President Trump’s Confirmations Keep Being Delayed

Scott Mugno’s confirmation to head OSHA appears to be one of three key Department of Labor nominees caught up in political arm wrestling. Republicans are blaming Democrats for delaying the process by drawing out debates to the full 30 hours permitted by the Senate Rules.  Senate Majority Leader Mitch McConnell (R-KY) voiced his frustration on April 9thwarning that “[t]he Senate’s workweek will not end until all of these amply qualified nominees are confirmed.”  It should also be noted that a Senate vote on Mugno has yet to be calendared.

There are concerns that OSHA has lacked leadership and direction since Trump took office in January, 2017.  Senate Democrats have indicated that they are prepared to work with Mugno at the helm of OSHA – though they seem to expect that he will be a tough enforcer against violators rather than a follower of Trump’s deregulation agenda.

Currently, there is no indication when Mugno will be confirmed.

Jackson Lewis P.C. © 2018
This article was written by Tressi L. Cordaro of Jackson Lewis P.C.

Breaking A Sticker Doesn’t Break Your Warranty: How The FTC Is Taking Aim At Manufacturers of Game Consoles, Electronics and Automobiles

We’ve all seen them: hard-to-remove stickers that say, “Warranty void if removed,” or “Tampering with this sticker voids the warranty.” Or perhaps a company states or implies that your use of a third-party repair service will void the warranty. These threats are especially common with sales of expensive electronics (I’m looking at you, Sony, Microsoft, and Apple). But as the Federal Trade Commission (“FTC”) affirmed again in a press release this week, these threats haven’t been effective since 1975. Manufacturers of gaming systems, cars, phones, and other electronic devices should pay particular attention to this article—and the recommended legal solution—to avoid potential FTC scrutiny.

Congress increased the FTC’s jurisdiction regarding warranties in 1975.

The law at issue is the Magnuson-Moss Warranty Act, 15 U.S.C. § 2301et seq, a consumer-protection statute enacted by Congress in 1975 (the “MMWA”). The MMWA is primarily enforced by the FTC and generally applies to any consumer product that costs more than $15 and is normally used for personal, family, or household purposes. So does the MMWA cover Xboxes? Check. iPhones? Check again. A single box of tissues? No, they’re too cheap. Jackhammers? Probably not, as that’s not a typical “household” item.

Like any other law, the MMWA has a lot of moving parts, but what’s relevant to this article is that it controls what a company can offer (and what it may not withhold) in a written warranty. The MMWA governs both the text of a warranty (which must use “simple and readily understood language”) and the conditions of a warranty (you don’t have to offer a warranty, but if you do, it has to meet certain minimum requirements). Specifically, the MMWA forbids a company from “tying” its warranty to a particular brand of part or service.

What does “tying” mean under the MMWA?

The language at issue here is found at 15 U.S.C. § 2302(c): “No warrantor of a consumer product may condition his written or implied warranty of such product on the consumer’s using, in connection with such product, any article or service (other than article or service provided without charge under the terms of the warranty) which is identified by brand, trade, or corporate name….”  In other words, a company may not say that its warranty will only be honored if the consumer uses a specific product or service. Or put another way, Apple may not tell you (or threaten) that you’ll void the warranty on your iPhone if you replace a broken screen with non-Apple glass.1

The MMWA does have exceptions. For example, if Toyota only honored its warranty to cover work done by Toyota-branded mechanics, that would breach the MMWA—unless those mechanics did the warranty work absolutely free of charge to the consumer. But even then, Toyota may not refuse to honor the warranty just because the consumer had installed aftermarket parts. Unless, that is, Toyota can prove that the aftermarket part caused the problem for which the consumer is seeking warranty coverage. Sorting this out can get complicated.2

If these warranty conditions have been illegal since 1975, why do companies still use this language?

The simple answer is that companies still recite these conditions because they can get away with it. The vast majority of people believe it when a company says that it won’t honor a warranty if you cut that sticker, so they don’t cut it. And most people won’t go through the hassle of a court proceeding over a company’s refusal to cover a $50 repair charge. Even if someone does take the company to court, it’s usually far cheaper for the company to pay out a settlement than to change the way the business is run.3 But all this may change if the FTC steps up its enforcement on “tied” warranties.

Why is the FTC ramping up enforcement of the MMWA?

In its April 10, 2018 press release, the FTC said that it was warning six as-yet-unnamed “major companies”4 who make cars, phones, and gaming systems that their warranties appeared to violate the MMWA and so could be considered “deceptive” under the FTC Act. The FTC explained that it found these warranties offensive because the warranty was conditioned on the use of a specific brand of parts, or on an intact “warranty seal.” If the six companies don’t comply with the FTC’s friendly warning within 30 days, it may result in an enforcement action.

To be clear, if you make or sell something, you don’t want the FTC to decide that you acted deceptively. The FTC (often acting in concert with a state attorney general) will sue you. And while you will likely be able to settle, it will probably cost you a hefty sum to do so. Between July 2016 and June 2017, courts entered orders in favor of the FTC totaling more than $12.7 billion in cases that alleged unfair or deceptive business practices.

So what should a company do to comply with the MMWA and avoid FTC scrutiny?

Companies should be aware that the FTC has been taking a closer eye at warranty issues under the MMWA. In 2015, the FTC issued guidance clarifying that a company cannot “tie” its warranty to a particular brand under the MMWA or even imply that the warranty is tied to a specific brand. That same year, BMW settled an FTC lawsuit on this exact issue under the MMWA after BMW told consumers that they would void their warranty unless they used BMW’s parts and dealers to perform maintenance and repair work. BMW doesn’t appear to have paid a fine as part of its 2015 settlement. But now we are in 2018 and if these six not-yet-identified companies (and more companies to follow) don’t revise their warranties to comply with the MMWA, the FTC is not likely to be so lenient with them.

There is a clear legal solution. To avoid exposure, a company should never tie its warranty to the use of a particular brand of part or servicer unless it is certain that it will fall under one of the narrow exceptions to the MMWA. Neither should a company’s warranty be written in dense legalese or in such a way that a consumer might reasonably *think* that the warranty is contingent on use of a particular brand.

Are your company’s warranties potentially problematic under the MMWA?

Copyright © 2018 Ryley Carlock & Applewhite. A Professional Association. All Rights Reserved.

Ninth Circuit’s Decision Holds That Salary History Is Not a Defense to Equal Pay Claims

The federal Equal Pay Act (“EPA”) mandates equal pay for equal work regardless of sex.  Employers that pay men and women different wages for the same work are strictly liable for violations of the EPA unless they can show that one or more of four exceptions apply to explain the wage disparity. The four statutory exceptions are seniority, merit, the quantity or quality of the employee’s work, or “any other factor other than sex.”  The Ninth Circuit recently took up the question of the meaning of the fourth, catchall exception – “any factor other than sex” – in order to consider whether an employer may rely, in whole or in part, on an employee’s prior salary as a basis for explaining a pay differential in Aileen Rizo v. Jim Yovino.

Rizo was a math consultant who worked for the Fresno County Office of Education (“County”). After learning that comparable male employees were earning more for the same work, Rizo filed suit against her employer, alleging that its practice of calculating the salaries for newly hired employees based on their salary history violated the EPA. The County did not dispute that Rizo was paid less than her male counterparts, but it argued that basing her salary on past earnings was a lawful reason for the pay differential as it constituted a “factor other than sex” under the EPA.

On April 9, 2018, the Ninth Circuit sitting en banc rejected the County’s argument. The Court held that “prior salary alone or in combination with other factors cannot justify a wage differential.” Writing for the majority, Judge Reinhart stated that justification of a pay disparity based on “‘any other factor other than sex’ is limited to legitimate, job-related factors such as a prospective employee’s experience, educational background, ability, or prior job performance.” The Court explained that the terms “job-related” and “business-related” are not synonymous and that an employer cannot explain a pay differential based on the benefit to the business as opposed to a legitimate work-motivated consideration.  Some examples of job-related factors identified by the Court included shift differentials, job hazards, physical job requirements, and training.  Unlike each of these things, past salary was not a “job-related” factor but rather, potentially, a business-related factor.

The Court further opined that permitting an employer to rely on historical pay information was inconsistent with the purpose of the EPA, which was to correct past pay discrepancies caused by sex discrimination.  “It is inconceivable,” wrote Reinhart, “that Congress, in an Act the primary purpose of which was to eliminate long-existing ‘endemic’ sex-based wage disparities, would create an exception for basing new hires’ salaries on those very disparities….”  Thus, the majority concluded that relying on past salary in order to explain a wage differential was improper, even if it was only one of the factors ultimately considered.  Confusingly, the Court also noted that there could be instances in which past salary might play a role in individualized negotiations and declined to resolve whether past salary could be taken into account in such circumstances.  However, given the broad pronouncement against factoring past compensation into current salary considerations, it would seem unlikely that the current court would countenance such an exception.

In finding that past salary may never be considered, the Rizo decision overrules the Ninth Circuit’s prior ruling in Kouba v. Allstate Insurance Co. 691 F.2d 873 (9th Cir. 1982).  Kouba held that past salary could be one of the factors considered by employers in evaluating pay, as it was a “factor other than sex” permissible to justify pay gaps between men and women under the EPA.  Notably, four of the eleven judges on the panel concurred with the decision in Rizo, because salary history was the sole reason for the pay disparity, but separated from the majority on the issue of excluding salary history from consideration under any circumstance.  The Rizo decision has also exacerbated a circuit split on whether salary history may be considered, and to what extent.  While certain circuits have taken an approach similar to the concurring judges in Rizo, permitting it as long as it is not the sole basis for a pay disparity, the Seventh Circuit has held that salary history is always a legitimate factor other than sex.

While California employers are no longer entitled to inquire about past salary as part of the job application process as of January 1, 2018, in light of the Rizo decision, employers with operations in California, Oregon, Washington, Idaho, Montana, Nevada, Arizona, Alaska, and Hawaii may wish to take actions to ensure that any pay disparities are not based on salary history, such as not asking about salary history during the hiring process (even in states where this practice is not prohibited by law) and conducting pay equity audits.

 

©2018 Epstein Becker & Green, P.C. All rights reserved.
Read more on equal pay at the National Law Review’s Labor and Employment Page.

USPTO Director Outlines Challenges to the Patent System at the U.S. Chamber of Commerce Patent Policy Conference

The USPTO released a copy of the “Remarks” made by Director Andrei Iancu, that read like a major policy summary regarding challenges to the US patent system. Specific solutions were not suggested, but Iancu identified two areas that need review and may subsequently be changed, particularly since the US Chamber’s 6th Annual International IP index showed the USPTO had fallen in the rankings from 10th to 12th in the world.

What makes this talk important is the Director’s recognition that the Mayo/Alice/Myriad “Rules” are rife with uncertainty for all of the stakeholders. He emphasized that the Office cannot ignore Supreme Court precedent, but he felt that the Office can also “simplify the eligibility determination for our examiners through forward-looking guidance.” (His comments about reviewing all aspects of IPR were more general in nature.)

Of course, I hope that Iancu comes to the recognition that most of the uncertainty and lack of clarity afflicting life sciences patenting comes from the PTO’s sua sponte decision to read and apply both Mayo and Myriad more broadly than the facts and the ultimate Supreme Court decisions require. Mayo involved the old use of an old compound – the correlation between the metabolite levels and side effects or efficacy of a known class of drugs does not inexorably lead to the conclusion that the discovery of a previously unknown naturally-occurring correlation and its utility as a diagnostic agent should be deemed patent-ineligible.

Likewise, the limited holding that an isolated human gene or fragment thereof is a natural product does not inexorably lead to the conclusion that isolated polypeptides or fragments thereof also natural products, and are patent ineligible. I hope that the Director will read Judge Rich’s elegant opinion in Bergy II justifying patent-eligibility of useful organisms (such as antibiotics)  discovered in, and isolated from environments (such as dirt)  which environments prevented their practical utility. In any case, the PTO took the opposite position and has been rejecting claims to naturally-sourced chemicals unless the isolation/purification step renders them “markedly different” from the chemical in its natural state.

Perhaps all that I have written here adds up to an “open letter” to the Director, suggesting just a few changes in PTO policy that he could implement without offending the Supreme Court. The Federal Circuit is another matter, but I still cling to the hope that at least some of the Judges would welcome the chance to read Mayo more narrowly, so as not to remove entire art areas from patent protection. In fact, the Director spent most of his remarks emphasizing the importance of patent protection as a driver for the entire R&D community. The Director has outlined areas that need “legal help.” Now, I hope that he will use his “Remarks” as a starting point for meaningful action.

© 2018 Schwegman, Lundberg & Woessner, P.A. All Rights Reserved.
This article was written by Warren Woessner of Schwegman, Lundberg & Woessner, P.A.

Go Pro 20/20 Coming to New York City on June 13, 2018

Gro Pro 20/20, in its 4th iteration, is the only event that brings together Chief Marketing, Business Development, Sales, Strategy Officers and Executive Leadership spanning the professional services landscape for a highly interactive exchange of industry best practices and ideas. Offering participants the best of today’s thinking in law firm and professional services strategy and conveniently packaged into one day, Gro Pro 20/20 has established itself as the key community gathering for senior leadership representing global and national professional services firms.

VALUABLE NETWORKING

“The engagement of the participants was robust, and their insights and experience-sharing was as valuable as the prepared content from the speakers. I welcome any opportunity to participate in Gro Pro events. The value I took away from the past two days exceeded my expectations.” – Gro Pro 20/20 Attendee, 2017

 

INDUSTRY INSIGHT

Embark on a collaborative journey with your peers and thought leaders representing the professional services industry as you are provided with novel ideas and thought-provoking insights on how to deploy your marketing and business development resources to drive ROI and value for your firm.

Past presenters include: Plante Moran, Miles and Stockbridge, DLA Piper, Cushman & Wakefield, WilmerHale, and many more.

ACTIONABLE TAKEAWAYS

Take what you learn at Gro Pro 20/20 back to the office and transform your business. We’ll be tackling your toughest questions:

  • How do I maintain the business I have?
  • Effectively mine for new business?
  • How to continuously Evaluate, Benchmark & Measure Success?
  • Craft a sustainable plan for my firm’s path forward?

Learn more and Register here.

 

 

 

Autonomous Vehicles and Ride Sharing are Reshaping Cities Now

Just two months ago, we wrote about how Autonomous Vehicles and Ride Sharing Will Reshape Our Buildings, Our Cities, and Our Lives. We explained that “[w]hile current developments require parking space to accommodate commuters, the future might make these spaces obsolete.” Chicago is experiencing that on a grand scale with the loss of surface parking lots, a staple of the city, especially in the business center, the Loop, and the areas into which that business center has expanded, River North, River West, West Loop, South Loop, Gold Coast, etc. (Chicago loves to carve as many marketable neighborhood names as possible into a small area).

As Ryan Ori of the Chicago Tribune reported, developers in the city are gobbling up surface parking lots and turning them into high rises. The simple fact of the matter is that the surface parking lots, which are available publicly to anyone willing to pay the hourly, daily or monthly fee, are not as profitable as they once were. People are driving less.  Ride sharing, UberLyft, and the like have all resulted in less need for parking in urban centers. Millennials are buying fewer cars than prior generations.   Even if in the short term, car sales may grow, the long term trend is that in urban centers, fewer people will own cars.  Thus, less surface parking, or public parking will be necessary. It may not seem too much of a shock that 1,000 foot high rises will make more money than surface parking lots, but surface parking has been a staple of Chicago for decades.  Companies have done very well owning multiple lots. With revenue down as much as 30 percent though, these lots are no longer worth as much as simply selling and developing the land.

So, how are all these people getting around?  They always could take taxis – it is not like there were no car options available that did not involve owning your own car.   They do not seem to be taking public transportation.  As recently as the third quarter of 2017, the American Public Transportation Association estimated that overall use of public transit was down 3.11 percent for the year.  Even just in Chicago, according to the same report, commuter rail use was down 1.42 percent and bus ridership was down 4.30 percent.  Is everyone getting into some sort of ride sharing? Studying the data turns out to be a challenge.  Less parking does not necessarily mean fewer cars, as New York has discovered. On report claimed that traffic in New York, always notoriously so bad that many locals do not own cars, had slowed by 12 percent thanks to ride sharing.

Cities could find themselves truly challenged. They need less parking, but there are more cars.  Those cars have to go somewhere. When in use, they need streets. When not in use, they need parking. Where are they going to be kept, and how?  How are they going to be managed? These are questions that must be answered now because cities are planned now, but for the future. Some have posited that the future is a world where car ownership dwindles and we all share utilitarian fully autonomous vehicles.  Presume that future is true.  When will it happen?  2030, 2040, 2050?  Cities are being designed now for the mid-21st Century and planners must decide where to build roads and how to build those roads (and parking, and high rises, and other transportation). If they decide wrong, those cities will not be equipped to deliver the transportation necessary for their ever growing populations.

© 2018 Foley & Lardner LLP
This article was written by Jeffrey A. Soble of Foley & Lardner LLP

Another Court Grants Summary Judgment to FCA Defendant Based on Escobar’s Materiality Standard

On April 6, 2018, the U.S. District Court for the Eastern District of Pennsylvania granted a motion for summary judgment filed by a waste company in an implied certification case under the False Claims Act (FCA), holding that the relator failed to satisfy the Supreme Court’s materiality standard announced in the landmark Escobar case.

The claims in U.S. ex rel. Cressman v. Solid Waste Services, Inc. arose from waste company employees discharging leachate, a liquid that passes through or is generated by trash, onto a grassy area at a transfer station, rather than sending the leachate to a treatment plant.  The relator reported the leachate discharge to the Pennsylvania Department of Environmental Protection (DEP), which conducted an investigation.  The waste company cooperated in the investigation, conducted its own investigation, and took corrective steps in response to the allegations.  The company also entered into a consent decree in connection with which it paid a civil penalty.

The relator then filed his qui tam action under the FCA, in which the government declined to intervene.  The relator asserted that the defendant waste company was liable under the FCA because it submitted claims for payment to federal agencies without disclosing its violation of environmental regulations arising from the leachate discharge incident.

In moving for summary judgment, the defendant argued that the relator had not demonstrated that the defendant’s alleged failure to disclose the regulatory violations arising from the discharge incident was material to its right to payment by the federal agencies.  Indeed, the defendant argued that the violation had nothing to do with the waste disposal services it was contracted to perform for those agencies.

The court agreed.  First, the court observed that the defendant’s contracts with the federal agencies at issue did not even involve the transfer station where the leachate disposal occurred.  As such, the court held that the violation “was not remotely related to Defendant’s service contracts with the Federal Agencies” and as such “failed to substantiate a FCA claim under Plaintiff’s posited theory of recovery.”  The court then squarely addressed materiality, holding that the relator failed to meet the Escobar standard:

In addition, to meet the materiality requirement for his FCA claims, Plaintiff must present evidence that the Federal Agencies for whom Defendant performed waste pickup services would not have paid Defendant’s claims had they known of the February 25, 2013 Discharge Incident/Violation at Defendant’s Souderton Division transfer station.  Plaintiff has presented no such evidence.  To the contrary, record evidence demonstrates that the Federal Agencies did not deem the February 25, 2013 Discharge Incident/Violation material to their payment of the submitted invoices.  For example, record evidence shows that the government agencies to whom [Defendant] has submitted invoices for payment since the February 25, 2013 Discharge Incident/Violation have continued to pay Defendant for the waste pickup services performed even after Plaintiff filed the underlying suit and after the Department of Justice investigated the allegations contained in Plaintiff’s complaint and declined to intervene on behalf of the Federal Agencies. (emphasis added).

The court went on to emphasize the government’s lack of action after the filing of the FCA complaint:

Here, in the four years since learning of Plaintiff’s allegations in this matter, including the regulatory violations asserted and relied upon by Plaintiff, the Department of Justice has not initiated any proceedings or taken any action against Defendant. Significantly, after investigating Plaintiff’s underlying FCA claims, the Department of Justice declined to intervene and prosecute Plaintiff’s suit in the name of and on behalf of the United States Government.

This court’s decision joins the ranks of an increasingly substantial line of cases holding, based on Escobar, that what the government does—or does not do—after learning of violations is critical to the materiality analysis.

© 2018 McDermott Will & Emery
This article was written by Laura McLane of McDermott Will & Emery

Medicare Enrollment for Providers No Longer Required Under Medicare Parts C and D

On April 2, 2018, CMS released the Contract Year 2019 Final Rules for Medicare Advantage (MA) and Part D (the MA Final Rule), incorporating changes that support CMS’ stated commitment to supporting flexibility and efficiency throughout the MA and Part D Programs.

The MA Final Rule incorporates broad changes to several aspects of the MA program, including changes to the marketing rules, the star rating process and benefit uniformity requirements, among others. Of note to providers, and the subject of today’s post, the MA Final Rule has also eliminated the requirement that providers and suppliers contracting with MA Plans, and prescribers prescribing drugs covered by Part D programs, be enrolled in Medicare. Instead, CMS will rely upon a “Preclusion List,” as described below, to eliminate prescribers, providers, and suppliers who are ineligible to provide items or services under these programs.

New Rule Eliminates Medicare Enrollment Requirement

In May of 2014, CMS implemented a rule that required that prescriptions for covered Part D drugs be prescribed by prescribers enrolled in Medicare. Later, in November of 2016, CMS implemented a rule that required providers and suppliers that furnished health care items or services to MA plan members to be enrolled in Medicare by 2019. Under the MA Final Rule, CMS is eliminating this requirement. The text of the new regulations, to take effect January 1, 2019, will instead (i) prohibit MA Plans from paying for services provided by providers and suppliers who are included in a “Preclusion List” and (ii) require pharmacy benefit managers to reject a pharmacy claim for a Part D drug if the individual who prescribed the drug is included on the preclusion list. The “Preclusion List” will be compiled by CMS and will include providers and suppliers (i) that are currently revoked from Medicare or who have engaged in behavior for which CMS could have revoked the provider or supplier to the extent applicable if they had been enrolled in Medicare, and (ii) whose underlying conduct CMS determines is detrimental to the best interests of the Medicare program. The Preclusion List will be separate and distinct from the OIG Exclusion List.

CMS will make the Preclusion List available to MA plans and Part D plan sponsors, who will be required to deny payment for claims submitted by, or associated with prescriptions written by, prescribers and providers on the list.

Impact of the New Rule on Providers and Suppliers

This new requirement allows flexibility to prescribers, providers and suppliers who have not enrolled in Medicare to provide services to MA plan members, easing the burden of enrollment, and allowing providers who have opted out of providing services under traditional Medicare to provide services to beneficiaries under Medicare part C or prescribe Part D covered drugs.

© 2018 Foley & Lardner LLP
This article was written by Alexis Finkelberg Bortniker of Foley & Lardner LLP

Will the GDPR Ease Cross-Border Data Transfers for Purposes of E-Discovery?

As the clock ticks down to May 25, 2018, when the European Union’s General Data Protection Regulation (“GDPR”) becomes fully enforceable throughout the EU, the Internet and airwaves have become saturated with guidance for companies about what to expect and how to prepare for its new protections and restrictions.  However, we’ve seen little intelligence for companies and their litigation counsel in situations where electronically-stored information (“ESI”) containing “personal data” resides in the EU and is relevant to discovery requests in American civil litigation.

In many ways, the process and procedures relating to transfers of personal data to the U.S. under the GDPR are similar – and similarly burdensome – to those of the existing privacy regime.  However, the GDPR does introduce new transfer options and clarifies others.  It has also added record-keeping and compliance reporting requirements as well as hefty penalties for non-compliance.

Our GDPR e-discovery series will examine these new and clarified transfer options for ESI containing personal data.  We begin our series with a newly added transfer option – the Hail Mary pass of transfer options – contained in a GDPR provision permitting a one-time limited transfer where necessary to further a “compelling interest” of the transferring party.

Before we get to the GDPR, however, some historical context is instructive about what makes transferring personal data from the EU to the U.S. for pre-trial e-discovery particularly taxing.  The challenges stem largely from the expansive definition of personal data on which existing law is premised, which encompasses any information relating to “an identified or identifiable natural person.”

The issue with this definition is immediately apparent.  In addition to information practitioners in the U.S. might typically consider “sensitive” or “private” personal data, such as social security numbers, financial account numbers, or medical treatment histories, the EU balloons the concept of personal data to include more innocuous information commonly contained in ESI, such as professional or personal email addresses, office addresses, and telephone numbers.

Existing EU privacy law further stipulates that such personal data cannot be transferred to a “third country” like the U.S. that does not ensure an adequate level of protection for personal data.  Absent such an adequacy determination by EU privacy regulators, a data transferor must demonstrate either sufficient protective safeguards incorporated into a data transfer agreement in the form of standard contractual provisions addressing the handling of the personal data; or that an enumerated “derogation,” or exemption, to the privacy law supports the transfer.

These far-reaching definitions and limited transfer options have created a classic lose-lose for American litigants.  On the one hand, U.S. courts generally observe that discovery of relevant documents in the EU cannot be avoided solely on the basis of its privacy law.  On the other, companies that do not take appropriate steps to permissibly transfer personal data can be sanctioned by privacy regulators.

While there was hope that the GDPR would address this inherent tension and simplify the transfer process, the end result is not so much simplification, or even clarity, as it is a new set of potential hazards and prospects.

It is in this context that we examine Chapter 5 of the GDPR (Articles 44 through 50) that governs transfers of personal data to third countries such as the U.S.  Of most relevance to transfers in the context of civil e-discovery are Article 46, which addresses transfers subject to standard contractual clauses relating to the handling of personal data, and Article 49, which carries over the “derogations” concept from existing law allowing for personal data transfers in the absence of Article 46 safeguards.

One Article 49 provision new to the GDPR specifically addresses the concept of a one-time limited personal data transfer, which sounds promising in the context of e-discovery.  However, this new provision also appears to be an option of last resort, applicable only where none of the safeguards or options enumerated in Articles 46 or 49 otherwise apply.  In such cases, a transfer of personal data may occur if:

  • the transfer is not repetitive;
  • the transfer concerns a limited number of data subjects;
  • the transfer is necessary for purposes of a compelling interest of the transferor that is not overridden by the interests of the data subject; and if
  • the transferor has provided suitable safeguards to protect the personal data during and after the transfer.

While this exemption sounds appealing, the jury is still out on its utility.  Just how many subjects or how much data constitutes a “limited” transfer, for example, will likely remain a subjective judgment in the eye of data protection authorities.  And, whether pre-trial e-discovery in American litigation will ultimately be considered a “compelling interest” is a new and unanswered question.  Plus, who balances the interests between the transferor and the data subjects?  Finally, this new provision subjects a transferor to significant disclosure requirements including informing the data subject about the transfer and the compelling interest being pursued as well as informing the data privacy authority of the transfer.  These disclosure requirements introduce logistical problems in-and-of-themselves.

Based on these unknowns and reporting requirements, use of this provision may entail significant risk for the transferor.  And, bear in mind that, although the GDPR was intended to harmonize some aspects of privacy law across the EU, Member States are left with the option to modify or supplement the default standard set out in Article 49.  This means you will still need to review the privacy law of a particular Member State to assess whether the compelling interest exemption even applies and, if so, in what context.

Bear in mind also that no matter what transfer method is used, the GDPR requires both transferors and transferees to maintain a record of personal data transfers and details about what adequacy decision or safeguard applied to each transfer.  Failures to do so may risk significant potential fines.  Our recommendation is that American companies with operations, employees, or data in the EU and multinational companies at risk of lawsuits or investigations in the US develop a standard policy for assessing personal data transfer requests, including those in the context of civil e-discovery.  This policy should recognize that every transfer may be different and allow flexibility based on the transfer options afforded by the GDPR.  Importantly, this policy should be adhered to rigorously and dictate the documentation required for each transfer contemplated or undertaken.

©1994-2018 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.

New FTC Report Makes Security Recommendations to the Mobile Device Industry

Securing data held by mobile devices is largely reliant upon technology, and a recent report by the Federal Trade Commission (“FTC”) takes aim at how that technology can be both improved and better utilized. The report, published in February 2018 and titled, Mobile Security Updates: Understanding the Issues, presents findings based upon information requested by the FTC in 2016 of eight mobile device manufacturers: Apple, Inc., Blackberry Corp., Google, Inc., HTC America, Inc., LG Electronics USA, Inc., Microsoft Corp., Motorola Mobility, LLC, and Samsung Electronics America, Inc.

Generally speaking, the FTC in the report recommended that both the devices themselves as well as their corresponding support services need to do a better job of addressing consumers’ security concerns. Security updates need to be deployed quicker and more frequently, but consumers also need to know when – and when they are not – covered by services providing these updates. The report further recommends that manufacturers provide a minimum period during which security updates are to be provided, and make that period known to the consumer prior to purchase. The report found that some manufacturers do in fact provide substantial security support, but little to no information is provided on the topic prior to purchase. It was also recommended that manufacturers consider providing security updates that are separate and distinct from other updates that are often bundled together in one package.

Providing security support services by way of software updates is only valuable, however, so long as consumers take advantage of them. To this point, the report recommended that government, industry and advocacy groups work together to educate consumers as to the importance of installing security updates as they become available. It was further recommended that manufacturers improve record keeping as pertains to update decisions, support length, update frequency, and the rate at which consumers bother to download and install the updates, all with the goal of improving upon past practices.

Takeaway for Small Businesses

The FTC’s mobile security report is intended to bolster consumer protection, however it is also relevant for small businesses and their use of mobile devices in the workplace. Many small businesses do not have the resources to implement their own mobile security measures, and thus rely heavily on the mobile device manufactures to ensure a certain level of security. Moreover, small businesses often allow for a bring-your-own-device (BYOD) policy, which permits employees to bring and use personally owned devices in the workplace. While a BYOD policy helps a small business save on device and carrier costs, it also increases the likelihood of security threats to the business.

Although small businesses should not rely entirely on the security measures provided by mobile device manufactures, improved security updates and support services as recommended by the FTC’s report will certainly be beneficial to small businesses that do not have resources to invest in security measures. That said, just as the FTC advises consumers to take of advantage of the security software updates, it is imperative that small businesses, particularly with a BYOD policy, act prudently with respect to mobile device security measures available to them by the manufactures. For more information on BYOD key issues and policy considerations, visit Jackson Lewis’s “Bring Your Own Device” BYOD Issues Outline. Mobile device manufacturers are in a constant race to stay ahead of those seeking to expose vulnerabilities. Issuing frequent updates is crucial for security, but ultimately, it is just as important that consumers and businesses that rely heavily on mobile device manufacturer securities measures, understand their role in the process.

Jackson Lewis P.C. © 2018
This article was written by Frank J. Fanshawe of Jackson Lewis P.C.

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by