Recently, many direct marketers and online retailers received a letter from the Michigan Department of Treasury notifying them of the “carrot and stick” approach the Department of Treasury is taking regarding the enforcement of the Michigan sales and use tax, the Michigan Business Tax (“MBT”), which was adopted on January 1, 2008, and the Michigan Single Business Tax (“SBT”), a tax on gross receipts which was repealed effective December 31, 2007.
The carrot that Michigan has offered is not very big. If a company comes forward to sign a voluntary disclosure agreement, makes payment of taxes and interest for the four year period prior to the filing, and agrees to begin collecting and paying each of these taxes on a go forward basis, it is relieved of liability for penalties, and Michigan will limit its lookback period for tax and interest to four years prior to the filing. No tax, penalty, or interest would be due for any period prior to that.
This is not a very big carrot, though, because for pure Internet sellers and direct marketers, nexus for sales and use tax purposes and for the Michigan SBT under the Michigan statute and regulations requires a physical presence of the company in Michigan, i.e., sales representative activity of at least two days on an annual basis, not including attendance at trade shows at which no orders were taken. (See Revenue Administrative Bulletin No. 1998-1 for a discussion of other nexus creating activities under the SBT).
Thus, the only real benefit of submitting a VDA to marketers who had no physical presence would be the waiver of penalties on the tax for 2008 and 2009 and the avoidance of future interest on taxes paid. The costs would be payment of taxes for which the company might not otherwise be liable and the costs and burden of providing for future tax collection. Of course, the decision as to whether the VDA process is beneficial for a company should be made only after carefully analyzing the facts and circumstances for that company under the guidance of the company’s advisers. But the point is that before grabbing the “opportunity” to sign up for the VDA, a company should analyze and weigh very carefully the benefits of the VDA against its costs.
Wednesday, March 31, 2010
Thursday, March 25, 2010
What’s Next For Sales Tax (a/k/a Use Tax) On Direct Mail?
Direct marketers know that successful eCommerce strategies often depend upon reaching customers offline as well as online. Direct mail, including the distribution of catalogs, remains one of the most effective ways of driving traffic to a website. Indeed, given the reluctance of some consumers to give out their e-mail addresses, and the protections afforded consumers from unwanted solicitation under anti-SPAM, Do-Not-Call and other consumer privacy laws, traditional “snail mail” marketing techniques remain an important way for Internet sellers to communicate directly with customers.
Although several larger states (including California, New York, and Pennsylvania) provide exemptions from tax for certain types of direct mail, the vast majority of jurisdictions treat direct mail as taxable. And in all states, including those that provide exemptions, there are myriad other complex legal issues affecting taxability, including sourcing rules, taxability of postage, “direct mail” certificates, and nexus considerations, each of which make determining the proper sales tax treatment of direct mail transactions challenging. Add the fact that mailings go to recipients in many, if not all 50 states (and countless localities), each of which has its own tax law, and the difficulty of properly applying tax to any particular direct mail transaction multiplies exponentially.
Perhaps due to this complexity, states historically did not aggressively pursue audits or assessments on direct mail. But, those days are gone. In recent years, states and localities have begun focusing more and more on sales and use tax application to direct mail, in part due to attention given the issue by the Streamlined Sales and Use Tax Agreement (“SSUTA”). Although it takes no position on whether direct mail should be subject to tax, the SSUTA project raised the issue’s profile by adopting provisions addressing the sourcing of direct mail transactions. Those provisions were amended in late 2009 to separate the treatment of “advertising and promotional direct mail” from other types of direct mail, such as invoices, notices, etc. But, the provisions do nothing to minimize (and, coupled with other provisions in the SSUTA, arguably aggravate) the complexity of taxation of direct mail.
In the last two years, many of the more aggressive states, particularly non-SSUTA states, began to put pressure on large printers and letter shops to collect the use tax on their sales of direct mail pieces, even on sales to clients that lacked any presence in the state. Internet and direct marketers began to receive unwelcome notices from their printers that they would have to pay tax on large print contracts, adding 7-10% to the already high cost of doing business for direct marketers
Given budgetary problems in states throughout the nation, revenue departments will likely continue to look for ways to boost tax collections from direct mail transactions. Direct marketers need to be aware of this issue prior to entering into any negotiation over print and other direct mail contracts; direct mail firms should understand their potential tax obligations and recognize that they may be able to take steps to minimize their tax exposure and thereby offer more competitive fees to their clients.
Although several larger states (including California, New York, and Pennsylvania) provide exemptions from tax for certain types of direct mail, the vast majority of jurisdictions treat direct mail as taxable. And in all states, including those that provide exemptions, there are myriad other complex legal issues affecting taxability, including sourcing rules, taxability of postage, “direct mail” certificates, and nexus considerations, each of which make determining the proper sales tax treatment of direct mail transactions challenging. Add the fact that mailings go to recipients in many, if not all 50 states (and countless localities), each of which has its own tax law, and the difficulty of properly applying tax to any particular direct mail transaction multiplies exponentially.
Perhaps due to this complexity, states historically did not aggressively pursue audits or assessments on direct mail. But, those days are gone. In recent years, states and localities have begun focusing more and more on sales and use tax application to direct mail, in part due to attention given the issue by the Streamlined Sales and Use Tax Agreement (“SSUTA”). Although it takes no position on whether direct mail should be subject to tax, the SSUTA project raised the issue’s profile by adopting provisions addressing the sourcing of direct mail transactions. Those provisions were amended in late 2009 to separate the treatment of “advertising and promotional direct mail” from other types of direct mail, such as invoices, notices, etc. But, the provisions do nothing to minimize (and, coupled with other provisions in the SSUTA, arguably aggravate) the complexity of taxation of direct mail.
In the last two years, many of the more aggressive states, particularly non-SSUTA states, began to put pressure on large printers and letter shops to collect the use tax on their sales of direct mail pieces, even on sales to clients that lacked any presence in the state. Internet and direct marketers began to receive unwelcome notices from their printers that they would have to pay tax on large print contracts, adding 7-10% to the already high cost of doing business for direct marketers
Given budgetary problems in states throughout the nation, revenue departments will likely continue to look for ways to boost tax collections from direct mail transactions. Direct marketers need to be aware of this issue prior to entering into any negotiation over print and other direct mail contracts; direct mail firms should understand their potential tax obligations and recognize that they may be able to take steps to minimize their tax exposure and thereby offer more competitive fees to their clients.
Thursday, March 18, 2010
Welcome Eyes on IP Readers
We'd like to thank the folks at our sister-blog, Eyes on IP, for their warm welcome to the world of blogging and for introducing us to all their readers.
To our new friends referred by Eyes on IP, we hope that you take some time to look around our blog and that you find something useful. As we note in our introduction, our blog is devoted to providing legal insight to the world of eCommerce, including topics such as tax, privacy and data security, FTC compliance, state abandoned property laws, product safety, and consumer protection. Please consider yourselves welcome, and let us know if you have any questions, comments, or feedback.
To our faithful Eyes on Ecom Law readers, take a moment to check out our colleagues at Eyes on IP. They provide a bird's eye view of the wide world of intellectual property...with an eye to how intellectual property matters to business. Insights abound at Eyes on IP.
UPDATE: Our friends have moved -- you can now visit our sister blog at IP Wise.
To our new friends referred by Eyes on IP, we hope that you take some time to look around our blog and that you find something useful. As we note in our introduction, our blog is devoted to providing legal insight to the world of eCommerce, including topics such as tax, privacy and data security, FTC compliance, state abandoned property laws, product safety, and consumer protection. Please consider yourselves welcome, and let us know if you have any questions, comments, or feedback.
To our faithful Eyes on Ecom Law readers, take a moment to check out our colleagues at Eyes on IP. They provide a bird's eye view of the wide world of intellectual property...with an eye to how intellectual property matters to business. Insights abound at Eyes on IP.
UPDATE: Our friends have moved -- you can now visit our sister blog at IP Wise.
Wednesday, March 17, 2010
Facebook: Not Just For Friends?
The Obama Administration is considering sending federal officers undercover on Facebook and other popular social networking sites. This effort raises a number of interesting questions, some legal, some not. For example, would the feds work with Facebook, or simply register, and silently patrol the social network looking for leads? If they went with the cooperative approach, just how much help could Facebook provide given its privacy policy and terms of use? Would it unlock the kingdom based upon an informal request, or would it require a subpoena or search warrant to comply? And, if the government decided to slip into the system without alerting Facebook, would it be required to follow Facebook's terms of use -- such as providing real names and contact information? What are the consequences if a person "tricks" someone into being their friend?
A confidential Department of Justice presentation obtained by the Electronic Frontier Foundation sheds some light on these issues, and also provides useful guidance in the crafting of privacy policies and terms of use by eCommerce companies, including those who provide social networks or online communities.
The presentation first shows that Facebook is "[o]ften cooperative with emergency requests." It is probably in the interest of most eCommerce companies to be cooperative in those situations, but it is likewise vital to ensure that your privacy policy makes clear the nature of such cooperation, and that you have some degree of internal controls in place to ensure that the emergency exception does not swallow the privacy rule. Vetting such requests with counsel can be an important protective measure to an appropriate balance of company interests.
In defending itself, Facebook explained: "We scrutinize every single law enforcement request; require a detailed description of why the request is being made; and if it is deemed appropriate, share only the minimum amount of information. We strive to respect the balance between law enforcement's need for information and the privacy rights of our users, and as a responsible company we adhere to the letter of the law." The presentation notes, in contrast, that Twitter only produces data "in response to legal process." Both approaches are sound.
The presentation also discusses the fact that supplying fake credentials (in violation of the terms of service) can result in civil and potentially criminal liability. CNET reports that at least one case has found no criminal liability from a breach of such terms of service, but the law, as CNET notes, remains unsettled. In the Drew case, the defendant allegedly created a deliberately false identity and pretended to be a sixteen-year old for the purpose of communicating with a minor, all "conscious violations" of the MySpace terms of service. In dismissing the criminal charges, the trial court concluded that the Computer Fraud and Abuse Act was unconstitutionally vague in connection with the argument that it criminalized intentional breaches of a website's terms of service. While it is helpful to know that the DOJ is mindful of the potential criminal implications of using false pretenses in connection with a social media account, the presentation also shows a degree of interest in such techniques that might be considered to be very disturbing by some.
Apart from whether fraudulent access to a community web site is a crime, the Drew case underscores the general importance of terms of service, and the additional degree of protection they can provide to users both in terms of criminal infiltration and unwarranted government intrusion. Clear terms that require accurate personal information in connection with all accounts help safeguard users from online predators and fraud, while also helping to ensure that law enforcement goes through appropriate channels (and not secretly) to obtain content from those sites. This is just another reminder to take those terms seriously and to treat them as more than simply boilerplate. As with privacy policies, periodic reviews are wise.
A confidential Department of Justice presentation obtained by the Electronic Frontier Foundation sheds some light on these issues, and also provides useful guidance in the crafting of privacy policies and terms of use by eCommerce companies, including those who provide social networks or online communities.
The presentation first shows that Facebook is "[o]ften cooperative with emergency requests." It is probably in the interest of most eCommerce companies to be cooperative in those situations, but it is likewise vital to ensure that your privacy policy makes clear the nature of such cooperation, and that you have some degree of internal controls in place to ensure that the emergency exception does not swallow the privacy rule. Vetting such requests with counsel can be an important protective measure to an appropriate balance of company interests.
In defending itself, Facebook explained: "We scrutinize every single law enforcement request; require a detailed description of why the request is being made; and if it is deemed appropriate, share only the minimum amount of information. We strive to respect the balance between law enforcement's need for information and the privacy rights of our users, and as a responsible company we adhere to the letter of the law." The presentation notes, in contrast, that Twitter only produces data "in response to legal process." Both approaches are sound.
The presentation also discusses the fact that supplying fake credentials (in violation of the terms of service) can result in civil and potentially criminal liability. CNET reports that at least one case has found no criminal liability from a breach of such terms of service, but the law, as CNET notes, remains unsettled. In the Drew case, the defendant allegedly created a deliberately false identity and pretended to be a sixteen-year old for the purpose of communicating with a minor, all "conscious violations" of the MySpace terms of service. In dismissing the criminal charges, the trial court concluded that the Computer Fraud and Abuse Act was unconstitutionally vague in connection with the argument that it criminalized intentional breaches of a website's terms of service. While it is helpful to know that the DOJ is mindful of the potential criminal implications of using false pretenses in connection with a social media account, the presentation also shows a degree of interest in such techniques that might be considered to be very disturbing by some.
Apart from whether fraudulent access to a community web site is a crime, the Drew case underscores the general importance of terms of service, and the additional degree of protection they can provide to users both in terms of criminal infiltration and unwarranted government intrusion. Clear terms that require accurate personal information in connection with all accounts help safeguard users from online predators and fraud, while also helping to ensure that law enforcement goes through appropriate channels (and not secretly) to obtain content from those sites. This is just another reminder to take those terms seriously and to treat them as more than simply boilerplate. As with privacy policies, periodic reviews are wise.
Tuesday, March 16, 2010
Think You’re Safe Storing or Releasing “Anonymized” Data? Think Again.
Anonymity is increasingly difficult to safeguard, and direct marketers that collect, maintain, share, and use customer information should take note of a recent class action settlement by Netflix than stemmed from the company's disclosure of an "anonymized" customer database.
Most federal and state privacy and data security statutes focus on the protection of "personally identifiable information," such as names, addresses, telephone numbers, financial account numbers, social security numbers, and email addresses. In response to such laws, many companies strip personally identifiable information from databases containing sensitive information. Once stripped of identifiers, the theory goes, the risks of identity theft or violations of consumer privacy rights resulting from disclosure of the data (whether purposeful or not) are eliminated. Some companies may even conclude that the data may be shared for marketing or "data mining" purposes without violating their privacy policies or applicable laws.
According to the Electronic Privacy Information Center, however, "computer scientists have revealed that this 'anonymized' data can easily be re-identified, such that the sensitive information may be linked back to an individual."
Ten years ago, the risk of such "re-identification" was "largely theoretical":
"In a corner of the U.S. Census Bureau, a small group of statisticians has been sweating out the agency's nightmare scenario: 're-identification.' That's the term for a technique that the bureau fears could allow marketers and other "intruders" to match anonymous census information with the names of the people who provided it. Such a concern is largely theoretical, so far. But if perfected, the technique could have great appeal to marketers of everything from french fries to financial services."
-Glenn R. Simpson, "The 2000 Count: Bureau Blurs Data To Keep Names Confidential," The Wall Street Journal, February 14, 2001.
The risk is theoretical no more, and online sellers and direct marketers that fail to pay attention to the issue do so at their own peril.
The Netflix Case. Netflix just announced that it is canceling its Netflix Prize after being sued in federal court on a class action basis for invasion of privacy and violation of the Video Privacy Protection Act ("VPPA") based upon the alleged re-identification of individuals whose movie rating information was made public in a database that had been scrubbed of personal information.
Netflix sponsored a contest to see if entrants could provide "collaborative filtering algorithms" that could better predict viewers' movie ratings than Netflix's existing Cinematch recommendation engine. In connection with the contest, entrants were given an "anonymized" training data set that contained 100 million subscriber movie ratings covering 480,000 subscribers and 18,000 movies. Each of the rating entries included a unique numeric identifier representing the subscriber, but contained no personally identifiable information.
It didn't take long, however, for two researchers at the University of Texas to identify two of the anonymous subscribers in the training data set. They did so by using public reviews available on the Internet Movie Database and re-identification algorithms. The researchers found that one of the people they identified "had strong-ostensibly private-opinions about liberal and gay-themed films and had ratings for some religious films." (The complete study is available here.) The researchers were apparently able to identify individual subscribers despite the "perturbation techniques" employed by Netflix to protect individual identities. (Perturbation adds "noise" to a database to protect individual record confidentiality. The UT researchers had developed a technique that was "robust to perturbation in the data.")
In at least one respect, the Netflix case presented a good opportunity for class action plaintiffs because the federal VPPA specifically makes video rental information private. (As is often the case with privacy laws, the VPPA was passed in reaction to a highly publicized event - in this case, the release of Judge Robert Bork's video rental records during Senate hearings on his nomination to the United States Supreme Court.) But, the Netflix suit went far beyond alleged VPPA violations, and included sweeping counts under California statutes (including for alleged unfair trade practices and false advertising), as well as common law privacy claims. Not only was Netflix sued, the Federal Trade Commission jumped on the bandwagon. Eventually, after "productive discussions" with the FTC, the suit was settled and the Netflix Prize was no more.
Takeaway. The Netflix case raises very serious questions for online sellers and direct marketers with regard to supposedly anonymous aggregated databases that reflect customer information, including purchasing histories and demographic information. In the future, we may well see privacy and security laws evolve to cover databases that are susceptible to re-identification. Each company should actively examine the intersection between its business objectives and the privacy concerns of its customers with regard to the collection, storage, and use of customer data. Clear and accurate privacy policy disclosures are essential to ensure that consumers understand a company's information collection and disclosure practices. The claims against Netflix included assertions that standard privacy policy provisions were materially misleading given the availability of re-identification.
Most federal and state privacy and data security statutes focus on the protection of "personally identifiable information," such as names, addresses, telephone numbers, financial account numbers, social security numbers, and email addresses. In response to such laws, many companies strip personally identifiable information from databases containing sensitive information. Once stripped of identifiers, the theory goes, the risks of identity theft or violations of consumer privacy rights resulting from disclosure of the data (whether purposeful or not) are eliminated. Some companies may even conclude that the data may be shared for marketing or "data mining" purposes without violating their privacy policies or applicable laws.
According to the Electronic Privacy Information Center, however, "computer scientists have revealed that this 'anonymized' data can easily be re-identified, such that the sensitive information may be linked back to an individual."
Ten years ago, the risk of such "re-identification" was "largely theoretical":
"In a corner of the U.S. Census Bureau, a small group of statisticians has been sweating out the agency's nightmare scenario: 're-identification.' That's the term for a technique that the bureau fears could allow marketers and other "intruders" to match anonymous census information with the names of the people who provided it. Such a concern is largely theoretical, so far. But if perfected, the technique could have great appeal to marketers of everything from french fries to financial services."
-Glenn R. Simpson, "The 2000 Count: Bureau Blurs Data To Keep Names Confidential," The Wall Street Journal, February 14, 2001.
The risk is theoretical no more, and online sellers and direct marketers that fail to pay attention to the issue do so at their own peril.
The Netflix Case. Netflix just announced that it is canceling its Netflix Prize after being sued in federal court on a class action basis for invasion of privacy and violation of the Video Privacy Protection Act ("VPPA") based upon the alleged re-identification of individuals whose movie rating information was made public in a database that had been scrubbed of personal information.
Netflix sponsored a contest to see if entrants could provide "collaborative filtering algorithms" that could better predict viewers' movie ratings than Netflix's existing Cinematch recommendation engine. In connection with the contest, entrants were given an "anonymized" training data set that contained 100 million subscriber movie ratings covering 480,000 subscribers and 18,000 movies. Each of the rating entries included a unique numeric identifier representing the subscriber, but contained no personally identifiable information.
It didn't take long, however, for two researchers at the University of Texas to identify two of the anonymous subscribers in the training data set. They did so by using public reviews available on the Internet Movie Database and re-identification algorithms. The researchers found that one of the people they identified "had strong-ostensibly private-opinions about liberal and gay-themed films and had ratings for some religious films." (The complete study is available here.) The researchers were apparently able to identify individual subscribers despite the "perturbation techniques" employed by Netflix to protect individual identities. (Perturbation adds "noise" to a database to protect individual record confidentiality. The UT researchers had developed a technique that was "robust to perturbation in the data.")
In at least one respect, the Netflix case presented a good opportunity for class action plaintiffs because the federal VPPA specifically makes video rental information private. (As is often the case with privacy laws, the VPPA was passed in reaction to a highly publicized event - in this case, the release of Judge Robert Bork's video rental records during Senate hearings on his nomination to the United States Supreme Court.) But, the Netflix suit went far beyond alleged VPPA violations, and included sweeping counts under California statutes (including for alleged unfair trade practices and false advertising), as well as common law privacy claims. Not only was Netflix sued, the Federal Trade Commission jumped on the bandwagon. Eventually, after "productive discussions" with the FTC, the suit was settled and the Netflix Prize was no more.
Takeaway. The Netflix case raises very serious questions for online sellers and direct marketers with regard to supposedly anonymous aggregated databases that reflect customer information, including purchasing histories and demographic information. In the future, we may well see privacy and security laws evolve to cover databases that are susceptible to re-identification. Each company should actively examine the intersection between its business objectives and the privacy concerns of its customers with regard to the collection, storage, and use of customer data. Clear and accurate privacy policy disclosures are essential to ensure that consumers understand a company's information collection and disclosure practices. The claims against Netflix included assertions that standard privacy policy provisions were materially misleading given the availability of re-identification.
Gift Cards: The Sleeping Dog
Many of you may have read about the federal Credit Card Accountability, Responsibility, And Disclosure Act of 2009 (the “CARD Act”). While the CARD Act largely regulates the terms and conditions for credit cards, it also provides certain protections for purchasers of gift cards that will go into effect on August 22, 2010. But many people may not be aware that the CARD Act does not preempt or otherwise supersede state laws on gift cards, either before August 22 or afterwards.
There are many states that have gift card laws that bar the use of expiration dates on purchased gift cards, prohibit or set restrictions on imposing inactivity fees or other charges with regard to gift cards, and/or require disclosures regarding fees and expiration dates. Some of these laws are enforceable by the attorneys general of the states and/or through suits brought by consumers.
Moreover, most of these laws are enforceable against online retailers, even if the online retailer doesn’t have nexus or a physical presence in the state. Constitutional “Due Process” standards permit suits against a company that might nevertheless be insulated from tax obligation under the Commerce Clause. As long as the online retailer sells to a customer in the state, the online retailer will be subject to the provisions of the state’s gift card statute.
Finally, there are several states that require the “escheat,” or payment over to the state, of the value gift certificates and gift cards that have not been redeemed within a prescribed period of time set by statute. These so-called “unclaimed property” statutes are designed to preclude a retailer from obtaining an advantage through such “breakage” and require the payment of all or a portion of the face value of the gift cards to the state.
The point is not to throw your hands up in defeat and either ignore the applicable statutes or take measures that do not make sense from a business standpoint. Rather, a prudent online retailer should review its gift card program in light of the various state statutes. This will be particularly important prior to the effective date of the CARD Act on August 22, 2010, so that the retailer can understand its obligations with respect to gift cards issued before and after the new requirements of the CARD Act take effect.
There are many states that have gift card laws that bar the use of expiration dates on purchased gift cards, prohibit or set restrictions on imposing inactivity fees or other charges with regard to gift cards, and/or require disclosures regarding fees and expiration dates. Some of these laws are enforceable by the attorneys general of the states and/or through suits brought by consumers.
Moreover, most of these laws are enforceable against online retailers, even if the online retailer doesn’t have nexus or a physical presence in the state. Constitutional “Due Process” standards permit suits against a company that might nevertheless be insulated from tax obligation under the Commerce Clause. As long as the online retailer sells to a customer in the state, the online retailer will be subject to the provisions of the state’s gift card statute.
Finally, there are several states that require the “escheat,” or payment over to the state, of the value gift certificates and gift cards that have not been redeemed within a prescribed period of time set by statute. These so-called “unclaimed property” statutes are designed to preclude a retailer from obtaining an advantage through such “breakage” and require the payment of all or a portion of the face value of the gift cards to the state.
The point is not to throw your hands up in defeat and either ignore the applicable statutes or take measures that do not make sense from a business standpoint. Rather, a prudent online retailer should review its gift card program in light of the various state statutes. This will be particularly important prior to the effective date of the CARD Act on August 22, 2010, so that the retailer can understand its obligations with respect to gift cards issued before and after the new requirements of the CARD Act take effect.
Friday, March 12, 2010
Thoughts from the NEMOA Spring Conference: Perils for Vendors from Affiliate Endorsements
Today was Day 3 of the New England Mail Order Association Spring Conference in Boston. It was a great conference with lots of opportunities for benchmarking and networking. A number of industry gurus were present, including George Michie from The Rimm-Kaufman Group, who gave a great talk on paid search issues that this lawyer found compelling.
Marty Eisenstein and I moderated a round table discussion on emerging online affiliate issues. There was quite a bit of interest in new FTC guidelines regarding testimonials and endorsements. These new guidelines have the potential to impact seriously a number of business practices that are quite common among reputable online merchants.
Imagine if you will the following scenario: Acme Direct Marketing is an online seller of skin cream. Acme enters into an agreement with a third party to create a revenue-sharing affiliate network for the purpose of generating traffic to Acme's website. Affiliates enroll through the third party--perhaps Google. Many affiliates, if not all, are anonymous as far as Acme is concerned. They are paid each month based upon the traffic that they drive to Acme's website. Traffic is measured by the third party, who bills Acme for traffic generated each month. I am guessing that this scenario sounds quite familiar to many online merchants--in fact almost all online merchants engage in some variation of this business practice.
Now assume that one such affiliate (or maybe several) includes content on its website for the purpose of attracting attention and referring traffic to the merchants for whom it is an affiliate. The material that it posts on its website is often not entirely accurate--after all, these folks know nothing about the cosmetics business, and even less about truth-in-advertising. Perhaps the affiliate takes some liberties with the supposed benefits of Acme's product.
Under new FTC guidelines, Acme is responsible for false or misleading statements made by its affiliates. Moreover, the affiliate is obligated to disclose that it receives remuneration in exchange for sending traffic to Acme's website.
In many instances, the system for managing far flung affiliate networks is simply not designed to permit monitoring of these affiliate sites. In addition, early indications in the marketplace show that third party affiliate programs are not eager to assume any of the legal risks associated with these new guidelines.
Under the circumstances, responsible merchants need to be thinking about techniques for monitoring affiliate networks, and for securing contractual assurances that the affiliates will comply with the new rules.
Marty Eisenstein and I moderated a round table discussion on emerging online affiliate issues. There was quite a bit of interest in new FTC guidelines regarding testimonials and endorsements. These new guidelines have the potential to impact seriously a number of business practices that are quite common among reputable online merchants.
Imagine if you will the following scenario: Acme Direct Marketing is an online seller of skin cream. Acme enters into an agreement with a third party to create a revenue-sharing affiliate network for the purpose of generating traffic to Acme's website. Affiliates enroll through the third party--perhaps Google. Many affiliates, if not all, are anonymous as far as Acme is concerned. They are paid each month based upon the traffic that they drive to Acme's website. Traffic is measured by the third party, who bills Acme for traffic generated each month. I am guessing that this scenario sounds quite familiar to many online merchants--in fact almost all online merchants engage in some variation of this business practice.
Now assume that one such affiliate (or maybe several) includes content on its website for the purpose of attracting attention and referring traffic to the merchants for whom it is an affiliate. The material that it posts on its website is often not entirely accurate--after all, these folks know nothing about the cosmetics business, and even less about truth-in-advertising. Perhaps the affiliate takes some liberties with the supposed benefits of Acme's product.
Under new FTC guidelines, Acme is responsible for false or misleading statements made by its affiliates. Moreover, the affiliate is obligated to disclose that it receives remuneration in exchange for sending traffic to Acme's website.
In many instances, the system for managing far flung affiliate networks is simply not designed to permit monitoring of these affiliate sites. In addition, early indications in the marketplace show that third party affiliate programs are not eager to assume any of the legal risks associated with these new guidelines.
Under the circumstances, responsible merchants need to be thinking about techniques for monitoring affiliate networks, and for securing contractual assurances that the affiliates will comply with the new rules.
Thursday, March 11, 2010
Colorado's HB 1193 Risks Constitutional Violations and Threatens Consumer Privacy
The assault on eCommerce by short-sighted state legislators and tax officials continues. By now, many of you have heard or read about the new Colorado law (HB 1193) enacted in February, that imposes certain sales tax notice and reporting obligations upon each “retailer that does not collect Colorado sales tax.” Under the law, most non-collecting retailers are required:
(a) beginning effective March 1, 2010, to inform their Colorado purchasers of the purchaser’s duty to remit use tax on certain purchases under Colorado law;
(b) beginning in January 2011, to provide Colorado purchasers an annual statement of all of their Colorado purchases from the retailer; and
(c) beginning in January 2011, to file annually with the Colorado Department of Revenue a list of all purchasers and the amount of their Colorado purchases.
These new obligations are backed by substantial penalties for retailers that do not comply. Amazon.com reacted to the passage of the bill by terminating all of its Colorado online affiliate relationships, angering Colorado lawmakers who had worked with Amazon and its local affiliates in removing “New York style” affiliate nexus provisions from earlier drafts of the bill.
But the tiff between Amazon and Colorado is really a side-show that masks the genuine problems with the law, including both potential constitutional violations and invasions of consumer privacy. Colorado lawmakers and revenue officials made no secret during debate on the bill that the new law was expressly intended to force out-of-state online and direct marketers to begin collecting Colorado use tax on their sales to Colorado residents, despite constitutional prohibitions against the imposition of such tax obligations under the Commerce Clause, as reaffirmed by the Supreme Court in Quill Corp. v. North Dakota.
The burdens imposed by the new law are real and discriminatory; no Colorado retailer is required to comply with them, but out-of-state online and direct marketers’ compliance is mandatory. Also, given the propensity for “copy cat” nexus legislation among the states in recent years, such laws are likely to proliferate in other state legislation soon, unless online and direct marketers (and voting consumers) trumpet the problems with such laws. Already, the South Dakota Department of Revenue & Regulation is following Colorado’s lead by informally demanding that out-of-state companies provide it a list of in-state purchasers who may owe use tax.
Consumers should take note because the new Colorado law suggests that some state lawmakers feel that the answer to encouraging increased use tax compliance by online shoppers is the systematic invasion of their privacy, on a massive scale. Under the Colorado law, every online and mail-order purchaser in Colorado will have the source and amount of his or her purchases from out-of-state sellers fully documented in Colorado Department of Revenue databases, down to the last penny. Such files are presumptively public records, and thus potentially subject to disclosure under Colorado’s Open Records Law. Furthermore, even if the Department resists the formal requests for access to such records that will inevitably come, public agencies such as the Department are typically not subject to data security laws (for example, Colorado’s data breach statute applies only to individuals and commercial entities), and thus unlike private businesses are not compelled to have meaningful data security measures in place. Little wonder the great majority of all data breaches have occurred through public agencies, including other Colorado agencies.
Voters in other states beware.
(a) beginning effective March 1, 2010, to inform their Colorado purchasers of the purchaser’s duty to remit use tax on certain purchases under Colorado law;
(b) beginning in January 2011, to provide Colorado purchasers an annual statement of all of their Colorado purchases from the retailer; and
(c) beginning in January 2011, to file annually with the Colorado Department of Revenue a list of all purchasers and the amount of their Colorado purchases.
These new obligations are backed by substantial penalties for retailers that do not comply. Amazon.com reacted to the passage of the bill by terminating all of its Colorado online affiliate relationships, angering Colorado lawmakers who had worked with Amazon and its local affiliates in removing “New York style” affiliate nexus provisions from earlier drafts of the bill.
But the tiff between Amazon and Colorado is really a side-show that masks the genuine problems with the law, including both potential constitutional violations and invasions of consumer privacy. Colorado lawmakers and revenue officials made no secret during debate on the bill that the new law was expressly intended to force out-of-state online and direct marketers to begin collecting Colorado use tax on their sales to Colorado residents, despite constitutional prohibitions against the imposition of such tax obligations under the Commerce Clause, as reaffirmed by the Supreme Court in Quill Corp. v. North Dakota.
The burdens imposed by the new law are real and discriminatory; no Colorado retailer is required to comply with them, but out-of-state online and direct marketers’ compliance is mandatory. Also, given the propensity for “copy cat” nexus legislation among the states in recent years, such laws are likely to proliferate in other state legislation soon, unless online and direct marketers (and voting consumers) trumpet the problems with such laws. Already, the South Dakota Department of Revenue & Regulation is following Colorado’s lead by informally demanding that out-of-state companies provide it a list of in-state purchasers who may owe use tax.
Consumers should take note because the new Colorado law suggests that some state lawmakers feel that the answer to encouraging increased use tax compliance by online shoppers is the systematic invasion of their privacy, on a massive scale. Under the Colorado law, every online and mail-order purchaser in Colorado will have the source and amount of his or her purchases from out-of-state sellers fully documented in Colorado Department of Revenue databases, down to the last penny. Such files are presumptively public records, and thus potentially subject to disclosure under Colorado’s Open Records Law. Furthermore, even if the Department resists the formal requests for access to such records that will inevitably come, public agencies such as the Department are typically not subject to data security laws (for example, Colorado’s data breach statute applies only to individuals and commercial entities), and thus unlike private businesses are not compelled to have meaningful data security measures in place. Little wonder the great majority of all data breaches have occurred through public agencies, including other Colorado agencies.
Voters in other states beware.
Harmonized Sales Tax Expands to Ontario and British Columbia on July 1, 2010
In the past year, both Ontario and British Columbia entered into agreements with the Canadian federal government to harmonize the Goods and Services Tax (“GST”) and Provincial Sales Taxes (“PST”) into a single Harmonized Sales Tax or “HST.” The HST will be effective July 1, 2010, and will be administered by the Canada Revenue Agency (“CRA”). Ontario and the federal government have already passed legislation implementing the HST. British Columbia has yet to pass its own implementing legislation, but has already taken steps towards harmonization with the federal government.
Following harmonization, the Ontario HST will be 13% (comprised of a 5% federal component and an 8% provincial component), and the British Columbia HST will be 12% (5% federal/7% provincial). Both provincial component rates will be locked in for the first two years of the HST. American and other non-Canadian vendors should take note that under the new HST, imports into Canada of non-commercial goods by or for a consumer who is a resident of an HST province, regardless of the port of import, are subject to both the federal and provincial components of the HST.
In general, the new HST will have the same tax base as the current federal GST, but vendors should be sure to confirm the taxability of their goods and services. The Ontario Ministry of Revenue estimates that there will be no change in tax status for over 80% of goods and services sold to consumers. Certain items currently exempt under the PST, including children’s clothing and footwear, will continue to be exempt from the provincial component of the HST. These exemptions will take the form of a “point of sale” rebate. Basic groceries, prescription drugs, and many other goods and services already exempt under the PST will be exempt from both components of the HST. Ontario has provided comprehensive transitional rules to help businesses properly tax transactions that straddle the implementation date.
Vendors should take a close look at their current tax practices and make sure they are ready to comply with the HST before it goes into effect.
Following harmonization, the Ontario HST will be 13% (comprised of a 5% federal component and an 8% provincial component), and the British Columbia HST will be 12% (5% federal/7% provincial). Both provincial component rates will be locked in for the first two years of the HST. American and other non-Canadian vendors should take note that under the new HST, imports into Canada of non-commercial goods by or for a consumer who is a resident of an HST province, regardless of the port of import, are subject to both the federal and provincial components of the HST.
In general, the new HST will have the same tax base as the current federal GST, but vendors should be sure to confirm the taxability of their goods and services. The Ontario Ministry of Revenue estimates that there will be no change in tax status for over 80% of goods and services sold to consumers. Certain items currently exempt under the PST, including children’s clothing and footwear, will continue to be exempt from the provincial component of the HST. These exemptions will take the form of a “point of sale” rebate. Basic groceries, prescription drugs, and many other goods and services already exempt under the PST will be exempt from both components of the HST. Ontario has provided comprehensive transitional rules to help businesses properly tax transactions that straddle the implementation date.
Vendors should take a close look at their current tax practices and make sure they are ready to comply with the HST before it goes into effect.
LifeLock: $12 Million to Settle Data Security False Advertising Claims
The company whose advertising campaign included displaying their CEO's social security number on the side of a truck has reached a settlement to pay $12 million to the FTC and 35 states who charged LifeLock, Inc. with false representations about the effectiveness of its services. In an official press release, FTC Chairman Jon Leibowitz said that “[w]hile LifeLock promised consumers complete protection against all types of identity theft, in truth, the protection it actually provided left enough holes that you could drive a truck through it.”
But the case against LifeLock didn't end there. The FTC and the states also charged LifeLock with making false claims about its own data security practices. According to the FTC, LifeLock failed to live up to the following representations:
• “Only authorized employees of LifeLock will have access to the data that you provide to us, and that access is granted only on a ‘need to know’ basis.”
• “All stored personal data is electronically encrypted.”
• “LifeLock uses highly secure physical, electronic, and managerial procedures to safeguard the confidentiality and security of the data you provide to us.”
The FTC charged that "LifeLock’s data was not encrypted, and sensitive consumer information was not shared only on a 'need to know' basis." The agency also charged that the company’s data system was vulnerable and could have been exploited by those seeking access to customer information." Read more here.
Takeaway: Many companies make promises about data security, particularly in connection with online transactions. If your company is going to publish those kinds of assurances, make sure you live up to them. While this is not the first time the FTC has penalized a company for allegedly false claims about data security, the fine is one of the largest.
But the case against LifeLock didn't end there. The FTC and the states also charged LifeLock with making false claims about its own data security practices. According to the FTC, LifeLock failed to live up to the following representations:
• “Only authorized employees of LifeLock will have access to the data that you provide to us, and that access is granted only on a ‘need to know’ basis.”
• “All stored personal data is electronically encrypted.”
• “LifeLock uses highly secure physical, electronic, and managerial procedures to safeguard the confidentiality and security of the data you provide to us.”
The FTC charged that "LifeLock’s data was not encrypted, and sensitive consumer information was not shared only on a 'need to know' basis." The agency also charged that the company’s data system was vulnerable and could have been exploited by those seeking access to customer information." Read more here.
Takeaway: Many companies make promises about data security, particularly in connection with online transactions. If your company is going to publish those kinds of assurances, make sure you live up to them. While this is not the first time the FTC has penalized a company for allegedly false claims about data security, the fine is one of the largest.
The WISP Has (Finally) Landed: MA's Data Protection Law Now In Effect
After a seemingly unending series of delays and modifications, Massachusetts's data protection regulation finally went into effect on March 1, 2010. A copy of the regulation can be obtained here. Unlike the data protection laws of most states, the Massachusetts regulation requires holders of data to put in place a comprehensive set of written measures to protect confidential information (also known as a "WISP," or “written information security policy”), and to update their WISPs on an annual basis. The required contents of the WISP are outlined in the regulation, and cover topics ranging from encryption to vendor agreements.
Thumbnail: The new regulation applies to all persons and companies who either own or license personal information about residents of Massachusetts, and applies both to electronic and paper records. While the opening clause of the regulation appears to limit its coverage to "customer information" and "consumers," the balance of the regulation does not distinguish between information about customers, consumers, employees, or other categories of persons. If past experience with the administrative process in Massachusetts is any guide, it will be a long and winding road before we get any formal guidance as to the regulation’s scope.
Takeaway: Irrespective of Massachusetts's new regulation, it is in the interest of every company that possesses confidential personal information to have a written security policy to protect confidential information from inadvertent disclosure and from disclosure by intentional interception or theft. The Massachusetts regulation provides a useful set of guidelines as to what should be in that policy.
Here are some reasons to pay attention:
First, companies can face substantial liability for data disclosures, including by consumer class actions and enforcement actions by regulators. A written WISP that is implemented and followed can be important as a defense against such claims, including claims under theories of negligence.
Second, many companies make information security promises on their web pages, and failure to back up those promises with written protocols and standards can lead to FTC complaints and penalties, among other unpleasant consequences.
Third, a written policy is probably the only practical way to effectively control the use and dissemination of confidential information within an organization of any size and to avoid, to the fullest extent possible, the legal and public relations nightmare of a data breach.
Finally, the measures set out in the WISP ought to provide a company with early warnings so that it can promptly notify regulatory agencies, law enforcement, and consumers whose information may have been compromised.
At least for now, Massachusetts has indicated that it will only audit a company for compliance with the regulation if the company notifies the state of a security breach (as it is required to do), or if a security breach as to which the State was not notified hits the press. While a potential data security breach presents inherent public relations and legal risks for a company, having a solid WISP and a good faith effort to implement it is the first and best line of defense.
Thumbnail: The new regulation applies to all persons and companies who either own or license personal information about residents of Massachusetts, and applies both to electronic and paper records. While the opening clause of the regulation appears to limit its coverage to "customer information" and "consumers," the balance of the regulation does not distinguish between information about customers, consumers, employees, or other categories of persons. If past experience with the administrative process in Massachusetts is any guide, it will be a long and winding road before we get any formal guidance as to the regulation’s scope.
Takeaway: Irrespective of Massachusetts's new regulation, it is in the interest of every company that possesses confidential personal information to have a written security policy to protect confidential information from inadvertent disclosure and from disclosure by intentional interception or theft. The Massachusetts regulation provides a useful set of guidelines as to what should be in that policy.
Here are some reasons to pay attention:
First, companies can face substantial liability for data disclosures, including by consumer class actions and enforcement actions by regulators. A written WISP that is implemented and followed can be important as a defense against such claims, including claims under theories of negligence.
Second, many companies make information security promises on their web pages, and failure to back up those promises with written protocols and standards can lead to FTC complaints and penalties, among other unpleasant consequences.
Third, a written policy is probably the only practical way to effectively control the use and dissemination of confidential information within an organization of any size and to avoid, to the fullest extent possible, the legal and public relations nightmare of a data breach.
Finally, the measures set out in the WISP ought to provide a company with early warnings so that it can promptly notify regulatory agencies, law enforcement, and consumers whose information may have been compromised.
At least for now, Massachusetts has indicated that it will only audit a company for compliance with the regulation if the company notifies the state of a security breach (as it is required to do), or if a security breach as to which the State was not notified hits the press. While a potential data security breach presents inherent public relations and legal risks for a company, having a solid WISP and a good faith effort to implement it is the first and best line of defense.
Wednesday, March 10, 2010
Hooray for Bank of America's New Overdraft Rules?
Is the end of the $39 cup of coffee in sight (See How Your $4 Cup of Coffee Can Cost You)? Today, Bank of America announced that it is doing away with debit card overdraft fees and will just decline consumer transactions that result in an overdraft on their debit card (See Bank of America to End Bank Overdraft Fees). Seems that is just what consumer groups have said for some time that banks should do, but that some banks claimed they couldn't technologically do. Bank of America is crediting itself with listening to consumer preferences on debit cards and their desire to help customers avoid unexpected fees. Bank of America has turned into the kinder, consumer friendly bank? Apparently, they are even notifying customers now when an ATM withdrawl will result in an overdraft (and a $35 fee), rather than just pushing the transaction through. But not to worry, Bank of America will continue to have overdraft coverage that most consumers want on their checks and routine account payments. Rather than trying to convince customers that they really want the $39 cup of coffee, Bank of America has apparently caved on this one. Good for them. Doing the right thing by customers (even if under pressure from the Federal Reserve) is a big step. Hopefully, this will set the tone for other large banks to follow suit. Apparently Citibank has stopped charging overdrafts on debit and ATM transactions.
For those banks not doing away with these fees, the Federal Reserve's new opt-in rules on debit cards are due to come into effect on July 1, 2010. The Federal Reserve’s Final Rules came down on the side of the consumer on many issues. Because the Truth-in-Lending Act applies to credit cards, but does not apply to debit cards, the Federal Reserve’s Final Rules are under the Electronic Funds Transfer Act (15 U.S.C. 1693 et seq.) (EFTA). The thrust of the Final Rules is primarily disclosure and consent based, rather than tackling some of the troublesome banking practices involved in the processing of overdrafts for enrolled customers and the amount banks charge for overdraft services. Specifically, the Final Rules ensure that:
With any luck, we'll see other large banks doing away with the debit and ATM overdrafts over the coming months. Seems easy enough just to deny the transaction at the counter. Not sure I'd say this, but good job Bank of America.
For those banks not doing away with these fees, the Federal Reserve's new opt-in rules on debit cards are due to come into effect on July 1, 2010. The Federal Reserve’s Final Rules came down on the side of the consumer on many issues. Because the Truth-in-Lending Act applies to credit cards, but does not apply to debit cards, the Federal Reserve’s Final Rules are under the Electronic Funds Transfer Act (15 U.S.C. 1693 et seq.) (EFTA). The thrust of the Final Rules is primarily disclosure and consent based, rather than tackling some of the troublesome banking practices involved in the processing of overdrafts for enrolled customers and the amount banks charge for overdraft services. Specifically, the Final Rules ensure that:
(1) banks cannot enroll customers in overdraft services for ATM and one time debit card transactions without their consent (an opt-in);The Final Rules specifically declined proposals regarding the practice of debit card holds, suggesting instead that banks, networks, and merchants should address this problem.
(2) banks do not condition the payment of overdrafts on other items, such as checks and ACH transactions, on the customer opting-in for ATM and debit card services and cannot decline overdrafts on checks and ACH transactions for this reason;
(3) banks provide the same account terms, conditions and features to customers whether or not they opt-in; and
(4) the opt-in approach applies to existing and new accounts beginning July 1, 2010.
With any luck, we'll see other large banks doing away with the debit and ATM overdrafts over the coming months. Seems easy enough just to deny the transaction at the counter. Not sure I'd say this, but good job Bank of America.
- JSM
Tuesday, March 9, 2010
“Amazon Affiliate Nexus” Statutes: A Business-Savvy Alternative
Tax and trade journals report about each new state that is considering adopting an “Amazon Affiliate Nexus” statute, patterned after the New York statute adopted in 2008. As of this writing, North Carolina and Rhode Island have each enacted a New York-type online affiliate nexus statute, and several other states, including California, Connecticut, Illinois, Maryland, Minnesota, Tennessee, Vermont and Virginia are considering whether to adopt similar statutes. Should an online retailer discontinue its affiliate relationships in those states? Should the online retailer begin collecting and remitting sales and use tax in states with such statutes even where it has no physical presence? Should the online retailer challenge the statute in court by suing the state and disputing the constitutionality of the statute, as was done by Amazon.com and Overstock.com in New York? There are clearly problems with each approach. If the retailer elects to discontinue its online affiliate relationships, the retailer may hurt its business. Besides, the retailer may not have identified all of its affiliates, each of which contributes to a presumption of nexus under the statute, and thus may face a risk of nexus in any event. On the other hand, a retailer’s collection of the sales and use tax means remitting the sales and use tax on all of its sales in the state, even if the affiliate-generated transactions are only a small percentage of its sales. Least attractive of all may be the litigation approach, which can take a long time to reach resolution and which has an uncertain outcome.
But, the use of an affiliate in a state with an affiliate nexus statute does not automatically create nexus. Rather, under each of the statutes already enacted and under those proposed in other states, use of an in-state affiliate creates a presumption of nexus that can be rebutted by a showing that the affiliates do not engage in traditional solicitation activities in the state. While each state provides a general description of the type of showing an online retailer needs to make in order to avoid a finding of nexus, it is only New York that provides an actual road map to rebut the finding of nexus. New York TSB-M-08(3.1)S provides a “safe harbor” method of rebutting the presumption of nexus when an out-of-state retailer uses New York affiliates. Thus, one alternative for a retailer to consider is what I call a “New York style” approach. Namely, the online retailer would provide in each agreement with its affiliates (the “Terms and Conditions”) that the affiliate agrees (covenants) not to engage in any traditional solicitation activities in the state that result in referring potential customers to the retailer. In addition, the agreement with the retailer should provide that the affiliate will provide to the retailer on an annual basis a certificate attesting to its satisfaction of the “no solicitation” clause and agreeing that the failure to submit such a certificate terminates the affiliate relationship and the payment of commissions or other compensation to the affiliate. While the implementation of an agreement along the foregoing lines will not automatically overcome the presumption in states other than New York, it is a proactive approach to rebutting the presumption they create and is worthy of serious consideration by an online marketer, depending upon its particular circumstances and in consultation with its counsel.
But, the use of an affiliate in a state with an affiliate nexus statute does not automatically create nexus. Rather, under each of the statutes already enacted and under those proposed in other states, use of an in-state affiliate creates a presumption of nexus that can be rebutted by a showing that the affiliates do not engage in traditional solicitation activities in the state. While each state provides a general description of the type of showing an online retailer needs to make in order to avoid a finding of nexus, it is only New York that provides an actual road map to rebut the finding of nexus. New York TSB-M-08(3.1)S provides a “safe harbor” method of rebutting the presumption of nexus when an out-of-state retailer uses New York affiliates. Thus, one alternative for a retailer to consider is what I call a “New York style” approach. Namely, the online retailer would provide in each agreement with its affiliates (the “Terms and Conditions”) that the affiliate agrees (covenants) not to engage in any traditional solicitation activities in the state that result in referring potential customers to the retailer. In addition, the agreement with the retailer should provide that the affiliate will provide to the retailer on an annual basis a certificate attesting to its satisfaction of the “no solicitation” clause and agreeing that the failure to submit such a certificate terminates the affiliate relationship and the payment of commissions or other compensation to the affiliate. While the implementation of an agreement along the foregoing lines will not automatically overcome the presumption in states other than New York, it is a proactive approach to rebutting the presumption they create and is worthy of serious consideration by an online marketer, depending upon its particular circumstances and in consultation with its counsel.
Monday, March 8, 2010
Welcome to Eyes on eCom Law
Welcome to Eyes on eCom Law, a blog devoted to providing legal insight to the world of online and direct marketing. The attorneys at Brann & Isaacson have been advising direct marketers on all aspects of their businesses for more than 35 years, and have served as Tax Counsel for the Direct Marketing Association for the past 20 years. As direct marketing has evolved from traditional mail order to online and multi-channel marketing, we have continued to guide clients through an ever-changing landscape of legal issues. We know firsthand that both "pure-play" online and multi-channel direct marketers face their own set of unique legal challenges in areas such as tax, privacy and data security, Federal Trade Commission compliance, state abandoned property laws, intellectual property, product safety, and consumer protection.
With our breadth of practice and depth of experience, Brann & Isaacson has the expertise necessary to identify and explain the significance of new legal developments relevant to eCommerce. For "e-tailers" of every size and business model, it can be a difficult task to navigate eCommerce’s myriad legal intricacies. We hope that this blog will serve as a resource to help the direct marketer manage its business and to make sense of the legal developments and challenges (and even opportunities) facing the industry. Please feel welcome to ask questions, make comments and send us feedback!
With our breadth of practice and depth of experience, Brann & Isaacson has the expertise necessary to identify and explain the significance of new legal developments relevant to eCommerce. For "e-tailers" of every size and business model, it can be a difficult task to navigate eCommerce’s myriad legal intricacies. We hope that this blog will serve as a resource to help the direct marketer manage its business and to make sense of the legal developments and challenges (and even opportunities) facing the industry. Please feel welcome to ask questions, make comments and send us feedback!
Thursday, March 4, 2010
FunnyorDie.com Presidential Reunion
In case you've not seen it, former Presidents Bush, Clinton, Bush, Ford, Carter and Reagan wake up President Obama in the middle of the night to urge him to pass the Consumer Financial Protection Agency (CFPA). One of the funniest parts is President Bush commenting that he had no idea that when he put the Iraq war on his credit card, he'd be paying 28%! Here it is:
- JSM
Wednesday, March 3, 2010
New Sales Survey Available!
I've just put the new Sales Survey up on SSRN. It will be out in the Business Lawyer sometime next summer. An excerpt regarding a a fun warranty case, Nigro v. Lee, 63 A.D.3d 1490 (N.Y.A.D. 3 Dept. 2009) about a car sold on Ebay:
Whether a seller’s statements made during negotiations or through advertising constitute an express warranty is a common point of contention between disgruntled buyers and their sellers. The Supreme Court, Appellate Division, of New York upheld summary judgment in favor of the defendant seller from Nevada who advertised a 1995 Mercedes Benz automobile on Ebay as “gorgeous” and with just minor blemishes, but sold the car “as is.” Upon arrival of the car to the buyer in New York, the buyer discovered the car had been damaged in an accident and had been painted, the upholstery was stained, the undercoating was worn out and parts were rusted, and that body work would cost $1,741.66. While the court recognized that any description of the goods could create an express warranty, the seller’s generalized expression was merely the seller's opinion of the car and constitutes “no more than ‘puffery,’ which should not have been relied upon as an inducement to purchase the vehicle,” particularly in light of the fact that this was a used car transaction. Moreover, the plaintiff could have discovered any deficiencies in the car by performing a routine inspection, which he did not do.See U.C.C. 2-313.
- JSM
Tuesday, March 2, 2010
New Credit Card Rules Go Into Action
Happily, the CARD act provisions are in full effect now. So, what to look for on your statements? I think the disclosure about how long it will take you to pay off your credit card if you only pay the minimum is helpful, especially when coupled with how much you need to pay in order to pay off the debt in just three years. But, consumers must actually read the statements to get the disclosure . . .
CNN has a good piece on credit card reform (click here, as I could not embed it). With card companies increasing rates, there has been a greater proliferation of high rate cards. First Premier has a card for high risk customers that carries a 59.9% interest rate! Yikes! Interestingly, the National Credit Union Administration caps credit unions at 18% interest on credit union cards by law, but private card companies have no such similar limit (See LA Times, Seattle Times). Of course, its all about access to credit, according to the American Banker's Association. While I can understand access to credit and the need for people to build credit, 59.9% is over-the-top and at that rate perhaps some people should not be getting credit, as the cost is too high. Perhaps there is a role for the traditional usury statutes again.
Whose to blame for all this mess? Well, the Supreme Court had a part to play with its 1978 decision in Marquette vs. First Omaha Services making it legal under the National Bank Act for banks to locate in states without interest rate restrictions. Although the Court recognized that this would impair the effectiveness of state usury laws, the problem is "better addressed to the wisdom of Congress than to the judgment of this Court." Despite the passage of the CARD Act, Congress has not addressed the interest rate differential. Perhaps the increases in rates after the CARD Act might provide some impetus for changes to the extent banks overreach in their charging of customers.
CNN has a good piece on credit card reform (click here, as I could not embed it). With card companies increasing rates, there has been a greater proliferation of high rate cards. First Premier has a card for high risk customers that carries a 59.9% interest rate! Yikes! Interestingly, the National Credit Union Administration caps credit unions at 18% interest on credit union cards by law, but private card companies have no such similar limit (See LA Times, Seattle Times). Of course, its all about access to credit, according to the American Banker's Association. While I can understand access to credit and the need for people to build credit, 59.9% is over-the-top and at that rate perhaps some people should not be getting credit, as the cost is too high. Perhaps there is a role for the traditional usury statutes again.
Whose to blame for all this mess? Well, the Supreme Court had a part to play with its 1978 decision in Marquette vs. First Omaha Services making it legal under the National Bank Act for banks to locate in states without interest rate restrictions. Although the Court recognized that this would impair the effectiveness of state usury laws, the problem is "better addressed to the wisdom of Congress than to the judgment of this Court." Despite the passage of the CARD Act, Congress has not addressed the interest rate differential. Perhaps the increases in rates after the CARD Act might provide some impetus for changes to the extent banks overreach in their charging of customers.
- JSM
UCC Legislative Update
It has been a fairly quiet eight months on the UCC legislative front since my last update.
Revised Article 1
As of March 1, 2010, Revised Article 1 was in effect in thirty-seven states: Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Mexico, North Carolina, North Dakota, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, and West Virginia.
State legislatures continue to grapple with the definition of "good faith," although the uniform § R1-201(b)(20) definition has the upper hand. Of the 37 enacting states, 26 have adopted the uniform definition, while 11 have retained the pre-revised definition that, in conjunction with § 2-103(1)(b), imposes a different good faith standard on merchants and non-merchants. Effective July 1, 2010, one of those eleven minority states (Indiana) will join the majority as SB 501, enacted in 2009 primarily for the purpose of amending Articles 3 and 4, also revises Ind. Code § 26-1-1-201(19) to require all parties to act honestly and to observe reasonable commercial standards of fair dealing. (At present, Indiana's Revised Article 1 requires only “honesty in fact.”) This change will take effect July 1, 2010, and further tip the balance among enacting states in favor of the unitary good faith definition in uniform R1-201(b)(20).
With many state legislatures occupied with more pressing issues of the moment, 2009 yielded only three new adoptions -- Alaska, Maine, and Oregon -- down from five in 2008, and seven in 2007. While a downward trend in new enactments eventually becomes inevitable once two-thirds of the states have signed on, 2009's three enactments were the fewest in a year since 2003 (when Idaho became the third state overall to enact Revised Article 1).
As of March 1, only two states -- Mississippi and Wisconsin -- appear to be serious candidates to enact Revised Article 1 in 2010.
Mississippi SB 2419, introduced and amended (to replace a choice-of-law provision that appeared to have derived from the original § R1-301 that all 37 enacting states have declined to adopt and the ALI and NCCUSL have disavowed with one that reflected the substitute § R1-301 the ALI and NCCUSL promulgated in 2008) in January, unanimously passed the Mississippi Senate on February 10. It is presently before the House Judiciary Committee.
Wisconsin AB 687, introduced on January 25 and amended on February 16 to replace the uniform R1-201(b)(20) "good faith" definition with the pre-revised 1-201(19) version, received the Assembly Committee on Financial Institutions's unanimous approval on February 26. It is presently before the Assembly Rules Committee.
Two other bills, Massachusetts HB 89 and Washington SB 5155, seem less likely to produce results.
Massachusetts HB 89, the fifth attempt to enact Revised Article 1 in the Commonwealth, was assigned to the Joint Committee on Economic Development and Emerging Technologies on January 20, 2009. No further action had been reported as of March 1, 2010.
Washington SB 5155, introduced on January 15, 2009, appeared to be drawn directly from the language of official Revised Article 1 circa 2001, including the original version of § R1-301. At an initial public hearing on January 23, 2009, all those testifying in support of and in opposition to the bill opposed the choice-of-law provision. The Washington Senate appears to have taken no further action except to "reintroduce and retain [the bill] in present status" on January 11, 2010.
Article 2 and 2A Amendments
As of March 1, 2010, only three state legislatures (Kansas, Nevada, and Oklahoma) have considered bills proposing to enact the 2003 amendments to UCC Articles 2 and 2A. The Kansas and Nevada bills died on the vine.
In 2005, Oklahoma amended Sections 2-105 and 2A-103 of its Commercial Code to add that the definition of “goods” for purposes of Articles 2 and 2A, respectively, “does not include information,” see 12A Okla. Stat. Ann. §§ 2-105(1) & 2A-103(1)(h) (West 2009), and amended its Section 2-106 to add that “contract for sale” for purposes of Article 2 “does not include a license of information,” see id. § 2-106(1). The net effect is similar to having enacted Amended §§ 2-103(k) & 2A-103(1)(n), both of which exclude information from the meaning of “goods” for purposes of Article 2 and 2A, respectively. Otherwise, no state has enacted any of the 2003 amendments.
While the list of states enacting any of the 2003 amendments may not change in the near future, the number of amendments Oklahoma enacts may. Introduced on February 1, 2010, Oklahoma HB 3104 proposes amendments to forty-nine sections of Article 2 and four sections of Article 2A. The bill includes neither the reformulation of Sections 2-206 and 2-207 nor the addition of Sections 2-313A and 2-313B included in the 2003 Article 2 amendments. Many of the amendments appear designed to facilitate electronic signatures and transactions and to accommodate the terminology surrounding them that grows out of UETA, E-SIGN, and Revised UCC Articles 1 and 7, or to otherwise align Article 2 and 2A terminology with that used in Revised Articles 1 and 7. That is not to say that HB 3104 proposes only cosmetic changes to Oklahoma's versions of Articles 2 and 2A. Several of the proposed amendments alter existing substantive rights, obligations, or remedies. Some of those alterations (e.g., raising the § 2-201 floor from $500 to $5,000) do not seem to be inherently controversial; some (e.g., granting/recognizing a right to cure after a justifiable revocation) may or may not be controversial depending on how courts have interpreted the current Article 2; and some (e.g., giving sellers the right to recover consequential damages) do seem inherently controversial. More on this if the bill progresses.
Article 3 and 4 Amendments
As of March 1, 2010, the 2002 amendments to Articles 3 and 4 were in effect in eight states: Arkansas, Kentucky, Minnesota, Nevada, New Mexico, Oklahoma (for a second time), South Carolina, and Texas. They will take effect in Indiana on July 1, 2010.
As of March 1, 2010, the only pending Articles 3 and 4 bill is Massachusetts HB 90, which has been languishing for more than a year.
Revised Article 7
As of March 1, 2010, Revised UCC Article 7 was in effect in thirty-six states: Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Louisiana, Maine, Maryland, Minnesota, Mississippi, Montana, Nebraska, Nevada, New Hampshire, New Mexico, North Carolina, North Dakota, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Utah, Virginia, and West Virginia.
Additional bills are currently pending in Georgia, Massachusetts, Washington, and Wisconsin; but only the Wisconsin bill appears to be making any progress.
First introduced on February 18, 2009, Georgia HB 451 won unanimous approval in the Georgia House on March 12, and the Senate Judiciary Committee recommended passage on March 26. However, the legislature adjourned on April 3 without a third reading and final action in the senate. HB 451 was "recommitted" to the Georgia Senate on January 11, 2010. No further action has been reported.
Massachusetts HB 89, which also proposes adopting Revised Article 1, was assigned to the Joint Committee on Economic Development and Emerging Technologies on January 20, 2009. No further action has been reported.
Washington SB 5154 was introduced on January 15, 2009, scheduled for a public hearing on January 23, 2009, and then stalled, like its Revised Article 1 counterpart, but without as compelling a reason. It was "reintroduced and retained in present status" on January 11, 2010. No further action has been reported.
Wisconsin AB 688 was introduced on January 25, 2010. On February 22, the Assembly Committee on Jobs, the Economy and Small Business unanimously recommended passage. The bill is now before the Assembly Rules Committee.
Revised Article 1
As of March 1, 2010, Revised Article 1 was in effect in thirty-seven states: Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Florida, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Mexico, North Carolina, North Dakota, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, and West Virginia.
State legislatures continue to grapple with the definition of "good faith," although the uniform § R1-201(b)(20) definition has the upper hand. Of the 37 enacting states, 26 have adopted the uniform definition, while 11 have retained the pre-revised definition that, in conjunction with § 2-103(1)(b), imposes a different good faith standard on merchants and non-merchants. Effective July 1, 2010, one of those eleven minority states (Indiana) will join the majority as SB 501, enacted in 2009 primarily for the purpose of amending Articles 3 and 4, also revises Ind. Code § 26-1-1-201(19) to require all parties to act honestly and to observe reasonable commercial standards of fair dealing. (At present, Indiana's Revised Article 1 requires only “honesty in fact.”) This change will take effect July 1, 2010, and further tip the balance among enacting states in favor of the unitary good faith definition in uniform R1-201(b)(20).
With many state legislatures occupied with more pressing issues of the moment, 2009 yielded only three new adoptions -- Alaska, Maine, and Oregon -- down from five in 2008, and seven in 2007. While a downward trend in new enactments eventually becomes inevitable once two-thirds of the states have signed on, 2009's three enactments were the fewest in a year since 2003 (when Idaho became the third state overall to enact Revised Article 1).
As of March 1, only two states -- Mississippi and Wisconsin -- appear to be serious candidates to enact Revised Article 1 in 2010.
Mississippi SB 2419, introduced and amended (to replace a choice-of-law provision that appeared to have derived from the original § R1-301 that all 37 enacting states have declined to adopt and the ALI and NCCUSL have disavowed with one that reflected the substitute § R1-301 the ALI and NCCUSL promulgated in 2008) in January, unanimously passed the Mississippi Senate on February 10. It is presently before the House Judiciary Committee.
Wisconsin AB 687, introduced on January 25 and amended on February 16 to replace the uniform R1-201(b)(20) "good faith" definition with the pre-revised 1-201(19) version, received the Assembly Committee on Financial Institutions's unanimous approval on February 26. It is presently before the Assembly Rules Committee.
Two other bills, Massachusetts HB 89 and Washington SB 5155, seem less likely to produce results.
Massachusetts HB 89, the fifth attempt to enact Revised Article 1 in the Commonwealth, was assigned to the Joint Committee on Economic Development and Emerging Technologies on January 20, 2009. No further action had been reported as of March 1, 2010.
Washington SB 5155, introduced on January 15, 2009, appeared to be drawn directly from the language of official Revised Article 1 circa 2001, including the original version of § R1-301. At an initial public hearing on January 23, 2009, all those testifying in support of and in opposition to the bill opposed the choice-of-law provision. The Washington Senate appears to have taken no further action except to "reintroduce and retain [the bill] in present status" on January 11, 2010.
Article 2 and 2A Amendments
As of March 1, 2010, only three state legislatures (Kansas, Nevada, and Oklahoma) have considered bills proposing to enact the 2003 amendments to UCC Articles 2 and 2A. The Kansas and Nevada bills died on the vine.
In 2005, Oklahoma amended Sections 2-105 and 2A-103 of its Commercial Code to add that the definition of “goods” for purposes of Articles 2 and 2A, respectively, “does not include information,” see 12A Okla. Stat. Ann. §§ 2-105(1) & 2A-103(1)(h) (West 2009), and amended its Section 2-106 to add that “contract for sale” for purposes of Article 2 “does not include a license of information,” see id. § 2-106(1). The net effect is similar to having enacted Amended §§ 2-103(k) & 2A-103(1)(n), both of which exclude information from the meaning of “goods” for purposes of Article 2 and 2A, respectively. Otherwise, no state has enacted any of the 2003 amendments.
While the list of states enacting any of the 2003 amendments may not change in the near future, the number of amendments Oklahoma enacts may. Introduced on February 1, 2010, Oklahoma HB 3104 proposes amendments to forty-nine sections of Article 2 and four sections of Article 2A. The bill includes neither the reformulation of Sections 2-206 and 2-207 nor the addition of Sections 2-313A and 2-313B included in the 2003 Article 2 amendments. Many of the amendments appear designed to facilitate electronic signatures and transactions and to accommodate the terminology surrounding them that grows out of UETA, E-SIGN, and Revised UCC Articles 1 and 7, or to otherwise align Article 2 and 2A terminology with that used in Revised Articles 1 and 7. That is not to say that HB 3104 proposes only cosmetic changes to Oklahoma's versions of Articles 2 and 2A. Several of the proposed amendments alter existing substantive rights, obligations, or remedies. Some of those alterations (e.g., raising the § 2-201 floor from $500 to $5,000) do not seem to be inherently controversial; some (e.g., granting/recognizing a right to cure after a justifiable revocation) may or may not be controversial depending on how courts have interpreted the current Article 2; and some (e.g., giving sellers the right to recover consequential damages) do seem inherently controversial. More on this if the bill progresses.
Article 3 and 4 Amendments
As of March 1, 2010, the 2002 amendments to Articles 3 and 4 were in effect in eight states: Arkansas, Kentucky, Minnesota, Nevada, New Mexico, Oklahoma (for a second time), South Carolina, and Texas. They will take effect in Indiana on July 1, 2010.
As of March 1, 2010, the only pending Articles 3 and 4 bill is Massachusetts HB 90, which has been languishing for more than a year.
Revised Article 7
As of March 1, 2010, Revised UCC Article 7 was in effect in thirty-six states: Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Louisiana, Maine, Maryland, Minnesota, Mississippi, Montana, Nebraska, Nevada, New Hampshire, New Mexico, North Carolina, North Dakota, Oklahoma, Oregon, Pennsylvania, Rhode Island, South Dakota, Tennessee, Texas, Utah, Virginia, and West Virginia.
Additional bills are currently pending in Georgia, Massachusetts, Washington, and Wisconsin; but only the Wisconsin bill appears to be making any progress.
First introduced on February 18, 2009, Georgia HB 451 won unanimous approval in the Georgia House on March 12, and the Senate Judiciary Committee recommended passage on March 26. However, the legislature adjourned on April 3 without a third reading and final action in the senate. HB 451 was "recommitted" to the Georgia Senate on January 11, 2010. No further action has been reported.
Massachusetts HB 89, which also proposes adopting Revised Article 1, was assigned to the Joint Committee on Economic Development and Emerging Technologies on January 20, 2009. No further action has been reported.
Washington SB 5154 was introduced on January 15, 2009, scheduled for a public hearing on January 23, 2009, and then stalled, like its Revised Article 1 counterpart, but without as compelling a reason. It was "reintroduced and retained in present status" on January 11, 2010. No further action has been reported.
Wisconsin AB 688 was introduced on January 25, 2010. On February 22, the Assembly Committee on Jobs, the Economy and Small Business unanimously recommended passage. The bill is now before the Assembly Rules Committee.
ESPN on How to Create Markets
Humorous link on supply and demand. Though I must agree. Mike Greenberg is far more valuable than Kenny Mayne!
Subscribe to:
Posts (Atom)