STACK will be teaming up with Lanton Law to do an April 22, 2020 webinar at 1:00 PM EST titled “The New Concerns of a Digital Workplace.” Join Jonathan Ogurchak, Founder & CEO of STACK and Ron Lanton III, Esq, Principle of Lanton Law to discuss the following:

Challenges facing healthcare organizations with a rapid deployment to “work from home” environments

Considerations to ensure ongoing compliance and ensure appropriate use

Future areas for advancement related to the “new normal” organizations are likely to face

Click here to register

As organizational needs evolve right now, businesses are looking for innovative ways to become efficient and manage risks. 

For years our team at Lanton Law have been helping businesses around the country remotely with a variety of transactional needs. 

Legal services include but not limited to:

• Contract drafting, review and negotiation

• Due diligence in transactional matters

• Change of ownership

• Corporate governance matters

• Employment matters

• Privacy and data security 

• Leases

• Business strategy and growth objectives

• Day to day operational matters

• Litigation readiness and response

• Pre-litigation dispute resolutions such as arbitration and mediation

• Regulatory compliance 

• Acquisition due diligence/transfer of ownership

• Payor network access   

Additionally, our government affairs services include:

• Federal and state lobbying

• Strategic consulting

• Bill composition/bill check service

• Submitting regulatory comments

• Regulatory monitoring

U.S. Senator Kirsten Gillibrand (D-NY) has announced the creation of new legislation titled the Data Protection Act. According to the Senator’s press release, the bill would create “the Data Protection Agency (DPA), an independent federal agency that would protect Americans’ data, safeguard their privacy, and ensure data practices are fair and transparent. 

The DPA will have the authority and resources to effectively enforce data protection rules—created either by itself or congress—and would be equipped with a broad range of enforcement tools, including civil penalties, injunctive relief, and equitable remedies. The DPA would promote data protection and privacy innovation across public and private sectors, developing and providing resources such as Privacy Enhancing Technologies (PETs) that minimize or even eliminate the collection of personal data. The U.S. is one of the only democracies, and the only member of the Organization for Economic Co-operation and Development (OECD), without a federal data protection agency.”

The proposed bill will have three core missions:

• Give Americans control and protection over their own data by creating and enforcing data protection rules

• Maintain the most innovative, successful tech sector in the world by ensuring fair competition within the digital marketplace

• Prepare the American government for the digital age

Governmental oversight into data is showing no signs of slowing down. Gone are the days where you don’t have to worry about regulations in order to operate. If you are a healthcare, technology and financial services stakeholder, data privacy will be the most important issue to overcome within the next 10-20 years. Ensuring against breaches of personally identifiable information (PII), protected health information (PHI), personally identifiable financial information (PIFI), and other sensitive data will be key to compliance, trust and market competitiveness. Contact Lanton Law so that our experts can use their advocacy and legal services to help you prepare and succeed in a more interconnected world.   

What is the Potential Fallout from FTC’s Decision to Investigate Big Tech?

The Federal Trade Commission (FTC) issued a press release announcing that the agency will examine prior acquisitions by large technology companies between the years of January 1, 2010-December 31, 2019. With a 5-0 vote, the Commission seeks to examine subsequent trends of large cap acquisition on smaller firms to determine whether competition was restricted or whether competitive concerns should have been raised. 

“The Federal Trade Commission issued Special Orders to five large technology firms, requiring them to provide information about prior acquisitions not reported to the antitrust agencies under the Hart-Scott-Rodino (HSR) Act. The orders require Alphabet Inc. (including Google), Amazon.com, Inc., Apple Inc., Facebook, Inc., and Microsoft Corp. to provide information and documents on the terms, scope, structure, and purpose of transactions that each company consummated between Jan. 1, 2010 and Dec. 31, 2019.

The Commission issued these orders under Section 6(b) of the FTC Act, which authorizes the Commission to conduct wide-ranging studies that do not have a specific law enforcement purpose. The orders will help the FTC deepen its understanding of large technology firms’ acquisition activity, including how these firms report their transactions to the federal antitrust agencies, and whether large tech companies are making potentially anticompetitive acquisitions of nascent or potential competitors that fall below HSR filing thresholds and therefore do not need to be reported to the antitrust agencies.”

What specifically is the FTC looking for?

“The Special Orders require each recipient to identify acquisitions that were not reported to the FTC and the U.S. Department of Justice under the HSR Act, and to provide information similar to that requested on the HSR notification and report form. The orders also require companies to provide information and documents on their corporate acquisition strategies, voting and board appointment agreements, agreements to hire key personnel from other companies, and post-employment covenants not to compete. Last, the orders ask for information related to post-acquisition product development and pricing, including whether and how acquired assets were integrated and how acquired data has been treated.”

What are the options for the FTC under this action?

With this review being operated by the agency’s Office of Policy Planning under Section 6(b) of the FTC Act the review could trigger an enforcement action but that this inquiry would not be able to share information with the Department of Justice unless there is an enforcement action.

So what does this mean?

The FTC has significant power to scrutinize mergers and stop them. In this case, the FTC’s aim is to examine how big tech became big tech? The answer is simple, not only did they innovate to create go to products, but these large companies like Amazon, Facebook, Alphabet, Microsoft and Apple grew through acquisitions. Determining whether to incorporate competition or “kill” acquired companies has heavily contributed to their success. While the FTC does have power to make problems for these companies, the fact that the agency’s scrutiny could go on for years poses the question of whether the FTC has enough resources to make any meaningful differences. Additionally, will these same scrutinized big tech companies provide a marketplace solution themselves by divesting certain businesses before policymakers require them to do so. 

This may be different for tech companies that aren’t large cap tech. Knowing what the competitive playing field is along with how regulators are overseeing this market is crucial to your success. Contact Lanton Law to learn about your options to put together a solid strategy to reach your goals.

For more information contact

Ron Lanton III, Esq. 

Principal 

Lanton Law 

rlanton@lantonlaw.com

Disclaimer

The materials and information provided in this update is for informational purposes only and not for the purpose of providing legal advice. Use of and access to this article or any of the materials or information contained within this article do not create an attorney-client relationship between Lanton Law and the user or viewer. You should contact an attorney to obtain advice with respect to any particular issue or problem. 

Earlier this month, we released a blog post titled Tech Companies and the Uncertain Future of §230. In it we focused on what Section 230 of the Communications Decency Act is and how the tech community would be impacted by changes currently being debated by both sides of the political aisle in Congress. 

Interestingly, the Department of Justice (DOJ) has announced that it will hold a public workshop in Washington, D.C. on Feb. 19, 2020, titled “Section 230 – Nurturing Innovation or Fostering Unaccountability?” According to the DOJ the workshop will discuss the law, its expansive interpretation by the courts, its impact on the American people and business community, and whether improvements to the law should be made. 

Additionally, the Department stated “Following the public workshop, the Justice Department will invite stakeholders with diverse perspectives for private listening sessions and roundtables to seek additional input and discuss the problems, benefits, and potential improvements to Section 230.  The department will publish readouts on the various perspectives and debate from those meetings.”

Congressional officials have been increasing their desire to modify this law. Democrats have complained that the law allows tech companies to be lax in patrolling misinformation or violent extreme content while Republicans have advocated that the law prevents them from imposing actions against tech companies for removing conservative political content.  

As we continue to become an increasingly connected world, being able to digitally share content with each other is not likely to slow down anytime soon. However; the market and our intentions in sharing data have changed significantly since when section 230 was enacted in 1996. While major tech titans like Facebook, Twitter, Alphabet are at the center of this debate, we foresee that other tech stakeholders should take note of these developments and plan accordingly. We don’t believe that this debate will slow down at all so making adaption to section 230 is key. Contact Lanton Law for more details.      

On January 30th, the U.S. House Committee on Financial Services held a hearing titled “Is Cash Still King? Reviewing the Rise of Mobile Payments.” The Committee headed by Congresswoman Maxine Waters (D-CA) held this hearing to determine whether businesses should be allowed or prohibited from refusing cash payments in stores. The policy rationale behind the debate is whether cashless stores would have the unintended consequences of harming marketplace access for low-income Americans who do not have a bank account. 

In response to the emerging trend of cashless merchants, two Congressional bills have been introduced. H.R. 2650 titled the “Payment Choice Act of 2019 sponsored by Rep. Payne (D-NJ) has 34 co-sponsors and proposes to prohibit retail businesses from refusing cash payments. Rep. Payne argues for Americans to have a choice of how to pay for goods. Also H.R. 2630 sponsored by Rep. Cicilline (D-RI) titled “Cash Always Should be Honored Act,” proposes to make it unlawful for any physical retail establishment to refuse to accept cash as payment.     

Late last year Pew Charitable Trust released a study titled “Rise of Cashless Retailers Problematic for Some Consumers” that showed cash remains a vital payment option; at least here in the U.S. While the study listed how proponents of going cashless cited issues such as security, efficiency and an improved customer experience, the study stated “Cash made up nearly 40 percent of in-person transactions in 2017, according to the Federal Reserve, and, although its usage continues to decline, cash is still the most widely used payment type. Further, a Pew survey of consumers in 2018 about their payment experiences found that 78 percent used cash at some point in the previous month; for 14 percent (more than 35 million adults), cash remains the primary method of payment.” The study explored other elements of who is using cash and who isn’t. 

The Committee heard from the following witnesses: 

Ms. Deyanira Del Rio, Co-Executive Director, New Economy Project, 

Mr. Usman Ahmed, Head of Global Public Policy, PayPal, 

Mr. Aaron Klein, Fellow, Economic Studies and Policy Director, Center  on Regulation and Markets, Brookings Institute,

Ms. Christina Tetreault, Senior Policy Counsel, Consumer Reports,

Ms. Kim Ford, Executive Director, U.S. Faster Payments Council

We expect this to continue to be a point of contention as our society progresses towards modernization. States such as Massachusetts, New York, New Jersey, Pennsylvania and California have and continue to debate this issue, especially with their concerns on lower income access to the marketplace. If you are a technology stakeholder and you are needing guidance in how to navigate federal and state policies on this issue, contact Lanton Law.   

The Illinois Biometric Information Privacy Act enacted in 2008 was an important first step in developing policy on biometrics. According to the law, a private entity possessing biometric information accessible to the public must have a retention schedule and policy for permanently destroying biometric information. Additionally, there are restrictions on how a private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information. Most importantly, this law requires obtaining written consent prior to collecting biometric information as the law provides a private right of action for anyone injured under the Act. 

Interestingly, the case of Patel v. Facebook is an illustration of how this law applies to our growing dependence on technology. The question in Patel, is whether the collection of an individual's biometric data in violation of the Illinois Biometric Information Privacy Act is sufficient to establish Article III standing. According to the complaint, plaintiffs’ allege that Facebook subjected them to facial-recognition technology without complying with an Illinois statute intended to safeguard their privacy. Since the plaintiff did not allege substantive harm, the defendant moved to dismiss the case on Article III standing grounds. However; the Ninth Circuit stated that “Because a violation of the Illinois statute injures an individual’s concrete right to privacy, we reject Facebook’s claim that the plaintiff have failed to allege a concrete injury-in-fact for purposes of Article III standing.”

This case is in contrast to Santana v. Take-Two Interactive Software, Inc. who in 2017 interesting had the same Illinois law at issue. In this case plaintiff purchased NBA 2K15 and used the MyPlayer feature that allowed the creation of MyPlayer avatars. However; the Illinois Biometric Information Privacy Act’s private right of action allowed for plaintiff to allege that defendant “(1) collected their biometric data without their informed consent; (2) disseminated their biometric data to others during game play without their informed consent; (3) failed to inform them in writing of the specific purpose and length of term for which their biometric data would be stored; (4) failed to make publicly available a retention schedule and guidelines for permanently destroying plaintiffs’ biometric data; and (5) failed to store, transmit, or protect from disclosure plaintiffs’ biometric data by using a reasonable standard of care or in a manner that is at least as protective as the manner in which it stores, transmits, and protects other confidential and sensitive information.”

The Second Circuit in contrast to Patel, found that the plaintiff lacked standing for this claim because they did not allege that this deficient notice created any material risk that would have “resulted in plaintiffs’ biometric data being used or disclosed without their consent.”

So what happens now? First Santana is a summary order which means that this is not binding precedent on the Second Circuit. The Patel court attempted to distinguish itself from Santana by saying that in Patel unlike Santana, the plaintiff did not know that their biometric information was being collected. It seems like the U.S. Supreme Court may be the appropriate forum to settle this split decision by the Court of Appeals. This is especially true as Congress has not yet passed a federal biometric law that could put all questions to rest. Needless to say that as technology companies look for innovative ways to deliver advanced customer experiences, these stakeholders may want to forecast how their new products may be impacted by enacted laws like biometrics. Contact Lanton Law for additional information.  

Recently, we have learned of Amazon’s new hand scanning idea to revolutionize consumer interactions via fintech. The idea would involve creating a payment system that would biometrically scan a user’s hand to transfer payment from the user to Amazon, instead of via a credit card, phone application or cash. New point of sale terminals equipped with this technology would be placed in brick and mortar stores so that customers can “travel lighter” by not having to worry about carrying physical payment forms. There are early indications that Visa will be working with Amazon on this idea, along with potentially Mastercard, J.P. Morgan, Wells Fargo and others. While this theoretically sounds like a logical fit for where technology and banking or “fintech” is moving, are there laws in place that govern biometrics? 

Surprisingly, there is not a lot of established law on the issue of biometrics. We first started hearing about biometrics in 2014 with a Congressional bill titled the “Biometric Information Privacy Act,” also known as H.R. 4381. Sponsored by Representative Stockman (R-TX), the bill called for penalties to a business entity, governmental entity or person who knowingly (1) fraudulently obtains personal physiological biometric information relating to an individual; or (2) discloses personal physiological biometric information without permission from the individuals to which the personal physiological biometric information pertains. That bill did not get much traction. 

Congressional members have recently taken a cautious tone when dealing with Amazon’s cutting edge technology. For example, in late 2018 Rep. Jimmy Gomez (D-CA) joined by Senator Edward Markey (D-MA), Reps. Luis Gutiérrez (D-IL), John Lewis (D-GA), Judy Chu (D-CA), Ro Khanna (D-CA), Pramila Jayapal (D-WA), and Jan Schakowsky (D-IL) sent a letter to Amazon Chairman, President, and CEO Jeff Bezos, requesting information about Amazon’s facial recognition technology, branded and sold as “Amazon Rekognition. The letter expressed concern of the technology’s potential impact on communities of color. And while there are no federal rules outlining biometrics, we do see federal agencies speaking with the tech community on utilizing biometric technology for future unspecified projects.

State policy on this issue has been a bit of a mixed bag. While Illinois, Washington and Texas have biometric laws on the books, other states are following suit. Florida, Arizona, Massachusetts, Connecticut and New Hampshire to name a few are states that are debating biometrics, while California is about to undergo implementing its CCPA otherwise known as the California Consumer Privacy Act protections. We wrote a prior blog on the specifics of the new California law, which we believe will be a precursor to similar policies being developed in the near future.  

In conclusion, we expect fintech to continue to be ahead of the law as companies like Amazon push forward to create marketplace solutions that provide convenience and a relatable user experience.  The question becomes whether policymakers are comfortable with the pace of expansion and the awkwardness of proceeding with little to no regulatory oversight on something as personal to us as our biometrics.

Contact Lanton Law for additional information or for strategies on how to deal with unsettled legal and policy within biometrics. 

While there has long been controversy surrounding how far regulating the Internet should go, it seemed that the 2016 election has had major impacts on how and what information consumers should and should not see. One law at the center of what the responsibilities are of an Internet Service Provider (ISP) is 47 U.S. Code § 230. 

The law which is part of the Communications Decency Act (CDA), also called Title V of the Telecommunications Act of 1996, provides ISP’s with federal immunity to any cause of action that seeks to make ISP’s liable for information that originated with a third party service user.

Specifically, §230 states: “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” Additionally, when it comes to civil liability: 

“No provider or user of an interactive computer service shall be held liable on account of—

(A) any action voluntarily taken in good faith to restrict access to or availability of material that the provider or user considers to be obscene, lewd, lascivious, filthy, excessively violent, harassing, or otherwise objectionable, whether or not such material is constitutionally protected; or

(B) any action taken to enable or make available to information content providers or others the technical means to restrict access to material…”

This law preempts any contradictory state oversight. 

As the Internet and data sharing become more central in our lives, we are seeing more calls for regulatory oversight. Democrats have called for legislation on §230 as they believe that the law allows tech companies to not moderate content enough while the opposite viewpoint is being argued by Republicans. This fight continued into the eventual inclusion of §230 language in the recent passage of the new United States-Mexico-Canada Agreement (USMCA). While the tech industry views the inclusion of this language as necessary for legal certainty abroad, it remains to be seen whether we have heard the last of this domestic political argument. 

There is no doubt that §230 has allowed both the Internet and tech companies to grow. However; with worries growing over privacy and who owns individual data, we expect questions to continue over how far policymakers can go in creating regulatory oversight without inadvertently creating a “chilling effect” on first amendment expression. If you are a technology or content stakeholder and you have questions about state or federal legislative/regulatory data policy, contact us so that we can help you strategize for upcoming developments.    

As new political alliances emerge and populism continues to push political parties to make faster adjustments, companies need to take a fresh look at how they engage with the political system in order to convey priorities and goals. Political trends happen in small doses before they spread quickly, which is what St. Petersburg, Florida and now Seattle, Washington may be demonstrating.

This week, the city of Seattle via the Seattle City Council passed a ban on “most political spending by “foreign-influenced” corporations and increased election transparency...voting in unanimous support of President M. Lorena González’s Clean Campaigns Act during its Full Council meeting.”  

According to the Council; the highlights of the Clean Campaigns Act include the following: 

1. a ban on foreign-influenced corporations from making any contribution to independent expenditure committees;

2. a cap on all political contributions to independent expenditures of $5,000 (with the exception of limited contributor committees); and,

3. new reporting requirements to increase transparency.

As more corporations become involved in the political process, it is apparent that messaging and compliance with campaign finance laws are becoming essential to corporate strategy. At Lanton law we help organizations within the healthcare/life sciences, technology and finance sectors with legal and government affairs to advance an organization’s priorities. If you are planning on either starting or increasing your advocacy to state or federal officials, contact us so that we can not only ensure that your methods comply but we can also help craft your messaging and follow-ups to help attain the results you are seeking.   

Can Rhode Island Serve As A Model for Digital Currency in Today’s Worldwide Changing Marketplace?

For those that monitor the digital currency market, we have witnessed Chinese President Xi Jinping’s announcement in October 2019 that China should “seize the opportunity” that blockchain presents. According to a study by PR Newswire, the current worldwide crypto-currency market valued at $1.9 billion in 2017 can grow to $84 billion by 2024.     

With the world’s varying economies changing daily, the question that I have heard stakeholders ask is what place will digital currencies have here in the United States? The response here has been skeptical. While we have seen flashes of digital currency acceptance, the treatment of cryptocurrencies in the enacted Tax Cuts and Jobs Act of 2017 shows that we still have a long way to go in understanding how digital currencies have started to become a part of our economy. 

This year Rhode Island has shown why it is one of the early adopter states of acknowledging and strategizing for a blockchain future. In May 2019, the state issued a Request for Proposal or RFP that identified 12 business segments of opportunity (anti-fraud, contracts, medical marijuana, investigations, records, notarization, registration and licensing, shareholder or policyholder voting and crowdsourcing) where Rhode Island is looking to achieve its goals of becoming more efficient, transparent and business-friendly to name a few. 

At this point in time, the idea of blockchain technology or digital currencies seem a long way off. However; most innovative ideas always seem like they are being discussed earlier than they should until a majority of the public fully understands their function and then fully embraces the potential.  

At Lanton Law, we are monitoring policy, market and technology trends when it comes to innovation. If your company is considering investing in digital currencies or blockchain technology and are looking for the “next Rhode Island” or are wondering how state or federal policy will impact your business strategy, contact us today. 

In 2016, the Athens Orthopedic Clinic in Georgia was hacked by an anonymous hacking group called the “Dark Overlord.” The group’s action caused a major data breach and affected approximately 200,000 patients. The information obtained involved social security numbers, health insurance information, birth dates, and addresses. 

The Clinic refused to pay the ransom to the thief and advised those affected patients to set up anti-fraud protections. A lawsuit by the victims ensued seeking damages from the Clinic, which caused the courts to consider whether a data breach victim must suffer actual financial loss to be compensated or is the threat of future harm enough to make a claim for compensation? 

On December 23, 2019 the Georgia Supreme Court in Collins et al. v. Athens Orthopedic Clinic, P.A. reversed the Georgia Court of Appeals decision and ruled that “the injury the plaintiffs allege that they have suffered is legally cognizable.” 

As we rely more on technology and sensitive information such as our healthcare records are quickly exchanged from one healthcare provider to another, the risk of data breaches rises. Protected health information (PHI) often includes items such as Social Security numbers, birth dates, home and email addresses, and diagnosis codes can be used by hackers to buy prescription drugs online, purchase medical equipment, or create false identifications, to name a few. It seems that health care data is now more valuable than credit card data since health care data fraud takes longer for a consumer to both realize and report. 

That is why it is even more important for stakeholders that traffic in data to not only ensure that these stakeholders have adequate security protocols to protect against data breaches, but these stakeholders must develop rapid response plans to alert affected parties and assess potential monetary damages. Lanton Law assesses stakeholders potential risks and makes recommendations to help limit stakeholder liability. Contact Lanton Law to get started!    

In November 2019, we published a blog post titled More Data Oversight on the Horizon that discussed increasing Congressional oversight over data privacy, while highlighting the importance of the Online Privacy Act of 2019. 

In preparation for 2020, Lanton Law is forecasting that it is more likely than not that some form of federal privacy legislation will become law in 2020. One proposed legislative candidate for privacy in 2020 is the Consumer Online Privacy Rights Act (COPRA). This bill is sponsored by Senator Cantwell (D-WA).

According to Senator Cantwell’s press release, the Act otherwise known as S.2968 “establishes privacy rights, outlaws harmful and deceptive practices, and improves data security safeguards for consumers shopping or conducting business online.” The release discusses specifics stating that (COPRA) “gives Americans control over their personal data; prohibits companies from using consumers’ data to harm or deceive them; establishes strict standards for the collection, use, sharing, and protection of consumer data; protects civil rights; and penalizes companies that fail to meet data protection standards. The legislation also codifies the rights of individuals to pursue claims against entities that violate their data privacy rights.” 

The question is whether this legislation will be able to pass in a hotly contested election year. At this point it is unknown. This bill thus far has no Republican co-sponsors so it has yet to gain bi-partisan traction. However; with the new and increasing scrutiny surrounding tech companies and their treatment of consumer data, we anticipate that the political winds may shift against technology companies. It’s better to be aware of trends instead of being caught off guard by them. 

Lanton Law helps tech and fintech stakeholders navigate both the regulatory and legislative landscape on a state and federal level. If you have questions about compliance, new potential business strategies or what the policy landscape will look like for your business, contact us to learn about your options.  

No matter if you are a hospital, physician, pharmacist, manufacturer, SAAS or Health IT provider, the lifeblood of your business is in your contracts. As an attorney what amazes me time after time is how contracts are often overlooked by businesses.

When I speak with clients, many of them tell me that either they will just sign a contract to get access to something or on the back side, they will simply plan to get out of a contract if they aren’t happy with the party they contracted with. Situations like this are when things get interesting.

For clients contemplating entering into a contract, I usually ask the following: 

• Were you were able to negotiate your priorities into the contract? 

• Are you using standard terms and conditions from prior agreements?

• Are you thinking about how your business may evolve over time? 

On the flip side for clients that plan on exiting a contract I ask:

• Do you know what happens if you plan to get out of the contract? 

• Are there penalties for terminating?

• Are you prohibited from re-entering a certain market?

Many businesses don’t know the answers to these questions. Not knowing your rights before making a decision to either enter or exit a contract can cost your business thousands of dollars. 

Fortunately, there is something you can do about this. Clients have been using Lanton Law to help them understand not only what’s in their contracts, but Lanton Law gives you suggestions on how to negotiate a better deal, while also giving you a risk assessment for clients considering leaving a contractual relationship. Having a contract strategy will definitely save you from making a costly decision. 

Click here to contact Lanton Law now to schedule a contract risk assessment. Taking this small proactive step will not only help protect your interests, but it will allow you to more confidently plan for your future business expansion.

We are out with our December 2019 newsletter. This edition covers data oversight, a Medicaid white paper and upcoming webinars. Click here to access the December 2019 newsletter.

Additionally, if you are interested in signing up for our newsletter that has trending information on healthcare, technology and fintech, click here to sign up.  

No matter what, technology will always move faster than the law. With this maxim and our ever increasing reliance on convenient information, we have seen technology companies try to bring us what we want to see while also collecting a staggering amount of information on consumers. With regulations scant on personal data, Congress is slowly becoming more active in making policy governing technology. 

In November 2019, Congresswomen Anna G. Eshoo (D-CA) and Zoe Lofgren (D-CA) introduced the Online Privacy Act of 2019 (H.R. 4978). According to the sponsors, the bill proposes to strengthen user rights, places obligations on companies to protect users’ data, establishes a new federal agency to enforce privacy protections, and strengthens enforcement of privacy law violations.  

The sponsors press release discussed the following points which are highlights of the bill: 

• Creating User Rights – The bill grants every American the right to access, correct, or delete their data. It also creates new rights, like the right to impermanence, which lets users decide how long companies can keep their data.

• Placing Clear Obligations on Companies – The bill minimizes the amount of data companies collect, process, disclose, and maintain, and bars companies from using data in discriminatory ways. Additionally, companies must receive consent from users in plain, simple language.

• Establishing a Digital Privacy Agency (DPA) – The bill establishes an independent agency led by a Director that’s appointed by the President and confirmed by the Senate for a five-year term. The DPA will enforce privacy protections and investigate abuses.

• Strengthening Enforcement – The bill empowers state attorneys general to enforce violations of the bill and allows individuals to appoint nonprofits to represent them in private class action lawsuits.

 With so many controversies surrounding the use and rights of consumer data, we fully expect more government oversight into technology. If you are a technology stakeholder and you are interested in learning more about emerging policy or understanding potential risks to your business model contact us for legal or government affairs solutions at Lanton Law.

Oftentimes policy changes that sweep across the nation originate in policy “hot spots” like Massachusetts, California, New York, etc. This time its consumer privacy. As we rely more and more on the internet of things, artificial intelligence and fitness applications, we are unfortunately becoming more exposed to potential data breaches. If you operate in California, the California Consumer Privacy Act (CCPA) will be a defining factor in how you manage risks around consumer data. Approximately 500,000 businesses across all business sectors will have to comply with CCPA once the act goes into effect on January 1, 2020. 

So what is the CCPA? Passed in 2018 as AB 375, the Act models itself on Europe’s General Data Protection Regulation that went into effect recently. The bill awards California residents with the right to be informed on how companies collect and use their data. The law also allows their personal data to be deleted. CCPA creates a sliding scale approach by applying to California businesses who generate an annual gross revenue of $25 million with half of their annual revenue deriving from selling consumer information, or by companies that buy, sell or share personal information from at least 50,000 consumers, households or devices. 

Recently, the California legislature passed five bills seeking to amend CCPA in which Governor Gavin Newsom (D-CA) has until October 13, 2019 to sign or veto the legislation. Additionally, the state attorney general is expected to release draft regulations by the end of the year. Interestingly, an economic impact assessment prepared by a third party for the California Attorney General’s office stated that the new law could cost companies a total of up to $55 billion in initial compliance costs. 

So what is this important? Our society’s reliance on connectivity is not slowing down. The very companies that many of us interact with on a daily basis such as Amazon, Twitter and Facebook find themselves at the center of how they will comply with CCPA. But while this can be explained away as something that impacts only California, I have seen this type of legislation starting to spread to a cluster of other states. 

If you traffic in data, it will be a good idea to take inventory of your operational risks and whether your company will be able to comply if a similar law is enacted in your state. If you need assistance with regulatory compliance or are interested in finding out how your company can best engage with policymakers on this issue, don’t hesitate to reach out to us at either Lanton Strategies or Lanton Law.