Website Use of Third-Party Tracking Software Not Prohibited Under Massachusetts Wiretap Act

The Supreme Judicial Court of Massachusetts, the state’s highest appellate court, recently held that website operators’ use of third-party tracking software, including Meta Pixel and Google Analytics, is not prohibited under the state’s Wiretap Act.

The decision arose out of an action brought against two hospitals for alleged violations of the Massachusetts Wiretap Act. The complaint alleged that the hospitals’ websites collected and transmitted users’ browsing activities (including search terms and web browser and device configurations) to third parties, including Facebook and Google, for advertising purposes.

Under the Wiretap Act, any person that “willfully commits [, attempts to commit, or procures another person to commit] an interception. . . of any wire or oral communication” is in violation of the statute.

In its opinion, the Court observed the claims at issue involved the interception of person-to-website interactions, rather than person-to-person conversations or messages the law intended to cover. The Court held, “we cannot conclude with any confidence that the Legislature intended ‘communication’ to extend so broadly as to criminalize the interception of web browsing and other such interactions.”

This decision arrives as similarly situated lawsuits remain pending in courts across the nation.

Trump Administration Tariffs: Considerations for U.S. and Global Companies

Donald Trump’s reelection as president of the United States raises considerations for both U.S. and non-U.S. companies importing goods into the country. Specifically, given Trump’s plan to impose “universal baseline tariffs on most foreign products” to “reward[] domestic production while taxing foreign companies,” what tariffs will be imposed, and what can importers do to protect themselves from the increased financial burden tariffs create? After Trump takes office on Jan. 20, 2025, supply chains most likely will be more expensive, with any additional tariffs likely impacting U.S. retailers, wholesalers, and manufacturers. During the campaign, Trump announced he would impose an additional 10-20% on global products and an additional 60% on products of China. Presidents have broad authority to impose tariffs and there are numerous legal authorities the Trump administration can rely on to impose them. In this GT Alert, we address those statutes and discuss strategies importers should consider to protect themselves from the increased financial burden. Statutory legal authority includes:

  • International Emergency Economic Powers Act of 1977 (IEEPA) provides the president with the authority to address unusual and extraordinary threats to national security through economic sanctions. According to the IEEPA, “Any authority granted to the President by section 1702 of this title may be exercised to deal with any unusual and extraordinary threat . . . if the President declares a national emergency with respect to such threat.” President Trump may use this act to address U.S. trade deficits.
  • Section 232 of the Trade Expansion Act of 1962 grants the president the power to impose restrictions on imports that pose a threat to national security, including through the imposition of tariffs. Previous legal challenges to the use of Section 232 have been unsuccessful.
  • Section 301 of the Trade Act of 1974 allows the president to respond to foreign trade practices that disadvantage the United States, authorizing the executive to (1) impose duties or other import restrictions, (2) withdraw or suspend trade agreement concessions, or (3) enter into binding agreements with foreign governments to eliminate the conduct in question or provide compensation. In his first term, President Trump used Section 301 beginning in July 2018 to impose additional tariffs of 25% or 7.5% on four lists of products from China. To date, the tariffs are still in place.
  • Section 338 of the Tariff Act of 1930 allows the president to impose additional tariffs of up to 50% on any country that discriminates against U.S. goods.
  • Section 122 of the Trade Act of 1974 provides the president with a “balance of payments” authority, allowing the imposition of an additional 15% tariff on imports for 150 days “[w]henever fundamental international payments problems require special import measures to restrict imports—(1) to deal with large and serious United States balance-of-payments deficits, (2) to prevent an imminent and significant depreciation of the dollar in foreign exchange markets.”

Prior to the implementation of additional tariffs, U.S. companies should consider increasing visibility into their supply chains. Importers may wish to review each imported product and confirm its country of origin. Specifically, if an additional 10% is added to products of the European Union and 60% is added to products of China, and a purchase agreement states the country of origin is the EU, U.S. companies should consider confirming the bill of materials and production steps to ensure that the product is in fact manufactured in the EU and not merely assembled there.

In addition, U.S. importers should consider reviewing incoterms (international commercial terms) on all purchase orders to determine which party is responsible for the tariffs. Note that tariffs are assessed based on the date of entry of goods into the United States and not the purchase order date. If a U.S. importer and non-U.S. supplier are currently negotiating a master purchase agreement that will take effect between now and the implementation of new tariffs under the Trump administration, importers may wish to add language so that the purchase price does not include the additional duties at whatever date the goods enter the United States.

Finally, there are numerous duty-mitigation strategies importers can consider to potentially blunt the impact of increased costs, including the use of “first sale” in a multi-tier transaction. Imported merchandise may have been the subject of more than one sale, with the middleman buyer adding an amount for profit and expenses to the price paid by the U.S. importer at entry. For example, merchandise may be manufactured in China, sold to a middleman in Hong Kong, and then sold to a buyer/importer in the United States. Under certain circumstances, importers can declare the value of the goods on the “first” or earlier sale, rather than on the last one, thereby reducing the declared value of the goods upon which duty payments are based. In addition, importers may consider taking legal deductions from the declared value, such as foreign inland and international freight.

The implementation of tariffs in the Trump administration seems likely, although the specifics have yet to be disclosed. In the meantime, companies should consider increasing transparency into their global supply chains and employing duty-mitigation strategies.

Holy Hemp: New Jersey Court Partially Invalidates Hemp Law

On Oct. 10, 2024, a New Jersey Federal District Court made a big decision on hemp. The Court largely invalidated New Jersey’s recent attempt to tighten controls on “intoxicating hemp products” like Delta-8 and Delta-10, which were previously sold in gas stations, smoke shops, and convenience stores without much oversight. The state had put forward amendments aimed at restricting these products to those over 21 and regulating them like cannabis. New Jersey argued that it was time to clamp down on these sales, citing public health concerns and the rising number of minors getting their hands on these potent, unregulated products.

NJ Gov. Phil Murphy had signed off on these amendments despite admitting the law wasn’t perfect. For him, protecting minors was the priority. And today, the Court shared that sentiment—partially. It kept in place only the part that prevents the sale of these products to minors.

As for the rest of the amendment? The Court struck it down. The reason? It found that New Jersey’s approach violated federal law, essentially treating hemp products from out-of-state differently from those produced locally under the New Jersey Cannabis Regulatory Commission’s new process. This selective control crossed the line, according to the Dormant Commerce Clause of the Constitution and provisions in the Federal Farm Act, which stops states from blocking the transport of hemp products.

The Court’s decision made it clear that New Jersey does have the power to regulate these sales, but the amendments need legislative fine-tuning to meet federal standards. So, while New Jersey’s push to regulate intoxicating hemp is on pause, this is far from over.

Here’s where the decision makes things complicated for sellers: By Oct. 12, shops were supposed to pull these hemp products from the shelves, including Delta-8 drinks and THC-A gummies. That means, until New Jersey’s Cannabis Regulatory Commission issues new rules, those products are off-limits.

For anyone in the hemp or cannabis business in New Jersey, it’s a loud reminder—stay compliant, stay updated, and be ready to adapt quickly to changes.

by: Benjamin Sheppard of Norris McLaughlin P.A.
©2024 Norris McLaughlin P.A., All Rights Reserved

For more news on Hemp Legality, visit the NLR Biotech, Food, & Drug section.

New York City Mayor Signs Hotel Safety and Licensing Law Imposing New Compliance Requirements on Hotel Operators

On November 4, 2024, New York City Mayor Eric Adams signed legislation to ensure hotel safety that will mandate a comprehensive licensing system for hotels to operate in New York City, implement several consumer safety protections, and require hotels to maintain continuous front-desk coverage, directly employ certain “core” employees, and provide human trafficking recognition training.

Quick Hits
New York City enacted a new hotel safety law that will require hotels to obtain a license to operate in the city and impose certain staffing requirements.
The law will require hotels to directly employ core employees, mainly housekeepers and front desk staff, avoiding the use of third-party staffing agencies.
The law is set to take effect 180 days after signing, or May 3, 2025.
The Safe Hotels Act, Int. No. 0991-2024, represents a significant shift in the regulatory landscape for New York City hotel operators, imposing several new employment and consumer compliance requirements as the city’s tourism industry rebounds from the pandemic.

“Our top priority from day one has been to keep people safe, and that includes protecting workers and tourists at our city’s hotels,” Mayor Adams said in a statement announcing the signing of the law. “That’s why we are expanding protections for the working-class New Yorkers who run our hotels and the guests who use them.”

Here is a breakdown of the key aspects of the new law.

Licensing
Under the new law, all hotel operators must obtain a license to operate within New York City. The license, valid for two years, requires a fee of $350. Hotel operators must submit detailed applications demonstrating their compliance with various staffing, safety, and operational standards. Violations of the new licensing requirements can result in significant civil penalties, ranging from $500 for a first offense to $5,000 for repeated offenses.

Staffing
The law will require hotel operators to provide continuous front desk coverage, either through front desk staff or, during overnight shifts, a security guard trained in human trafficking recognition. Large hotels (those with more than 400 rooms) must also maintain continuous security guard coverage on the premises.

Further, the law will require large hotels to directly employ certain “core employees,” aiming to eliminate the use of third-party contractors for core staffing needs. The law defines “core employees” as “any employee whose job classification is related to housekeeping, front desk, or front service at a hotel.” The law exempts small hotels, defined as those with fewer than 100 rooms.

The law will also prohibit hotel operators from retaliating against employees who report violations, participate in investigations, or refuse to engage in practices they believe to be illegal or unsafe.

Consumer Protections
Hotels will be required to maintain the cleanliness of guest rooms and common areas. Daily cleaning and trash removal are mandatory unless explicitly declined by the guest. Hotels will not be allowed to charge fees for daily room cleaning or offer incentives to guests to forgo this service.

Safety
The law will require hotels to provide panic buttons to employees whose duties involve entering occupied guest rooms. Additionally, all core employees must receive human trafficking recognition training within sixty days of employment.

Key Takeaways
Hotel operators may want to consider reviewing and updating policies to align with the new requirements, including updating staff training programs, security protocols, and cleaning schedules. They may also want to assess their staffing arrangements to ensure that core employees are directly employed.

The law is set to take effect 180 days after signing, or May 3, 2025.

© 2024, Ogletree, Deakins, Nash, Smoak & Stewart, P.C., All Rights Reserved.
by: Simone R.D. Francis Zachary V. Zagger of Ogletree, Deakins, Nash, Smoak & Stewart, P.C.

For more news on New York City’s Hotel Regulations ,visit the NLR Consumer Protection section.

“Captive Audience” Bans: Employers Should Be Aware of This Trend

As organized labor activity has been on the rise in recent years and stories about union-related matters have become regular news, labor relations questions have ever-increasingly become front-of-mind for employers. It is also not crazy to think that unions that have been considering an organizing effort will decide in the next couple of months to roll the dice now in anticipation that federal labor policy will (again) radically shift following the results of last week’s elections.

What has not garnered as much attention as the Starbucks and other prominent unionization efforts is the effort to strip from employers one of their most effective tools in countering union efforts to organize: mandatory employee meetings where employers can address and rebut the kinds of sweeping promises common to a union sales pitch.

In the midst of an organizing campaign, and particularly so in the days leading up to a union election, employers have long used meetings with employees as an opportunity to communicate their views on unionization and share their position on the upcoming vote. And for good reason — such meetings are one of the most effective tools to respond to promises unions make to employees and educate workers on the fact that unions have the legal right to make all sorts of promises about things they know they cannot guarantee, while employers are constrained by law from making almost any promises to employees.

These meetings are also very important mechanisms to share information that most unions prefer to avoid discussing — like mandatory dues, how long first contract negotiations can take, the potential for union decertification, and a union’s ability to call employees out on strike and punish them if employees will not toe the picket line. Much like with meetings to discuss other topics such as safety concerns or policy changes, employers often make attendance at such meetings mandatory and compensate employees for their time at such meetings because their attendance is a job expectation.

Given the effectiveness of such meetings, if you’re a cynic like me, then perhaps it does not surprise you that political forces favoring unions want to prevent employers from conducting them. In April 2022, National Labor Relations Board (NLRB) General Counsel Jennifer Abruzzo issued a memo announcing that she intended to push the NLRB to make legal rulings finding that employer mandatory meetings covering union-related and labor relations matters violate the National Labor Relations Act (NLRA). Such rulings would be an explicit reversal of NLRB decisions dating back to 1948 taking the position that employers do not violate the NLRA by requiring employees to attend meetings where the employer shares its messages regarding unionization. However, notwithstanding the General Counsel’s request, the NLRB has yet to reverse these decisions, and last week’s presidential election results certainly suggest the policy pendulum at the NLRB is likely to soon swing in the other direction.

But the current political winds at the federal level will not stop all momentum to prevent employers from using employee meetings to combat against the lofty promises unions make and communicate information they want to make sure is available to employees. Several “blue” states — California, Hawaii, Illinois, Vermont, and Washington — have all passed laws in the last year making employer captive audience meetings illegal, joining Connecticut, Maine, Minnesota, New York, and Oregon, which already had similar laws on the books. Alaska voters appear to have also adopted such a law in their state. If last week’s election results suggest anything, it may be that, in anticipation of a federal about-face in the organized labor arena, more states will try to take matters into their own hands and consider additional bans on these types of meetings.

The legality of such state laws is not without question. While Oregon’s law — the first of its kind and passed in 2010 — survived a legal preemption challenge, the argument remains that the NLRA preempts such laws as an impermissible intrusion on federal labor policy and employer rights preserved by federal law. With the reshaping of the federal courts in recent years, we can reasonably expect someone will attempt another NLRA preemption challenge, hoping to land before a federal judge or court more likely to be sympathetic to the argument. There is also a compelling argument that such state laws infringe employer First Amendment rights, particularly given that they target a particular speaker and a particular message, while not banning mandatory meetings to discuss things like safety or company updates. Such state action is therefore not content- or viewpoint-neutral, as required by most types of First Amendment analysis. To that end, the Illinois Policy Institute is making this First Amendment argument in a lawsuit it recently filed asking a federal court in Chicago to block the Illinois Worker Freedom of Speech Act from going into effect on January 1, 2025. How the Chicago federal court rules in that case may have wide-ranging implications for the other states’ statutes and the future of efforts to ban captive audience meetings.

As labor relations policy is sure to continue evolving in the coming years, employers should stay aware for now of the developing captive audience landscape, particularly if they face union activity in a state with a current ban on employer meetings of the type described in this article. Employers in such states can still hold meetings to discuss their message regarding unionization and make attendance at them voluntary — and should absolutely do so if faced with a union campaign.

by: Christopher G. Ward of Foley & Lardner LLP

For more news on

visit the NLR Labor & Employment section.

Let’s Circle Back (and eFile) after the Holidays

The Consumer Product Safety Commission launched its eFiling Beta Pilot a little over a year ago. Non-pilot participants were invited to participate in voluntary eFiling last summer, and the CPSC extended this stage to October 10, as it continued to work on a revised rule. The CPSC had anticipated completing a final rulemaking by the end of its fiscal year, which would have meant a full system implementation around January 1, 2025 – but regardless of when the final rule is published, the CPSC has proposed that the requirements go in effect 120 days after publication in the Federal Register.

Notably, the National Association of Manufacturers submitted comments regarding the rulemaking, highlighting issues with the proposed rules, including the scope of the filing system, technical and financial burdens for implementing the system, and the feasibility of complying with the proposed 120-day effective date window. It remains to be seen whether the CPSC will take these comments into consideration when the staff releases the updated package in the coming weeks, with a commission vote expected before the end of the year.

The eFiling program is the CPSC’s initiative to enable importers of regulated consumer products to file certain data from Certificates of Conformity (COC) electronically with Customs and Border Protection (CBP).This is not merely emailing existing COCs to CPSC or CBP, but digitizing individual data elements of the COC either directly into CBP’s Automated Commercial Environment (ACE) or through CPSC’s Product Registry.

There are many misconceptions related to the new rule and eFiling process and CPSC has created a broad resource library to help importers of record, the parties ultimately responsible for eFiling, comply with the new requirements. Any product that requires a COC today (whether a General Certificate of Conformity or a Children’s Product Certificate) will require eFiling under the new rule. However, the CPSC intends to honor enforcement discretions applied to certain products before the implementation of the eFiling program.

Internal business conversations between import compliance personnel, customs teams, product compliance teams, and brokers to discuss digitizing COC data and developing methods to manage trade parties, such as implementing identification mechanisms within testing programs, should begin, if they haven’t already. The CPSC also has an eFiling newsletter that is published quarterly and is due for another installment in the next month.

Once the final rule is published, eFiling will be a mandatory. So, to ensure compliance, the seamless import of goods, fewer holds at port, fewer targeted shipments, and reduced costs – implicated parties should get familiar and quickly for this fast approaching requirement.

eFiling is a CPSC initiative under which importers of regulated consumer products will electronically file (eFile) data elements from a certificate of compliance with U.S. Customs and Border Protection (CBP), via a Partner Government Agency (PGA) Message Set.

8 Things to Know About AFFF Lawsuits

Thousands of individual lawsuits have been consolidated into multidistrict litigation (MDL) against the corporations that make aqueous film forming foam (AFFF), a type of firefighting foam that was filled with per- and poly-fluoroalkyl substances (PFAS), synthetic chemicals that are now known to be dangerous to human health.

Here are 8 things that you should know about the AFFF firefighting foam lawsuits, according to mass tort lawyer Dr. Nick Oberheiden.

1. AFFF Caused Lots of Chemical Contamination

AFFF is one of the types of foam that firefighters use to put out flames. There are two classes of AFFF firefighting foam:

  1. Class A, which is used for combustible fires, like for wood or paper
  2. Class B, which is used for ignitable liquids like oil, gas, or jet fuel

Class A firefighting foams rely primarily on the water in the foam to put out the flames, though they are still substantially more effective than just using straight water. They have far fewer chemicals in them and are used more often than Class B foams.

Of Class B foams, there are two types:

  1. Foams that have fluorine in them
  2. Foams that do not have fluorine in them

Both foams work the same basic way: By blanketing flammable liquids, they prevent the fuel from catching fire and extinguish any lit fuels by suffocating the flames of the oxygen that they need in order to keep burning. This works far better than water for these types of fires, as the flaming liquids are lighter than water and would float on its surface and continue to burn.

AFFF, however, is a fluorinated type of foam. That fluorine comes in the form of a PFAS compound. There are hundreds of types of these compounds, but they are all based on one of the strongest chemical bonds in organic chemistry; the one between fluorine and carbon.

2. PFAS Chemicals are Everywhere

While PFAS chemicals have been used in firefighting foam since the 1970s, when the U.S. Navy worked in collaboration with the giant chemical corporation 3M to produce a foam that could quickly put out fires on vessels, PFAS compounds have been used in a wide variety of other capacities since the 1940s. A very versatile chemical compound, PFAS chemicals were used to:

  • Prevent or remove stains
  • Suppress or resist heat
  • Waterproof materials or make them water resistant
  • Contain grease or oil

As a result, PFAS chemicals have been added to a huge array of consumer products that span nearly every industry, including:

  • Food packaging and wrapping
  • Pizza boxes
  • Raincoats
  • Water resistant clothing and shoes
  • Non-stick cookware
  • Carpeting
  • Paint
  • Wood stain, varnish, and lacquer

In recent decades, though, researchers have noticed that the sheer ubiquity of these chemicals could pose a threat: The carbon-fluorine bond that these synthetic compounds are based on does not break down naturally, leading to PFAS being dubbed “forever chemicals.” Every piece of PFAS that is produced will continue to be a PFAS until something is done to break it down artificially, like putting the chemical into water and then superheating the water well past its boiling point.

3. PFAS Chemicals are Dangerous

It was not until relatively recently that the public learned two things about these PFAS chemicals:

  1. They had contaminated soil and groundwater across the country, and
  2. They were connected to numerous different medical conditions, including several types of cancers.

The strong chemical bond between carbon and fluorine that was fundamental to PFAS meant that, as it was used or disposed of, it would not break down. Instead, PFAS chemicals would just build up in the soil where they were dumped or would contaminate the groundwater in that soil. Eventually, PFAS chemicals found their way into drinking water and water for crops and animals. From there, it got into the food system.

It was not until the 2000s that this became apparent to the public. By then, there had been nearly 60 years of PFAS buildup.

Around this time, medical researchers also discovered that exposure to PFAS chemicals could lead to PFAS contamination in the bloodstream, which could cause a host of serious medical conditions. While research is still being done to find out what, exactly, PFAS chemicals does in the human body and which medical conditions it can cause, PFAS contamination has been linked to increased risks for:

  • Pregnancy issues, including:
    • Fetal death
    • Birth deformities
    • Hypertension
    • Preeclampsia
    • Low birth weight
    • Developmental delays in young children
  • Liver damage
  • Liver cancer
  • Testicular cancer
  • Thyroid cancer
  • Kidney cancer
  • Prostate cancer
  • Fertility problems
  • A dysfunctional immune system, including decreased effectiveness of vaccines
  • Hormonal imbalances
  • Obesity
  • High cholesterol

These are some serious medical conditions that could end up being fatal. Anyone who was exposed to PFAS chemicals, including those in AFFF, are at risk of developing them and can talk to an AFFF lawyer about filing an AFFF firefighting foam lawsuit.

4. These Cases Involve Yet Another Corporate Cover-Up

As lawsuits over PFAS exposure started to get filed in the 2000s, it quickly became clear that the large corporations who had filled our world with PFAS-heavy products had long known the risks associated with them.

PFAS manufacturer DuPont, one of the largest chemical producers on the planet, instructed its workers to only handle PFAS chemicals with extreme care as early as 1961. PFAS manufacturer 3M had discovered that the company’s PFAS chemicals were inside fish that swam in the water near one of its plants in the 1970s. In the 1980s, DuPont suddenly moved all of its female employees out of the production facility that handled PFAS chemicals – several female DuPont employees in the facility had given birth to children with serious deformities.

In spite of these warning signs, these major corporations continued to dispose of PFAS materials however they wanted to – whether that meant dumping it into the water, burying it in the ground, or burning it into the air. They also continued making new products with PFAS chemicals in them, including AFFF firefighting foam in the 1970s, which was then used by military and civilian firefighters both to put out real fuel fires and to train in putting them out. This continued for three decades, with firefighters pumping PFAS-heavy foam onto airport tarmacs and training areas on military bases across the country, deeply contaminating the soil and nearby waterways and exposing the firefighters to dangerous amounts of PFAS chemicals.

The corporate cover-up would have continued, if it were not for two things. First, in 1998, the U.S. Environmental Protection Agency (EPA) learning of an internal study at one of the major PFAS manufacturers that had found that the offspring of pregnant lab rats who had been exposed to PFAS chemicals were almost guaranteed to die within days. Second, the first class action against the PFAS manufacturer Chemours reached a temporary settlement for $71 million and funding for the C8 Science Panel to research the dangers posed by PFAS chemicals. When the Panel started to publish its findings, Chemours quickly settled the case permanently for $671 million.

5. Other PFAS Lawsuits Have Recovered Billions, and That is Just for Clean Up 

Since that first class action settled, many, many more lawsuits have been filed over PFAS contamination. These lawsuits have targeted the major corporations that have manufactured PFAS products, including:

  • 3M
  • DuPont
  • Chemours
  • BAFS

All told, these MDLs and class actions have settled for over $11 billion. There are two things about these PFAS lawsuits are important to know:

  1. They are confined to compensating for cleanup and decontamination costs, and
  2. They apply to general PFAS products, not specifically to AFFF.

This first point is crucial. The plaintiffs in these huge lawsuits have been water districts that have demanded compensation for the costs of upgrading their filtration equipment and the decontamination of their water and soil. None of the $11 billion is earmarked for the inevitable medical conditions that all of that prior PFAS contamination will cause.

6. AFFF Firefighting Foam: Class Action or MDL? AFFF Lawsuits the First to Allege Personal Injuries and Losses

Now, though, an AFFF firefighting foam MDL includes personal injury claims for medical and financial losses by victims of AFFF exposure for the first time. So you have time to file an AFFF lawsuit and join the MDL.

MDL No. 2873 consolidated hundreds of these AFFF firefighting foam cases in the U.S. District Court for South Carolina in January, 2019. This MDL covers individual victims who have suffered from one of the medical conditions associated with PFAS exposure, who need medical monitoring after being exposed to the chemicals, or who have suffered a financial loss for the diminution in the value of their property due to PFAS contamination. The cases are limited to PFAS exposure from contaminated groundwater near military bases, airports, and other industrial sites due to the use of AFFF that contain either of the two main types of PFAS chemicals used in AFFF:

  1. Perfluorooctanoic acid (PFOA)
  2. Perfluorooctane sulfonate (PFOS)

When it was first consolidated into an MDL, there were around 500 cases. Since then, it has exploded to over 9,000 claims by July, 2024, with much of the growth coming in recent months.

7. Status and Future of the AFFF MDL

MDLs like this one have become the preferred way to handle mass tort situations: Cases where the misconduct of one or a small handful of companies have led to hundreds or thousands of people suffering in similar or identical ways. By consolidating all of the cases together for pre-trial procedures, like the gathering of evidence and summary judgment motions, the cases can move forward far more efficiently than if they were all on their own.

Even though the MDL was formed over two years ago now, the AFFF litigation is still in its early stages. The defendant corporations, all of whom manufactured and sold AFFF firefighting foams, will advance numerous legal defenses to avoid accountability for their conduct or to at least mitigate the damage of a judgment or the amount of a settlement. Some of the defenses that we will likely hear are:

  • The medical condition a particular person suffered was caused by something else
  • Some other AFFF manufacturer was responsible for a particular area of contamination
  • Plaintiffs waited too long to file their claims and the statute of limitations has expired
  • The company’s version of AFFF has less PFAS chemicals in it than others

In the meantime, a growing body of medical literature is connecting PFAS exposure and contamination to serious medical issues. We may even see new medical conditions getting linked to AFFF and the toxic chemicals in it.

As evidence is gathered, settlement talks will begin. If these prove to be fruitless, the court will schedule bellwether trials. These are individual cases that are representative of the rest of the cases in the MDL that are brought through a jury trial. The outcome of those trials are then used to inform further settlement discussions, which nearly always resolve the MDL outside of the courtroom.

8. How This Will Likely End

PFAS lawsuits have been equated to the Big Tobacco Settlement, when cigarette companies settled a class action against them for huge sums. In both cases, the large corporations knew that the products that they were selling were likely to cause life-threatening medical conditions, but continued to sell them and took affirmative actions to cover up evidence that there was any risk.

In the end, though, the most important factor will be the solvency of the defendant corporations that make AFFF. Some of them are substantially larger than others and will be better able to pay the huge settlements that we are likely to see. According to mass tort lawyer Dr. Nick Oberheiden, founding partner of the national law firm Oberheiden P.C. and leading attorney on AFFF cases“As evidence is gathered, it will become more and more clear what the defendant corporations owe. If they are not able to pay it, they are more likely to extend this MDL to the bellwether trial stage in a risky attempt to avoid settling and try to beat it, altogether. Another option that they would have in this situation is to file for bankruptcy and create a victim’s trust fund, much like asbestos companies did in order to resolve the class action against them for causing mesothelioma.”

PRIVACY ON ICE: A Chilling Look at Third-Party Data Risks for Companies

An intelligent lawyer could tackle a problem and figure out a solution. But a brilliant lawyer would figure out how to prevent the problem to begin with. That’s precisely what we do here at Troutman Amin. So here is the latest scoop to keep you cool. A recent case in the United States District Court for the Northern District of California, Smith v. Yeti Coolers, L.L.C., No. 24-cv-01703-RFL, 2024 U.S. Dist. LEXIS 194481 (N.D. Cal. Oct. 21, 2024), addresses complex issues surrounding online privacy and the liability of companies who enable third parties to collect and use consumer data without proper disclosures or consent.

Here, Plaintiff alleged that Yeti Coolers (“Yeti”) used a third-party payment processor, Adyen, that collected customers’ personal and financial information during transactions on Yeti’s website. Plaintiff claimed Adyen then stored this data and used it for its own commercial purposes, like marketing fraud prevention services to merchants, without customers’ knowledge or consent. Alarm bells should be sounding off in your head—this could signal a concerning trend in data practices.

Plaintiff sued Yeti under the California Invasion of Privacy Act (“CIPA”) for violating California Penal Code Sections 631(a) (wiretapping) and 632 (recording confidential communications). Plaintiff also brought a claim under the California Constitution for invasion of privacy. The key question here was whether Yeti could be held derivatively liable for Adyen’s alleged wrongful conduct.

So, let’s break this down step by step.

Under the alleged CIPA Section 631(a) violation, the court found that Plaintiff plausibly alleged Adyen violated this Section by collecting customer data as a third-party eavesdropper without proper consent. In analyzing whether Yeti’s Privacy Policy and Terms of Use constituted enforceable agreements, it applied the legal frameworks for “clickwrap” and “browsewrap” agreements.

Luckily, my Contracts professor during law school here in Florida was remarkable, Todd J. Clark, now the Dean of Widner University Delaware Law School. For those who snoozed out during Contracts class during law school, here is a refresher:

Clickwrap agreements present the website’s terms to the user and require the user to affirmatively click an “I agree” button to proceed. Browsewrap agreements simply post the terms via a hyperlink at the bottom of the webpage. For either type of agreement to be enforceable, the Court explained that a website must provide 1) reasonably conspicuous notice of the terms and 2) require some action unambiguously manifesting assent. See Oberstein v. Live Nation Ent., Inc., 60 F.4th 505, 515 (9th Cir. 2023).

The Court held that while Yeti’s pop-up banner and policy links were conspicuous, they did not create an enforceable clickwrap agreement because “Defendant’s pop-up banner does not require individuals to click an “I agree” button, nor does it include any language to imply that by proceeding to use the website, users reasonably consent to Defendant’s terms and conditions of use.” See Smith, 2024 U.S. Dist. LEXIS 194481, at *8. The Court also found no enforceable browsewrap agreement was formed because although the policies were conspicuously available, “Defendant’s website does not require additional action by users to demonstrate assent and does not conspicuously notify them that continuing to use to website constitutes assent to the Privacy Policy and Terms of Use.” Id. at *9.

What is more, the Court relied on Nguyen v. Barnes & Noble Inc., 763 F.3d 1171, 1179 (9th Cir. 2014), which held that “where a website makes its terms of use available via a conspicuous hyperlink on every page of the website but otherwise provides no notice to users nor prompts them to take any affirmative action to demonstrate assent, even close proximity of the hyperlink to relevant buttons users must click on—without more—is insufficient to give rise to constructive notice.” Here, the Court found the pop-up banner and link on Yeti’s homepage presented the same situation as in Nguyen and thus did not create an enforceable browsewrap agreement.

Thus, the Court dismissed the Section 631(a) claim due to insufficient allegations that Yeti was aware of Adyen’s alleged violations.

However, the Court held that to establish Yeti’s derivative liability for “aiding” Adyen under Section 631(a), Plaintiff had to allege facts showing Yeti acted with both knowledge of Adyen’s unlawful conduct and the intent or purpose to assist it. It found Plaintiff’s allegations that Yeti was “aware of the purposes for which Adyen collects consumers’ sensitive information because Defendant is knowledgeable of and benefitting from Adyen’s fraud prevention services” and “assists Adyen in intercepting and indefinitely storing this sensitive information” were too conclusory. Smith, 2024 U.S. Dist. LEXIS 194481, at *13. It reasoned: “Without further information, the Court cannot plausibly infer from Defendant’s use of Adyen’s fraud prevention services alone that Defendant knew that Adyen’s services were based on its allegedly illegal interception and storing of financial information, collected during Adyen’s online processing of customers’ purchases.” Id.

Next, the Court similarly found that Plaintiff plausibly alleged Adyen recorded a confidential communication without consent in violation of CIPA Section 632. A communication is confidential under this section if a party “has an objectively reasonable expectation that the conversation is not being overheard or recorded.” Flanagan v. Flanagan, 27 Cal. 4th 766, 776-77 (2002). It explained that “[w]hether a party has a reasonable expectation of privacy is a context-specific inquiry that should not be adjudicated as a matter of law unless the undisputed material facts show no reasonable expectation of privacy.” Smith, 2024 U.S. Dist. LEXIS 194481, at *18-19. At the pleading stage, the Court found Plaintiff’s allegation that she reasonably expected her sensitive financial information would remain private was sufficient.

However, as with the Section 631(a) claim, the Court held that Plaintiff did not plead facts establishing Yeti’s derivative liability under the standard for aiding and abetting liability. Under Saunders v. Superior Court, 27 Cal. App. 4th 832, 846 (1994), the Court explained a defendant is liable if they a) know the other’s conduct is wrongful and substantially assist them or b) substantially assist the other in accomplishing a tortious result and the defendant’s own conduct separately breached a duty to the plaintiff. The Court found that the Complaint lacked sufficient non-conclusory allegations that Yeti knew or intended to assist Adyen’s alleged violation. See Smith, 2024 U.S. Dist. LEXIS 194481, at *16.

Lastly, the Court analyzed Plaintiff’s invasion of privacy claim under the California Constitution using the framework from Hill v. Nat’l Coll. Athletic Ass’n, 7 Cal. 4th 1, 35-37 (1994). For a valid invasion of privacy claim, Plaintiff had to show 1) a legally protected privacy interest, 2) a reasonable expectation of privacy under the circumstances, and 3) a serious invasion of privacy constituting “an egregious breach of the social norms.” Id.

The Court found Plaintiff had a protected informational privacy interest in her personal and financial data, as “individual[s] ha[ve] a legally protected privacy interest in ‘precluding the dissemination or misuse of sensitive and confidential information.”‘ Smith, 2024 U.S. Dist. LEXIS 194481, at *17. It also found Plaintiff plausibly alleged a reasonable expectation of privacy at this stage given the sensitivity of financial data, even if “voluntarily disclosed during the course of ordinary online commercial activity,” as this presents “precisely the type of fact-specific inquiry that cannot be decided on the pleadings.” Id. at *19-20.

Conversely, the Court found Plaintiff did not allege facts showing Yeti’s conduct was “an egregious breach of the social norms” rising to the level of a serious invasion of privacy, which requires more than “routine commercial behavior.” Id. at *21. The Court explained that while Yeti’s simple use of Adyen for payment processing cannot amount to a serious invasion of privacy, “if Defendant was aware of Adyen’s usage of the personal information for additional purposes, this may present a plausible allegation that Defendant’s conduct was sufficiently egregious to survive a Motion to Dismiss.” Id. However, absent such allegations about Yeti’s knowledge, this claim failed.

In the end, the Court dismissed Plaintiff’s Complaint but granted leave to amend to correct the deficiencies, so this case may not be over. The Court’s grant of “leave to amend” signals that if Plaintiff can sufficiently allege Yeti’s knowledge of or intent to facilitate Adyen’s use of customer data, these claims could proceed. As companies increasingly rely on third parties to handle customer data, we will likely see more litigation in this area, testing the boundaries of corporate liability for data privacy violations.

So, what is the takeaway? As a brilliant lawyer, your company’s goal should be to prevent privacy pitfalls before they snowball into costly litigation. Key things to keep in mind are 1) ensure your privacy policies and terms of use are properly structured as enforceable clickwrap or browsewrap agreements, with conspicuous notice and clear assent mechanisms; 2) conduct thorough due diligence on third-party service providers’ data practices and contractual protections; 3) implement transparent data collection and sharing disclosures for informed customer consent; and 4) stay abreast of evolving privacy laws.

In essence, taking these proactive steps can help mitigate the risks of derivative liability for third-party misconduct and, most importantly, foster trust with your customers.

Affordable Care Act Proposed Rule Would Broaden Access to Over-the-Counter Contraception Without Cost Sharing

Employer-sponsored health plans would be required to cover over-the-counter contraception, including condoms and emergency contraception, without a prescription and without cost sharing under newly proposed Affordable Care Act (ACA) regulations

Quick Hits

  • Proposed rules issued by the DOL, HHS, and Treasury are designed to increase coverage for over-the-counter contraceptives, such as condoms, spermicides, and emergency contraception, without a prescription.
  • If finalized, the proposed rules would be the first time that male contraceptives will be covered under the ACA preventive care requirements.
  • The public has until December 27, 2024, to submit comments on the proposed rules.

Fully insured and self-insured health plans would have to cover every Food and Drug Administration (FDA)-approved contraceptive drug or drug-led combination product without cost sharing, unless the plan or insurer covers a therapeutic equivalent without cost sharing, under rules proposed by the U.S. Departments of Health and Human Services, Labor, and Treasury.

Employer-sponsored health plans and insurers also would have to tell participants that over-the-counter contraception without a prescription is covered at no cost, under the proposed rules published October 28, 2024, in the Federal Register.

The ACA requires most group health plans to cover preventive care at no cost to patients. Preventive care under the ACA includes FDA-approved contraceptives for women, such as birth control pills, injectable contraceptives, contraceptive patches, implantable rods, intrauterine devices, diaphragms, sponges, vaginal rings, emergency contraception medication, and sterilization procedures for women. In 2022, the Health Resources and Services Administration (HRSA) issued updated guidelines that define which healthcare services are considered preventive for women.

Without a prescription, over-the-counter products were not included in the ACA’s coverage requirement. The proposed rule would change that.

In guidance issued earlier this year, the departments noted that they are still identifying plans that are out of compliance with the contraceptive care requirements. Employers that violate the ACA mandate can be fined $100 for each day in the noncompliance period for each affected employee. At first, the ACA granted exemptions to churches and other religious organizations that hold instilling religious values as their purpose and primarily employ people who share their religious beliefs. The criteria to qualify for an exemption were broadened later. Without an exemption, nongovernmental employers can use a self-certification form to instruct their health insurer to exclude contraceptive coverage from the group health plan and provide payments to patients for contraceptive services separate from the health plan.

In July 2020, the Supreme Court of the United States ruled that private employers with religious or moral objections can be exempt from the contraceptive mandate.

Seven states—California, Colorado, Maryland, New Jersey, New Mexico, New York, and Washington—already have laws requiring state-regulated health insurance policies to cover certain over-the-counter contraceptives without a prescription and without cost sharing.

Next Steps

Employers may want to review the coverage of contraceptives under their medical plans both to ensure that no improper restrictions are put on them currently and also to clarify how their coverage would need to expand if these proposed rules became final in a substantially similar form.

This article was co-authored by Leah J. Shepherd, who is a writer in Ogletree Deakins’ Washington, D.C., office.

What U.S. Travelers to UK Need to Know About UK’s Electronic Travel Authorisation (ETA)

Americans traveling to the UK as tourists or business visitors are generally visa-exempt. Starting on Jan. 8, 2025, visa-exempt Americans traveling to the UK will need to use the new Electronic Travel Authorisation (ETA) scheme prior to travel. Americans will be able to apply for ETA starting on Nov. 27, 2024.

Like the U.S. ESTA (Electronic System for Travel Authorization), ETAs are digitally linked to the traveler’s passport, allowing smoother and more secure immigration processing.

Applying for an ETA costs ten pounds. The ETA expires either two years after issuance or when the individual’s passport expires – whichever is earlier. If an individual obtains a new passport, they must apply for new ETA.

The ETA allows:

  • Multiple entries
  • Stays for no longer than six months

The ETA is being rolled out in phases. It is already in effect for nationals from the Gulf States. On Jan. 8, 2025, approximately 50 other countries, including the United States, will be added to the list. ETA will be rolled out for European countries on April 2, 2025.

The application is online and through the UK ETA app. Every individual who is traveling will need a separate ETA application. It is best to apply early, although applications are usually processed within three working days.

The similar ETIAS program for travel to the European Union has been delayed, but it is expected to go into effect sometime in 2025.