally says, “we also use cookies”, stating that “users might think they just dismiss a funny message about cookies as a baked snack and not consider the technical meaning of the term “cookies.”” The EDPB even suggests that the data minimisation principle, and not security concerns, should ultimately guide an organisation’s choice of which two-factor authentication method to use.

Do these new guidelines reflect privacy paranoia or common sense? The answer should lie somewhere in between, but the whole document (64 pages long) in our view suggests an overly strict approach, one that we hope will move closer to commonsense as a result of a newly started public consultation process.

Let us take a closer look at what useful lessons – or warnings – can be drawn from these new guidelines.

What are “dark patterns” and when are they unlawful?

According to the EDPB, dark patterns are “interfaces and user experiences […] that lead users into making unintended, unwilling and potentially harmful decisions regarding the processing of their personal data” (p. 2). They “aim to influence users’ behaviour and can hinder their ability to effectively protect their personal data and make conscious choices.” The risk associated with dark patterns is higher for websites or applications meant for children, as “dark patterns raise additional concerns regarding potential impact on children” (p. 8).

While the EDPB takes a strongly negative view of dark patterns in general, it recognises that dark patterns do not automatically lead to an infringement of the GDPR. The EDPB acknowledges that “[d]ata protection authorities are responsible for sanctioning the use of dark patterns if these breach GDPR requirements” (emphasis ours; p. 2). Nevertheless, the EDPB guidance strongly links the concept of dark patterns with the data protection by design and by default principles of Art. 25 GDPR, suggesting that disregard for those principles could lead to a presumption that the language or a practice in fact creates a “dark pattern” (p. 11).

The EDPB refers here to its Guidelines 4/2019 on Article 25 Data Protection by Design and by Default and in particular to the following key principles:

  • “Autonomy – Data subjects should be granted the highest degree of autonomy possible to determine the use made of their personal data, as well as autonomy over the scope and conditions of that use or processing.
  • Interaction – Data subjects must be able to communicate and exercise their rights in respect of the personal data processed by the controller.
  • Expectation – Processing should correspond with data subjects’ reasonable expectations.
  • Consumer choice – The controllers should not “lock in” their users in an unfair manner. Whenever a service processing personal data is proprietary, it may create a lock-in to the service, which may not be fair, if it impairs the data subjects’ possibility to exercise their right of data portability in accordance with Article 20 GDPR.
  • Power balance – Power balance should be a key objective of the controller-data subject relationship. Power imbalances should be avoided. When this is not possible, they should be recognised and accounted for with suitable countermeasures.
  • No deception – Data processing information and options should be provided in an objective and neutral way, avoiding any deceptive or manipulative language or design.
  • Truthful – the controllers must make available information about how they process personal data, should act as they declare they will and not mislead data subjects.”

Is data minimisation compatible with the use of SMS two-factor authentication?

One of the EDPB’s positions, while grounded in the principle of data minimisation, undercuts a security practice that has grown significantly over the past few years. In effect, the EDPB seems to question the validity under the GDPR of requests for phone numbers for two-factor authentication where e-mail tokens would theoretically be possible:

“30. To observe the principle of data minimisation, [organisations] are required not to ask for additional data such as the phone number, when the data users already provided during the sign- up process are sufficient. For example, to ensure account security, enhanced authentication is possible without the phone number by simply sending a code to users’ email accounts or by several other means.
31. Social network providers should therefore rely on means for security that are easier for users to re[1]initiate. For example, the [organisation] can send users an authentication number via an additional communication channel, such as a security app, which users previously installed on their mobile phone, but without requiring the users’ mobile phone number. User authentication via email addresses is also less intrusive than via phone number because users could simply create a new email address specifically for the sign-up process and utilise that email address mainly in connection with the Social Network. A phone number, however, is not that easily interchangeable, given that it is highly unlikely that users would buy a new SIM card or conclude a new phone contract only for the reason of authentication.” (emphasis ours; p. 15)

The EDPB also appears to be highly critical of phone-based verification in the context of registration “because the email address constitutes the regular contact point with users during the registration process” (p. 15).

This position is unfortunate, as it suggests that data minimisation may preclude controllers from even assessing which method of two-factor authentication – in this case, e-mail versus SMS one-time passwords – better suits its requirements, taking into consideration the different security benefits and drawbacks of the two methods. The EDPB’s reasoning could even be used to exclude any form of stronger two-factor authentication, as additional forms inevitably require separate processing (e.g., phone number or third-party account linking for some app-based authentication methods).

For these reasons, organisations should view this aspect of the new EDPB guidelines with a healthy dose of skepticism. It likewise will be important for interested stakeholders to participate in the consultation to explain the security benefits of using phone numbers to keep the “two” in two-factor authentication.

Consent withdrawal: same number of clicks?

Recent decisions by EU regulators (notably two decisions by the French authority, the CNIL have led to speculation about whether EU rules effectively require website operators to make it possible for data subjects to withdraw consent to all cookies with one single click, just as most websites make it possible to give consent through a single click. The authorities themselves have not stated that this is unequivocally required, although privacy activists notably filed complaints against hundreds of websites, many of them for not including a “reject all” button on their cookie banner.

The EDPB now appears to side with the privacy activists in this respect, stating that “consent cannot be considered valid under the GDPR when consent is obtained through only one mouse-click, swipe or keystroke, but the withdrawal takes more steps, is more difficult to achieve or takes more time” (p. 14).

Operationally, however, it seems impossible to comply with a “one-click withdrawal” standard in absolute terms. Just pulling up settings after registration or after the first visit to a website will always require an extra click, purely to open those settings. We expect this issue to be examined by the courts eventually.

Is creative wording indicative of a “dark pattern”?

The EDPB’s guidelines contain several examples of wording that is intended to convince the user to take a specific action.

The photo example mentioned in the introduction above is an illustration, but other (likely fictitious) examples include the following:

  • For sharing geolocation data: “Hey, a lone wolf, are you? But sharing and connecting with others help make the world a better place! Share your geolocation! Let the places and people around you inspire you!” (p.17)
  • To prompt a user to provide a self-description: “Tell us about your amazing self! We can’t wait, so come on right now and let us know!” (p. 17)

The EDPB criticises the language used, stating that it is “emotional steering”:

“[S]uch techniques do not cultivate users’ free will to provide their data, since the prescriptive language used can make users feel obliged to provide a self-description because they have already put time into the registration and wish to complete it. When users are in the process of registering to an account, they are less likely to take time to consider the description they give or even if they would like to give one at all. This is particularly the case when the language used delivers a sense of urgency or sounds like an imperative. If users feel this obligation, even when in reality providing the data is not mandatory, this can have an impact on their “free will”” (pp. 17-18).

Similarly, in a section about account deletion and deactivation, the EDPB criticises interfaces that highlight “only the negative, discouraging consequences of deleting their accounts,” e.g., “you’ll lose everything forever,” or “you won’t be able to reactivate your account” (p. 55). The EDPB even criticises interfaces that preselect deactivation or pause options over delete options, considering that “[t]he default selection of the pause option is likely to nudge users to select it instead of deleting their account as initially intended. Therefore, the practice described in this example can be considered as a breach of Article 12 (2) GDPR since it does not, in this case, facilitate the exercise of the right to erasure, and even tries to nudge users away from exercising it” (p. 56). This, combined with the EDPB’s aversion to confirmation requests (see section 5 below), suggests that the EDPB is ignoring the risk that a data subject might opt for deletion without fully recognizing the consequences, i.e., loss of access to the deleted data.

The EDPB’s approach suggests that any effort to woo users into giving more data or leaving data with the organisation will be viewed as harmful by data protection authorities. Yet data protection rules are there to prevent abuse and protect data subjects, not to render all marketing techniques illegal.

In this context, the guidelines should in our opinion be viewed as an invitation to re-examine marketing techniques to ensure that they are not too pushy – in the sense that users would in effect truly be pushed into a decision regarding personal data that they would not otherwise have made. Marketing techniques are not per se unlawful under the GDPR but may run afoul of GDPR requirements in situations where data subjects are misled or robbed of their choice.

Other key lessons for marketers and user interface designers

  • Avoid continuous prompting: One of the issues regularly highlighted by the EDPB is “continuous prompting”, i.e., prompts that appear again and again during a user’s experience on a platform. The EDPB suggests that this creates fatigue, leading the user to “give in,” i.e., by “accepting to provide more data or to consent to another processing, as they are wearied from having to express a choice each time they use the platform” (p. 14). Examples given by the EDPB include the SMS two-factor authentication popup mentioned above, as well as “import your contacts” functionality. Outside of social media platforms, the main example for most organisations is their cookie policy (so this position by the EDPB reinforces the need to manage cookie banners properly). In addition, newsletter popups and popups about “how to get our new report for free by filling out this form” are frequent on many digital properties. While popups can be effective ways to get more subscribers or more data, the EDPB guidance suggests that regulators will consider such practices questionable from a data protection perspective.
  • Ensure consistency or a justification for confirmation steps: The EDPB highlights the “longer than necessary” dark pattern at several places in its guidelines (in particular pp. 18, 52, & 57), with illustrations of confirmation pop-ups that appear before a user is allowed to select a more privacy-friendly option (and while no such confirmation is requested for more privacy-intrusive options). Such practices are unlawful according to the EDPB. This does not mean that confirmation pop-ups are always unlawful – just that you need to have a good justification for using them where you do.
  • Have a good reason for preselecting less privacy-friendly options: Because the GDPR requires not only data protection by design but also data protection by default, make sure that you are able to justify an interface in which a more privacy-intrusive option is selected by default – or better yet, don’t make any preselection. The EDPB calls preselection of privacy-intrusive options “deceptive snugness” (“Because of the default effect which nudges individuals to keep a pre-selected option, users are unlikely to change these even if given the possibility” p. 19).
  • Make all privacy settings available in all platforms: If a user is asked to make a choice during registration or upon his/her first visit (e.g., for cookies, newsletters, sharing preferences, etc.), ensure that those settings can all be found easily later on, from a central privacy settings page if possible, and alongside all data protection tools (such as tools for exercising a data subject’s right to access his/her data, to modify data, to delete an account, etc.). Also make sure that all such functionality is available not only on a desktop interface but also for mobile devices and across all applications. The EDPB illustrates this point by criticising the case where an organisation has a messaging app that does not include the same privacy statement and data subject request tools as the main app (p. 27).
  • Be clearer in using general language such as “Your data might be used to improve our services”: It is common in most privacy statements to include a statement that personal data (e.g., customer feedback) “can” or “may be used” to improve an organisation’s products and services. According to the EDPB, the word “services” is likely to be “too general” to be viewed as “clear,” and it is “unclear how data will be processed for the improvement of services.” The use of the conditional tense in the example (“might”) also “leaves users unsure whether their data will be used for the processing or not” (p. 25). Given that the EDPB’s stance in this respect is a confirmation of a position taken by EU regulators in previous guidance on transparency, and serves as a reminder to tell data subjects how data will be used.
  • Ensure linguistic consistency: If your website or app is available in more than one language, ensure that all data protection notices and tools are available in those languages as well and that the language choice made on the main interface is automatically taken into account on the data-related pages (pp. 25-26).

Best practices according to the EDPB

Finally, the EDPB highlights some other “best practices” throughout its guidelines. We have combined them below for easier review:

  • Structure and ease of access:
    • Shortcuts: Links to information, actions, or settings that can be of practical help to users to manage their data and data protection settings should be available wherever they relate to information or experience (e.g., links redirecting to the relevant parts of the privacy policy; in the case of a data breach communication to users, to provide users with a link to reset their password).
    • Data protection directory: For easy navigation through the different section of the menu, provide users with an easily accessible page from where all data protection-related actions and information are accessible. This page could be found in the organisation’s main navigation menu, the user account, through the privacy policy, etc.
    • Privacy Policy Overview: At the start/top of the privacy policy, include a collapsible table of contents with headings and sub-headings that shows the different passages the privacy notice contains. Clearly identified sections allow users to quickly identify and jump to the section they are looking for.
    • Sticky navigation: While consulting a page related to data protection, the table of contents could be constantly displayed on the screen allowing users to quickly navigate to relevant content thanks to anchor links.
  • Transparency:
    • Organisation contact information: The organisation’s contact address for addressing data protection requests should be clearly stated in the privacy policy. It should be present in a section where users can expect to find it, such as a section on the identity of the data controller, a rights related section, or a contact section.
    • Reaching the supervisory authority: Stating the specific identity of the EU supervisory authority and including a link to its website or the specific website page for lodging a complaint is another EDPB recommendation. This information should be present in a section where users can expect to find it, such as a rights-related section.
    • Change spotting and comparison: When changes are made to the privacy notice, make previous versions accessible with the date of release and highlight any changes.
  • Terminology & explanations:
    • Coherent wording: Across the website, the same wording and definition is used for the same data protection concepts. The wording used in the privacy policy should match that used on the rest of the platform.
    • Providing definitions: When using unfamiliar or technical words or jargon, providing a definition in plain language will help users understand the information provided to them. The definition can be given directly in the text when users hover over the word and/or be made available in a glossary.
    • Explaining consequences: When users want to activate or deactivate a data protection control, or give or withdraw their consent, inform them in a neutral way of the consequences of such action.
    • Use of examples: In addition to providing mandatory information that clearly and precisely states the purpose of processing, offering specific data processing examples can make the processing more tangible for users
  • Contrasting Data Protection Elements: Making data protection-related elements or actions visually striking in an interface that is not directly dedicated to the matter helps readability. For example, when posting a public message on the platform, controls for geolocation should be directly available and clearly visible.
  • Data Protection Onboarding: Just after the creation of an account, include data protection points within the onboarding experience for users to discover and set their preferences seamlessly. This can be done by, for example, inviting them to set their data protection preferences after adding their first friend or sharing their first post.
  • Notifications (including data breach notifications): Notifications can be used to raise awareness of users of aspects, changes, or risks related to personal data processing (e.g., when a data breach occurs). These notifications can be implemented in several ways, such as through inbox messages, pop-in windows, fixed banners at the top of the webpage, etc.

Next steps and international perspectives

These guidelines (available online) are subject to public consultation until 2 May 2022, so it is possible they will be modified as a result of the consultation and, we hope, improved to reflect a more pragmatic view of data protection that balances data subjects’ rights, security, and operational business needs. If you wish to contribute to the public consultation, note that the EDPB publishes feedback it receives (as a result, we have occasionally submitted feedback on behalf of clients wishing to remain anonymous).

Irrespective of the outcome of the public consultation, the guidelines are guaranteed to have an influence on the approach of EU data protection authorities in their investigations. From this perspective, it is better to be forewarned – and to have legal arguments at your disposal if you wish to adopt an approach that deviates from the EDPB’s position.

Moreover, these guidelines come at a time when the United States Federal Trade Commission (FTC) is also concerned with dark patterns. The FTC recently published an enforcement policy statement on the matter in October 2021. Dark patterns are also being discussed at the Organisation for Economic Cooperation and Development (OECD). International dialogue can be helpful if conversations about desired policy also consider practical solutions that can be implemented by businesses and reflect a desirable user experience for data subjects.

Organisations should consider evaluating their own techniques to encourage users to go one way or another and document the justification for their approach.

Article By Peter Craddock, Sheila A. Millar, and Tracy P. Marshall of Keller and Heckman LLP

For more cybersecurity legal news, click here to visit the National Law Review.

© 2022 Keller and Heckman LLP

Surprise! The No Surprises Act Changes Again

The No Surprises Act (Act), which became effective Jan. 1, 2022, is the latest health care law passed with the best of intent: to create consumer protection from unexpected out-of-network medical bills and to create a federal independent dispute resolution (IDR) process to resolve payment disputes between payers and out-of-network providers. Unfortunately, the Act, especially the U.S. Department of Health and Human Services’ (HHS) implementation of the IDR process, also creates a new administrative burden for health care providers. Providers and medical associations filed lawsuits in multiple jurisdictions to challenge HHS’ implementation of the IDR process and the constitutionality of the Act before it was even in effect.

On Feb. 24, 2022, the United States District Court for the Eastern District of Texas granted the Texas Medical Association’s Motion for Summary Judgement to vacate select IDR requirements. The Court found that HHS’ interim final rule’s IDR process, intended to resolve payment disputes regarding reimbursement for out-of-network emergency services and out-of-network services provided at in-network facilities, was contrary to the clear language of the Act[1] (Rule).

In general, the Act[2] requires health insurance payers (Insurers) to reimburse providers for certain out-of-network services at a statutorily calculated “out-of-network rate.”[3] Where an All-Payer Model Agreement or specified state law does not exist, to set such a rate, an Insurer must issue an initial out-of-network rate decision and pay such amount to the providers within 30 days after the out-of-network claim is submitted.[4] If the provider disagrees with the Insurer’s proposed out-of-network reimbursement rate, the provider has a 30-day window to negotiate a different payment rate with the Insurer.[5] If these negotiations fail, the parties can proceed to the IDR process.[6]

Congress adopted a baseball-style arbitration model for the Act’s IDR process. The Insurer and provider each submit a proposed out-of-network rate with limited supporting evidence. The arbitrator picks one of the offers while taking into account specified considerations, including the “qualified payment amount,” the provider’s training, experience, quality, and outcomes measurements, the provider’s market share, the patient’s acuity, the provider’s teaching status, case mix, and scope of services, and the provider’s/Insurer’s good-faith attempts to enter into a network agreement.[7] The “qualifying payment amount” (QPA), is designed to represent the median rate the Insurer would pay for the item or service if it were provided by an in-network provider.[8]

The Rule requires the IDR arbitrator to select the proposed payment amount that is closest to the QPA unless “the certified IDR entity [arbitrator] determines that credible information submitted by either party … clearly demonstrates that the [QPA] is materially different[9] from the appropriate out-of-network rate.”[10] This is a clear departure from the analysis set forth in the Act.

The Texas Medical Association challenged the Rule under the Administrative Procedures Act (APA), arguing that the Departments exceeded their authority by giving “outsized weight” to one statutory factor over the others specified by Congress, and that the Departments failed to comply with the APA’s notice and comments requirements in promulgating the Rule. In turn, the Departments argued that the plaintiffs did not have standing to bring the claims.

After dispensing with defendant’s standing arguments, the Eastern District of Texas Court ruled in favor of the plaintiff’s Motion for Summary Judgment and determined that “the Act unambiguously establishes the framework for deciding payment disputes and concludes that the Rule conflicts with the statutory text.” Under the Act, the arbitrators (or certified IDR entities) “shall consider … the qualifying payment amounts” and the provider’s level of training, experience, and quality outcomes, the market share held by the provider, the patient’s acuity, the provider’s teaching status, case mix, and scope of services, and the demonstrated good faith efforts of both parties in entering into a network agreement.”[11] The Act did not specify that any one factor should be considered the “primary” or “most important” factor. The Rule, in contrast, requires arbitrators to “select the offer closest to the [QPA]” unless “credible” information, including information supporting the “additional factors,” “clearly demonstrates that the [QPA] is materially different from the appropriate out-of-network rate.”[12] The Departments characterized the other factors as “permissible additional factors” that may be considered only when appropriate.[13] The Court found that the Department’s Rule was inconsistent with the Act and that since Congress had spoken clearly on the factors to be considered in the arbitration process, the Department’s interpretation of the Act was not appropriate and had exceeded the Department’s authority.[14]

Following the Court’s decision, the Departments issued a memorandum on Feb. 28, 2022, clarifying the Act’s requirements for providers and Insurers. The memo specifically noted that the Court’s decision would not, in their opinion, affect the patient-provider dispute resolution process.[15] The Departments also stated they would withdraw any guidance inconsistent with the Court’s Opinion, provide additional training for interested parties, and keep the IDR process portal open to resolve disputes. The Departments also will be considering further rulemaking to address the IDR process.

The No Surprises Act continues to surprise us all with more adaptations. Enforcement of this new law remains uncertain in light of the numerous legal challenges, including at least one constitutionality challenge.

[1] Requirements Related to Surprise Billing: Part II, 86 Fed. Reg. 55,980 (Oct. 7, 2021).

[2] Consolidated Appropriations Act of 2021, Pub. L. No. 116-260, div. BB, tit. I, 134 Stat. 1182, 2758-2890 (2020).

[3] 300gg-111(a)(1)(C)(iv)(II) and (b)(1)(D).

[4] 300gg-111(a)(1)(C)(iv) and (b)(1)(C).

[5] 300gg-111(c)(1)(A).

[6] 300gg-111(c)(1)(B).

[7] 300gg-111(c)(5).

[8] 300gg-111(a)(3)(E)(i)(I)-(II).

[9] “Material difference” is defined as “a substantial likelihood that a reasonable person with the training and qualifications of a certified IDR entity making a payment determination would consider the submitted information significant in determining the out-of-network rate and would view the information as showing that the [QPA] is not the appropriate out-of-network rate. 149.510(a)(2)(viii).

[10] 45 C.F.R. 149.510(c)(4)(ii).

[11] 300gg-111(c)(5)(C)(i)-(ii).

[12] 45 C.F.R. 149.510(c)(4)(ii)(A).

[13] 86 Fed. Reg. 56,080.

[14] Because the Departments had exceeded their statutory authority, no Chevron deference was owed to their regulations. Chevron U.S.A. v. Natural Resources Defense Council, Inc., 468 U.S. 837 (1984).

[15] This is a separate dispute resolution process designed to address disputes between patients and providers when bills for uninsured and self-pay patients are inconsistent with the good faith estimate provided by the health care provider.

Article By Stacey A. Borowicz and Joseph D. Wheeler of Dinsmore & Shohl LLP

For more healthcare legal news, click here to visit the National Law Review.

© 2022 Dinsmore & Shohl LLP. All rights reserved.

OIG: Telehealth “Critical” to Maintaining Access to Care Amidst COVID-19

The federal Office of Inspector General (OIG) recently published a report (OIG Report) as part of a series of analyses of the expansion and utilization of telehealth in response to the COVID-19 public health emergency.  In its report, the OIG concludes that telehealth was “critical for providing services to Medicare beneficiaries during the first year of the pandemic” and that the utilization of telehealth “demonstrates the long-term potential of telehealth to increase access to health care for beneficiaries.” The OIG’s conclusions are notable because they come at a time when policymakers and health care stakeholders are determining whether and how to make permanent certain expansions of telehealth for patients nationwide.

The OIG Report is based on Medicare claims and encounter data from the “first” year of the pandemic (March 1, 2020 through February 28, 2021) as compared to data for the immediately preceding year (March 1, 2019 through February 29, 2020). Per the OIG Report, the OIG observed that approximately 43% of Medicare beneficiaries used telehealth during the first year of the pandemic, and that office visits were the most common telehealth encounter for those patients. The telehealth utilization data showed an 88-fold increase over the utilization of telehealth services for the prior year, which in part reflects the significant limitations on telehealth reimbursement under Medicare prior to COVID-19, in addition to the significant regulatory expansion of telehealth at the federal and state levels in response to COVID-19.

Interestingly, the OIG Report states that beneficiaries enrolled in a Medicare Advantage plan “were more likely to use telehealth” than Medicare fee-for-service beneficiaries, and that “CMS’s temporary policy changes enabled the monumental growth in the use of telehealth in multiple ways,” including by expanding the permissible patient locations, and the types of services that could be provided via telehealth. In addition, the OIG indicated that the use of telehealth for behavioral health services by beneficiaries “stands out” because of the higher incidence of beneficiaries accessing those services via telehealth, which may in turn influence policymaking and increase access to critical behavioral health care services.

Finally, the OIG Report notably includes a footnote which indicates that a separate report on “Program Integrity Risks” is forthcoming, which may shed light on corresponding compliance concerns that have arisen in connection with the significant expansion of telehealth in response to COVID-19.

Article By Conor O. Duffy of Robinson & Cole LLP

For more health law legal news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.

“Levitating” Lawsuits: Understanding Dua Lipa’s Copyright Infringement Troubles

Even global stardom will not make copyright woes levitate away from British superstar Dua Lipa. The pop icon is making headlines following a week of back-to-back, bi-coastal lawsuits alleging copyright infringement with her hit “Levitating.” First, on Tuesday, March 1st, members of reggae band Artikal Sound System sued Dua Lipa for copyright infringement in a Los Angeles federal district court1. Then, on Friday, March 4th, songwriters L. Russell Brown and Sandy Linzer filed their own copyright infringement lawsuit against the pop star in a New York federal district court2. Both lawsuits were filed claiming violations of the Copyright Act, 17 U.S.C. §§ 101 et seq.3

The Artikal Sound System lawsuit is short and alleges that Dua Lipa and the co-creators of “Levitating” copied Artikal Sound System’s 2017 song “Live Your Life.”4 The lawsuit does not provide any details in the allegation, other than explaining that “Live Your Life” was commercially released in 2017, was available during the time Dua Lipa and her co-creators wrote “Levitating,” and that because the two songs are substantially similar “Levitating” could not have been created independently.5 As a remedy, Artikal Sound System seeks actual damages, a portion of Dua Lipa’s profits stemming from the alleged infringement, the cost of the lawsuit, and any additional remedies the Court sees fit.6

Similarly, the Brown and Linzer lawsuit alleges that Dua Lipa and her “Levitating” co-creators copied their works “Wiggle and Giggle All Night” and “Don Diablo.”7 More specifically, the Brown and Linzer lawsuit alleges that “Levitating” is substantially similar to “Wiggle and Giggle All Night” and “Don Diablo.”8

Accordingly, the lawsuit claims that the defining melody in “Levitating,” the “signature melody,” is a direct duplicate of the opening melody in “Wiggle and Giggle All Night” and “Don Diablo,” and therefore appears in all three songs.9 As additional support, the lawsuit points to professionals and laypersons noticing a similarity between the three songs, and Dua Lipa previously admitting that she “purposely sought influences from past eras for the album Future Nostalgia.”10

As for a remedy, Brown and Linzer request full compensatory and/or statutory damages, punitive damages, an injunction on “Levitating,” a portion of Dua Lipa’s profits stemming from the alleged infringement, the cost of the lawsuit, and any additional remedies the Court sees fit.11

The copyright infringement legal framework

A general overview of the copyright infringement legal framework is helpful in assessing the potential outcomes of the “Levitating” lawsuits. Specifically, the legal framework from the 9th Circuit, where one of the “Levitating” lawsuits was filed, provides great guidance.

In order to establish copyright infringement, one must prove two elements: owning a valid copyright and copying of “constituent elements of the work that are original.”12 Importantly, when there is no direct evidence of copying, but rather circumstantial evidence, plaintiffs must show that:

  1. the accused infringers had access to the copyrighted work, and

  2. the infringing work and the copyrighted work “are substantially similar.

Plaintiffs can easily show access to the copyrighted work, but “substantial similarity” is harder to show.

2-Part Test

Luckily, the 9th Circuit devised a 2-part test to prove “substantial similarity.”13 Under the test, there is sufficient copying, and therefore “substantial similarity,” if an infringing work meets an “extrinsic” and “intrinsic” prong.14 The intrinsic prong is met if there is “similarity of expression” between the works, as evaluated from the subjective standpoint of an “ordinary reasonable observer.”15 The extrinsic prong is objective and requires comparing the “constituent elements” of the copyrighted and infringing works to see if there is substantial similarity in terms of the “protected” elements in the copyrighted work.16

As such, if the commonality between the copyrighted and infringing works is not based on “protected” elements, then the extrinsic prong is not met, and there is no “substantial similarity” between the works for purposes of a copyright infringement action. It must be noted that the 9th Circuit recognizes that, in certain situations, there can be a “substantial similarity” even if the constituent elements are individually unprotected, but only if their “selection and arrangement” reflects originality.17

To understand “substantial similarity” one must define what is “protectable” under copyright law. Copyright protection extends only to works that contain original expression.18 In this context, the standard for originality is a minimal degree of creativity.19 According to the Copyright Act, protection does not extend to ideas or concepts used in original works of authorship.20 In the musical context, copyright does not protect “common or trite musical elements, or commonplace elements that are firmly rooted in the genre’s tradition” because “[t]hese building blocks belong in the public domain and cannot be exclusively appropriated by any particular author.”21

Katy Perry “Dark Horse” case and an ostinato

While the “Levitating” lawsuits are still young, a recent decision by the 9th Circuit in the infamous Katy Perry “Dark Horse” case is a good example of how courts conduct legal analyses in copyright infringement cases. The precedential ruling (Gray v. Hudson), released on March 10th, affirms a U.S. District Judge’s decision to vacate a jury verdict that awarded US$2.8 million in damages to a group of rappers who claimed Katy Perry’s “Dark Horse” copied their song “Joyful Noise.”22

The 9th Circuit’s opinion cogently applies copyright law to hold that the plaintiffs in the original lawsuit did not provide legally sufficient evidence that “Joyful Noise” and “Dark Horse” were “extrinsically similar” in terms of musical features protected by copyright law.23

Specifically, the Court reasoned that while “Dark Horse” used an ostinato (a repeating musical figure) similar to the one in “Joyful Noise,” the resemblance in the ostinatos stemmed from “commonplace, unoriginal musical principles” and made them uncopyrightable.24 Without the ostinatos, the plaintiffs could not point to any “individually copyrightable” elements from “Joyful Noise” that were “substantially similar” in “Dark Horse.”25

Additionally, the Court held that the “Joyful Noise” ostinato was not original enough to be a protectable combination of uncopyrightable elements.26 In turn, under the legal framework for copyright infringement the plaintiffs failed to meet their burden.27 The Court put it best by opining that:

[a]llowing a copyright over [the] material would essentially amount to allowing an improper monopoly over two-note pitch sequences or even the minor scale itself, especially in light of the limited number of expressive choices available when it comes to an eight-note repeated musical figure.”28

“Levitating” lawsuits likely outcomes

Applying the copyright infringement framework to the “Levitating” lawsuits allows us to understand the likely outcomes. First, the Artikal Sound System lawsuit does not allege any direct evidence of copying. As such, Artikal Sound System must show that Dua Lipa had access to “Live Your Life” and that “Levitating” is “substantially similar” to their song under the 2-prong test. Access is easily proved, as “Live Your Life” was commercially available on multiple streaming services when Dua Lipa wrote “Levitating.”29

However, the Artikal Sound System lawsuit does not provide enough information to pass the 2-prong “substantial similarity” test. The lawsuit only alleges that “Levitating” is “substantially similar” to “Live Your Life,” but does not detail any similarities much less provide any evidence that there is similarity of expression between the works from the point of view of a reasonable observer, as required by the intrinsic component of the test.30

More importantly, the lawsuit does not even mention any protectable elements from “Live Your Life” copied in “Levitating” and would, therefore, fail the extrinsic prong of the “substantial similarity” test.31 In turn, as submitted, the Artikal Sound System lawsuit fails to make a prima facie case of copyright infringement by Dua Lipa’s “Levitating.”

The story may be different for the Brown and Linzer lawsuit. Like the first suit, the Brown and Linzer lawsuit does not provide direct evidence of copying and will therefore only succeed if it passes the circumstantial evidence requirements of 1) access and 2) “substantial similarity.” Unlike the first suit, however, the Brown and Linzer complaint includes comparisons of the notes in “Levitating” to the notes in “Wiggle and Giggle All Night” and “Don Diablo” as support for the allegation of “substantial similarity.”

The 2nd Circuit, where the lawsuit was filed, held that a court can determine as a matter of law that two works are not “substantially similar” if the similarity between the two works concerns non-copyrightable elements of the copyrighted work.32 In practice, this means that the 2nd Circuit can apply the 2-prong “substantial similarity” test. Brown and Linzer can easily prove access to “Wiggle and Giggle All Night” and “Don Diablo” since both songs are internationally popular.33

Brown and Linzer can also meet the intrinsic prong of the test because, as they point out, “laypersons” (ordinary reasonable observers) have noticed the commonality between their copyrighted works and “Levitating,” as supported by widespread postings on mediums like TikTok.34 The extrinsic prong of the test is more uncertain.

In their lawsuit, Brown and Linzer point to a “signature melody” that repeats in “bars 10 and 11 of all three songs… [and] with some slight variation, in bars 12 and 13.”35 The court may find that this “signature melody” is not protected by copyright if it reasons that a melody is a basic musical principle, much like the 9th Circuit did for ostinatos in the Katy Perry “Dark Horse” case.

At its core, it seems like Brown and Linzer will have to convince the court that a melody, which they define as “a linear succession of musical tones,” qualifies as copyrightable because it is an original creative expression. Conversely, Brown and Linzer can concede that a melody is not copyrightable, but that their original arrangement and use of the melody in their copyrighted songs is copyrightable. In the end, it will be up to whether or not a court finds that the “signature melody” is copyrightable. As such, the outcome of Brown and Linzer’s action for copyright infringement is uncertain.

Nonetheless, one thing is for sure, copied or not, “Levitating” will continue powering gym visits and nights out dancing.

Footnotes

  1. See Complaint, Cope v. Warner Records, Inc., Case 2:22-cv-01384 (C.D. Cal. 2022).

  2. See Complaint, Larball Publ’g Co., Inc. v. Dua Lipa, Case 1:22-cv-01872 (S.D.N.Y. 2022).

  3. See Complaint at ¶ 7, Larball Publ’g Co., Inc. v. Dua Lipa, Case 1:22-cv-01872 (S.D.N.Y. 2022); Complaint at ¶ 12, Cope v. Warner Records, Inc., Case 2:22-cv-01384 (C.D. Cal. 2022).

  4. See Complaint at ¶ 17, Cope v. Warner Records, Inc., Case 2:22-cv-01384 (C.D. Cal. 2022).

  5. See Complaint at ¶ 15-18, Cope v. Warner Records, Inc., Case 2:22-cv-01384 (C.D. Cal. 2022).

  6. See Complaint at ¶ 19-22, Cope v. Warner Records, Inc., Case 2:22-cv-01384 (C.D. Cal. 2022).

  7. See Complaint at ¶ 2, Larball Publ’g Co., Inc. v. Dua Lipa, Case 1:22-cv-01872 (S.D.N.Y. 2022).

  8. See Complaint at ¶ 2, Larball Publ’g Co., Inc. v. Dua Lipa, Case 1:22-cv-01872 (S.D.N.Y. 2022).

  9. See Complaint at ¶ 3, Larball Publ’g Co., Inc. v. Dua Lipa, Case 1:22-cv-01872 (S.D.N.Y. 2022).

  10. See Complaint at ¶ 49, Larball Publ’g Co., Inc. v. Dua Lipa, Case 1:22-cv-01872 (S.D.N.Y. 2022).

  11. See Complaint at 13-14, Larball Publ’g Co., Inc. v. Dua Lipa, Case 1:22-cv-01872 (S.D.N.Y. 2022).

  12. Feist Publ’ns, Inc. v. Rural Tel. Serv. Co., 499 U.S. 340, 361 (1991).

  13. Apple Comput., Inc. v. Microsoft Corp., 35 F.3d 1435, 1442 (9th Cir. 1994).

  14. Id.

  15. Id.

  16. Swirsky v. Carey, 376 F.3d 841, 845 (9th Cir. 2004).

  17. Satava v. Lowry, 323 F.3d 805, 811 (9th Cir. 2003).

  18. See 17 U.S.C. § 102(a); Feist, 499 U.S. at 345.

  19. See Feist, 499 U.S. at 345.

  20. See 17 U.S.C. § 102(b); Skidmore as Tr. for the Randy Craig Wolfe Tr. v. Led Zeppelin, 952 F.3d 1051, 1069 (9th Cir. 2020) (en banc).

  21. Skidmore, 952 F.3d at 1069.

  22. Gray v. Hudson, No. 20-55401, slip op at 26 (9th Cir. Mar. 10, 2022).

  23. Id.

  24. Id. at 14-21.

  25. Id. at 17.

  26. Id. at 22.

  27. Id. at 26.

  28. Id. at 24.

  29. See Complaint at ¶ 16, Cope v. Warner Records, Inc., Case 2:22-cv-01384 (C.D. Cal. 2022).

  30. See Complaint at ¶ 18, Cope v. Warner Records, Inc., Case 2:22-cv-01384 (C.D. Cal. 2022).

  31. See Complaint at ¶ 18, Cope v. Warner Records, Inc., Case 2:22-cv-01384 (C.D. Cal. 2022).

  32. Peter F. Gaito Architecture, LLC v. Simone Dev. Corp., 602 F.3d 57, 63-65 (2d Cir. 2010).

  33. See Complaint at ¶ 35, Larball Publ’g Co., Inc. v. Dua Lipa, Case 1:22-cv-01872 (S.D.N.Y. 2022).

  34. See Complaint at ¶ 4, Larball Publ’g Co., Inc. v. Dua Lipa, Case 1:22-cv-01872 (S.D.N.Y. 2022).

  35. See Complaint at ¶ 38, Larball Publ’g Co., Inc. v. Dua Lipa, Case 1:22-cv-01872 (S.D.N.Y. 2022).

Article By Adrian Gonzalez Cerrillo and Sana Hakim of K&L Gates

For more intellectual property legal news, click here to visit the National Law Review.

Copyright 2022 K & L Gates

Google to Launch Google Analytics 4 in an Attempt to Address EU Privacy Concerns

On March 16, 2022, Google announced the launch of its new analytics solution, “Google Analytics 4.” Google Analytics 4 aims, among other things, to address recent developments in the EU regarding the use of analytics cookies and data transfers resulting from such use.

Background

On August 17, 2020, the non-governmental organization None of Your Business (“NOYB”) filed 101 identical complaints with 30 European Economic Area data protection authorities (“DPAs”) regarding the use of Google Analytics by various companies. The complaints focused on whether the transfer of EU personal data to Google in the U.S. through the use of cookies is permitted under the EU General Data Protection Regulation (“GDPR”), following the Schrems II judgment of the Court of Justice of the European Union. Following these complaints, the French and Austrian DPAs ruled that the transfer of EU personal data from the EU to the U.S. through the use of the Google Analytics cookie is unlawful.

Google’s New Solution

According to Google’s press release, Google Analytics 4 “is designed with privacy at its core to provide a better experience for both our customers and their users. It helps businesses meet evolving needs and user expectations, with more comprehensive and granular controls for data collection and usage.”

The most impactful change from an EU privacy standpoint is that Google Analytics 4 will no longer store IP address, thereby limiting the data transfers resulting from the use of Google Analytics that were under scrutiny in the EU following the Schrems II ruling. It remains to be seen whether this change will ease EU DPAs’ concerns about Google Analytics’ compliance with the GDPR.

Google’s previous analytics solution, Universal Analytics, will no longer be available beginning July 2023. In the meantime, companies are encouraged to transition to Google Analytics 4.

Read Google’s press release.

Article By Privacy and Cybersecurity Practice Group at Hunton Andrews Kurth

For more cybersecurity legal news, click here to visit the National Law Review. 

Copyright © 2022, Hunton Andrews Kurth LLP. All Rights Reserved.

Cartel Corner | March 2022

INTRODUCTION

The US Department of Justice’s (DOJ) Antitrust Division (Division) has continued to actively investigate and pursue alleged criminal violations of antitrust laws and collusive activity in government procurement. US Attorney General Merrick Garland noted in a March 2022 speech at the ABA Institute on White Collar Crime that the Division ended last fiscal year “with 146 open grand jury investigations—the most in 30years.”[1] As we near the end of the first quarter of 2022, the Division has a record number of criminal cases either in trial or awaiting trial.

In this installment of Cartel Corner, we examine and review recent and significant developments in antitrust criminal enforcement and profile what the Division has highlighted as its key priorities for enforcement. For 2022 and beyond, those priorities are—and likely will remain—identifying and aggressively pursuing alleged violations involving the labor markets, consumer products, government procurement and the generic pharmaceutical industry.

LABOR MARKETS

Criminal investigations and prosecutions in the labor markets continue to be a top priority for the Division. Such enforcement has been gaining momentum since the Division and the Federal Trade Commission (FTC) issued their joint Antitrust Guidance for Human Resources Professionals in 2016 which warned that the DOJ—for the first time— intended to proceed criminally against “naked wage-fixing or no-poach agreements” between horizontal employers. That momentum lifted off in December 2020 and continued throughout 2021, with the Division bringing 12 criminal cases against nine individuals and three companies. Alleged wage-fixing and no-poach agreements have historically been prosecuted in the civil context, meaning fines for companies and individuals.

Several recent developments are worth highlighting. First, in November 2021, a federal court determined for the first time ever that an alleged wage-fixing conspiracy could constitute a per se criminal violation of the Sherman Act. In U.S. v. Jindal, the Division alleged that two former executives of a physical therapist staffing company fixed the wages paid to physical therapists in the Dallas-Ft. Worth area. In denying the defendant’s motions to dismiss, a federal judge in the US District Court for the Eastern District of Texas determined that courts have not limited price-fixing conspiracies to the purchase and sale of goods but have also found them to cover the purchase and sale of services. The court continued, noting that buyers of services included employers in the labor market and that the alleged wage-fixing agreement was another form of price fixing.

Second, the DOJ’s aggressive posture in these cases continued in January 2022 when it charged four home healthcare staffing company owners with allegedly fixing workers’ wages and agreeing not to hire each other’s workers in 2020.

Third, until recently, each of the criminal charges brought by the DOJ have involved healthcare companies. The ability of the DOJ to criminally prosecute alleged non-solicit agreements is being challenged, where motions to dismiss are pending. However, in December 2021, the Division expanded its reach into the aerospace industry, charging a former government contractor and five employees of its suppliers for alleged allocation agreements relating to the hiring of engineers (U.S. v. Patel et al.). The DOJ’s indictment alleges that one of the defendants agreed with suppliers to allocate employees by restricting hiring and recruiting between the companies for almost a decade.

The increased focus and enforcement action relating to labor markets underscores the Biden administration’s stated priorities. For example, in July 2021, President Biden issued an Executive Order “Promoting Competition in the American Economy” which provided wide-ranging guidance and instructions to the federal government to promote and increase competition. One specific, identified initiative involved strengthening of guidance to prevent employers from collaborating to suppress wages, reduce benefits or engage in other anticompetitive practices. With the recent flurry of criminal labor market charges; repeated statements by the Division to the effect that protecting competition in the labor markets continues to be a top priority; the Division’s hosting of a joint workshop with the FTC in December 2021, titled “Making Competition Work: Promoting Competition in the Labor Markets”; and widespread support from the Biden administration, one can expect the Division’s focus on criminal enforcement in the labor markets to be an increasing refrain.

TAKEWAYS

The DOJ’s novel and aggressive stance on expanding Sherman Act criminal violations to include the ways in which companies engage with their workers may not ultimately be sustained by trial or appellate courts. For now, however, the DOJ remains determined to investigate and prosecute alleged “wage-fixing and no-poach” issues.

With the DOJ’s resolute approach changing the landscape of antitrust labor market cases, companies would be prudent to ensure that their compliance programs are up to date and include specific and appropriate guidance on these issues. When considering typical antitrust cartel investigations, the focus has traditionally been on alleged conspiracies relating to pricing, sales, and/or bidding of certain products or in certain geographic areas. The DOJ’s changing attitude toward labor market antitrust issues is a notable shift and may be directed at entirely different segments of a corporate business, including human resources and hiring, in any industry. To address the DOJ’s assertive approach, employers involved in hiring and compensation-related decisions would be well served to receive training addressing these potential antitrust issues.

CONSUMER PRODUCTS

Consumer products have recently been a hotbed of DOJ investigations for antitrust violations. The DOJ has several long-running investigations into a wide range of industries, including broiler chickens, commercial flooring and, most recently, DVDs and Blu-Rays in e-commerce. The latest developments in these investigations reflect the DOJ’s continued, and increasingly heightened, focus on prosecuting companies and high-ranking executives engaged in alleged anticompetitive conduct that directly affects American consumers.

BROILER CHICKENS

The DOJ’s first trial in its ongoing investigation into the $95 billion broiler chicken industry resulted in a hung jury. The lengthy trial began in October 2021, in Denver, against 10 current and former executives from major broiler chicken producers (and came on the heels of a guilty plea obtained by the DOJ earlier in 2021 in a price-fixing case against Pilgrim’s Pride Corp (Pilgrim’s Pride), which resulted in a $107 million criminal fine). The DOJ alleged that the defendants engaged in an overarching price-fixing and bid-rigging scheme for approximately a decade. But after seven weeks of trial, including four days of deliberation, the jurors remained deadlocked, resulting in the judge declaring a mistrial. The result highlights the challenge facing the DOJ in meeting its burden of proof on an alleged conspiracy based largely on documents and without cooperating witnesses.

After the mistrial, the defendants asked the court for a judgment of acquittal. The judge denied that request, and a retrial in the case began in late February 2022. Additionally, the DOJ has other cases in the pipeline in the same long-running investigation, including against broiler-chicken producers Claxton Poultry Farms and Koch Foods, Inc., as well as criminal charges against four additional former Pilgrim’s Pride executives. Trials for those additional corporate and individual defendants are set for October 31, 2022, and July 18, 2022, respectively.

In a related civil action, a federal judge in Illinois gave final approval for a $181 million settlement between six poultry producers and end-user consumers who claimed the companies conspired to fix broiler chicken prices. The deal was reached between the consumer plaintiffs and Peco Foods, Fieldale Farms, George’s, Tyson Foods, Pilgrim’s Pride and Mar-Jac Poultry. Consumers are still pursuing claims against 12 additional poultry companies.

Going forward, the DOJ indicated it will prioritize and pursue more matters that impact competition in agriculture. In fact, the DOJ and the Department of Agriculture (USDA) recently issued a joint statement on their shared commitment to effectively enforcing federal competition laws that protect farmers, ranchers, and other agricultural producers and growers from unfair and anticompetitive practices. As part of their effort to step up enforcement in the agriculture sector, the agencies launched farmerfairness.gov, a new online tool that allows farmers and ranchers to anonymously report potentially unfair and anticompetitive practices in the livestock and poultry sectors. If, after a preliminary review, a complaint raises sufficient concern under antitrust laws, it will be selected for further investigation, and may lead to the opening of a formal investigation.

One area to watch is the cattle civil antitrust litigation. While the DOJ is still in the investigation stage, direct purchaser plaintiffs filed a civil lawsuit against the Big Four meatpacking companies, accusing them of conspiring to drive up the price of beef to make bigger profits by suppressing slaughter volumes and constraining the supply of meat. On February 1, 2022, the proposed class of direct buyers reached a $52.5 million deal with one of the Big Four defendants JBS USA (JBS), which provided both monetary relief to the class, and JBS’s “extensive cooperation” in the buyers’ ongoing litigation against the three remaining nonsettling defendants. The settlement is currently before the US District Court for the District of Minnesota awaiting preliminary approval. It will be interesting to see what next steps the DOJ will take considering the civil litigation, particularly the evidence that will be provided by JBS’s cooperation.

COMMERCIAL FLOORING

Another long-running bid-rigging investigation in the commercial flooring industry resulted in additional indictments last year, as well. To date, the DOJ has indicted three companies and six individuals, including Mr. David’s Flooring International LLC (Mr. David’s), a Chicago-based commercial flooring contractor that pleaded guilty in August 2021. Like the first two companies that the DOJ charged, Mr. David’s was charged for conspiring with other companies—for at least eight years, from 2009 to 2017—to rig bids for commercial flooring by agreeing which company would win the bid and which would submit a complementary, intentionally losing bid. The DOJ also charged Mr. David’s with money laundering for allegedly concealing kickback payments the company made, in exchange for unauthorized discounts, to an account executive for a large flooring manufacturer.

As part of its guilty plea, Mr. David’s agreed to pay at least a $1.2 million criminal fine for its role in the conspiracies. This follows guilty pleas that the DOJ obtained from PCI FlorTech, Inc., in 2019 and Vortex Commercial Flooring in 2020, which resulted in a $150,000 criminal fine and $1.4 million in fines and restitution, respectively.

DVDS AND BLU-RAYS

With the expansion of e-commerce, the DOJ has also been active in prosecuting price-fixing conspiracies for consumer goods in online marketplaces. In 2021, the DOJ charged four individuals, one in June and three in November, with conspiring to fix prices of DVDs and Blu-Ray discs sold through an online marketplace. According to the charges, between November 2017 and October 2019 the defendants agreed to raise and maintain the prices of DVDs and Blu-Ray discs sold in the marketplace’s storefronts, the business addresses of which were located in five different states. The affected sales to customers throughout the United States by the four defendants ranged between $360,000 to $1,100,000. Each of the defendants have pleaded guilty. While the affected sales pale in comparison to large-scale matters like broiler chickens, the DOJ has shown equal willingness to aggressively pursue alleged collusive conduct in smaller and emerging sectors, particularly in online marketplaces.

TAKEAWAYS

Given the long-running nature of the investigations involving broiler chickens and commercial flooring, the change in the US presidential administration seems to have only increased the DOJ’s scrutiny into industries affecting consumer goods. Looking ahead, consumer products will likely remain one of the DOJ’s top priorities. Indeed, while the Biden administration recognizes the strain the pandemic has put on supply chain issues, resulting in higher prices in consumer goods, the White House has also placed the blame on “another culprit”: “dominant corporations in uncompetitive markets taking advantage of their market power to  raise prices.”

The DOJ recently announced an initiative to deter, detect and prosecute those who would exploit supply chain disruptions to engage in collusive conduct. As part of that initiative, the DOJ is prioritizing any existing investigations where competitors may be exploiting supply chain disruptions for illicit profit and is undertaking measures to proactively investigate collusion in industries particularly affected by supply disruptions. The DOJ is also working with authorities in other countries to detect and combat global supply chain collusion.

Those who work in the consumer goods space can expect additional scrutiny and enforcement from the DOJ in the months and years to come, especially in industries that have experienced higher consumer price increases. It is therefore important to have robust compliance programs, including appropriate employee training, in place to address and provide guidance on these issues.

PROCUREMENT

The DOJ’s Procurement Collusion Strike Force (PCSF)—an interagency partnership established in November 2019 to combat antitrust crimes and related fraud involving government procurement and funding—remained a top priority for the Division in 2021. Since its inception in 2019, the PCSF has significantly expanded in scope. The strike force now has offices in 22 federal districts staffed with DOJ trial attorneys, assistant US attorneys and agents from seven national law enforcement partner agencies. The PCSF has trained more than 17,000 special agents, attorneys, prosecutors, investigators, analysts, auditors, data scientists and procurement officials. In addition, in the spring of 2021 the PCSF announced the creation of PCSF Global. The goal of PCSF Global is to build connections with enforcement counterparts around the world and to investigate and prosecute collusion in procurement relating to US government funds spent overseas. The PCSF currently has almost three dozen investigations open domestically and internationally.

Below are a few key highlights from 2021:

PCSF’S RECENT WORK

On October 13, 2021, PCSF Director Daniel Glad delivered a speech recapping the strike force’s recent work and highlighting enforcement priorities, including “set-aside fraud” and collusion targeting infrastructure spending. Set-aside fraud refers to collusion and fraud affecting government programs that are designed to provide opportunities for disadvantaged communities and individuals to participate more fully in public procurement. Glad highlighted the PCSF’s recent investigation into set-aside fraud involving construction contracts in San Antonio. The director also commented that infrastructure will continue to be a focus for the PCSF as federal spending for infrastructure increases. Glad added that while the Sherman Act is the PCSF’s “lodestar,” the strike force’s focus includes prosecuting other crimes that also corrupt the competitive process for obtaining government contracts and funding.

BELGIAN SECURITY SERVICES

On June 25, 2021, a Belgian security services company, G4S Secure Solutions NV (G4S), pled guilty for its role in a conspiracy to rig bids, allocate customers and fix prices for contracts with the US Department of Defense and with the NATO Communications and Information Agency (NCI Agency) to provide security services for military bases and installations in Belgium. The NCI Agency is funded in part by the United States. This was the first international resolution obtained by the PCSF, as well as the PCSF’s first charged matter.

The DOJ alleged that G4S participated in a conspiracy with two competitors to coordinate price increases, submit artificially determined, non-competitive bids and refrain from bidding for certain contracts from spring 2019 through summer 2020. The DOJ further alleged that the conspirators colluded during in-person meetings and via phone, text messages, encrypted messaging applications and email. G4S agreed to pay a $15 million criminal fine. In October 2021, two former employees of G4S also pled guilty to charges relating to the same conspiracy. Both individuals are Belgian nationals residing in Belgium.

The investigation demonstrates that the PCSF is focused on conspiracies that victimize the US government, whether the conspiracies or government activities are based in the United States or abroad. The PCSF remains committed to actively investigating and prosecuting companies and individuals based outside of the United States, such as the defendants here, who distort the competitive process for US government contracts.

NORTH CAROLINA ENGINEERING

In June 2021, a North Carolina engineering firm pled guilty to conspiring to rig bids and defraud the North Carolina Department of Transportation (NCDOT). Contech Engineered Solutions LLC and Brent Brewbaker, one of its former executives, had been indicted in October 2020. They were charged with six counts of bid rigging, conspiracy to commit fraud, mail fraud and wire fraud. The conspiracies, reaching back to at least 2009, involved water drainage systems projects. Contech agreed to pay a criminal fine of $7 million and approximately $1.5 million in restitution to the NCDOT. On February 1, 2022, Brewbaker was convicted by a jury of all six charged counts.

Contech argued that the conspiracy was not a per se violation because Contech and Pomona Pipe Products, its co-conspirator, competed vertically: Contech as the supplier, Pomona Pipe as the reseller. The district court disagreed, holding that Contech and Pomona held themselves out to NCDOT as competitors and, as such, this was bid-rigging subject to the per se analysis.

This matter is precisely the type of case the PCSF was designed to investigate. The PCSF trains law enforcement officers, procurement officials and others across the country “to better deter and detect antitrust crimes affecting government procurement, grant, and program funding.” With more government funding earmarked for infrastructure and an increased budget for the Antitrust Division, the PCSF is likely to increase its footprint at all levels of government.

MINNESOTA CONCRETE 

In September 2021, Minnesota concrete contractor Clarence Olson pled guilty to a bid-rigging charge. Olson and his co-conspirators conspired to rig bids on concrete repair and construction contracts submitted to at least four municipalities in Minnesota, including local governments and school districts in the Minneapolis-St. Paul area. The conspiracy began as early as September 2012 and continued through at least June 2017. Minnesota law required that municipalities obtain two or more quotations from independent bidders before awarding contracts above a certain threshold. According to the plea agreement, at a competitor’s request Olson submitted bid quotes with prices higher than that of the competitor to ensure that Olson would lose the bid.

RISKS BEYOND PRISON AND FINES 

Charges of bid rigging and procurement fraud can have collateral consequences beyond criminal liability. Companies and individuals are subject to state and federal suspension and debarment procedures. A suspension temporarily prevents a company from government contracting and typically lasts until the investigation or subsequent legal proceedings have terminated. If a company pleads guilty or is convicted, it may be debarred—a permanent ban from doing business with a government for a specified time period. The duration of the debarment typically correlates to the severity of the offense. Under federal law, a contractor may be debarred without a conviction if the evidence shows a knowing failure to disclose credible evidence of a criminal violation of federal antitrust law (48 CFR § 9.406-2(b)(vi)(A)).

Moreover, charges filed against affiliated individuals may impute the company when that individual was acting as an agent of the company. Although suspensions and debarments may last for shorter periods of time, the reputational damage may last far longer. If made public, the debarment could also impact a company’s or individual’s ability to do business in the private sector. Suspension and debarment are collateral consequences that the DOJ may consider in the process of investigating and prosecuting a criminal antitrust violation.

THE FUTURE OF THE PCSF 

The first year of the PCSF was dedicated to outreach, education and partnership implementation. The PCSF has now established partnerships with many law enforcement agencies across the country. Beyond domestic interagency investigations, the PCSF has launched initiatives that will expand its reach and target acute problems in government procurement. Investigations initiated by the PCSF have taken time to be investigated (particularly with a global pandemic making certain investigative steps more challenging), but in some instances these investigations have reached the recommendation and/or charging stage. We expect to see additional PCSF cases in the coming year.

PCSF Global: The PCSF has launched PCSF Global, an initiative aimed at fostering partnerships with international enforcement authorities. The US government spends considerable funds abroad, particularly for military contracts. International partners lend their expertise with foreign markets and give the PCSF eyes and ears on the ground abroad.

Set-Aside Fraud: One of the PCSF enforcement priorities is combating fraud in government set-aside programs. Such programs set aside government contracting opportunities for special interest groups such as disabled veterans, small businesses and minority-owned businesses. In January 2021, President Biden signed “Advancing Racial Equity and Support for Underserved Communities Through the Federal Government,” an executive order aimed at increasing equal access to government contracting and procurement opportunities. While the PCSF mandate to combat fraud on set-aside programs existed before the executive order, it is strengthened by the Biden administration’s directive.

Data Analytics Project: The PCSF has hosted webinars attended by data scientists, analysts and auditors focused on using data analytics to detect procurement fraud. Data Analytics Project attorneys have engaged analytics shops to build tools for detecting collusion using bid data. Currently, the Data Analytics Project is focused on US procurement. In light of the PCSF Global initiative, it is possible that international partners will engage with the PCSF to develop cross-border tools.

Criminal Antitrust Anti-Retaliation Act (CAARA): CAARA, the first antitrust-specific whistleblower protection legislation, became law in December 2020. It prohibits employers from retaliating against employees, contractors, subcontractors and agents of employers for reporting antitrust violations or participating in antitrust government proceedings. The Securities and Exchange Commission (SEC), Internal Revenue Service (IRS) and other government agencies saw increased reporting since implementing similar whistleblower protections. CAARA is a tool that can be used to encourage early reporting and cooperation because of the legal protection it offers to whistleblowers, furthering the PCSF’s goals to deter and detect fraud.

GENERICS

For more than seven years, the generic pharmaceutical industry has been caught up in investigations and litigation asking whether the industry has engaged in a conspiracy to violate the antitrust laws.[2] In 2014 the Connecticut attorney general opened a civil investigation into whether manufacturers of generic pharmaceuticals had fixed prices and allocated markets. Shortly thereafter, the DOJ joined the mix, first opening a criminal investigation into these issues and then, a few years later, opening a civil False Claims Act (FCA) investigation into the same conduct. And by 2016, the plaintiffs’ bar had joined the fray, filing the first complaints of what soon became a massive and unwieldy multidistrict litigation (MDL), ultimately consolidated in the United States District Court for the Eastern District of Pennsylvania.

Below, we provide a brief update on this massive MDL and the DOJ investigation that started it.

MULTIDISTRICT LITIGATION: IN RE: GENERICS PHARMACEUTICALS PRICING ANTITRUST LITIGATION, NO. 16-MD-2724 (E. D. PA. 2016)

In re: Generics, the broad and long-running MDL, remains at the center of the pharmaceutical cases this past year. In addition to the governments of 49 states, the District of Columbia, American Samoa, Guam, Puerto Rico, Northern Mariana Island and the US Virgin Islands, the MDL also includes three putative plaintiff classes (direct purchaser, end-payer and indirect reseller plaintiffs), and more than a dozen individual entities (including major retailers, healthcare insurers and even some local governments) that filed opt-out complaints (e.g.The Kroger Co. et alHumana Inc., and United Healthcare Services, Inc.). At present, the MDL involves at least 85 complaints alleging misconduct regarding more than 285 drugs, 38 manufacturers and 25 individual defendants.

The first civil complaints were filed in 2016, initially encompassing claims concerning just two drugs, digoxin and doxycycline. The Judicial Panel on Multidistrict Litigation later consolidated claims involving other drugs into the MDL. As the litigation has evolved, private plaintiffs and state attorneys general have since filed complaints involving numerous drugs, focusing on an alleged overarching conspiracy to fix prices, rig bids and allocate customers across the generic pharmaceutical industry. The state attorneys general, which have led the expansion of the MDL, have filed three such overarching conspiracy complaints: (1) a June 2018 complaint focused on Heritage Pharmaceuticals; (2) a May 2019 complaint focused on Teva Pharmaceuticals; and (3) a May 2020 complaint focused on dermatology products.  Many plaintiffs are seeking joint and several liability for the alleged overarching conspiracy—the scope of which is unprecedent and untested in antitrust litigation.

In May 2021, US District Judge Cynthia M. Rufe selected the state attorneys general overarching conspiracy complaint centered on over 80 dermatology products to serve as a bellwether case in the MDL. Two drug-specific complaints filed by the direct purchaser and end payer plaintiffs will also proceed as bellwethers. The court originally selected the state attorneys general May 2019 Teva-centric overarching conspiracy complaint as the bellwether. A coalition of 44 state attorneys general led by Connecticut filed the Teva-centric case in May 2019. However, following the DOJ’s August 2020 grand jury indictment of Teva on criminal price-fixing charges (see below), Teva petitioned to have the selection of its case as bellwether overturned. The pharmaceutical companies then sought to have the states’ first filed case, which centered around Heritage Pharmaceuticals, chosen as a replacement bellwether because the case involved a smaller scope and was more manageable to litigate. The states advocated for the May 2020 dermatology action as the bellwether. Despite involving over 80 drugs, the states contended this complaint was more indicative of the alleged conspiracy and their investigation had evolved in the years since the Heritage complaint was filed. Judge Rufe found that “the dermatology action [wa]s more typical of the overarching conspiracy cases than the Heritage-centric action and w[ould] provide overall a more comprehensive view of the positions of more parties in the MDL.”[3]

The bellwether selection was just the first step in what will continue to be a long series of cases. At present, class certification briefing in the drug-specific bellwether cases is scheduled to be completed by mid-October 2023. The district court will schedule hearings on class certification for dates to be determined in November 2023.[4] All motions for summary judgment regarding the states’ bellwether case must be filed by October 16, 2023, and motions for summary judgment regarding the drug-specific bellwether cases must be filed no later than November 16, 2023.[5] Pretrial conferences are not yet scheduled.

CRIMINAL LITIGATION: UNITED STATES V. TEVA PHARMACEUTICALS USA, INC. AND GLENMARK PHARMACEUTICALS, USA (E.D. PA. 2020)

While the MDL has proceeded, the DOJ has continued with its separate criminal investigation. In June 2020, the DOJ indicted Glenmark Pharmaceuticals, USA, alleging that it engaged in a conspiracy to fix prices for pravastatin and other undisclosed drugs from around May 2013 through December 2015. In August 2020, the DOJ filed a superseding indictment naming Teva as an alleged co-conspirator.[6] Glenmark sought to sever the cases to proceed with separate trials, but US District Judge R. Barclay Surrick recently denied that motion and ruled that a joint trial could proceed.[7] In June 2021, the Antitrust Division filed a scheduling order motion seeking a trial date of January 18, 2022; however, counsel for Glenmark and Teva found this date “unrealistic in light of the enormous volume of complex discovery in this case (more than 22 million documents and counting), as well as the backlog of trials in this District due to the pandemic.”[8] To date, no schedule has been set.

GENERIC DRUG COMPANY PENALTIES AND SETTLEMENTS

DOJ Investigations

Nonetheless, the DOJ has already obtained several settlements in both the criminal and civil FCA investigations, including securing several deferred prosecution agreements (DPAs) from the targets of its investigations.[9] In fact, the DOJ’s Antitrust Division and Civil Division have already collected more than $1 billion in penalties as a result of their investigations into the generic drug industry, as detailed below.

Most recently, in October 2021, Taro Pharmaceuticals USA, Inc., Sandoz Inc., and Apotex Corporation agreed to pay $213.2 million, $185 million and $49 million, respectively, to settle alleged False Claims Act violations stemming from conspiracies to fix prices of multiple generic drugs.[10] The Civil Division alleges that the three companies illegally paid and received compensation between 2013 and 2015 resulting from alleged agreements on price, supply and allocation of customers with other generic pharmaceutical manufacturers for 20 generic drugs, including etodolac, nystatin-triamcinolone cream and ointment, benazepril HCTZ and pravastatin. In addition, the companies entered into five-year corporate integrity agreements with the Health and Human Services Office of the Inspector General, which provides oversight for federal healthcare programs like Medicare and Medicaid. These agreements require internal monitoring and price transparency.

Multidistrict Litigation

In connection with the In re: Generics MDL, the first civil settlements with certain plaintiffs were announced in 2021. In June 2021, Teva announced it settled, for $925,000, all claims brought by the state of Mississippi. In November 2021, two US subsidiaries of Sun Pharma—Taro Pharmaceuticals U.S.A., Inc., and Sun Pharmaceutical Industries, Inc.—agreed to pay a total of $85 million to a proposed class of direct purchaser plaintiffs (DPPs) in the MDL. The settlement can be reduced, however, by $10 million if the direct purchasers that opt out of the putative class collectively account for 20% or more of Taro’s and Sun Pharmaceutical Industries, Inc.’s aggregate dollar sales of the generic drugs at issue in the direct purchaser action.

Entity/Individual Date Charges/Resolution Settlement Amount
Jeffrey Glazer and Jason Malek (former Heritage Pharmaceuticals executives) Dec. 2016 Pleaded guilty to conspiring to fix prices, rig bids, and allocate customers for doxycycline hyclate and glyburide. Both awaiting sentencing. TBD
Heritage Pharmaceuticals May 2019 Entered into a DPA with the Antitrust Division to resolve the DOJ’s charges relating to glyburide, a drug used to treat diabetes, agreeing to pay a criminal penalty and cooperate fully with the ongoing criminal investigation. In a separate civil resolution with the Civil Division, Heritage agreed to pay to resolve allegations under the FCA related to the alleged price-fixing conspiracy. $225K criminal penalty and $7.1M civil settlement
Rising Pharmaceuticals Dec. 2019 Entered into a DPA with the Antitrust Division to resolve the DOJ’s charges regarding an alleged conspiracy to fix prices for a hypertension medication. $3.5M criminal fine and civil penalty combined
H. Armando Kellum (former Sandoz executive) Feb. 2020 Pleaded guilty to fixing prices, rigging bids and allocating customers for several drugs, including clobetasol and nystatin triamcinolone cream. Kellum is awaiting sentencing. TBD
Sandoz Inc. Mar. 2020 and Oct. 2021 Agreed to pay a criminal penalty for allegedly conspiring to fix prices on several generic drugs, including, but not limited to, drugs used to treat brain cancer, cystic fibrosis, arthritis and hypertension. Agreed to pay a civil penalty for aiding and receiving compensation prohibited by the Anti-Kickback Statute through arrangements on price, supply, and allocation of customers for drugs such as benazepril HCTZ and clobetasol. $195M criminal penalty and $185M civil settlement
Apotex Corporation May 2020 and Oct. 2021 Agreed to pay a criminal penalty to resolve allegations that it conspired to fix prices for pravastatin. $24.1M criminal penalty and $49M civil settlement
Taro Pharmaceutical USA, Inc. July 2020 and Oct. 2021 Entered into a DPA with the Antitrust Division to resolve the DOJ’s charges regarding an alleged conspiracy related to several drugs with affected sales of over $500 million. $205.6M criminal fine and $213.2M civil penalty

TAKEAWAYS

Although the district court has allowed several cases to proceed past the motion to dismiss stage, it remains unclear if the plaintiffs’ expansive allegations will survive summary judgment and later proceedings. In the months to come, there will continue to be interplay between the criminal trial proceeding against Teva and Glenmark and the civil cases proceeding in the MDL. For example, the MDL court is currently considering whether the DOJ should be allowed to extend a continued stay of depositions in the civil cases of specific individuals it views as “key” to its criminal investigation.

This investigation and litigation has brought significant attention to the generic drug and pharmaceutical industry at large, including increased scrutiny and calls for action by Congress (such as the US House of Representatives Committee on Oversight and Reform’s three-year Drug Pricing Investigation, which culminated in a majority staff report released in December 2021). Several pieces of legislation aimed at reigning in pharmaceutical prices have also been introduced. In all, these investigations and litigation, coupled with the increases in oversight and willingness to investigate by state and federal governments, suggest that the pharmaceutical industry will remain subject to heightened scrutiny of its business practices for many years to come.

CONCLUSION

As we move into the second quarter of 2022, one thing is abundantly clear: The DOJ’s aggressive criminal antitrust enforcement will only continue to increase. The Division ended the last fiscal year with 146 open grand jury investigations—the most in 30 years.[11] President Biden has made competition a priority for his administration.[12] Attorney General Garland has specifically identified “reinvigorating antitrust enforcement” as at the center of the DOJ’s mission.[13] In its FY 2022 budget request, the DOJ requested a 9% increase in spending, amounting to an additional $200 million.[14]

At the same time, there seems to be a shift in tone and approach at the Division. The Division has started to push the boundaries of criminal antitrust enforcement. As noted above, it has pursued naked no-poach agreements criminally, something that it had never done prior to 2020. In recent remarks to the ABA Institute on White Collar Crime, Richard Powers, the US Deputy Assistant Attorney General for Criminal Enforcement in the Division, noted that the Division is also prepared to criminally charge individual executives for violations of Section 2 of the Sherman Act, the provision that prohibits market monopolization—another exceedingly aggressive and controversial approach and something that the Division has not done in decades. To cap it off, the Division has shown a tendency, of late, to take cases to trial, rather than negotiate resolutions. And, it has hired a number of prominent Criminal Division alumni, several with significant trial experience, to help with this effort. All of this suggests that the Division is prepared to stretch the law in places and go the distance to pursue what it views as criminal violations of the antitrust laws.

 

 

ENDNOTES

[1] Attorney General Merrick B. Garland Remarks to the ABA Institute on White Collar Crime, Thursday, March 3, 2022, https://www.justice.gov/opa/speech/attorney-general-merrick-b-garland-delivers-remarks-aba-institute-white-collar-crime

[2] Christopher Rowland, Investigation of generic ‘cartel’ expands to 300 drugs, THE WASHINGTON POST (Dec. 9, 2018), https://www.washingtonpost.com/business/economy/investigation-of-generic-cartel-expands-to-300-drugs/2018/12/09/fb900e80-f708-11e8-863c-9e2f864d47e7_story.html

[3] Pretrial Order No. 171 (Revised Bellwether Selection; Stay of Certain Discovery), MDL 2724 Dkt. 1769 (E.D. Pa. May 7, 2021), at p. 3.

[4] In re: Generics, Pretrial Order No. 188 (Schedule of Further Proceedings in Bellwether Cases), available at https://www.paed.uscourts.gov/documents/MDL/MDL2724/16md2724%20PTO188.pdf

[5] Id.

[6] U.S. v. Teva Pharmaceuticals USA, Inc. and Glenmark Pharmaceuticals, USA, U.S. DEP’T OF JUSTICE (Aug. 25, 2020), https://www.justice.gov/atr/case/us-v-teva-pharmaceuticals-usa-inc

[7] US v. Teva Pharmaceuticals USA, Inc. and Glenmark Pharmaceuticals, USA, No. 20-200 Dkt. 146 (E. D. Pa. Jan. 14, 2022).

[8] Letter from D. Axelrod and K. Stojilkovic to Judge Surrick re: United States v. Glenmark Pharmaceuticals Inc., USA et al., 20-cr-200 (RBS), No. 2:20-cr-00200-RBS Dkt. 94 (June 10, 2021).

[9] Normally, in a cartel investigation, guilty pleas would be used; however, because a guilty plea would bar these companies from participating in certain government healthcare programs, which would effectively terminate business for some of the companies involved and deprive millions of Americans of important, often life-saving medication, the DOJ used DPAs in these settlements.

[10] Pharmaceutical Companies Pay Over $400 Million to Resolve Alleged False Claims Act Liability for Price-Fixing of Generic Drugs, U.S. DEP’T OF JUSTICE
(Oct. 1, 2021), https://www.justice.gov/opa/pr/pharmaceutical-companies-pay-over-400-million-resolve-alleged-false-claims-act-liability

[11] Id.

[12] https://www.whitehouse.gov/briefing-room/speeches-remarks/2021/07/09/remarks-by-president-biden-at-signing-of-an-executive-orderpromoting-competition-in-the-american-economy/

[13] https://www.appropriations.senate.gov/imo/media/doc/Statement%20of%20Attorney%20General%20Merrick%20Garland%20-%20June%209,%2020213.pdf

[14] Id.

© 2022 McDermott Will & Emery

Article By Justin P. Murphy, Paul M. Thompson, Han Cui, Joshua W. Eastby, Anthony S. Ferrara and Alexandra Lewis and Marisa E. Poncia of McDermott Will & Emery

The Gensler SEC: What to Expect in 2022

Since Gary Gensler became chair of the U.S. Securities and Exchange Commission in April 2021, his agency has signaled an active agenda that many expect will be aggressively enforced. Cornerstone Research recently brought together distinguished experts with SEC experience to share what they expect the SEC will focus on in 2022. The expert forum, “The Gensler SEC: Policy, Progress, and Problems,” featured Joseph Grundfest, a former commissioner of the SEC and currently serving as the W. A. Franke Professor of Law and Business at Stanford Law School; and Mary Jo White, senior chair, litigation partner, and leader of Debevoise & Plimpton’s Strategic Crisis Response and Solutions Group who previously served as chair of the SEC and as U.S. Attorney for the Southern District of New York. Moderated by Jennifer Marietta-Westberg of Cornerstone Research, the forum was held before an audience of attorneys and economists and explored the major regulatory and enforcement themes expected to take center stage in the coming year.

ESG Disclosures and Materiality

In its Unified Regulatory Agenda first released in June of last year, the SEC indicated that it will propose disclosure requirements in the environmental, social, and governance (ESG) space, particularly on climate-related risks and human capital management. However, as documented by the numerous comments received as a result of the SEC’s March 15, 2021, request for input on climate change disclosures, there is substantial debate as to whether these disclosures must, or should, require disclosure only of material information. During the expert forum, Grundfest and White agreed that ESG disclosures should call for material information only. However, they have different predictions on whether ESG disclosures actually will be qualified by a materiality requirement.

White emphasized that materiality is a legal touchstone in securities laws. “If the SEC strays far from materiality, the risk is that a rule gets overturned,” she said. “Not every single rule needs to satisfy the materiality requirement, but it would be a mistake for the SEC not to explain what its basis for materiality is in this space.”

Grundfest added, “There is a spectrum of ESG issues, and while some are within the SEC’s traditional purview, others are new and further away from it. For example, to better ensure robust greenhouse emissions disclosure, the Environmental Protection Agency should be the one to require disclosure rules that would not be overturned.”

Gensler has indicated that investors want ESG disclosures in order to make investment and voting decisions. For instance, in his remarks before the Principles for Responsible Investment in July 2021, Gensler stated that “[i]nvestors are looking for consistent, comparable, and decision-useful disclosures so they can put their money in companies that fit their needs.” White predicts that some but not all ESG disclosure requirements in the proposed rules the SEC is working on will call for material information.

Grundfest, however, believes that the rules the SEC eventually adopts will require disclosure only of material information. “The SEC’s proposal on ESG disclosures will ask for everything, from the moon to the stars,” he said. “But public comments will sober the rules. The SEC staff will take into account the Supreme Court standard and the Chevron risk. It will settle on adopting materiality-based disclosure rules.”

There is also debate over the potential definition of materiality in the context of any proposed ESG disclosures. The panelists were asked whether the fact that large institutional investors assert various forms of ESG information are important to their investment decisions is a sufficient basis upon which to conclude that the information is material. Neither White nor Grundfest believes the Supreme Court as currently composed would accept this argument, but they differ on the reasons.

Grundfest believes the Supreme Court will stick with its approach of a hypothetical reasonable investor. “The fact that these institutional investors ask for this information doesn’t necessarily mean that it’s material,” he said. “If the SEC wants to have something done in this space, it has to work within the law.”

White said an important aspect of the rule will be the economic analysis, though she, too, does not think materiality can be “decided by an opinion poll among institutional investors.” For example, a shareholder proposal requesting certain information that has not received support does not necessarily make the information immaterial. “The Supreme Court will be tough on the survey approach,” she said.

Digital Assets and Crypto Exchanges

In several statements and testimonies, Gensler has declared the need for robust enforcement and better investor protection in the markets for digital currencies. He has publicly called the cryptocurrency space “a Wild West.” In addition to bringing enforcement actions against token issuers and other market participants on the theory that the tokens constitute securities, the SEC under his leadership has brought enforcement actions against at least one unregistered digital asset exchange on the theory that the exchange traded securities and should therefore register as securities exchange.

“The crypto space is the SEC’s most problematic area,” Grundfest said. “Franz Kafka’s most famous novel is The Trial. It’s about a person arrested and prosecuted for a crime that is never explained based on evidence that he never sees. Some recent SEC enforcement proceedings make me wonder whether Kafka is actually still alive and well, and working deep in the bowels of the SEC’s Enforcement Division.” In support of this literary reference, Professor Grundfest  noted that, in bringing enforcement actions against crypto exchanges alleging that they traded tokens that were unregistered securities, the SEC never specified which tokens traded on these exchanges were securities. “This is almost beyond regulation by enforcement. It’s regulation by FUD—fear, uncertainty, and doubt,” Grundfest said.

White predicted that, of the 311 active crypto exchanges listed by CoinMarketCap as of December 1, 2021, the SEC will bring cases against at least four in the coming year.

Gensler has publicly argued for bringing the cryptocurrency-related industry under his agency’s oversight. “We need additional congressional authorities to prevent transactions, products, and platforms from falling between regulatory cracks,” he said in August at the Aspen Security Forum. But neither White nor Grundfest believes the current Congress will enact legislation giving the SEC authority to regulate crypto transactions that do not meet the definition of an investment contract under the Howey test.

In November 2021, a federal jury in Audet v. Fraser at the District Court of Connecticut decided that certain cryptocurrency products that investors purchased were not securities under Howey. Neither Grundfest nor White believes this finding will cause the SEC to become more cautious about asserting that some forms of crypto are securities.

“One jury verdict is hardly a precedent,” White said. “The facts of the case didn’t have many of the nuances under Howey that other cases have. It will not deter the SEC.”

The panelists agreed that SEC enforcement activity will be aggressive in the crypto space. A report by Cornerstone Research, titled SEC Cryptocurrency Enforcement: 2021 Update, found that, under the new administration, the SEC has continued its role as one of the main regulators in the cryptocurrency space. In 2021, the SEC brought 20 enforcement actions against digital asset market participants, including first-of-their-kind actions against a crypto lending platform, an unregistered digital asset exchange, and a decentralized finance (DeFi) lender.

Proxy Voting

With the 2022 proxy season on the horizon, people will be watching the SEC closely, as Gensler’s Commission recently adopted new rules for universal proxy cards, and it has revisited amendments adopted under the former chair of the SEC, Jay Clayton.

Last November, the SEC adopted universal proxy rules that now allow shareholders to vote for their preferred mix of board candidates in contested elections, similar to voting in person.  These rules would put investors voting in person and by proxy on equal footing. “Universal proxy was proposed at the time when I was the chair of the SEC, and the logic for the rule is overpowering,” White said. “In adoption, some commissioners had reservations on the thresholds of voting power a dissident would be required to solicit, but voted in favor anyway based on its logic. It was a 4 to 1 vote.”

Grundfest and White expect the number of proxy contests that proceed to a vote will go up as a result. From 2019 to 2020, the incidence of proxy contests increased from 6 to 13. Looking ahead to the coming year, Grundfest predicts the rule change will increase the incidence of proxy contests by somewhere between 50% and 100%. White predicts a more modest increase of about 50%.

Regarding rules on proxy voting advice, the SEC issued Staff Legal Bulletin No. 14L (CF) last November to address Rule 14a-8(i)(7), which permits exclusion of a shareholder proposal that “deals with a matter relating to the company’s ordinary business operations.”

The bulletin puts forth a new Staff position that now denies no-action relief to registrants seeking to exclude shareholder proposals that transcend the company’s day-to-day business matters. “This exception is essential for preserving shareholders’ right to bring important issues before other shareholders by means of the company’s proxy statement, while also recognizing the board’s authority over most day-to-day business matters,” the bulletin said.

Both White and Grundfest believe a modest number of issuers will go to court in the 2022 proxy season seeking to exclude Rule 14a-8 shareholder proposals as “transcending” day-to-day operations. “I think companies will challenge shareholder proposals in court but not a lot,” White said. “It depends on the shareholder proposal.”

Grundfest believes any such cases would be driven as much by CEOs as by any other factor. “Companies may challenge a shareholder proposal in court if they have a CEO who is offended by a certain proposal or for First Amendment reasons,” he said. Grundfest cited a hypothetical example of a software company in Texas with a shareholder proposal on gun rights or abortion rights, which have nothing to do with the cybersecurity software the company produces. “It would be hard to force a company to put forth a politically charged proposal that is not related to that company’s business,” he said. “If it’s a First Amendment right, the company will go to court.”

Article By Jennifer Marietta-Westberg and Simona Mola of Cornerstone Research

For more SEC and securities legal news, click here to visit the National Law Review.

Copyright ©2022 Cornerstone Research

Regulation by Definition: CFPB Broadens Definition of “Unfairness” to Rein in Discrimination

In a significant move, the CFPB announced on March 16revision to its supervisory operations to address discrimination outside of the traditional fair lending context, with future plans to scrutinize discriminatory conduct that violates the federal prohibition against “unfair” practices in such areas as advertising, pricing, and other areas to ensure that companies are appropriately testing for and eliminating illegal discrimination.  Specifically, the CFPB updated its Exam Manual for Unfair, Deceptive, or Abusive Acts or Practices (UDAAPs) noting that discrimination may meet the criteria for “unfairness” by causing substantial harm to consumers that they cannot reasonably avoid.

With this update, the CFPB intends to target discriminatory practices beyond its use of the Equal Credit Opportunity Act (ECOA) – a fair lending law which covers extensions of credit – and plans to also enforce the Consumer Financial Protection Act (CFPA), which prohibits UDAAPs in connection with any transaction for, or offer of, a consumer financial product or service.  To that end, future examinations will focus on policies or practices that, for example, exclude individuals from products and services, such as “not allowing African-American consumers to open deposit accounts, or subjecting African-American consumers to different requirements to open deposit accounts” that may be an unfair practice where the ECOA may not apply to this particular situation.

The CFPB notes that, among other things, examinations will (i) focus on discrimination in all consumer finance markets; (ii) require supervised companies to include documentation of customer demographics and the impact of products and fees on different demographic groups; and (iii) look at how companies test and monitor their decision-making processes for unfair discrimination, as well as discrimination under ECOA.

In a statement accompanying this announcement, CFPB Director Chopra stated that “[w]hen a person is denied access to a bank account because of their religion or race, this is unambiguously unfair . . . [w]e will be expanding our anti-discrimination efforts to combat discriminatory practices across the board in consumer finance.”

Putting it Into Practice:  This announcement expands the CFPB’s examination footprint beyond discrimination in the fair lending context and makes it likely that examiners will assess a company’s anti-discrimination programs as applied to all aspects of all consumer financial products or services, regardless of whether that company extends any credit.  By framing discrimination also as an UDAAP issue, the CFPB appears ready to address bias in connection with other kinds of financial products and services.  In particular, the CFPB intends to closely examine advertising and marketing activities targeted to consumers based on machine learning models and any potential discriminatory outcomes.

Article By Moorari Shah and A.J. S. Dhaliwal of Sheppard, Mullin, Richter & Hampton LLP

For more financial legal news, click here to visit the National Law Review.

Copyright © 2022, Sheppard Mullin Richter & Hampton LLP.

Congress Grants Five Month Extension for Telehealth Flexibilities

On Tuesday, March 16, 2022, President Biden signed into law H.R. 2471, the Consolidated Appropriations Act, 2022 (“2022 CAA”). This new law includes several provisions that extend the Medicare telehealth waivers and flexibilities, implemented as a result of COVID-19 to facilitate access to care, for an additional 151 days after the end of the Public Health Emergency (“PHE”). This equates to about a five-month period.

The 2022 CAA extension captures most of the core PHE telehealth flexibilities authorized as part of Medicare’s pandemic response, including the following:

  • Geographic Restrictions and Originating Sites: During the extension, Medicare beneficiaries can continue to receive telehealth services from anywhere in the country, including their home. Medicare is permitting telehealth services to be provided to patients at any site within the United States, not just qualifying zip codes or locations (e.g. physician offices/facilities).
  • Eligible Practitioners: Occupational therapists, physical therapists, speech-language pathologists, and qualified audiologists will continue to be able to furnish and receive payment for telehealth services as eligible distant site practitioners during the extension period.
  • Mental Health:  In-person requirements for certain mental health services will continue to be waived through the 151-day extension period.
  • Audio-Only Telehealth Services: Medicare will continue to provide coverage and payment for most telehealth services furnished using audio-only technology. This includes professional consultations, office visits, and office psychiatry services (identified as of July 1, 2000 by HCPCS Codes 99241-99275, 99201-99215, 90804-90809 and 90862) and any other services added to the telehealth list by the CMS Secretary for which CMS has not expressly required the use of real-time, interactive audio-visual equipment during the PHE.

Additionally, the 2022 CAA allocates $62,500,000 from the federal budget to be used for grants for telemedicine and distance learning services in rural areas. Such funds may be used to finance construction of facilities and systems providing telemedicine services and distance learning services in qualified “rural areas.”

Passage of the 2022 CAA is a substantial step in the right direction for stakeholders hoping to see permanent legislative change surrounding Medicare telehealth reimbursement.

Article By Joelle M. Wilson and Laura Little of Polsinelli PC

For more health law legal news, click here to visit the National Law Review.

© Polsinelli PC, Polsinelli LLP in California

Many New Jersey Employers Must Soon Offer Employee Retirement Savings Plans

The New Jersey Secure Choice Savings Program Act (the “Act”) is set to take effect on March 28, 2022 and will require many employers to offer their own retirement plan or provide access to a State-sponsored program.

This Act impacts all New Jersey businesses that:

  1. have employed at least 25 employees in the State during the previous calendar year;
  2. have been in business at least two years; and
  3. do not already offer a qualified retirement plan.

The Act mandates employers to offer their full and part-time employees a retirement savings in either the form of either a qualified retirement plan (e.g., a 401(k) or 403(b)), or through the New Jersey Secure Choice Savings Program (the “Program”). The State-sponsored Program is an individual retirement account (IRA) where employees contribute a portion of their pretax earnings via automatic payroll deductions.

Employers must first decide whether they want to sponsor a qualified retirement plan or opt for the State-sponsored Program. Those who fail to comply will be subject to penalties ranging from a written warning to a $500 fine per employee. Employers have nine months from the implementation date to comply with the Act. While the anticipated implementation date is March 28, 2022, the Treasury Department website dedicated to the program notes that implementation is not yet operational.

We suggest intermittently checking in on the website.

© 2022 Giordano, Halleran & Ciesla, P.C. All Rights Reserved
For more articles about employment law, visit the NLR Labor & Employment section.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by