Swiss-US Privacy Shield

In July, we reported that the EU Court had invalidated the viability of the US-EU Privacy Shield (EU Invalidates the Privacy Shield . . BUT Says Contracts May Save the Day!).  A few weeks ago (September 8, 2020), the Swiss Federal Data Protection and Information Commissioner (FDPIC) also decided to remove the United States from a list of nations that are considered to be providing “adequate level of data protection.”

Unlike the EU Court’s decision, decision by the Swiss FDPIC does not automatically invalidate the applicability of the Privacy Shield, because the list of countries on or off the list is technically not legally binding. That said, if your company is relying on the Swiss-US Privacy Shield to continue to transfer data from Switzerland to the United States, it would not be prudent to assume these transfers will continue to be viewed as complying with the adequate protection standards under Swiss law.  It seems to make sense to re-assess the risks and start relying on corporate policies and regulations, as well as legally binding contract clauses to ensure they are consistent with Swiss data protection law.

Even when the company policies and contract provisions are properly constructed, there still remains the risk that even these protections may be considered inadequate.  For example, if local authorities have the right to obtain the data without safeguards and legal protections consistent with those required under Swiss regulation, the transfer may be considered in contravention of Swiss law.  Similarly, if the entity to which the data is being transferred is not legally obligated, for any reason, to cooperate with the enforcement requirements that may apply under Swiss law this too creates a problem.  While encryption technology exists that can ensure no personal data can become available in another country, that approach only makes sense for pure storage capability (e.g., cloud based storage) but NOT if the data is intended to be used, displayed or otherwise handled in another nation.

While further guidance and information may ultimately be promulgated by the FDPIC, at present, a review of current procedures and data transfers, the exercise of caution and consideration of implementing additional steps to deal with this development in Switzerland, as with the EU Court decision, seems to be a prudent course of action.

At Rimon Law, our professionals are available to answer question about these developments, so feel free to contact me, Joe Rosenbaum, or any of the Rimon lawyers with whom you regularly work for information about this or any other matters.

EU Invalidates the Privacy Shield . . BUT Says Contracts May Save the Day!

Today (July 16, 2020), the EU Court of Justice, (the EU’s highest court) struck down the validity of the Privacy Shield – a mechanism that well over 5,000 U.S. companies have been using and relying upon in order to legally justify the transfer of personal data across the Atlantic into the US.  This same court had previously invalidated the “Safe Harbor” protocol, concluding the Safe Harbor failed to adequately protect privacy rights of EU citizens, since it accorded law enforcement in the United States priority over the rights of EU citizens – permitting law enforcement virtually unrestricted access to the data.

This new case began when Max Schrems, an Austrian privacy advocate, complained to Irish data protection regulators that Facebook’s reliance on standard contract clauses to permit data being transferred from the European Union to the United States did not provide adequate protection. Schrems argued that it didn’t prevent intelligence officials and other third parties in the United States from getting at the information. The Commissioner at the Irish Data Protection Authority took the complaint to Ireland’s high court and they referred certain questions regarding the validity of standard contractual clauses to the EU Court of Justice. Although Schrems’ complaint never raised the Privacy Shield issue, it was raised in oral argument before the court, opening the door for the court to include it in their opinion and decision.

While the European Court invalidated the Privacy Shield, it didn’t buy Schrems’ argument that standard contractual clauses should be deemed invalid as a matter of EU law or regulation. They basically said that standard contract clauses could be among the “effective mechanisms” if they required both sides involved in the transfer to ensure information is accorded the equivalent level of protection as required under EU law. They went on to note that the parties should not use those clauses if they can’t comply with that requirement.

As a result, while neutering the Privacy Shield, they did uphold the validity of the use of standard contractual clauses to legally move personal information outside the European Union, if these clauses were effective in providing the same level of privacy protection as the EU requires.

The case is Between the Data Protection Commissioner and Facebook Ireland Ltd. and Maximillian Schrems (Case Number C-311/18) and as always, if you have any questions or need more information about this posting, feel free to contact me, Joe Rosenbaum, or any of the lawyers at Rimon with whom you regularly work.

Congress Provides Additional PPP Flexibility

H.R. 7010, the Paycheck Protection Program Flexibility Act of 2020, passed by Congress on June 3rd, was signed by the President and became effective on June 5. 2020. The legislation makes some significant changes to the Payroll Protection Program (PPP). For our previous posts on the subject go to our most recent post on the subject PPP Loan Forgiveness Application which has links to all our prior postings.

If you want to read the entire text of the new law, you can read or download a personal copy Paycheck Protection Program Flexibility Act of 2020 , but in short (OK, it’s actually not that short) here goes:

Loan Maturity:  PPP loans made on or after June 5th will have a maturity of at least five years up to a maximum of ten years from the date  the borrower applies for forgiveness.  Although the new law only applies to loans made after June 5th, it does allow borrowers who received loans prior to that date to mutually agree to modify the maturity dates and conform to the extended time periods;

Covered Period Extended:  Under the new amendment, for both existing and new loans, in order to determine the amount to be forgiven, the period will now start on the origination date of the loan (i.e., the date the funds are disbursed per the SBA) and ending either 24 weeks (168 days) after the loan origination date, or December 31, 2020, whichever is earlier.  If you received a PPP loan before June 5, you can decide to use the 8 week period under the original CARES Act if you prefer;

Reduction of FTE/Salaries Safe Harbor Deadline Extended:  The new deadline for restoring FTE and salary/wage levels to their February 15th status, originally required by June 30th has now been extended to December 31, 2020.  In addition, the recently enacted amendment to the CARES Act provides that the amount of the loan that will be forgiven will be determine without regard to any reductions as a result of: (a) an inability to rehire individuals who were employees on February 15th and to hire similarly qualified employees for unfilled positions on or before December 31, 2020; or (b) the inability to come back to the level of business that existed before February 15th in order to comply with requirements or guidance from the Secretary of Health and Human Services, the CDC, or OSHA, from March 1st until December 31, which inability is related to requirements needed to maintaining standards applicable to COVID-19 for health, sanitation, social distancing or other worker or customer safety.  PPP borrowers should be prepared to substantiate (document) their good faith inability to hire/re-hire or return to pre-February 15th business levels and it is likely that information will be requested with any applications for forgiveness.

Using Loan Proceeds:  For both existing and new PPP loans, the new legislation provides that at least 60% must be used for covered payroll costs and up to 40% can be used to pay covered non-payroll costs (e.g., timely payment of interest on covered mortgage loans, covered lease, rent and utility payments.

Payment Deferral Period Extended:  Payments of principal and interest on PPP loans will be deferred until SBA determines the amount of the loan that will be forgiven and pays that amount to the lender.

If a Borrower Doesn’t Apply for Forgiveness: If a borrower does not apply for PPP loan forgiveness within 10 months after the end of that borrower’s “covered period,” payments of principal and interest will begin at the end of that 10-month period.  If a borrower has a pre-June 5th PPP loan who choose to continue to use the 8 week covered period under the original CARES Act, if the borrower hasn’t applied for forgiveness, those payments will begin 10 months after the end of that 8 week period.

Employer Payroll Taxes:  Under the new law, even if a Borrower receives forgiveness of the PPP loan, they can still defer paying employer payroll taxes as permitted by the original CARES Act.

While it is likely there will be additional clarifications and updated or revised guidelines as new questions arise, the new law provides welcome relief by extending deadlines, especially how forgiveness rules will be interpreted and applied.  We will keep you posted, but as always, if you have questions or need more information you can contact me, Joe Rosenbaum, or any of the legal professionals with whom you regularly work at Rimon Law.

 

Warning Against COVID-19 Claims and more . . .

On April 24, 2020, the Federal Trade Commission (FTC) announced it had sent warning letters to 10 multi-level marketing companies regarding claims they or their participants (distributors) were making in social media posts and online related to COVID-19.
The claims included supposed health benefits, as well as pitching business opportunities related to the pandemic. You can read the announcement and obtain more detailed information at FTC Sends Warning Letters to Multi-Level Marketers Regarding Health and Earnings Claims They or Their Participants are Making Related to Coronavirus. These new letters come on the heels of letters previously sent to companies about unsupported claims concerning products that can treat or prevent coronavirus (FTC, FDA Send Warning Letters to Seven Companies about Unsupported Claims that Products Can Treat or Prevent Coronavirus).

The FTC and the FDA (Food and Drug Administration) have sent scores of warning letters to companies that may be violating federal law by making deceptive or scientifically unsupported claims about the ability of these products to treat or cure coronavirus. Warning letters have also been sent to voice over Internet protocol (VoIP) service providers and other companies warning against “assisting and facilitating” illegal coronavirus-related telemarketing calls.

You can visit the FTC Coronavirus Warning Letters to Companies web page to see a list of warning letters related to the COVID-19 pandemic.  The FTC also keeps track of consumer complaints related the pandemic and updates the data regularly.  As of yesterday, there were almost 30,000 COVID-19 related consumer complaints, and although less than 50% of all these complaints report a loss, the estimated fraud losses based on those that do is now well over $20,000,000.  For the latest statistics, visit Coronavirus (COVID-19) Consumer Complaint Data, which the FTC updates regularly.

The FTC and the Department of Justice have also issued a joint statement expressing their views on unfair competition and antitrust laws and regulations to make it clear, especially in these extraordinary times of crisis, how firms (including competitors) are permitted to engage in pro-competitive collaboration that does not violate the antitrust laws.  You can read the statement at Joint Antitrust Statement Regarding COVID-19.

Rimon lawyers continue to follow these and related developments applicable to the Paycheck Protection Program and other government initiatives available through the SBA and related to the COVID-19 pandemic. For more information or assistance you can contact me, Joe Rosenbaum or any of the Rimon lawyers with whom you regularly work.  Stay safe!!

 

 

 

Paycheck Protection Program (Updated FAQs)

We previously posted information regarding the initial release of information about the Paycheck Protection Program being implemented by the U. S. Small Business Administration (US Chamber of Commerce Issues Coronavirus Small Business Guide and Paycheck Protection Program & Disaster Relief Loan Information Released (Updated)).

If you have been following those developments, yesterday (28 April 2020) the SBA updated the FAQs and you can read and download a copy of the update directly from the SBA’s website Paycheck Protection Program Loans Frequently Asked Questions.

While the FAQ document does not have the force or effect of law or regulation, the guidance is based on the SBA’s interpretation of the CARES Act and of the Paycheck Protection Program Interim Final Rules and notes the U.S. government will not challenge any action taken by a lender in reliance upon and conforming to the guidance and any subsequent rulemaking in effect at the time.

 

 

California Consumer Privacy Act (CCPA)

Although amended twice (September 13th and October 11th of 2018) after its initial passage by the California State Legislature and being signed into law by Governor Jerry Brown in June of 2018, the California Consumer Privacy Act (California Civil Code Section 1798.100) (“CCPA”) becomes effective with the new year (January 1, 2020).

Although it is intended to protect and afford California residents with certain rights (in some areas, greater or somewhat different than the European Union’s General Data Protection Directive 2016/679), it affects non-profit entities that do business in California, and that collect personal information of consumers and either has annual gross revenues over $25 million OR buys or sells personal data of 50,000 or more consumers/households OR earns over half its annual revenue from selling consumer personal information.

If your organization fits into any of those categories, you are required to establish, put into place and maintain reasonable security procedures and practices to protect consumer data and to afford California residents the right to know what personal data is being collected about them; to know whether and to whom the consumer’s personal data is sold or disclosed; to refuse to permit the sale of their personal data; to access their personal information; and to ask you to delete personal information collected from them.  The law also prohibits discrimination against any consumer for exercising any of their privacy rights under the CCPA.

While many business have been busily amending their agreements with suppliers, service providers and likely have been presented updated and revised contracts with “CCPA” amendments in order to ensure those in the chain of collection, storage, handling, distribution and use are in compliance, if you do any business in or with California residents, don’t forget to update your privacy policies and any terms of use that apply to your websites, e-commerce and online/mobile presence generally.  Those sites, even those that do not require any registration or input directly from consumers, almost certainly will be collecting information that is covered by the broad definition of “personal information” under the CCPA.

If you would like to know more about the CCPA or have any questions about this post, don’t hesitate to contact me Joe Rosenbaum, or any of the Rimon lawyers with whom you regularly work.

 

Rimon’s Complimentary 2019 CLE Webinar Series: Coming in January

Enrollment for the 2019 Rimon Law CLE Webinar Series being held in January is now open, so don’t wait too long to register!

Don’t miss the chance to register, to learn and to earn CLE credits.

This January (2019) we will be offering the following programs:

  • State and Local Taxation: Headline News and Trends, conducted by David Fruchtman;
  • Corporate Governance Issues Related to Mergers and Acquisitions of Delaware Corporations, conducted by Frank Vargas and Michael Vargas;
  • It All Ads Up: Advertising, Promotions & Celebrity Endorsements in a Digital, Mobile, Social & Augmented World, conducted by Joseph I. Rosenbaum;
  • Copyright and Trademark Law: The Uncomfortable Interface, conducted by Mark S. Lee; and
  •  Law and Behavior: Ethics in Deception before the PTO, AIA Proceedings and Enforcement Presentations, conducted by Maxim Waldbaum.

To get dates, times and more information and to register for any or all of them go to 2019 Rimon Law CLE Webinar Series.

Now That the FCC Has Acted . . . .

In case you missed it (see my previous Legal Bytes post Inter Net Neutrality), the International Law Office was kind enough to post an adapted version of the article in its IT & Internet Newsletter.   If you are not already a subscriber to ILO, you can read a PDF version of my post, Internet Neutrality, right here.  Now that the FCC has rolled back the Obama-era regulations, the battle continues to rage over whether that is good or bad for the Internet, the economy, innovation and each of the groups aligned on one side or the other of this fray.

Note for you historical buffs – the Internet was made available to commercial enterprises in 1981.  By 1984, “.com” had overtaken .gov, .mil and .edu as the largest URL suffix and it wasn’t until recently, during the FCC’s tenure under President Obama, that new regulations regarding neutrality were implemented.  I know, I know, times have changed – but be mindful that someone far wiser than I noted: “Those who cannot remember the past are condemned to repeat it.

Inter Net Neutrality

What an interesting play on words.  According to the Merriam-Webster dictionary, “inter” is a verb that means “to deposit (a dead body) in the earth or in a tomb.”

Earlier this week, the Chairman of the U.S. Federal Communications Commission (FCC) outlined plans to bury the Internet rules promulgated under the Obama administration that required providers of Internet services to treat all web traffic equally.  Those rules, among other things, limit the ability of ISPs to favor content or customers, to block or slow down the online services they provide.  Under the proposed changes, ISPs (wired and wireless) would be allowed to offer web-based services at different speeds and differing quality of service.  In addition, they could enable more favorable speed or quality, or both, for websites that paid a fee – as long as that relationship was disclosed.

Over the years, a lively and heated debate over the nature and extent of regulation needed to protect consumers without stifling innovation has continued.  Proponents of eliminating the rules claim that allowing the market to create different financial and performance models will spur investment and the development of technology, while critics argue that consumer prices would increase and so would barriers to entry and start-up costs for new companies.  Critics point to the airline industry (where the FCC net neutrality rules have never been applicable) as an example of the potential for harm – one U.S. air carrier provides easy access to one online video service which has paid the airline for such priority status, while others are not enabled with the same speed or quality.

Under the previous administration, the Internet and ISPs (both wired and wireless) were treated as utilities, virtually excluding them from regulatory oversight by the Federal Trade Commission (FTC), whose fact-based, case-by-case, analytical approach to regulation is generally perceived as more suitable (and friendly) for emerging technology and evolving markets.  Based on Chairman Ajit Pai’s remarks, in another reversal of the prior administration’s approach, it appears the FCC is now willing to share oversight with the FTC and have the FTC be responsible for monitoring ISP disclosures, determining if consumers are being harmed and determining whether these firms are engaging in anti-competitive or unfair trade practices.  The FCC indicated it plans to enact the new rules early in the new year.  Stay tuned.

If you have any questions or want more information about this or any Legal Bytes’ post, don’t hesitate to contact me, Joe Rosenbaum, a New York based partner at Rimon, P.C., or any of the other lawyers at Rimon with whom you regularly work.

 

 

The Antitrust Division Finds the Nails

– By Stephen Díaz Gavin

Just yesterday (Monday, November 20th), as Stephen Diaz-Gavin’s article “For Want of a Nail: The AT&T – Time Warner Merger” was posted on Legal Bytes, the Antitrust Division of the U.S. Department of Justice (“DOJ”) filed a lawsuit opposing the merger in the U.S. District Court for the District of Columbia, asking that the proposed merger and related transactions be permanently enjoined.  The lawsuit is a significant departure from U.S. antitrust policy in recent years, which has generally permitted vertical mergers and, as we pointed out in our original post, highlights the problems in not having availed themselves of the FCC’s  public interest review to address the concerns about the merger, publicly.  AT&T  immediately responded that it will defend the merger, but win or lose, one thing is a sure thing – approval of AT&T’s $85.4 billion entry into the content production business — is no longer a sure thing. You can read the full text of the DOJ Complaint and again, if you have any questions feel free to contact Stephen Díaz Gavin directly. Of course, you can always contact me, Joe Rosenbaum, a Partner at Rimon in New York or any of the lawyers at Rimon with whom you regularly work.