Class actions have gradually taken root outside the US in recent years. We highlight common pitfalls and early advocacy problems that defendants typically face in these new regimes and provide an overview in which direction international class actions will develop in the years to come.

View Slides (PDF)

PANELISTS:

Eric Bouffard is a French qualified partner in the Paris office of Gibson Dunn & Crutcher, where he serves as a member of the firm’s International Arbitration, Litigation and Business Restructuring Practice Groups. Mr. Bouffard is particularly active in cross-border litigation, commercial arbitration, commercial law (including insolvency and recovery of debt), industrial risk (latent defects, interruption of production, delay and disruption claims, consequential losses), international trade and insurance before both judicial courts and arbitral tribunals. He is regularly involved in M&A disputes, shareholders and more generally project partners disputes.

Jean-Pierre Farges is a partner in the Paris office of Gibson, Dunn & Crutcher LLP, Global Co-Chair of the firm’s Business Restructuring & Reorganization Practice Group and member of the firm’s Litigation Practice Group. Mr. Farges specializes in complex M&A litigation, arbitration, industrial risk, construction, international trade, insurance, reinsurance, equity capital insolvency dispute matters and public and administrative law disputes and regulatory issues. He has been involved in a number of major disputes before state courts and arbitral tribunals, acting for banks, funds companies and listed industrial companies.

Osma Hudda is an English qualified partner in Gibson, Dunn & Crutcher’s London office and is a member of the Firm’s Dispute Resolution Group. Ms. Hudda has broad-based dispute resolution experience including litigation, international arbitration and regulatory investigations. Ms. Hudda’s litigation experience has involved representing clients in Employment Tribunals, the High Court and Court of Appeal. In arbitration she has represented clients from a wide variety of industries, particularly oil & gas, before arbitral tribunals including the ICC and LCIA. She has also defended companies involved in regulatory investigations in the UK and internationally as well as assisting clients in large scale internal investigations and related compliance issues.

Markus Rieder is a partner in the Munich office of Gibson, Dunn & Crutcher. He is a member of the firm’s Class Actions, Transnational Litigation, Securities Litigation and International Arbitration Groups. Mr. Rieder focuses his practice on complex commercial litigation, both domestic and cross-border, and national and international arbitration, as well as on compliance and white collar defense. He has substantial experience in the automotive, industrial and manufacturing sectors. Mr. Rieder is regularly recommended by the leading legal publications.

Cassie Aprile is a dual-qualified Associate in the London office of Gibson, Dunn & Crutcher, practising in the firm’s Dispute Resolution Group. Ms. Aprile qualified as a solicitor in Australia in 2010, and as a solicitor in England & Wales in 2018. Ms. Aprile specialises in commercial litigation and has experience advising clients on a broad range of complex disputes across various industry sectors, including mining and energy, property, development, banking and general commercial. Most recently, Ms. Aprile has assisted in the defence of a UK retailer in the largest private sector equal pay claim to be heard in the English courts.

Alexander Horn is an associate in the Munich office of Gibson, Dunn & Crutcher. He is a member of the firm’s Litigation, Class Actions, Securities Litigation, Transnational Litigation and International Arbitration Practice Groups. Mr. Horn has experience in a wide variety of complex litigation and international arbitration matters. This includes several contract, post-M&A, and corporate disputes before German Regional Courts as well as representing a financial services company in Germany’s largest arbitration to date. Handelsblatt / The Best Lawyers™ in Germany 2021/2022 have recognized Mr. Horn in the inaugural list “Ones to Watch” for International Arbitration.

Lauren Blas is a partner in the Los Angeles office of Gibson, Dunn & Crutcher where her practice focuses on class actions, labor and employment litigation, and complex commercial litigation in the trial courts and on appeal.

MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.0 credit hour, of which 1.0 credit hour may be applied toward the areas of professional practice requirement. This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact CLE@gibsondunn.com to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.0 hour.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast. No certificate of attendance is required for California “self-study” credit.

Congress continues to debate enactment of the Build Back Better Act, which is expected to include major changes to the federal tax law. Meanwhile, other recently enacted tax legislation, including the sweeping tax reform enacted in 2017, continues to generate significant regulatory activity at the Treasury Department and IRS. And recent increases in IRS funding are leading to an uptick in audit activity for the first time in many years, focused in part on partnerships and multi-national businesses.

This panel provides an overview of these legislative, regulatory and enforcement developments.

View Slides (PDF)

The recent expansion of New York’s law regarding so-called strategic lawsuits against public participation (“SLAPP”) has created some uncertainty regarding what standards apply to currently pending matters arising under New York law involving public petition and participation.  The New York legislature and courts are actively engaged in considering these questions, and a new proposed piece of legislation, if adopted, may clarify what standards apply in pending actions.

On July 22, 2020, the New York State Senate and Assembly passed legislation that expanded First Amendment protections under New York’s anti-SLAPP law by providing new tools for defendants to challenge frivolous lawsuits.  The bill was signed into law by former Governor Andrew M. Cuomo on November 10, 2020.  The law amended and extended New York’s existing statute (sections 70-a and 76-a of the New York Civil Rights Law) addressing so-called SLAPP suits:[1] suits that seek to punish and chill the exercise of the rights of petition and free speech by subjecting defendants to expensive and burdensome litigation.[2]  New York’s previous anti-SLAPP law, enacted in 2008, was limited to litigation arising from a public application or permit, often in a real estate development context.[3]

The amendments, which took effect immediately upon enactment, introduced the following key changes to New York law:

• Expanded the statute beyond actions “brought by a public applicant or permittee,” to apply to any action based on a “communication in a . . . public forum in connection with an issue of public interest” or “any other lawful conduct in furtherance of the exercise of the constitutional right of free speech in connection with an issue of public interest, or in furtherance of the exercise of the constitutional right of petition.”[4]
• Confirmed that “public interest” should be construed broadly, including anything other than a “purely private matter.”[5]
• Required courts to consider anti-SLAPP motions to dismiss based on the pleadings and “supporting and opposing affidavits stating the facts upon which the action or defense is based.”[6]
• Provided for a stay of all proceedings—including discovery, hearings, and motions—pending determination of a motion to dismiss an action under the anti-SLAPP law, except that the court may order limited discovery where necessary to allow a plaintiff to respond to an anti-SLAPP motion.[7]
• Provided that the court must award attorneys’ fees, and does not have discretion over whether to do so, when it grants such a motion.[8]

New York’s existing anti-SLAPP law already provided that a plaintiff in an “action involving public petition and participation” was required, as a matter of state law separate and apart from federal constitutional law, to satisfy the “actual malice” standard first promulgated by the United States Supreme Court in the seminal First Amendment decision New York Times v. Sullivan.[9]  By expanding the definition of an “action involving public petition and participation,” the 2020 amendments require plaintiffs in a wider range of actions to satisfy that standard.[10]

When passed, commentators observed that courts would be asked to determine whether the revised statute was “retroactive” in effect, i.e., whether it would apply to actions already pending at the time it became effective, or if it would only have effect in subsequently filed actions.  Under New York law, whether a statute is “retroactive” is “a matter of judgment made upon review of the legislative goal,” based on “whether the Legislature has made a specific pronouncement about retroactive effect or conveyed a sense of urgency; whether the statute was designed to rewrite an unintended judicial interpretation; and whether the enactment itself reaffirms a legislative judgment about what the law in question should be.”[11]

The first courts to consider the issue uniformly held that the amended anti-SLAPP law did apply retroactively to actions pending as of the date the amendments were passed.  For example, on December 29, 2020, United States District Judge Rakoff of the Southern District of New York held in Palin v. New York Times Company that the law was retroactive.”[12]  Judge Rakoff explained that “It is clear that the [amended law] is a remediate statute” that “should be given retroactive effect in order to effectuate its beneficial purpose” and that “[o]ther factors in the retroactivity analysis include whether the Legislature has made a specific pronouncement about retroactive effect or conveyed a sense of urgency; whether the statute was designed to rewrite an unintended judicial interpretation; and whether the enactment itself reaffirms a legislative judgment about what the law in question should be.”[13]  In Judge Rakoff’s view, “the legislative history demonstrates that the amendments to [the anti-SLAPP law] were intended to correct the narrow scope of New York’s prior anti-SLAPP law” such that “the remedial purpose of the amendment should be effectuated through retroactive application.”[14]  In the Palin case, this determination meant that under the amended anti-SLAPP law, New York state law as well as federal constitutional law both separately required the plaintiff to meet the “actual malice” standard to establish her defamation claims.  Over the following 14 months, almost 20 other state and federal courts—every court to consider the same question—came to the same conclusion.[15]

But on March 10, 2022, the First Department departed from that building consensus and held that the 2020 amendments to New York’s anti-SLAPP law do not apply retroactively.[16]  In Gottwald v. Sebert,* involving defamation claims brought by music producer Lukas Gottwald, known as Dr. Luke, against the pop star Kesha Rose Sebert, known as Kesha, the First Department held that the anti-SLAPP law does not apply to claims commenced before the November 2020 amendments were passed.[17]  In that litigation, the New York trial and appellate courts had previously held that Dr. Luke did not qualify as a public figure and so was not required to meet the actual malice standard as a matter of federal constitutional law.[18]  Kesha sought a ruling that the amended New York anti-SLAPP law applied retroactively to Dr. Luke’s claims, which had been filed before the amendments to the anti-SLAPP law were enacted, and so required Dr. Luke to meet the actual malice standard under New York state law.[19]  Kesha also sought to bring new anti-SLAPP counterclaims against Dr. Luke under the amended New York anti-SLAPP law which would have allowed her, if she prevailed, to recover attorneys’ fees.[20]  However, because the claims at issue were brought prior to November 2020, the First Department held that the “actual malice” standard did not apply and that Kesha could not bring anti-SLAPP counterclaims.[21]

The First Department explained that there was “insufficient evidence supporting the conclusion that the legislature intended” the recent amendments to the anti-SLAPP law “to apply retroactively to pending claims,” like those asserted by Dr. Luke against Kesha.[22]  The First Department held that to defeat the strong presumption against applying laws retroactively, there would need to be clear evidence that the law was intended to apply retroactively.  It reasoned that, despite evidence that the amendments were intended to remediate the prior anti-SLAPP provision by broadening its scope, retroactive application of new statutes is so disfavored that it must be made explicit in the statutory text.[23]

Kesha has moved for reargument of that decision or for leave to appeal to the New York Court of Appeals, New York’s highest court.[24]  Her motion is supported by a number of amici, including New York State Senator Brad Hoylman, who co-authored the 2020 amendments to New York’s anti-SLAPP law.[25]  Senator Hoylman asserted in his proposed amicus brief in support of Kesha’s motion that the legislature did intend for the law to have retroactive effect, explaining that the drafting history of the amendments and his personal understanding of the amendments support applying them retroactively.[26]  Dr. Luke responded by arguing, among other things, that Senator Hoylman’s brief improperly seeks to “influence the judicial interpretation of a statute” post-enactment, which “threaten[s] to undermine fundamental separation of powers principles,” and disputed his interpretation of the drafting history.[27]

Most recently, on May 12, 2022, Senator Hoylman introduced a new bill to further amend the New York anti-SLAPP law, seeking among other things to “clarify” that the amended statute applies retroactively by appending language unambiguously providing retroactive effect.[28]  The bill also clarifies the “substantial basis” standard applicable to motions to dismiss actions under the anti-SLAPP statute.[29]

The new proposed amendments are at the beginning of the legislative process.  It remains to be seen whether the new amendments will receive support in the legislature and be enacted into law by the Governor’s signature, and if so, on what timeline.  The current amended anti-SLAPP law was initially introduced on January 9, 2019, was passed on July 22, 2020, and was signed into effect on November 10, 2020.[30]  A similar time frame for the new proposed amendments would see them take effect in the middle of 2024.  And separately, it remains to be seen how the courts, including the First Department and perhaps the Court of Appeals in Gottwald v. Sebert and other pending actions, will construe the new proposed amendments in determining whether the existing anti-SLAPP law already applies retroactively.  Further developments in this complicated and important area of New York law are sure to follow in the near future.

* Gibson, Dunn & Crutcher LLP represented Sony Music Entertainment in Gottwald v. Sebert,
No. 653118/2014 (Sup. Ct. N.Y. Cty.).

________________________

   [1]   2020 N.Y. Senate Bill No. 52-A/Assembly Bill No. 5991A (July 22, 2020), https://www.nysenate.gov/legislation/bills/2019/s52/amendment/a.

   [2]   Understanding Anti-SLAPP Laws, Reporters Committee for Freedom of the Press, https://www.rcfp.org/resources/anti-slapp-laws/ (last visited May 17, 2022).

   [3]   2020 N.Y. Senate Bill No. 52-A/Assembly Bill No. 5991A (July 22, 2020), https://www.nysenate.gov/legislation/bills/2019/s52/amendment/a.

   [4]   Id. (emphasis added).

   [5]   Id.

   [6]   Id.

   [7]   Id.

   [8]   Id. (emphasis added).

   [9]   Palin v. New York Times Co., 510 F. Supp. 3d 21, 28–29 (citing New York Times v. Sullivan, 376 U.S. 254 (1964) and N.Y. Civil Rights Law § 76-a(2)).

  [10]   Id.

  [11]   Nelson v. HSBC Bank USA, 87 A.D.3d 995, 997–98 (N.Y. App. Div. 2d Dep’t 2011).

  [12]   510 F. Supp. 3d 21, at 27 (S.D.N.Y. 2020); see also Novagold Resources, Inc. v. J Capital Research USA LLC, 2022 WL 900604, *9 (E.D.N.Y. Mar. 28, 2022) (applying New York’s anti-SLAPP amendment retroactively); Coleman v. Grand, 2021 WL 768167, at *8 (E.D.N.Y. Feb. 26, 2021) (same); Sackler v. American Broadcasting Companies, Inc., 144 N.Y.S.3d 529, 532 (Sup. Ct. 2021) (same).

  [13]   Id. at 26–27 (quoting Matter of Gleason, 96 N.Y.2d 117, 122 (2001)) (internal quotation marks omitted)..

  [14]   Id. at 27 (citation omitted).

  [15]   Memorandum of Law in Support of Motion of Defendant-Respondent for Reargument or, in the Alternative, Leave to Appeal, Gottwald v. Sebert, No. 2021-03036, Dkt. 20 at 15 n.1 (N.Y. App. Div. 1st Dep’t Apr. 11, 2022).

  [16]   Gottwald v. Sebert, 203 A.D.3d 488 (N.Y. App. Div. 1st Dep’t 2022).

  [17]   Id. at 489.

  [18]   See Gottwald v. Sebert, 193 A.D.3d 573, 576–78 (N.Y. App. Div. 1st Dep’t 2021).  That decision has been appealed to the New York Court of Appeals, New York’s highest court, which has not resolved the question of Dr. Luke’s public figure status.  See Gottwald v. Sebert, No. 2020-01908, Dkt. 69 (N.Y. App. Div. 1st Dep’t Jul. 22, 2020).

  [19]   Defendant Kesha Rose Sebert’s Memorandum of Law in Support of her Motion for a Ruling that Civil Rights Law Section 76-a Applies to Plaintiffs’ Defamation Claims and for Leave to Assert a Counterclaim, Gottwald v. Sebert, No. 653118/2014, Dkt. 2303 at 1 (Sup. Ct. N.Y. Cnty. Apr. 6, 2021).

  [20]   Id.

  [21]   Gottwald, 203 A.D.3d at 489.

  [22]   Id. at 488.

  [23]   Id.

  [24]   Memorandum of Law in Support of Motion of Defendant-Respondent for Reargument or, in the Alternative, Leave to Appeal, Gottwald v. Sebert, No. 2021-03036, Dkt. 20 (N.Y. App. Div. 1st Dep’t Apr. 11, 2022).

  [25]   See Notice of Motion for Leave of Senator Brad Hoylman to Participate as Amicus Curiae, Gottwald et al. v. Sebert, No. 2021-03036, Dkt. 25 (1st Dep’t) (filed April 15, 2022).

  [26]   Id., Proposed Amicus Brief at 4–5.

  [27]   Omnibus Opposition to Motions For Leave to File Amicus Curiae Briefs In Support of Respondent’s Motion for Reargument or Leave to Appeal, No. 2021-03036, Dkt. 26 at 10–11 (1st Dep’t) (filed April 22, 2022).

  [28]   2022 N.Y. Senate Bill No. S9239 (May 12, 2022), https://www.nysenate.gov/legislation/bills/2021/s9239.

  [29]   Id.

  [30]   2020 N.Y. Senate Bill No. 52-A/Assembly Bill No. 5991A (July 22, 2020), https://www.nysenate.gov/legislation/bills/2019/s52/amendment/a.

The following Gibson Dunn lawyers assisted in the preparation of this client update: Anne Champion, Connor Sullivan, Dillon Westfall, and Randi Brown.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the author, or the following leaders and members of the firm’s Media, Entertainment & Technology Practice Group:

Scott A. Edelman – Co-Chair, Los Angeles (+1 310-557-8061, sedelman@gibsondunn.com)
Kevin Masuda – Co-Chair, Los Angeles (+1 213-229-7872, kmasuda@gibsondunn.com)
Benyamin S. Ross – Co-Chair, Los Angeles (+1 213-229-7048, bross@gibsondunn.com)
Theodore J. Boutrous, Jr. – Los Angeles (+1 213-229-7000, tboutrous@gibsondunn.com)
Orin Snyder – New York (+1 212-351-2400, osnyder@gibsondunn.com)
Brian C. Ascher – New York (+1 212-351-3989, bascher@gibsondunn.com)
Anne M. Champion – New York (+1 212-351-5361, achampion@gibsondunn.com)
Michael H. Dore – Los Angeles (+1 213-229-7652, mdore@gibsondunn.com)
Ilissa Samplin – Los Angeles (+1 213-229-7354, isamplin@gibsondunn.com)
Connor Sullivan – New York (+1 212-351-2459, cssullivan@gibsondunn.com)

© 2022 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Click for PDF

The Federal Trade Commission recently doubled down on its efforts to combat perceived deception and privacy violations in the education sector, and in particular, perceived violations by education technology providers and for-profit educational institutions.

On May 19, 2022, the FTC commissioners unanimously[1] voted to adopt a new Policy Statement on educational technology and the Children’s Online Privacy Protection Act (COPPA). In the Policy Statement, the agency promised to “scrutinize compliance with the full breadth of the substantive provisions of the COPPA rule and statutory language,” with a particular focus on protecting children who are required to use certain technology to complete schoolwork.[2] The Policy Statement is one in a series of signals that the FTC will aggressively enforce COPPA, specifically in the context of technology used for school—a scenario in which “children are a captive audience,” according to the FTC.[3]

FTC Chair Lina Khan reinforced these sentiments at the FTC’s May 19 open meeting, stating that COPPA is not merely a notice and consent framework, but places clear restrictions on the data that companies may collect from children. She expressed particular concerns over children “surrender[ing their data] to commercial surveillance practices,” in order to access educational resources online. She also expressed concerns over “targeting” and “profiling” of children, across various platforms.[4]

With the Policy Statement, the FTC sends a reminder that covered businesses bear “the responsibility for COPPA compliance . . . not schools or parents.” Specifically, the agency will prioritize enforcement against:

(1) mandatory collection of information as a condition of participation, or collection of data beyond what is reasonably necessary;

(2) use of children’s data outside of the authorized limited purpose;

(3) the retention of information for longer than is reasonably necessary; and,

(4) the failure to maintain the confidentiality, security, and integrity of children’s personal information.

The FTC further made clear that it will take the position that a company is in violation of COPPA’s security provisions if the company fails to take reasonable security precautions, regardless of whether an actual breach occurs.[5]

President Joe Biden commended the FTC “for unanimously taking a big step” toward answering his call to strengthen privacy protections for children with the Policy Statement, and reiterated his stated intention to strengthen privacy protections and ban targeted advertising to children delivered in his State of the Union address.[6]

The FTC has been grappling with the perceived “proliferation of technologies that monetize the collection of personal information,” especially as it relates to children for over a decade. The FTC has been charged with enforcing COPPA since it took effect in 2000, and the agency amended COPPA in 2013 to broaden its scope to include previously unregulated information, such as “persistent identifiers,” as well as photographs and voice recordings, and to encompass third parties that have actual knowledge that they’re collecting personal information from children.[7] With the proliferation of online learning, the FTC wants to ensure that “ed tech doesn’t become a pretext for companies to collect personal information in the classroom and in the home.”[8] Indeed, the FTC opened a review of the COPPA Rule in 2019, ahead of the regulatory review schedule, to explore whether amendments are needed in light of rapid technological advancements, and asking specific questions concerning the EdTech industry, including whether to change requirements concerning the deletion of children’s information and parental consent. The FTC received 170,000 public comments in this review, setting the record for any proceeding.[9]

The FTC issued the May 19 Policy Statement even though the agency’s COPPA review is still pending. FTC Commissioner Christine Wilson asked the agency to prioritize the conclusion of this review, given that it has been pending for three years.

The May 19 Policy Statement is not the only recent development related to COPPA. In March 2022, the FTC settled a matter over allegations that a company collected data from children without proper parental consent.[10] As part of the settlement, the company paid a $1.5 million penalty, was required to delete all personal information that was collected in a manner that violated COPPA, and had to destroy all models or algorithms developed in whole or in part using improperly collected personal information. More than a mere interest in enforcing COPPA generally, this case signals the Commission’s focus on the use of children’s data to create advanced algorithms, and therefore, the destruction of such algorithms as a remedy for COPPA violations.

The FTC also signaled its interest in how children interpret advertising, both in the context of COPPA and its Guides on Endorsements and Testimonials. The same day the FTC issued the Policy Statement, the agency announced an October workshop focusing on “stealth advertising” to children—a phenomenon where the line between paid advertisements and unsponsored influencer content has become blurred—particularly with respect to the rise of the child influencer.[11] The workshop will feature legal experts as well as scientists to discuss the development of children’s brains and the impact of stealth advertising on impressionable children, in order to develop strategies to best protect kids. The FTC is currently seeking research papers and written comments on topics including children’s capacity at different ages and developmental stages to recognize and distinguish advertising content, the “harms to children” caused by a failure to recognize advertising, and what measures should be taken to protect children.[12]

EdTech is not the FTC’s only educational sector interest area.  The agency recently issued Warning Letters in the for-profit education space, as well. Specifically, the FTC put 70 for-profit educational institutions on notice that the agency will seek to impose civil penalties on any institution that commits acts that have been previously found to be unfair or deceptive under Section 5,[13] using its Penalty Offense Authority.[14] The Commission cautioned these companies against deceptive advertising, making false promises of jobs or other favorable employment outcomes, and driving students into debt. Educational institutions found to be in violation of these rules could face “steep penalties”—including fines of more than $46,000 per violation.

Companies and other entities engaged in the education sector should be particularly mindful of the FTC’s activities in this space, especially if they collect any information from children, and ensure their practices do not run afoul of COPPA, the FTC Act, or related requirements.

We are closely monitoring FTC developments, and are available to discuss these issues as applied to your particular situation.

______________________________

   [1]   While every Commissioner ultimately voted to adopt the Policy Statement, 4 Commissioners (out of 5) issued their own, individual statements on the issue, noting a spectrum of opinions. In fact, Commissioner Wilson only “reluctantly vot[ed] yes” on the Policy Statement; and even so, only because the Statement “neither expands the universe of entities covered by the COPPA Rule nor the circumstances under which the Commission will initiate enforcement.”  Oral Remarks of Commissioner Wilson at the Open Commission Meeting (May 19, 2022), https://www.ftc.gov/system/files/ftc_gov/pdf/P155401WilsonRemarks_0.pdf.  Notably, the May 19 open meeting was the first for newly installed Commissioner Alvaro Bedoya.  He stated that the Policy Statement reinforced original intent of Congress to go beyond the notice and consent framework. Oral Remarks of Commissioner Bedoya at the Open Commission Meeting, 13 (May 19, 2022), https://www.ftc.gov/system/files/ftc_gov/pdf/Transcript-Open-Commission-Meeting-May-19-2022.pdf. He also expressed the view that children have different online experiences based on family circumstances.  “Kids from working-class families … [are] more likely to use free apps, which track much more data than paid apps, and for a variety of reasons, they end up giving up much more sensitive information about themselves.”  Id. at 14. Hence, Commissioner Bedoya was encouraged by Chair Khan’s call for “systemic responses to problems.” While some tracking is benign, “I want to push back on the idea that we need all this tracking . . . to make better apps for kids.” Id.

   [2]   Federal Trade Commission, Policy Statement of the Federal Trade Commission on Education Technology and the Children’s Online Privacy Protection Act (2022).

   [3]   Id.

   [4]   Oral Remarks of Commission Chair Lina Khan at the Open Commission Meeting (May 19, 2022), https://www.ftc.gov/system/files/ftc_gov/pdf/Transcript-Open-Commission-Meeting-May-19-2022.pdf.

   [5]   Id.

   [6]   The White House, Statement from President Biden on FTC Vote to Protect Children’s Privacy (May 19, 2022), https://www.whitehouse.gov/briefing-room/statements-releases/2022/05/19/statement-from-president-biden-on-ftc-vote-to-protect-childrens-privacy.

   [7]   See, https://www.ftc.gov/business-guidance/blog/2022/05/ftc-ed-tech-protecting-kids-privacy-your-responsibility.

   [8]   Id.

   [9]   See, FTC, Student Privacy and Ed Tech (December 2017), https://www.ftc.gov/news-events/events/2017/12/student-privacy-ed-tech.

  [10]   FTC, FTC Takes Action Against Company Formerly Known as Weight Watchers for Illegally Collecting Kids’ Sensitive Health Data, https://www.ftc.gov/news-events/news/press-releases/2022/03/ftc-takes-action-against-company-formerly-known-weight-watchers-illegally-collecting-kids-sensitive.

  [11]   https://www.ftc.gov/news-events/news/press-releases/2022/05/ftc-hold-virtual-event-protecting-kids-stealth-advertising-digital-media.

  [12]   Id. The FTC will continue to accept comments and papers until July 18, 2022.

  [13]   https://www.ftc.gov/news-events/news/press-releases/2021/10/ftc-targets-false-claims-profit-colleges.

  [14]   FTC, Notices of Penalty Offenses, https://www.ftc.gov/enforcement/penalty-offenses. See also, Gibson Dunn, The FTC at Full Strength: What to Expect Next (May 16, 2022), https://www.gibsondunn.com/the-ftc-at-full-strength-what-to-expect-next/.

The following Gibson Dunn lawyers prepared this client alert: Svetlana S. Gans and Brendan Krimsky.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any member of the firm’s Privacy, Cybersecurity & Data Innovation practice group:

United States
Matthew Benjamin – New York (+1 212-351-4079, mbenjamin@gibsondunn.com)
Ryan T. Bergsieker – Denver (+1 303-298-5774, rbergsieker@gibsondunn.com)
S. Ashlie Beringer – Co-Chair, PCDI Practice, Palo Alto (+1 650-849-5327, aberinger@gibsondunn.com)
David P. Burns – Washington, D.C. (+1 202-887-3786, dburns@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650-849-5203, cgaedt-sheckter@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202-955-8657, sgans@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213-229-7269, nhanna@gibsondunn.com)
Howard S. Hogan – Washington, D.C. (+1 202-887-3640, hhogan@gibsondunn.com)
Robert K. Hur – Washington, D.C. (+1 202-887-3674, rhur@gibsondunn.com)
Kristin A. Linsley – San Francisco (+1 415-393-8395, klinsley@gibsondunn.com)
H. Mark Lyon – Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com)
Karl G. Nelson – Dallas (+1 214-698-3203, knelson@gibsondunn.com)
Ashley Rogers – Dallas (+1 214-698-3316, arogers@gibsondunn.com)
Alexander H. Southwell – Co-Chair, PCDI Practice, New York (+1 212-351-3981, asouthwell@gibsondunn.com)
Deborah L. Stein – Los Angeles (+1 213-229-7164, dstein@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com)
Benjamin B. Wagner – Palo Alto (+1 650-849-5395, bwagner@gibsondunn.com)
Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415-393-8333/+1 650-849-5393, mwong@gibsondunn.com)
Debra Wong Yang – Los Angeles (+1 213-229-7472, dwongyang@gibsondunn.com)

Europe
Ahmed Baladi – Co-Chair, PCDI Practice, Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
James A. Cox – London (+44 (0) 20 7071 4250, jacox@gibsondunn.com)
Patrick Doris – London (+44 (0) 20 7071 4276, pdoris@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33-180, kgesing@gibsondunn.com)
Bernard Grinspan – Paris (+33 (0) 1 56 43 13 00, bgrinspan@gibsondunn.com)
Penny Madden – London (+44 (0) 20 7071 4226, pmadden@gibsondunn.com)
Michael Walther – Munich (+49 89 189 33-180, mwalther@gibsondunn.com)
Alejandro Guerrero – Brussels (+32 2 554 7218, aguerrero@gibsondunn.com)
Vera Lukic – Paris (+33 (0) 1 56 43 13 00, vlukic@gibsondunn.com)
Sarah Wazen – London (+44 (0) 20 7071 4203, swazen@gibsondunn.com)

Asia
Kelly Austin – Hong Kong (+852 2214 3788, kaustin@gibsondunn.com)
Connell O’Neill – Hong Kong (+852 2214 3812, coneill@gibsondunn.com)
Jai S. Pathak – Singapore (+65 6507 3683, jpathak@gibsondunn.com)

© 2022 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

New York partner Reed Brodsky and associate Michael L. Nadler are the authors of “Jarkesy Wins Relief From ALJ Control After Years of Fighting for His Right to a Jury Trial” [PDF] published by The National Law Journal on May 25, 2022.

Click for PDF

Decided May 23, 2022

Morgan v. Sundance, Inc., No. 21-328

Today, the Supreme Court held 9-0 that prejudice is not required to show that a party waived the right to arbitrate.

Background: A plaintiff filed a putative class action against her employer over the employer’s pay practices. Eight months later—and after moving to dismiss, answering the complaint, asserting affirmative defenses, and participating in mediation—the defendant-employer moved pursuant to the Federal Arbitration Act (FAA) to stay the litigation and compel arbitration. The district court held that the defendant waived its right to arbitrate. The Eighth Circuit reversed, concluding that the plaintiff had failed to show it was prejudiced by the defendant-employer’s delay in compelling arbitration.

Issue: Is it necessary to show prejudice to establish the opposing party waived the right to arbitrate?

Court’s Holding: No. Because federal procedural rules typically do not require prejudice to invoke waiver, a party need not demonstrate prejudice to prove that the opposing party waived its right to arbitrate.

“[T]he FAA’s ‘policy favoring arbitration’ does not authorize federal courts to invent special, arbitration-preferring procedural rules.”

Justice Kagan, writing for the Court

What It Means:

• Today’s decision underscores the need for parties wishing to compel arbitration to do so early in the case to avoid the risk of waiving their right to arbitrate.
• The Court grounded its decision in the FAA, which directs courts to treat arbitration contracts in the same manner as other contracts. Given that equal-treatment principle, the Court reasoned that courts “may not devise novel rules to favor arbitration over litigation.”
• The Court expressly declined to decide the role state law may play in determining whether a party has relinquished its right to arbitrate through its litigation conduct. The Court also declined to decide whether losing the right to arbitrate based on a party’s own conduct is best understood as involving “waiver, forfeiture, estoppel, laches, or procedural timeliness.”

The Court’s opinion is available here.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding developments at the Supreme Court. Please feel free to contact the following practice leaders:

Appellate and Constitutional Law Practice

Related Practice: Class Actions

Related Practice: Labor and Employment

Related Practice: Judgment and Arbitral Award Enforcement

Related Practice: International Arbitration

Click for PDF

On May 12, 2022, more than six months after the Equal Employment Opportunity Commission (“EEOC”) announced its Initiative on Artificial Intelligence and Algorithmic Fairness,[1] the agency issued its first guidance regarding employers’ use of Artificial Intelligence (“AI”).[2]

The EEOC’s guidance outlines best practices and key considerations that, in the EEOC’s view, help ensure that employment tools do not disadvantage applicants or employees with disabilities in violation of the Americans with Disabilities Act (“ADA”).  Notably, the guidance came just one week after the EEOC filed a complaint against a software company alleging intentional discrimination through applicant software under the Age Discrimination in Employment Act (“ADEA”), potentially signaling more AI and algorithmic-based enforcement actions to come.

The EEOC’s AI Guidance

The EEOC’s non-binding, technical guidance provides suggested guardrails for employers on the use of AI technologies in their hiring and workforce management systems.

Broad Scope.  The EEOC’s guidance encompasses a broad-range of technology that incorporates algorithmic decision-making, including “automatic resume-screening software, hiring software, chatbot software for hiring and workflow, video interviewing software, analytics software, employee monitoring software, and worker management software.”[3]  As an example of such software that has been frequently used by employers, the EEOC identifies testing software that provides algorithmically-generated personality-based “job fit” or “cultural fit” scores for applicants or employees.

Responsibility for Vendor Technology.  Even if an outside vendor designs or administers the AI technology, the EEOC’s guidance suggests that employers will be held responsible under the ADA if the use of the tool results in discrimination against individuals with disabilities.  Specifically, the guidance states that “employers may be held responsible for the actions of their agents, which may include entities such as software vendors, if the employer has given them authority to act on the employer’s behalf.”[4]  The guidance further states that an employer may also be liable if a vendor administering the tool on the employer’s behalf fails to provide a required accommodation.

Common Ways AI Might Violate the ADA.  The EEOC’s guidance outlines the following three ways in which an employer’s tools may, in the EEOC’s view, be found to violate the ADA, although the list is non-exhaustive and intended to be illustrative:

1. By relying on the tool, the employer fails to provide a reasonable accommodation. Individuals with disabilities may need “specialized equipment” or “alternative tests or formats” to ensure that they are accurately assessed.  For example, the EEOC notes that an applicant with limited manual dexterity may have a difficult time taking a knowledge test which utilizes a manual input device such as a keyboard or trackpad.  The EEOC’s guidance states that, absent an undue hardship, the applicant should be provided with an alternative version of the test (e.g., a test allowing oral responses).
2. The tool screens out an individual with a disability that is able to perform the essential functions of the job with or without an accommodation. Whether intentional or inadvertent, “screening out” may arise from a variety of factors, such as special circumstances not being taken into account in designing the algorithmic decision-making tool.  For example, if a video interviewing tool analyzes speech patterns to determine an applicant’s problem solving abilities, it may screen out an individual with a speech impediment because their speech deviates from expected patterns and may therefore receive a low or disqualifying score.  The EEOC’s guidance offers a separate example of how a personality test seeking to measure workplace focus may negatively score an individual with Posttraumatic Stress Disorder who is not able to ignore distractions.  While this test would generally be predictive and valid, the guidance states that “it might not accurately predict whether the individual still would experience those same difficulties under modified working conditions such as a quiet workstation or permission to use noise-cancelling headphones.”[5]
3. The tool makes a disability-related inquiry or otherwise constitutes a medical examination. An AI tool that asks questions about an individual’s medical conditions or physical restrictions, or overtly asks if the individual has a disability, may violate the ADA’s prohibition on making disability-related inquiries.  Similarly, a tool’s assessment of an employee or applicant may constitute an impermissible medical examination if it “seeks information about an individual’s physical or mental impairments or health.”  The EEOC’s guidance attempts to clarify its recommendations with examples—stating that AI screening tools may lawfully pose questions to applicants and employees that “might somehow be related to some kinds of mental health diagnoses,” such as whether the individuals are optimistic about the future.  However, if the AI tool’s use of this question screens out an individual because of a disability (e.g., Major Depressive Disorder), it may nevertheless be found to violate the ADA since the tool would ultimately disqualify an applicant that may otherwise be able to perform the essential functions of the job with or without an accommodation.[6] While this example is fairly nuanced, it provides insight into how the EEOC may scrutinize the use of AI in the workplace.

Tips for Avoiding Pitfalls.  In addition to illustrating the agency’s view of how employers may run afoul of the ADA through their use of AI and algorithmic decision-making technology, the EEOC’s guidance provides several practical tips for how employers may reduce the risk of liability.  For example:

1. Make the Accommodations Process Transparent. The EEOC recommends that employers make clear in writing that applicants and employees can request reasonable accommodations and provide clear instructions on how they can do so.
2. Give Notice Before Performing AI Assessments. The EEOC suggests that employers provide all applicants and employees undergoing an assessment by an algorithmic decision-making tool information “in plain language and in accessible formats” regarding “the traits that the algorithm is designed to assess, the method by which those traits are assessed, and the variables or factors that may affect the rating.”[7] Illinois already requires employers using AI analysis in video interviewing to notify applicants of how the AI tool works and what characteristics will be used to evaluate them.  Likewise, effective January 1, 2023, employers in New York City will be required to provide applicants and employees with notices that explain how the tool works and what job qualifications and characteristics are being considered.[8]
3. Focus on Essential Functions. The EEOC recommends ensuring that the AI and algorithmic tools “only measure abilities or qualifications that are truly necessary for the job—even for people who are entitled to an on-the-job reasonable accommodation” and measure those necessary qualifications “directly, rather than by way of characteristics or scores that are correlated with those abilities or qualifications.”[9]
4. Confirm Vendor Compliance. For employers purchasing tools from vendors, the EEOC suggests that an employer “confirm that the tool does not ask job applicants or employees questions that are likely to elicit information about a disability or seek information about an individual’s physical or mental impairments or health, unless such inquiries are related to a request for reasonable accommodation.”[10] Employers in New York City should take note that the new NYC law will require employers to conduct an independent bias audit to ensure there is no adverse impact on the basis of race, ethnicity, and sex.  Recently proposed federal and D.C. laws, if enacted, would require a yearly bias audit covering the full spectrum of protected classes.

Enforcement Action

As previewed above, on May 5, 2022—just one week before releasing its guidance—the EEOC filed a complaint in the Eastern District of New York alleging that iTutorGroup, Inc., a software company providing online English-language tutoring to adults and children in China, violated the ADEA.[11]

The complaint alleges that a class of plaintiffs were denied employment as tutors because of their age.  Specifically, the EEOC asserts that the company’s application software automatically denied hundreds of older, qualified applicants by soliciting applicant birthdates and automatically rejecting female applicants age 55 or older and male applicants age 60 or older.  The complaint alleges that the charging party was rejected when she used her real birthdate because she was over the age of 55 but was offered an interview when she used a more recent date of birth with an otherwise identical application.  The EEOC seeks a range of damages including back wages, liquidated damages, a permanent injunction enjoining the challenged hiring practice, and the implementation of policies, practices, and programs providing equal employment opportunities for individuals 40 years of age and older.  iTutorGroup has not yet filed a response to the complaint.

Takeaways

Given the EEOC’s enforcement action and recent guidance, employers should evaluate their current and contemplated AI tools for potential risk.  In addition to consulting with vendors who design or administer these tools to understand the traits being measured and types of information gathered, employers might also consider reviewing their accommodations processes for both applicants and employees.

___________________________

[1] EEOC, EEOC Launches Initiative on Artificial Intelligence and Algorithmic Fairness (Oct. 28, 2021), available at https://www.eeoc.gov/newsroom/eeoc-launches-initiative-artificial-intelligence-and-algorithmic-fairness.

[2] EEOC, The Americans with Disabilities Act and the Use of Software, Algorithms, and Artificial Intelligence to Assess Job Applicants and Employees (May 12, 2022), available at https://www.eeoc.gov/laws/guidance/americans-disabilities-act-and-use-software-algorithms-and-artificial-intelligence?utm_content=&utm_medium=email&utm_name=&utm_source=govdelivery&utm_term [hereinafter EEOC AI Guidance].

[3] Id.

[4] Id. at 3, 7.

[5] Id. at 11.

[6] Id. at 13.

[7] Id. at 14.

[8] For more information, please see Gibson Dunn’s Client Alert, New York City Enacts Law Restricting Use of Artificial Intelligence in Employment Decisions.

[9] EEOC AI Guidance at 14.

[10] Id.

[11] EEOC v. iTutorGroup, Inc., No. 1:22-cv-02565 (E.D.N.Y. May 5, 2022).

The following Gibson Dunn attorneys assisted in preparing this client update: Harris Mufson, Danielle Moss, Megan Cooney, and Emily Maxim Lamm.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. To learn more about these issues, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Labor and Employment practice group, or the following:

Harris M. Mufson – New York (+1 212-351-3805, hmufson@gibsondunn.com)

Danielle J. Moss – New York (+1 212-351-6338, dmoss@gibsondunn.com)

Megan Cooney – Orange County (+1 949-451-4087, mcooney@gibsondunn.com)

Jason C. Schwartz – Co-Chair, Labor & Employment Group, Washington, D.C.
(+1 202-955-8242, jschwartz@gibsondunn.com)

Katherine V.A. Smith – Co-Chair, Labor & Employment Group, Los Angeles
(+1 213-229-7107, ksmith@gibsondunn.com)

© 2022 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Click for PDF

Last year we reported on a federal district court decision dismissing a federal securities law claim brought derivatively on behalf of The Gap, Inc. pursuant to a forum selection bylaw designating the Delaware Court of Chancery as the exclusive forum for derivative suits (the “Forum Bylaw”).  See Lee v. Fisher, Case No. 20-cv-06163-SK, ECF No. 59 (N.D. Cal. Apr. 27, 2021).  The plaintiff appealed that decision to the Ninth Circuit Court of Appeals, and, on May 13, 2022, the Ninth Circuit affirmed.  See Lee v. Fisher, Case No. 21-15923.  This decision is significant because it effectively bars plaintiffs from asserting federal securities law claims derivatively when a company has designated a state court venue as the exclusive forum for derivative actions.

The plaintiff in Fisher brought derivative claims purportedly on behalf of Gap against certain directors and officers based on their alleged failure to promote diversity at Gap and for allegedly making misleading statements about Gap’s commitment to diversity.  The plaintiff asserted that the officers and directors had violated both state law by allegedly breaching their fiduciary duties and federal securities law by violating the proxy rules under Section 14(a) of the Securities Exchange Act.  In the district court, defendants moved to dismiss on forum non conveniens grounds pursuant to the Forum Bylaw.  Plaintiff argued that the court could not enforce the Forum Bylaw as to the federal Section 14(a) claim because (1) that claim was subject to exclusive federal jurisdiction and could not be asserted in the Delaware Court of Chancery, and (2) enforcing the Forum Bylaw would violate the Exchange Act provision that prohibits waiving compliance with the Exchange Act (the “anti-waiver” provision).  The district court disagreed and dismissed the lawsuit.

The Ninth Circuit affirmed the district court’s ruling in full.  The Court noted that under Supreme Court precedent forum selection clauses should be enforced absent “extraordinary circumstances.”  The Ninth Circuit previously articulated three such circumstances, one of which plaintiff argued was implicated in this case:  enforcing the Forum Bylaw “would contravene a strong public policy of the forum in which suit is brought.”  As in the district court, the plaintiff pointed to the Exchange Act’s anti-waiver provision and the exclusive federal jurisdiction over Exchange Act claims as evidence that enforcing the Forum Bylaw would violate public policy.  The Court rejected these arguments because neither of these statutory provisions expressly states that refusing to give effect to these provisions would violate public policy.  Additionally, the Court noted it was relevant to its analysis that plaintiff failed to “identif[y] Delaware law clearly stating that she could not get any relief in the Delaware Court of Chancery.”  The Ninth Circuit therefore affirmed because plaintiff failed to carry her “heavy burden” to overcome the forum provision.

By holding that all derivative claims must be brought in the Delaware Court of Chancery, this decision fulfills the purpose of exclusive forum provisions: to prevent duplicative litigation in multiple forums and thereby increase efficiencies and decrease costs for companies.  However, it is important to note that not all courts agree, and this decision sets up a potential Circuit split.  Earlier this year, the Seventh Circuit refused to enforce a substantially similar forum provision against a derivative Section 14(a) claim.  See Seafarers Pension Plan on behalf of Boeing Co. v. Bradway, 23 F.4th 714 (7th Cir. 2022).  We will continue to monitor developments in this space.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, any member of the Securities Litigation or Securities Regulation and Corporate Governance practice groups, or the following authors:

Brian M. Lutz – San Francisco/New York (+1 415-393-8379/+1 212-351-3881, blutz@gibsondunn.com)
Jason J. Mendro – Washington, D.C. (+1 202-887-3726, jmendro@gibsondunn.com)
Ronald O. Mueller – Washington, D.C. (+1 202-955-8671, rmueller@gibsondunn.com)
Michael J. Kahn – San Francisco (+1 415-393-8316, mjkahn@gibsondunn.com)

Please also feel free to contact any of the following practice leaders and members:

Securities Litigation Group:
Monica K. Loseman – Co-Chair, Denver (+1 303-298-5784, mloseman@gibsondunn.com)
Brian M. Lutz – Co-Chair, San Francisco/New York (+1 415-393-8379/+1 212-351-3881, blutz@gibsondunn.com)
Craig Varnen – Co-Chair, Los Angeles (+1 213-229-7922, cvarnen@gibsondunn.com)
Shireen A. Barday – New York (+1 212-351-2621, sbarday@gibsondunn.com)
Christopher D. Belelieu – New York (+1 212-351-3801, cbelelieu@gibsondunn.com)
Jefferson Bell – New York (+1 212-351-2395, jbell@gibsondunn.com)
Matthew L. Biben – New York (+1 212-351-6300, mbiben@gibsondunn.com)
Michael D. Celio – Palo Alto (+1 650-849-5326, mcelio@gibsondunn.com)
Paul J. Collins – Palo Alto (+1 650-849-5309, pcollins@gibsondunn.com)
Jennifer L. Conn – New York (+1 212-351-4086, jconn@gibsondunn.com)
Thad A. Davis – San Francisco (+1 415-393-8251, tadavis@gibsondunn.com)
Ethan Dettmer – San Francisco (+1 415-393-8292, edettmer@gibsondunn.com)
Mark A. Kirsch – New York (+1 212-351-2662, mkirsch@gibsondunn.com)
Jason J. Mendro – Washington, D.C. (+1 202-887-3726, jmendro@gibsondunn.com)
Alex Mircheff – Los Angeles (+1 213-229-7307, amircheff@gibsondunn.com)
Robert F. Serio – New York (+1 212-351-3917, rserio@gibsondunn.com)
Jessica Valenzuela – Palo Alto (+1 650-849-5282, jvalenzuela@gibsondunn.com)
Robert C. Walters – Dallas (+1 214-698-3114, rwalters@gibsondunn.com)
Avi Weitzman – New York (+1 212-351-2465, aweitzman@gibsondunn.com)

Securities Regulation and Corporate Governance Group:
Elizabeth Ising – Co-Chair, Washington, D.C. (+1 202-955-8287, eising@gibsondunn.com)
James J. Moloney – Co-Chair, Orange County, CA (+ 949-451-4343, jmoloney@gibsondunn.com)
Lori Zyskowski – Co-Chair, New York (+1 212-351-2309, lzyskowski@gibsondunn.com)
Brian J. Lane – Washington, D.C. (+1 202-887-3646, blane@gibsondunn.com)
Ronald O. Mueller – Washington, D.C. (+1 202-955-8671, rmueller@gibsondunn.com)
Thomas J. Kim – Washington, D.C. (+1 202-887-3550, tkim@gibsondunn.com)
Michael A. Titera – Orange County, CA (+1 949-451-4365, mtitera@gibsondunn.com)

© 2022 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Click for PDF

On May 18, 2022, U.S. District Judge Jed S. Rakoff of the Southern District of New York issued a decision in an ongoing dispute between the international luxury fashion house Hermès and the self-described artist operating under the name Mason Rothschild involving the artist’s line of non-fungible tokens (NFTs) termed “MetaBirkins.”  This litigation is one of the first significant trademark actions involving NFT offerings.  Importantly, Judge Rakoff denied the artist’s motion to dismiss the trademark claims.  While Judge Rakoff’s decision denying the artist’s motion to dismiss does not resolve the merits of Hermès’s claims, it offers some of the first available insight into how courts will consider trademark claims regarding NFTs.

In Hermès International, et al. v Mason Rothschild, Hermès sued the artist operating under the name Mason Rothschild in federal court in the Southern District of New York for producing and selling NFTs that he called MetaBirkins, each of which was a digital image of the Hermès Birkin handbag depicted as if made of fur; the artist also sold MetaBirkins and other NFTs through social media channels and digital storefronts under the MetaBirkin name.  No. 22-cv-384 (JSR), Dkt. 24 (S.D.N.Y. Jan 14, 2022).  Hermès argued that selling these MetaBirkin NFTs infringed and diluted Hermès’s Birkin trademark, falsely designated the origin of the NFTs as if they were Hermès-authorized digital products, injured and diluted Hermès’s business reputation.  Hermès also asserted a claim for cybersquatting based on Rothschild’s use of the domain name metabirkins.com for the website used to offer the NFTs.  Id. 

The artist moved to dismiss.  Id. Dkt. 26, 27.  The artist principally argued that the use of the term “MetaBirkin” was protected expression under the Second Circuit’s seminal case Rogers v. Grimaldi, 875 F.2d 994 (2d Cir. 1989), which held that use of a famous trademark (in that case, a trademark composed of a celebrity name) in connection with a work of art does not infringe trademark rights so long as (1) the name is “minimally artistically relevant” to the product, and (2) the use does not “explicitly mislead” as to content, authorship, sponsorship, or endorsement.  Id.  The artist argued that calling his products “MetaBirkins” was at least minimally relevant to his claimed project of interrogating the fashion industry’s animal cruelty and the nature of luxury and value, and that the term was not explicitly misleading, regardless of whether some observers may have been actually confused.  Hermès opposed the motion to dismiss, emphasizing the extensive commercial use the artist had made of the MetaBirkin label, including selling other products under that label and operating digital storefronts and marketing campaigns using the name.  Id. Dkt. 31.  Hermès also emphasized evidence of actual confusion among consumers and industry observers about the origin and authorization of the MetaBirkin NFTs.  Id.  And Hermès pointed to the artist’s own statements, including in an interview with Yahoo! Finance, in which he referred to the MetaBirkin as a “digital commodity” and said that there was not “much difference” between having the “crazy handbag” in real life or, “now,” being “able to bring that into the metaverse with these iconic NFTs,” and complained about people selling counterfeit MetaBirkins NFTs competitively with his NFTs.  Id.  Hermès argued that the Second Circuit’s Rogers case should not apply to “commodities” sold in commerce like the MetaBirkin NFTs.  Id.  Hermès also argued that, even if the Rogers case applied, the court should still evaluate whether the MetaBirkin label misled the public by applying the “venerable Polaroid factors,” a set of criteria from a 1961 Second Circuit decision that courts use to evaluate whether a defendant’s mark will confuse the public.  Id.  The artist’s reply brief insisted that the Rogers case should apply because the MetaBirkin NFTs were artworks, and should apply equally to the works themselves and to speech marketing those works.  Id. Dkt. 38.  The artist also argued that if the Rogers test applied, the court should ignore the Second Circuit’s Polaroid multi-factor test, because the only question should be whether the MetaBirkin label explicitly misled the public, not whether it could actually mislead the public.  Id.

Judge Rakoff heard oral argument on May 4, 2022 and issued a short-form order on May 5, 2022 denying the motion to dismiss.  Id. Dkt. 49.  On May 18, 2022, Judge Rakoff issued a memorandum order providing the reasoning for his decision.  Id. Dkt. 50.  Judge Rakoff held that the Second Circuit’s Rogers test applied because the MetaBirkin NFTs, “digital images of handbags,” “could constitute a form of artistic expression,” regardless of the fact that the artist also used the label to market and advertise those artworks.  Id.  Notably, Judge Rakoff held that “Rothschild’s use of NFTs to authenticate the images” does not “change the application of Rogers:  because NFTs are simply code pointing to where a digital image is located and authenticating the image, using NFTs to authenticate an image and allow for traceable subsequent resale and transfer does not make the image a commodity without First Amendment protection any more than selling numbered copies of physical paintings would make the paintings commodities for purposes of Rogers.”  Id.

Judge Rakoff declined to rule at the motion to dismiss stage whether the MetaBirkin label qualified as minimally artistically relevant, as the Rogers case requires to protect a defendant.  The court acknowledged that the threshold for artistic relevance under the Rogers case is “low,” but also observed that Hermès had alleged the artist “entirely intended to associate the ‘MetaBirkins’ mark with the popularity and goodwill of Hermès’s Birkin mark, rather than intending an artistic association.”  Id.  Judge Rakoff cited the artist’s own statements to the press about his efforts to “create that same kind of illusion that [the Birkin bag] has in real life as a digital commodity.”  Id.  

Regardless of whether the MetaBirkin label qualified as artistically relevant, Judge Rakoff held that Hermès had adequately alleged that the MetaBirkin label was explicitly misleading, which was sufficient to state a claim that the Rogers test does not protect Rothschild’s conduct.  Accordingly, the court denied the motion to dismiss.  Id.  Judge Rakoff explicitly rejected the artist’s argument that courts in the Second Circuit should ignore the longstanding Polaroid likelihood-of-confusion factors in determining whether a mark is explicitly misleading under the Rogers test.  Moreover, the court concluded that Hermès had adequately alleged specific facts under the Polaroid factors to support a conclusion that the MetaBirkin label was misleading.  Judge Rakoff further concluded that, even if the artist was correct that the Polaroid factors should not apply, the motion to dismiss would still fail under the Rogers test because Hermès had adequately alleged sufficient actual confusion and sufficient efforts by the artist to mislead the public, including the artist’s own statements to the press.  Id.

Judge Rakoff’s decision was clearly influenced by the commercial nature of Rothschild’s activities, with an eye to potential future sales of virtual goods in a metaverse or enhanced reality context.  The court noted that the NFTs might not qualify as artworks “if the NFTs were attached to a digital file of a virtually wearable Birkin handbag, in which case the ‘MetaBirkin’ mark would refer to a non-speech commercial product (albeit not one that is, as yet, considered ordinary or quotidian).”  Id. 12 n.3.  But because Hermès only suggested that the artist might in the future sell “virtually wearable ‘MetaBirkins,’” Judge Rakoff declined to consider that issue for purposes of the motion to dismiss.  Id.  As Judge Rakoff recognized, the increasing prevalence of virtual objects and their potential applications and uses in connection with “metaverse” technologies will require further analysis.

This decision marks one of the earliest decisions by any court in a trademark dispute arising from non-fungible tokens and provides a first set of indications regarding how courts will evaluate NFT-related trademark claims.  Additional lawsuits involving NFTs are already working their way through the courts.  Judge Rakoff’s decision will likely be considered as those other disputes reach the point of judicial decisions.

The following Gibson Dunn lawyers prepared this client alert: Howard Hogan and Connor Sullivan.

Gibson Dunn lawyers are available to assist in addressing any questions you may have regarding these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any of the following leaders of the firm’s Intellectual Property, Fashion, Retail & Consumer Products, Media, Entertainment & Technology, Global Financial Regulatory, or Privacy, Cybersecurity & Data Innovation practice groups:

Intellectual Property Group:
Kate Dominguez – New York (+1 212-351-2338, kdominguez@gibsondunn.com)
Y. Ernest Hsin – San Francisco (+1 415-393-8224, ehsin@gibsondunn.com)
Josh Krevitt – New York (+1 212-351-4000, jkrevitt@gibsondunn.com)
Jane M. Love, Ph.D. – New York (+1 212-351-3922, jlove@gibsondunn.com)

Fashion, Retail & Consumer Products Group:
Howard S. Hogan – Washington, D.C. (+1 202-887-3640, hhogan@gibsondunn.com)

Media, Entertainment & Technology Group:
Scott A. Edelman – Los Angeles (+1 310-557-8061, sedelman@gibsondunn.com)
Kevin Masuda – Los Angeles (+1 213-229-7872, kmasuda@gibsondunn.com)
Benyamin S. Ross – Los Angeles (+1 213-229-7048, bross@gibsondunn.com)

Global Financial Regulatory Group:
William R. Hallatt – Hong Kong (+852 2214 3836, whallatt@gibsondunn.com)
Michelle M. Kirschner – London (+44 (0) 20 7071 4212, mkirschner@gibsondunn.com)
Jeffrey L. Steiner – Washington, D.C. (+1 202-887-3632, jsteiner@gibsondunn.com)

Privacy, Cybersecurity & Data Innovation Group:
Ahmed Baladi – Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
S. Ashlie Beringer – Palo Alto (+1 650-849-5327, aberinger@gibsondunn.com)
Alexander H. Southwell – New York (+1 212-351-3981, asouthwell@gibsondunn.com)

© 2022 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Issuers are facing increasing calls from stakeholders and regulators, as well as within their own organizations, to proactively address ESG across their business footprint. The heightened focus on ESG impacts the way issuers, underwriters and lenders participate in capital raising. Join us in a recorded presentation for a discussion on the new opportunities, products, challenges and requirements.

Click for PDF

Gibson, Dunn & Crutcher LLP is pleased to announce with Global Legal Group the release of the International Comparative Legal Guide to: Anti-Money Laundering 2022. Gibson Dunn partners Stephanie L. Brooker and Joel M. Cohen were again contributing editors to the publication which covers issues including criminal enforcement, regulatory and administrative enforcement and requirements for financial institutions and other designated businesses. The Guide, comprised of 9 expert analysis chapters and 26 jurisdictions, is live and FREE to access HERE.

Ms. Brooker and Gibson Dunn partner M. Kendall Day co-authored “Modernizing the United States Anti-Money Laundering Regime: The Anti-Money Laundering Act of 2020 and Actions Taken to Implement it to Date.”  Linda Noonan, Ella Alves Capone, Tory Roberts, and Monica Murphy provided invaluable assistance with the article.

In addition, Mr. Cohen co-authored with Gibson Dunn Of Counsel Linda Noonan the jurisdiction chapter on “USA: Anti-Money Laundering 2022.”

You can view these informative and comprehensive chapters via the links below:

CLICK HERE to view Modernizing the United States Anti-Money Laundering Regime: The Anti-Money Laundering Act of 2020 and Actions Taken to Implement it to Date

CLICK HERE to view USA: Anti-Money Laundering 2022

About Gibson Dunn’s Anti-Money Laundering Practice: Gibson Dunn’s Anti-Money Laundering practice provides legal and regulatory advice to all types of financial institutions and nonfinancial businesses with respect to compliance with federal and state anti-money laundering laws and regulations, including the U.S. Bank Secrecy Act. We represent clients in criminal and regulatory government investigations and enforcement actions. We also conduct internal investigations involving money laundering and Bank Secrecy Act violations for a wide range of clients in the financial services industry and companies with multinational operations. For further information, please visit our practice page and feel free to contact Stephanie L. Brooker in Washington, D.C. (+1 202.887.3502, sbrooker@gibsondunn.com), Joel M. Cohen in New York (+1 212.351.2664, jcohen@gibsondunn.com) or M. Kendall Day in Washington, D.C. (+1 202.955.8220, kday@gibsondunn.com).

About the Authors:

Stephanie Brooker is Co-Chair of Gibson Dunn’s White Collar Defense and Investigations and Financial Institutions Practice Groups. She also co-leads the firm’s Anti-Money Laundering practice.  She is the former Director of the Enforcement Division at FinCEN, and previously served as the Chief of the Asset Forfeiture and Money Laundering Section in the U.S. Attorney’s Office for the District of Columbia and as a DOJ trial attorney for several years. Ms. Brooker’s practice focuses on internal investigations, regulatory enforcement defense, white-collar criminal defense, and compliance counseling. She handles a wide range of white collar matters, including representing financial institutions, multi-national companies, and individuals in connection with criminal, regulatory, and civil enforcement actions involving sanctions; anti-corruption; anti-money laundering (AML)/Bank Secrecy Act (BSA); securities, tax, and wire fraud; foreign influence; “me-too;” cryptocurrency; and other legal issues. Ms. Brooker’s practice also includes BSA/AML and FCPA compliance counseling and deal due diligence and asset forfeiture matters.  Ms. Brooker has been named a Global Investigations Review “Top 100 Women in Investigations” and National Law Journal White Collar Trailblazer.

Joel M. Cohen, a trial lawyer and former New York federal prosecutor, is Co-Chair of Gibson Dunn’s White Collar Defense and Investigations Practice Group, and a member of its Securities Litigation, Class Actions and Antitrust & Competition Practice Groups. He has been lead or co-lead counsel in 24 civil and criminal trials in federal and state courts, and he is equally comfortable in leading confidential investigations, managing crises or advocating in court proceedings. Mr. Cohen is a top-ranked litigator by Chambers and other leading legal services reviewers.  His experience includes all aspects of AML, FCPA/anticorruption issues, securities fraud, insider trading, sanctions, and tax fraud, in addition to financial institution litigation and other international disputes and discovery.

Kendall Day is Co-Chair of Gibson Dunn’s Financial Institutions Practice Group, co-leads the firm’s Anti-Money Laundering practice, and is a member of the White Collar Defense and Investigations Practice Group. Prior to joining Gibson Dunn, Mr. Day was a white collar prosecutor for 15 years, eventually rising to become an Acting Deputy Assistant Attorney General, the highest level of career official in the Criminal Division at DOJ. He represents financial institutions; fintech, crypto-currency, and multi-national companies; and individuals in connection with criminal, regulatory, and civil enforcement actions involving anti-money laundering (AML)/Bank Secrecy Act (BSA), sanctions, FCPA and other anti-corruption, securities, tax, wire and mail fraud, unlicensed money transmitter, false claims act, and sensitive employee matters. Mr. Day’s practice also includes BSA/AML compliance counseling and due diligence, and the defense of forfeiture matters.

Linda Noonan is Of Counsel in the Washington, D.C. office and a member of the firm’s Financial Institutions and White Collar Defense and Investigations Practice Groups. She joined the firm from the U.S. Department of the Treasury, Office of General Counsel, where she had been Senior Counsel for Financial Enforcement.  In that capacity, she was the principal legal advisor to Treasury officials on domestic and international money laundering and related financial enforcement issues.  She specializes in BSA/AML enforcement and compliance issues for financial institutions and non-financial businesses.

Ella Alves Capone is a senior associate in the Washington, D.C. office, where she is a member of the White Collar Defense and Investigations and Anti-Money Laundering practice groups.  Her practice focuses in the areas of white collar investigations and advising clients on regulatory compliance and the effectiveness of their internal controls and compliance programs.  Ms. Capone routinely advises multinational companies and financial institutions, including cryptocurrency and other digital asset businesses, gaming businesses, fintechs, and payment processors, on BSA/AML and sanctions compliance matters.  She also has extensive experience representing clients before DOJ, SEC, OFAC, FinCEN, and federal banking regulators on a variety of white collar matters, including those involving BSA/AML, sanctions, anti-corruption, securities, and fraud matters.

Tory Roberts is an associate in the Washington, D.C. office.  She practices in the firm’s Litigation Department with a particular focus on white collar defense and investigations.  Ms. Roberts has experience representing financial institutions and multinational companies in investigations conducted by the SEC, DOJ, and FinCEN on matters involving alleged securities fraud, violations of the Foreign Corrupt Practices Act, and violations of anti-money laundering laws.  She also has experience advising clients on their compliance programs.

Monica Murphy is an associate in the Washington, D.C. office.  She practices in the firm’s Litigation Department, and her practice focuses on white collar investigations and environmental litigation.  Ms. Murphy has experience representing companies in investigations conducted by DOJ, SEC, and FinCEN on matters involving alleged violations of the Bank Secrecy Act and anti-money laundering laws.

© 2022 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

New York partner Harris Mufson and associate Lizzy Brilliant are the authors of “Complying With Electronic Monitoring Laws In NY And Beyond” [PDF] published by Law360 on May 19, 2022.

Washington, D.C. partner Judith Alison Lee, Munich associate Nikita Malevanny and Washington, D.C. associate Claire Yi are the authors of “Russia strikes back – countersanctions” [PDF] published by Financier Worldwide in its June 2022 issue.

Click for PDF

The Federal Trade Commission (FTC) stalemate ended on Wednesday, May 11, 2022, with Vice President Kamala Harris breaking the 50-50 Senate tie to confirm Alvaro Bedoya.  The addition of Commissioner Bedoya establishes the first Democratic majority at the FTC since Commissioner Rohit Chopra left the agency to lead the Consumer Financial Protection Bureau in October 2021 and creates a pathway for Chair Lina Khan’s ambitious agency agenda.  Commissioner Bedoya, a privacy scholar, brings with him substantial interest in privacy and algorithmic fairness which are issues at the top of the FTC’s priorities.

Commissioner Bedoya comes to the FTC from the Center on Privacy and Technology at the Georgetown University Law Center, where he served as the founding director and a professor.  At Georgetown, Commissioner Bedoya specialized in digital privacy issues, including on the intersection of privacy and civil rights, biometric software, “algorithmic discrimination,” children’s privacy, and data aggregation.  He previously engaged in advocacy on the regulation and moratoria of law enforcement’s use of facial recognition, use of information related to unaccompanied children in immigration proceedings, and automated scanning of social media related to immigration enforcement.  Before arriving at Georgetown, Commissioner Bedoya served as Chief Counsel to the Senate Judiciary Subcommittee on Privacy, Technology & the Law, where he worked on the bipartisan transparency provisions in the USA FREEDOM Act, helped run oversight hearings involving large technology companies, and conducted work on so-called “stalking apps.”

While less is known about Commissioner Bedoya’s stance on antitrust issues, he has expressed concerns over a “consolidated and concentrated technology sector” and likely will be in favor of robust antitrust enforcement.  Commissioner Bedoya has also expressed interest in getting the FTC more resources for privacy enforcement, expanding the FTC’s technological expertise, combating fraud and abuse related to the COVID pandemic, and curbing certain debt collection practices.

Below we identify key issues that may see more activity in light of the new Democratic majority:

• Privacy Rulemaking. The Biden Administration has encouraged the FTC to establish rules on “corporate surveillance” and the accumulation of data.  In late 2021, the FTC officially announced interest in crafting a trade regulation rule under Section 18 of the FTC Act “to curb lax security practices, limit privacy abuses, and ensure that algorithmic decision-making does not result in unlawful discrimination.”[1]  Both Chair Khan and Commissioner Rebecca Slaughter have been in favor of far-reaching FTC privacy rulemaking, while Commissioners Noah Phillips and Christine Wilson have voiced concerns with the scope of potential privacy rules.  We may therefore see more momentum on FTC privacy rulemaking, especially if the Congressional stalemate on federal privacy legislation continues.  Chair Khan has expressed a preference for substantive limits on data collection rather than procedural protections, stating that procedural protections “sidestep[] more fundamental questions about whether certain types of data collection and processing should be permitted in the first place.”[2]

The FTC’s privacy rulemaking activities may also be informed by several petitions to curb corporate data practices—including, for example, the Electronic Privacy Information Center’s petition for rulemaking on artificial intelligence, Accountable Tech’s petition to deem targeted advertising as an unfair method of competition, the Center for Democracy and Technology’s petition for rulemaking to address purported civil rights abuses in data-driven commerce, Athena Coalition’s petition to ban corporate use of facial surveillance technology, and the Council on American-Islamic Relations’ petition for an FTC investigation of the use of location data.  The FTC’s activities may also be informed by the addition of new agency staff focused on algorithms, biometrics, and technology platforms.[3]

The agency’s authority to craft trade regulation rules covering unfair and deceptive trade practices, known as UDAP rulemaking, may face procedural and substantive questions, such as whether the recent reforms to the Section 18 rulemaking processes align with Congressional intent, and whether the contemplated privacy rules are limited to practices that have been found to be unfair or deceptive.  Further, given Chair Khan’s interest in the intersection of privacy and competition, especially as to data accumulation, it will be interesting to see whether the FTC pursues data-related rulemakings through a competition or UDAP lens, or whether the FTC takes a hybrid approach.[4]

We also envision the FTC will continue to focus on privacy enforcement, with an emphasis on the intersection of privacy and civil rights, personal autonomy, and vulnerable consumers including children.

• Competition Rulemaking.  In July 2021, the FTC voted 3-2 to rescind the 2015 guidelines concerning the scope of its authority under Section 5 of the FTC Act, with the majority suggesting that the FTC “will consider whether . . . to propose rules that will further clarify the types of practices that warrant scrutiny under this provision.”[5]  Although the fact and scope of FTC’s authority to engage in competition rulemaking remain open questions, with Commissioner Bedoya confirmed, it is more likely that the FTC will vote to initiate a rulemaking to classify certain conduct as an “unfair method[] of competition” that violates Section 5 of the FTC Act.  Agency leadership has stated they will take a thoughtful and energetic approach to rulemaking and prefer rulemaking over enforcement because rules set clear expectations, allow businesses to plan, and proactively deter bad conduct.

In particular, given the increased attention to labor issues,[6] the FTC may consider a rulemaking aimed at addressing labor markets, such as a rulemaking addressing the legality of non-competes under the FTC Act.  Agency staff have stated that they believe non-compete rules would lead to higher wages, better working conditions, and increased competition in downstream goods markets.  Critics, however, have noted that such rulemaking may exceed the Commission’s authority and have unintended consequences, such as disruption of innovation and decreased investment in workforce training.  Other potential rulemakings, as itemized in the Biden Competition Executive Order, include “other clauses or agreements that may unfairly limit worker mobility,” “unfair anticompetitive restrictions on third-party repair or self-repair of items,” and “unfair anticompetitive conduct or agreements in the prescription drug industries.”[7]

The FTC’s labor focus will likely not be limited to rulemaking.  The FTC’s enforcement docket will also consider purported harms to employees and small business both in the consumer protection and competition arenas.  The FTC will also continue to pursue the administration’s key enforcement priorities, including those the agency identified at the July 2021 public meeting, such as large technology companies, the healthcare industry, M&A, and “repeat offenders.”[8]

• Penalty Offense Authority. The FTC has shown a renewed interest in penalty offense authority, largely due to its inability to get equitable monetary penalties under Section 13(b) of the FTC Act, in light of the Supreme Court’s unanimous holding in AMG Capital Management v. FTC.[9]  The FTC’s Civil Penalty Authority allows the agency to seek civil penalties against nonparties when two conditions are met:  (1) the company must have actual notice that the conduct is unfair or deceptive in violation of the FTC Act, and (2) there must be an FTC administrative decision that such conduct is unfair or deceptive.  The sheer breadth of the agency’s recent efforts – notices to 1,100 businesses regarding “money-making opportunities,” notices to 700 businesses regarding endorsements and testimonials, and notices to 70 for-profit higher education institutions – is noteworthy and raises important questions surrounding notice and due process.  As agency investigations continue, this is an area to watch.

• Health and Wellness Apps’ Data Practices. On September 15, 2021, the FTC issued a policy statement that arguably sought to expand the type of entities covered by the agency’s Health Breach Notification Rule.  The Health Breach Notification Rule requires vendors of personal health records to notify consumers, the FTC, and in some cases, the media, when data is disclosed or acquired without the consumer’s authorization.  Specifically, the FTC (on a 3-2 vote) found that health and wellness apps that hold consumers’ health information are subject to the Rule because they arguably furnish health care services and can draw information from multiple sources, such as through consumer inputs and application programming interfaces.  This arguable expansion drew dissents from Commissioners Phillips and Wilson, who objected that the agency exceeded its authority by expanding the coverage outside of the statutory mandate, acted contrary to agency guidance, and curtailed the public input process, among other criticisms.  Key factual issues also remain including questions surrounding triggers for “unauthorized access” and “discovery of a breach of security,” as noted in these dissents.  The FTC’s approach on these issues is an area to watch.

• Individual and Intermediary Liability. Chair Khan and Commissioner Slaughter have encouraged the FTC to push for individual and intermediary liability in consumer protection investigations.  The FTC is also focusing on “gatekeepers” that in the agency’s words – “use their critical market position” to “dictate terms,” “protect and extend their market power,”[10] and “degrade privacy without ramifications.”[11]  We expect more activity in this area with the Democratic majority.

• Merger Enforcement. Commissioner Bedoya’s confirmation provides the FTC with a Democratic majority that may authorize novel theories of harm to challenge alleged anticompetitive mergers.  In recent months, Chair Khan has suggested that some mergers may lead to lower wages for workers,[12] conglomerate effects (competitive harm where the merging parties’ products are in neither in horizontal competition nor in the same supply chain),[13] or excessive aggregation of data.[14]  In a departure from past practice, any or all of these theories of harm may be alleged in future merger challenges by the FTC.

• Increased Hill Interaction. Given self-perceived gaps in FTC authority and several of the Commissioners’ significant Hill experience,[15] we expect the agency to be more active on Capitol Hill, potentially furthering calls on Congress to act by: amending Section 13(b) to give the agency the authority to obtain monetary relief that the Supreme Court held it lacked in AMG Capital, introducing privacy legislation with provisions that increase FTC funding, establish a new FTC privacy bureau, and provide the agency first-time fining authority, and engaging in substantive and procedural antitrust revisions.

The FTC consumer protection and competition dockets may soon be in overdrive, with several of the more controversial items such as far ranging market studies, privacy and competition rulemakings, and enforcement actions alleging novel theories and unprecedented remedies, potentially seeing the light of day.

Companies should be mindful of FTC’s vast mandate, ambitious agenda, and stated “adjustments in approach,” as they navigate compliance counseling, M&A transactions, and the many ongoing agency investigations.  Given the sheer breadth of agency initiatives, companies should also consider participating in the agency rulemaking process to offer real-world, empirical evidence to build a fuller agency record.

__________________________

   [1]   Trade Regulation Rule on Commercial Surveillance, Office of Information and Regulatory Affairs (Fall 2021), here.

  [2] Remarks of Chair Lina M. Khan as Prepared for Delivery at IAPP Global Privacy Summit 2022 (Apr. 11, 2022), here.

   [3] See Press Release, FTC Chair Lina M. Khan Announces New Appointments in Agency Leadership Positions (Nov. 19, 2021), here.

   [4] Nat’l Petroleum Refiners Ass’n v. FTC, 482 F.2d 672 (D.C. Cir. 1973).

  [5] Statement of Chair Lina M. Khan and Commissioners Rohit Chopra and Rebecca Kelly Slaughter on the Withdrawal of the Statement of Enforcement Principles Regarding “Unfair Methods of Competition” Under Section 5 of the FTC Act (July 1, 2021), here.

   [6]   See Gibson Dunn Client Alert, Employers Beware: Aggressive and Expansive Labor-Focused Antitrust Enforcement Will Remain the New Normal (Apr. 18, 2022), here.

   [7]   Executive Order on Promoting Competition in the American Economy (July 9, 2021), here.

   [8]   Press Release, FTC Authorizes Investigations into Key Enforcement Priorities (July 1, 2021), here.

   [9]   See Gibson Dunn Client Alert, Supreme Court Restricts Power of the Federal Trade Commission to Seek Monetary Relief in Courts (Apr. 22, 2021), here

  [10]   Memorandum of Chair Lina M. Khan, Vision and Priorities for the FTC (Sept. 22, 2021), here.

  [11]   Statement of Chair Lina M. Khan Regarding the Report to Congress on Privacy and Security (Oct. 1, 2021), here.

  [12]   Press Release, Federal Trade Commission and Justice Department Seek to Strengthen Enforcement Against Illegal Mergers (Jan. 18, 2022), here.

  [13]   Chair Khan Remarks, 2022 Antitrust and Competition Conference, Stigler Center (Apr. 22, 2022), quoted here.

  [14]   Remarks of Chair Lina M. Khan Regarding Request for Information of Merger Enforcement (Jan. 18, 2022), here.

  [15]   Chair Khan previously served as Counsel to the U.S. House Judiciary Committee on Antitrust, Commercial, and Administrative Law.  Commissioner Philips previously served as Chief Counsel to U.S. Senator John Cornyn, of Texas, on the Senate Judiciary Committee.  Commissioner Slaughter previously served as Chief Counsel to Senator Charles Schumer of New York, the Democratic Leader.  Commissioner Bedoya previously served as Chief Counsel to the Senate Judiciary Subcommittee on Privacy, Technology & the Law, among other roles.

The following Gibson Dunn lawyers prepared this client alert: Svetlana Gans, JeanAnn Tabbaa, and Chris Wilson.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any member of the firm’s Antitrust & Competition, Privacy, Cybersecurity & Data Innovation, Labor & Employment, Administrative Law & Regulatory, Public Policy, or FDA & Health Care practice groups, or any of the following authors and practice leaders:

Antitrust & Competition Group:
Svetlana S. Gans – Washington, D.C. (+1 202-955-8657, sgans@gibsondunn.com)
Rachel S. Brass – San Francisco (+1 415-393-8293, rbrass@gibsondunn.com)
Stephen Weissman – Washington, D.C. (+1 202-955-8678, sweissman@gibsondunn.com)
Ali Nikpay – London (+44 (0) 20 7071 4273, anikpay@gibsondunn.com)
Christian Riis-Madsen – Brussels (+32 2 554 72 05, criis@gibsondunn.com)

Privacy, Cybersecurity & Data Innovation Group:
Ahmed Baladi – Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
S. Ashlie Beringer – Palo Alto (+1 650-849-5327, aberinger@gibsondunn.com)
Alexander H. Southwell – New York (+1 212-351-3981, asouthwell@gibsondunn.com)

Labor & Employment Group:
Jason C. Schwartz – Washington, D.C. (+1 202-955-8242, jschwartz@gibsondunn.com)
Katherine V.A. Smith – Los Angeles (+1 213-229-7107, ksmith@gibsondunn.com)

Administrative Law & Regulatory Group:
Eugene Scalia – Washington, D.C. (+1 202-955-8543, escalia@gibsondunn.com)
Helgi C. Walker – Washington, D.C. (+1 202-887-3599, hwalker@gibsondunn.com)

Public Policy Group:
Michael D. Bopp – Washington, D.C. (+1 202-955-8256, mbopp@gibsondunn.com)
Roscoe Jones, Jr. – Washington, D.C. (+1 202-887-3530, rjones@gibsondunn.com)

FDA & Health Care Group:
Marian J. Lee – Washington, D.C. (+1 202-887-3732, mjlee@gibsondunn.com)
John D.W. Partridge – Denver (+1 303-298-5931, jpartridge@gibsondunn.com)

© 2022 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Click for PDF

Connecticut has joined California, Virginia, Colorado, and Utah in enacting comprehensive data privacy legislation, with a signature from Governor Lamont this week on the Connecticut Data Privacy Act (“CTDPA”). Meanwhile, the text of Virginia’s privacy law was amended and finalized, and the California Privacy Protection Agency (“CPPA”) held pre-rulemaking stakeholder sessions about topics related to automated decision-making, consumers’ rights, business’ concerns, and cybersecurity, among others. Companies should account for these changes as they develop and refine their privacy compliance programs.

Connecticut Data Privacy Act

The CTDPA draws heavily upon its predecessor statutes in Virginia and Colorado, with very few departures of significance.[1] Indeed, while the specific combination of features in the CTDPA may be unique, the combination is largely made of elements seen in at least one of its preceding laws. The CTDPA will become effective by its terms in a little over a year, on July 1, 2023[2] – six months after the California Privacy Rights Act (“CPRA”) and Virginia Consumer Data Protection Act (“VCDPA”), simultaneously with the Colorado Privacy Act (“CPA”), and six months before the Utah Consumer Privacy Act (“UCPA”).

Potentially one of the most significant differences between the CTDPA and other states’ laws may be within the threshold requirements. The CTDPA applies to persons that conduct business in Connecticut or produce products or services that are targeted to residents of the state, and that control or process the personal data of a particular number of residents, namely either:

1. 100,000 or more Connecticut residents, excluding residents whose personal data is controlled or processed solely for the purpose of completing a payment transaction; or
2. 25,000 or more Connecticut residents, where the business derives more than 25% of its gross revenue from the sale of personal data.[3]

Connecticut is the first state law to explicitly carve out payment transaction data from its applicability threshold; this provision was added to alleviate concerns of restaurants, small convenience stores, and similar businesses that process the personal information of many customers for the sole purpose of completing a transaction.

Like existing state data privacy laws, the CTDPA grants consumers—defined as Connecticut residents who are not acting in a commercial or employment context—various rights, including: (1) to confirm whether an entity acting as a data controller is processing their personal data, and to access such data; (2) to obtain a copy of their personal data in a portable and readily usable format; (3) to correct inaccuracies therein; and (4) to delete personal data provided by, or obtained about, them. It also requires data controllers to practice data minimization and purpose limitation, implement technical safeguards, and conduct data protection assessments.[4] The CTDPA adopts language similar to that of Virginia’s recent amendment, described more fully below, relating to compliance with a consumer’s request to delete by opting the consumer out of the processing of such personal data, where such information was obtained from a source other than the consumer.

Like the Virginia and Colorado laws, the CTDPA allows consumers to opt out of the processing of their personal data for purposes of (a) targeted advertising, (b) the sale of personal data, and (c) profiling in furtherance of solely automated decisions that produce similarly significant effects.[5] Like the California and Colorado laws, the CTDPA permits consumers to designate an authorized agent to act on their behalf and opt out of the processing of their data.[6] By January 1, 2025, data controllers must allow consumers to exercise their opt-out right through an opt-out preference signal.[7] Unlike California, which expects its CPPA to opine on what an opt-out signal might be, and how it might work, this provision is largely undefined, encouraging the market to create signals, bringing with it the potential for confusion as to what signals must be followed. The CTDPA, like other state laws, also prohibits processing a consumer’s sensitive data without consent, and requires data controllers to provide a mechanism for revoking consent that is “at least as easy as” the mechanism by which the consumer provided consent.[8]

Like Virginia, Colorado, and Utah, and unlike California, Connecticut does not include a private right of action in its law – the CTDPA limits enforcement to the states’ attorney general.[9] Until December 31, 2024, enforcement actions will be subject to 60-day cure period; thereafter, the attorney general may, but is not required to, provide an opportunity to correct an alleged violation.[10] A violation of the CTDPA will constitute an unfair trade practice,[11] which carries civil penalties of up to $5,000 per violation for willful offenses.[12]

Finally, the CTDPA, similar to Virginia, requires the joint standing committee of the General Assembly convene a task force to study various topics concerning data privacy. The task force must submit a report of its findings and recommendations to the joint standing committee by January 1, 2023.

Developments in Other States

Virginia

In April, Virginia Governor Youngkin signed into law three amendments to the VCDPA, which finalizes the VCDPA’s text ahead of its January 1, 2023 effective date. The first amendment concerns consumers’ right to delete their personal information. The VCDPA grants consumers the right to delete “personal data provided by or obtained about” them. The amendment provides that data controllers that have obtained personal data from a source other than the consumer will be deemed to be in compliance with a consumer’s request to delete if they opt the consumer out of the processing of such personal data, allowing businesses to avoid potentially technically infeasible requirements to delete data, so long as they no longer use it for any purpose.[13] The second amendment changes the definition of “nonprofit organization” to include political organizations, thus exempting them from the VCDPA.[14] The third and final amendment provides that all civil penalties, expenses, and attorney fees will be paid into the state treasury and credited toward the Regulatory, Consumer Advocacy, Litigation, and Enforcement Revolving Trust Fund, rather than a separate Consumer Privacy Fund.[15] Unlike California’s and Colorado’s laws, the VCDPA does not include rulemaking authority. Therefore, businesses subject to the VCDPA can develop their compliance programs ahead of January 1, 2023 without concern of significant changes resulting from the adoption of regulations.

California

As explained in more detail in a prior update, the CPPA is responsible for implementing and enforcing the CPRA and California Consumer Privacy Act (“CCPA”), a role which includes updating existing regulations and adopting new regulations. The CPPA is currently engaging in preliminary information-gathering activities to help inform its rulemaking. The CPPA accepted written comments in Fall 2021, provided informational sessions in March 2022, and, recently, held stakeholder sessions on May 4, 5, and 6, 2022, to provide an opportunity for stakeholders to speak on topics relevant to the upcoming rulemaking.

The topics discussed during the stakeholder sessions included automated decision-making, data minimization and purpose limitations, dark patterns, consumers’ rights, business’ concerns, and cybersecurity, among others. Between two and ten stakeholders spoke on each topic, and the speakers ranged from individuals to representatives of private organizations, non-profits, government, and industry groups.

Below are highlights from some of the sessions:

• Automated Decision-Making. Stakeholders articulated divergent views on the definition of Automated Decision-Making (“ADM”). Industry stakeholders proposed a narrower definition to exclude processes related to safety, such as automobile lane-keeping features. Consumers and NGOs conversely asked for a broad definition that would sweep in processes that are not fully automated but that would have a substantial impact on individuals.
• Business Concerns. Businesses expressed a number of concerns over their responsibilities related to disclosure and consumers’ rights, including the difficulty of harmonizing compliance across numerous regimes, including other states’ laws and GDPR; the vagueness of certain definitions, including “contractor,” “service provider,” and “sale,” among others; the cost of implementation; and harm to data-driven businesses through strict interpretation of the “purpose limitation.”
• Consumer Concerns. Consumers were concerned with the difficulty of navigating click-through options to exercise their rights, noting that in some cases, they had to hand over PII in connection with the verification process before they could ask for correction or deletion of their information. Single-click and global, browser-level opt-outs were the most commonly cited suggestion for making the consumer experience of exercising rights more effective and easier, and discussion about how those should be implemented based on the language of the statute were also brought up.
• Dark Patterns. Stakeholders requested more clarity on the definition of “dark patterns,” and suggested that unfair and deceptive practice laws and regulations could already be used to address dark patterns that harm consumers.
• Cybersecurity and Risk Assessments. Speakers suggested looking to the GDPR for guidance around risk assessment requirements and implementation, and emphasized the benefits of harmonizing the requirements across jurisdictions.

The CPPA did not comment on any suggestions, and noted that they were in “listening mode.” The CPPA has not commenced formal rulemaking activities, and continues to gather information. Updates on the CPPA’s activities related to rulemaking are available here.

Separately, there has been no further movement on the proposals floated by the California legislature to extend the business-to-business and employment-related exemptions in the CCPA, leaving businesses to continue to consider how to comply with the CPRA with respect to those individuals’ information.

Other States

Proposed data privacy legislation currently remains in committee in Alaska, Louisiana, Massachusetts, Michigan, North Carolina, New Jersey, New York, Ohio, Pennsylvania, Rhode Island, and Vermont. Numerous other states also are actively considering such laws, with drafting and negotiations at various phases.

We will continue to monitor developments in this area, and are available to discuss these issues as applied to your particular business.

__________________________

    [1]  Connecticut Data Privacy Act (“CTDPA”), S.B. 6, 2022 Gen. Assemb., Reg. Sess. (Conn. 2022).

    [2]  CTDPA, § 1.

    [3]  CTDPA, § 2.

    [4]  CTDPA, §§ 6(1)–(3); 8

    [5]  CTDPA, § 4(a).

    [6]  CTDPA, § 5.

    [7]  CTDPA, § 6(e)(1)(A)(ii).

    [8]  CTDPA, § 6.

    [9]  CTDPA, § 11(a).

    [10] CTDPA, § 11(b).

    [11] CTDPA, § 11(e).

    [12] Conn. Gen. Stat. § 42-110o.

    [13] H 381, 2022 Gen. Assemb., Reg. Sess. (Va. 2022).

    [14] S 534, 2022 Gen. Assemb., Reg. Sess. (Va. 2022).

    [15] S 534, 2022 Gen. Assemb., Reg. Sess. (Va. 2022).

This alert was prepared by Cassandra Gaedt-Sheckter, Ryan Bergsieker, Alexander Southwell, Sarah Scharf, Abbey Barrera, Tony Bedel, Courtney Wang, Raquel Sghiatti, and Samantha Abrams-Widdicombe.

Gibson Dunn lawyers are available to assist in addressing any questions you may have about these developments. Please contact the Gibson Dunn lawyer with whom you usually work, the authors, or any member of the firm’s Privacy, Cybersecurity and Data Innovation practice group:

United States
Alexander H. Southwell – Co-Chair, PCDI Practice, New York (+1 212-351-3981, asouthwell@gibsondunn.com)
S. Ashlie Beringer – Co-Chair, PCDI Practice, Palo Alto (+1 650-849-5327, aberinger@gibsondunn.com)
Debra Wong Yang – Los Angeles (+1 213-229-7472, dwongyang@gibsondunn.com)
Matthew Benjamin – New York (+1 212-351-4079, mbenjamin@gibsondunn.com)
Ryan T. Bergsieker – Denver (+1 303-298-5774, rbergsieker@gibsondunn.com)
David P. Burns – Washington, D.C. (+1 202-887-3786, dburns@gibsondunn.com)
Cassandra L. Gaedt-Sheckter – Palo Alto (+1 650-849-5203, cgaedt-sheckter@gibsondunn.com)
Svetlana S. Gans – Washington, D.C. (+1 202-955-8657, sgans@gibsondunn.com)
Nicola T. Hanna – Los Angeles (+1 213-229-7269, nhanna@gibsondunn.com)
Howard S. Hogan – Washington, D.C. (+1 202-887-3640, hhogan@gibsondunn.com)
Robert K. Hur – Washington, D.C. (+1 202-887-3674, rhur@gibsondunn.com)
Kristin A. Linsley – San Francisco (+1 415-393-8395, klinsley@gibsondunn.com)
H. Mark Lyon – Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com)
Karl G. Nelson – Dallas (+1 214-698-3203, knelson@gibsondunn.com)
Ashley Rogers – Dallas (+1 214-698-3316, arogers@gibsondunn.com)
Deborah L. Stein – Los Angeles (+1 213-229-7164, dstein@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com)
Benjamin B. Wagner – Palo Alto (+1 650-849-5395, bwagner@gibsondunn.com)
Michael Li-Ming Wong – San Francisco/Palo Alto (+1 415-393-8333/+1 650-849-5393, mwong@gibsondunn.com)

Europe
Ahmed Baladi – Co-Chair, PCDI Practice, Paris (+33 (0) 1 56 43 13 00, abaladi@gibsondunn.com)
James A. Cox – London (+44 (0) 20 7071 4250, jacox@gibsondunn.com)
Patrick Doris – London (+44 (0) 20 7071 4276, pdoris@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33-180, kgesing@gibsondunn.com)
Bernard Grinspan – Paris (+33 (0) 1 56 43 13 00, bgrinspan@gibsondunn.com)
Penny Madden – London (+44 (0) 20 7071 4226, pmadden@gibsondunn.com)
Michael Walther – Munich (+49 89 189 33-180, mwalther@gibsondunn.com)
Alejandro Guerrero – Brussels (+32 2 554 7218, aguerrero@gibsondunn.com)
Vera Lukic – Paris (+33 (0) 1 56 43 13 00, vlukic@gibsondunn.com)
Sarah Wazen – London (+44 (0) 20 7071 4203, swazen@gibsondunn.com)

Asia
Kelly Austin – Hong Kong (+852 2214 3788, kaustin@gibsondunn.com)
Connell O’Neill – Hong Kong (+852 2214 3812, coneill@gibsondunn.com)
Jai S. Pathak – Singapore (+65 6507 3683, jpathak@gibsondunn.com)

© 2022 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Click for PDF

On January 31, 2022 the Ministry of Finance of the United Arab Emirates (UAE) announced the introduction of a federal Corporate Tax (“CT”) on business profits, effective from the financial year beginning June 1, 2023.  Pursuant to the aforementioned announcement, the Ministry of Finance published a consultation document to collect and appraise the responses of stakeholders (“Consultation Document”) with regards to the most prominent features of the legislation and its implementation, ahead of the release of the draft CT legislation.  The formal responses to the Consultation Document should be submitted using this form by May 19, 2022.  The Consultation Document can be viewed here.

In this client alert, we provide a summary of the key policy drivers, the key features of the proposed regime, and high level commentary contextualising the potential effects of the legislative reforms on our clients.

Background

The UAE currently does not have a federal CT regime.  CT is determined at an Emirate level through tax decrees.  Currently, at an Emirate level, the UAE only levies corporate tax on oil and gas companies and branches of foreign banks.  Furthermore, the UAE benefits from the presence of more than 40 free zones, which have their own rules and regulations.  Such zones generally afford companies incorporated therein significant tax benefits, making the UAE an attractive jurisdiction from a tax perspective.  Additionally, the UAE does not levy income tax on employment-based income.

Key Policy Drivers

The UAE, as a member of the OECD inclusive framework, is introducing the federal CT regime as a stepping stone to the execution of its commitment to the global minimum effective tax rate concept proposed by Pillar II of the OECD Base Erosion and Profit Shifting project (“OECD BEPS”).[1]  The responsible body of oversight has been designated as the Federal Tax Authority (“FTA”).  In introducing CT, the UAE aims to further its objectives of accelerating its development and transformation by introducing “a competitive CT regime that adheres to international standards, together with the UAE’s extensive network of double tax treaties, [which] will cement the UAE’s position as a leading jurisdiction for business and investment”.[2]  The introduction of CT is also perceived as an important step in diversifying the UAE Government’s budget revenue away from revenues that today are mainly generated from the hydrocarbon industry.  The Consultation Document offers assurances that the CT regime will build on international best practices as opposed to introducing new concepts, in order to ensure the seamless integration and cooperation of the regime with existing international frameworks.

The Consultation Document indicates that the UAE Government has been guided by a set of key principles in its legislative undertaking.  Such principles include: (1) flexibility and alignment with modern business practices, ensuring adaptability to changing socio-economic circumstances; (2) certainty and simplicity of the tax rules to support businesses’ accurate decision-making and cost-effective operation; (3) neutrality and equity, ensuring fair taxation treatment to different types of businesses; and (4) transparency.

The Consultation Document heavily emphasises the UAE’s ongoing commitment to execute BEPS 2.0, noting that “further announcements on how the Pillar Two rules will be embedded into the UAE CT regime will be made in due course.”[3]  No further practical guidance is otherwise offered in the Consultation Document.  In this regard, international entities which may be subject to Pillar II are advised to keep a close eye on developments in the law that are likely to apply to them, to the extent they are taxable entities subject to the UAE CT regime.

Key Features of the Corporate Tax Regime

Taxable Persons

Subject to certain exemptions discussed below, CT will be levied on UAE-incorporated companies such as LLCs, PSCs, PJSCs, and any other legal entities with a distinct legal personality, including, for example, LLPs and partnerships limited by shares.

In line with tax measures in other jurisdictions, CT will be levied on foreign legal entities:  (1) with a permanent establishment (“PE”) in the UAE, and that earn UAE sourced income, or (2) that are tax resident by way of management and control in the UAE.

Unincorporated partnerships and other unincorporated ventures will be deemed ‘transparent’ for UAE CT purposes.  Income of such entities may be taxed in the hands of their partners or members.  Helpfully, in order to tackle the discrepancies in the classification of partnerships (transparent vs opaque) in different jurisdictions, the UAE CT treatment of foreign unincorporated partnerships will defer to the tax treatment of the partnership in the relevant foreign jurisdiction.

Companies and branches registered in free zones will also fall within the scope of the CT regime, and will be subject to tax return filing requirements.  In order to honour existing tax arrangements within free zones, such entities will be subject to a 0% CT rate provided that they maintain adequate substance and comply with all regulatory requirements.  A free zone person with a branch in mainland UAE will be taxed at a regular CT rate on mainland source income while continuing to benefit from the 0% CT rate on its “other income”.  Where a free zone person transacts with mainland UAE but does not have a mainland branch, the free zone person can continue to benefit from the 0% CT rate if its income from mainland UAE is limited to ‘passive’ income (meaning interest and royalties, and dividends and capital gains from owning shares in mainland UAE companies).  The 0% CT rate will also apply to any transactions between free zone entities and their group companies in mainland UAE.  However, payments made to free zone entities by a mainland group company will not be tax deductible.  Furthermore, the Consultation Document notes that, to prevent free zone businesses from gaining an unfair competitive advantage compared to businesses established in mainland UAE, any other mainland sourced income will disqualify a free zone person from the 0% CT regime in respect of all their income.  Once the draft law is released, we expect that free zone registered entities will need to evaluate their existing position and whether they will continue to benefit from the tax exemptions, or whether their position will change in light of the CT law.

Income tax will not be payable by natural persons, provided that they do not engage in business or commercial activity in the UAE.  Taxable natural persons operating through sole establishments or proprietorships or as individual partners in an unincorporated partnership, conducting business in the UAE, will be subject to the CT regime.  The Consultation Document indicates that it remains to be the case that employment based income obtained in the UAE will not be subject to income tax.

Applicable Rates

CT will be charged on the annual taxable income of a business as follows:

• 0%, for taxable income not exceeding AED 375,000;
• 9%, for taxable income exceeding AED 375,000; and
• a different tax rate (not yet specified) for large multinationals that meet specific criteria set with reference to Pillar II of the OECD BEPS.[4] In light of the Consultation Document’s emphasis on the UAE’s commitment to implementing the BEPS 2.0 measures, we expect that the rate will be fixed with reference to the rate finally determined by the OECD.

Exempt Entities

The following list of entities will be exempt from CT, either automatically or by way of application (the method is still undetermined):

1. the federal UAE Government and Emirate Governments and their departments, authorities and other public institutions;
2. wholly Government-owned UAE companies that carry out a sovereign or mandated activity, and that are listed in a cabinet decision;
3. businesses engaged in the extraction and exploitation of UAE natural resources that are subject to Emirate-level taxation (e.g. upstream oil and gas companies);
4. charities and other public benefit organisations that are listed in a Cabinet Decision issued at the request of the Ministry of Finance, upon application of the relevant entity;
5. public and regulated private social security and retirement pension funds; and
6. investment funds, as they are typically organised as ‘flow-through’ limited partnerships. Furthermore, regulated investment funds and Real Estate Investment Trusts can apply to the FTA to be exempt from CT subject to meeting certain requirements.[5]

Residency

As previously indicated, tax residency is a pivotal factor in determining whether business profits will be subject to CT in the UAE.  In furtherance of its objective of achieving certainty, the UAE relies on international principles in determining tax residency.

The Consultation Document notes that a legal person that is incorporated in the UAE will automatically be considered a ‘resident’ person for UAE CT purposes.  Equally, any natural person who is engaged in a business or commercial activity in the UAE, either in their own name or through an unincorporated partnership, will also be considered a resident person for purposes of the UAE CT regime.  A foreign company may be treated as a resident person if it is effectively “managed and controlled” in the UAE.  This will be a question of fact, but the Consultation Document indicates this would “typically look at where the directors or other decision makers of the company make the key management and commercial decisions”.[6]

UAE resident legal persons will be taxed in the UAE on their worldwide income.  Natural persons will only be taxed on income earned from their business activities carried out in the UAE.  However, certain income earned from overseas will be exempt from CT, including income from foreign branches and qualifying foreign shareholdings.  Where income earned from abroad is not exempt, income taxes paid in the foreign jurisdiction can be credited against the CT payable in the UAE on the relevant income to prevent double taxation.

Non-Residents

Non-residents will be subject to UAE CT on taxable income (1) from a PE in the UAE, and (2) which is sourced in the UAE.  The Consultation Document indicates that the law is to refer to the definition of PE outlined in Article 5 of the OECD Model Tax Convention, and the intention is for foreign companies and advisors to be entitled to rely on OECD Commentary when assessing whether they have a PE in the UAE.  Thus, the existence of a PE in the UAE will be determined by reference to whether either there is a “fixed place of business” of, or a “dependent agent” habitually exercising the authority to conclude contracts on behalf of, the non-resident person in the UAE.

Significantly, the Consultation Document notes that the UAE CT regime will allow regulated UAE investment managers to provide discretionary investment management services to foreign customers without triggering a UAE PE for the foreign investor or the foreign investment fund – this investment management exemption will “be subject to conditions that are comparable to similar regimes in leading financial centres”.[7]

Calculating Taxable Income

The UAE CT regime proposes to use the accounting net profit (or loss) position in the financial statements of a business as the starting point for determining taxable income.  IFRS standards are typically used by businesses in the UAE and will form the basis for such assessment, but the CT law will allow for alternative financial reporting standards.

Exemptions & Deductions

The CT law will include a participation exemption from CT on dividends received, and capital gains earned from the sale of shares of a subsidiary company.  The UAE CT regime will exempt all domestic dividends earned from UAE companies, including dividends paid by a free zone registered entity benefitting from the 0% CT regime.  The main condition to benefit from the participation exemption is that the UAE shareholder company must own at least 5% of the shares of the subsidiary company.  This participation requirement remains competitive in comparison with other jurisdictions.  For example, the participation exemption in the UK (the “substantial shareholding exemption”) requires (amongst other things) the shareholder to own at least 10% of the ordinary shares in the subsidiary for a consecutive period of at least 12 months.

In order to remain an attractive tax jurisdiction for international businesses, the UAE will allow for foreign branches of UAE companies (subject to certain conditions) to either (i) claim a foreign tax credit for taxes paid in the foreign branch country, or (ii) elect to claim an irrevocable exemption for their foreign branch profits.

Interest and other financing costs will be deductible for CT purposes.  However, the deductibility of interest will be capped at 30% of a business’ earnings before interest, tax, depreciation, and amortisation (EBITDA), in line with Action 4 of the OECD BEPS project, in order to disincentivise businesses from using excessive levels of debt financing (as opposed to equity financing) in pursuance of a tax benefit.  Interest capping rules will not apply to banks, insurance business and other financial services entities.

Losses

In line with international best practices, a business will be able to offset a loss incurred in one period against the taxable income of future periods, up to a maximum of 75% of the taxable income in each of those future periods.

Tax losses will be able to be carried forward indefinitely provided the same shareholders hold at least 50% of the share capital from the start of the period when a loss is incurred to the end of the period in which a loss is offset against the taxable income.

Groups

A UAE resident group of companies will be able to elect to form a tax group, capable of being treated as a single taxable person (or a fiscal unity) if the parent company holds at least 95% of the share capital and voting rights of its subsidiaries.  To form a tax group, neither the parent company nor any of the subsidiaries can be an exempt person or a free zone entity benefitting from the 0% CT rate, and all group members must use the same financial year.  For other groups of companies which do not meet the 95% threshold, the CT regime will allow the transfer of losses between group companies, provided that they are at least 75% commonly owned.

Whilst no clear indications are given as to the features of the proposed law in respect of business reorganisations, the Consultation Document asserts that such reorganisations are to be undertaken on a tax neutral basis.[8]  Intra-group transfer relief will be available for transfers of assets and liabilities between UAE resident companies that are at least 75% commonly owned, provided the assets and/or liabilities being transferred remain within the same group for a minimum of three years.

To further facilitate corporate restructuring transactions, the UAE CT regime will exempt or allow for a deferral of taxation where a whole business, or independent parts of a business, are transferred in exchange for shares or other ownership interests.

Such features are positive and welcome additions to the CT rules, particularly if other aspects of the CT regime prompt corporate restructurings (please see below with regards to transfer pricing).  Furthermore, group relief is often sought to assist the financing of further mergers and acquisitions, potentially leading to increased activity in the UAE.

Transfer Pricing

Transfer pricing rules are expected to apply to transactions between related and connected persons, in accordance with the principles of the OECD Transfer Pricing Rules.  Therefore, transactions between related or connected parties must be conducted on an arm’s-length basis.

Large business groups, particularly family-owned conglomerates with cross-border operations may need to rethink their group structures and assess their intra-group transactions from a transfer pricing perspective, to ensure that their transactions are indeed conducted on an arm’s-length basis.

Tax Credits

As noted above, UAE resident companies will be subject to UAE CT on their worldwide income, which includes foreign sourced income that may have been subject to tax of a similar nature to CT in another country.  To avoid double taxation, the UAE CT regime will allow a credit for a foreign tax paid in a foreign jurisdiction against the UAE CT liability on the foreign-sourced income that has not been otherwise exempted.

Administrative Aspects

A business subject to CT will need to register with the FTA and obtain a tax registration number within a period of time to be prescribed in the law.  The FTA can also automatically register a business for CT purposes if the person does not voluntarily do so.  Businesses can also deregister if they cease to be subject to CT.  To reduce administrative efforts and costs, businesses will only need to prepare and file one tax return (and other related supporting schedules) with the FTA for each tax period.  A CT return must be filed, and any CT payment made, within nine months of the end of the relevant tax period.

Conclusion

The introduction of CT in the UAE logically follows from the UAE’s role as a member of the OECD inclusive framework, particularly in light of discussions on the global minimum tax proposed by Pillar II.  The proposed tax rate of 9% still remains highly competitive in comparison to other jurisdictions.  In addition, it can be seen from the Consultation Document that the proposed CT regime is based on well-recognised and practiced international principles, making the cost and process of implementing the law relatively efficient for businesses subject to similar regimes in other jurisdictions.  The law will seemingly also maintain some of the most distinct tax benefits of the UAE, for example, the tax benefits afforded to free zone registered entities.  Inevitably, once the regime takes effect, different businesses might want to reconsider their corporate structures in order to avail themselves of the available tax benefits.

We would be happy to help clients consider and review their current corporate structures to assess the impact of the proposed UAE CT rules, and also discuss any opportunities resulting therefrom.

___________________________

[1]   For further information regarding Pillar I and Pillar II of the OECD Base Erosion and Profit Shifting project, please refer to our UK Tax Quarterly Update – February 2022 (pp. 12-16) here.

[2]   Consultation Document, ¶ 2.2.

[3]   Consultation Document, Section 9.3.

[4]   https://u.ae/en/information-and-services/finance-and-investment/taxation/corporate-tax.

[5]   Consultation Document, Sections 3.3 and 3.7.

[6]   Consultation Document, ¶ 4.4.

[7]   Consultation Document, ¶ 4.21.

[8]   Consultation Document, Section 6.3

The following Gibson Dunn lawyers prepared this client alert: Jeffrey Trinklein, Sandy Bhogal, Benjamin Fryer, Hanna Chalhoub, Siham Freihat*, and William Inchbald.

Gibson Dunn’s lawyers are available to assist in addressing any questions that you may have regarding the issues discussed in this update.  For further information, please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Tax or Corporate practice groups, or the following authors:

Jeffrey M. Trinklein – London/New York (+44 (0) 20 7071 4224 /+1 212-351-2344), jtrinklein@gibsondunn.com)

Sandy Bhogal – London (+44 (0) 20 7071 4266, sbhogal@gibsondunn.com)

Benjamin Fryer – London (+44 (0) 20 7071 4232, bfryer@gibsondunn.com)

Hanna Chalhoub – Dubai (+971 (0) 4 318 4634, hchalhoub@gibsondunn.com)

William Inchbald – London (+44 (0) 20 7071 4264, winchbald@gibsondunn.com)

* Siham Freihat is a trainee solicitor in Gibson Dunn’s London office.

© 2022 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Dallas partner Jonathan Whalen and Houston of counsel James Robertson are the authors of “E&P A&D Business Strategies: Getting the Deal Done” [PDF] published by Oil and Gas Investor on April 28, 2022.

When buyers and sellers negotiate acquisition agreements, they often spend a significant percentage of their negotiating time working out the terms of the provisions that govern adjustments to the purchase price. Purchase price adjustment mechanics are also a frequent cause of post-closing disputes between buyers and sellers. In this recorded webcast, Gibson Dunn lawyers and an accounting expert examine purchase price adjustments in detail. The webcast includes discussions of the following:

• A review of the issues that arise in negotiating purchase price adjustment provisions, and drafting tips for corporate counsel
• A discussion of the common sources of post-closing adjustment disputes, and accountants’ views on how these disputes may be resolved
• A litigator’s views on litigating purchase price adjustment disputes

PANELISTS:

Stephen Glover is a partner in Gibson Dunn’s Washington, D.C. office and has served as Co-Chair of the firm’s Mergers and Acquisitions Practice Group. Mr. Glover has an extensive practice representing public and private companies in complex mergers and acquisitions, strategic alliances and joint ventures, as well as other corporate matters. Mr. Glover’s clients include large public corporations, emerging growth companies and middle market companies in a wide range of industries. He also advises private equity firms, individual investors and others.

Michelle M. Gourley is a partner in Gibson Dunn’s Orange County office and is a member of the firm’s Corporate Department. Ms. Gourley practices general corporate and business law, with a focus on mergers and acquisitions and general corporate counseling. Ms. Gourley has significant experience with domestic and international transactions, including acquisitions, mergers, round financings and buy-out options across numerous industries such as manufacturing, medical device and software. Ms. Gourley regularly provides advice to senior management and boards of private companies in connection with their day-to-day operations.

Ron Hauben is senior counsel in Gibson Dunn’s New York office and Co-Chair of the firm’s Accounting Firm Advisory and Defense Practice Group.  Mr. Hauben’s practice focus is on bringing the full scope of the firm’s legal services to the accounting profession, including regulatory enforcement and litigation defense, corporate governance, counseling and advice on a wide range of risk, crisis management and professional practice issues. Mr. Hauben also has extensive experience counseling with public and private company boards and management on the role of independent auditors and the importance of the independent audit to stakeholders and capital markets.

Marshall R. King is a partner in Gibson Dunn’s New York office and is a member of the firm’s Class Actions and Securities Litigation Practice Groups. He has extensive experience in commercial and business litigation matters, with particular focus on securities litigation, bankruptcy litigation, and disputes arising out of acquisitions. He often represents buyers or sellers in disputes arising out of acquisitions and has advised companies in disputes concerning their rights under bond indentures.

Christen Morand is a partner at Ernst & Young LLP in the Forensic & Integrity Services practice. She provides litigation support services and alternative dispute resolution services on a variety of matters, including expert testimony, post-transaction disputes, purchase price disputes and analysis and resolution of transaction or contractual provisions. Ms. Morand’s experience in providing arbitration and expert testimony services includes net working capital disputes, earn-out disputes, GAAP vs historical consistency issues, GAAP vs IFRS issues and other complex accounting issues. She also has experience conducting accounting and financial fraud investigations, including revenue recognition, asset misappropriation and earnings management.

MCLE CREDIT INFORMATION:

This program has been approved for credit in accordance with the requirements of the New York State Continuing Legal Education Board for a maximum of 1.0 credit hour, of which 1.0 credit hour may be applied toward the areas of professional practice requirement.  This course is approved for transitional/non-transitional credit.

Attorneys seeking New York credit must obtain an Affirmation Form prior to watching the archived version of this webcast. Please contact CLE@gibsondunn.com to request the MCLE form.

Gibson, Dunn & Crutcher LLP certifies that this activity has been approved for MCLE credit by the State Bar of California in the amount of 1.25 hour.

California attorneys may claim “self-study” credit for viewing the archived version of this webcast.  No certificate of attendance is required for California “self-study” credit.

Click for PDF

While news about any artificial intelligence-related legal development often remained buried among the more pressing news of other major world events in the first quarter of 2022, that is not to say that nothing notable occurred.  Indeed, each of the three branches of the U.S. Government took a number of significant steps towards developing more focused AI strategies, legislation, regulations, and principles of governance.   As highlighted below in this quarter’s update, Congress, the Department of Defense, the Department of Energy, the Intelligence directorates, NIST, the FTC, and the EEOC all were active players in early 2022 in matters relating to AI.  In addition, the EU continued this quarter in advancing efforts toward a union-wide, general AI policy and regulation, which, if and when ultimately adopted, seems likely to have an influential impact on much of the debate that continues in the U.S. on the need for a national approach.  Meanwhile, state and local governments in the U.S. continue to fill some of the perceived gaps left by the continued piecemeal regulatory approach taken to date by the federal government.

Our 1Q22 Artificial Intelligence and Automated Systems Legal Update focuses on these key efforts, and also examines other policy developments within the U.S. and EU that may be of interest to domestic and international companies alike.

I.  U.S. POLICY & REGULATORY DEVELOPMENTS

       A.   U.S. National AI Strategy

       1.   Department of Defense Announces Release of Joint All-Domain Command and Control Implementation Plan

On March 15, 2022, Deputy Secretary of Defense, Dr. Kathleen Hicks, signed the Department of Defense Joint All-Domain Command and Control (JADC2) Implementation Plan. JADC2 enables the Joint Force to “sense,” “make sense,” and “act” on information across the battle-space quickly using automation, artificial intelligence, predictive analytics, and machine learning to deliver informed solutions via a resilient and robust network environment.  The JADC2 Cross-Functional Team will oversee the execution of the JADC2 Strategy, initially announced in June 2021, and the Implementation Plan.[1]

The unclassified summary of the strategy provides six guiding principles to promote coherence of effort across the Department in delivering JADC2 improvements: “(1) Information Sharing capability improvements are designed and scaled at the enterprise level; (2) Joint Force C2 improvements employ layered security features; (3) JADC2 data fabric consists of efficient, evolvable, and broadly applicable common data standards and architectures; (4) Joint Force C2 must be resilient in degraded and contested electromagnetic environments; (5) Department development and implementation processes must be unified to deliver more effective cross-domain capability options; and, (6) Department development and implementation processes must execute at faster speeds.”[2]

The JADC2 Implementation Plan is classified but is described as “the document which details the plans of actions, milestones, and resourcing requirements.  It identifies the organizations responsible for delivering JADC2 capabilities.  The plan drives the Department’s investment in accelerating the decision cycle, closing operational gaps, and improving the resiliency of C2 systems.  It will better integrate conventional and nuclear C2 processes and procedures and enhance interoperability and information-sharing with our mission partners.”[3]

       2.   Congress Works to Reconcile the America COMPETES Act (passed by the House of Representatives) with a Similar Bill:  the U.S. Innovation and Competition Act (passed by the Senate)

On February 4, 2022, the House voted 222-210 to approve the America Creating Opportunities for Manufacturing, Pre-Eminence in Technology, and Economic Strength Act of 2022 or the America COMPETES Act of 2022, which would allot nearly $300 billion to scientific research and development and improve domestic manufacturing in an effort to boost the country’s ability to compete with Chinese technology.[4]  The vote has triggered some divergence with the Senate, which passed a largely similar bill on June 8, 2021, the United States Innovation and Competition Act of 2021.[5]  House and Senate members have started discussions to resolve the differences between the bills.

Like the U.S. Innovation and Competition Act, the America COMPETES Act identifies artificial intelligence, machine learning, autonomy and related advances as a “key technology focus area;” however, unlike the Senate bill, the America COMPETES Act does not establish a Directorate of Technology to support research and development in the key technology focus areas and does not include provisions comparable to the “Advancing American AI Act” which was intended to “encourage agency artificial intelligence-related programs and initiatives that enhance the competitiveness of the United States” while ensuring AI deployment “align[s] with the values of the United States, including the protection of privacy, civil rights, and civil liberties.”[6]

Instead, the America COMPETES Act relies on the Director of the National Institute of Science and Technology (NIST) “to support the development of artificial intelligence and data science, and carry out the activities of the National Artificial Intelligence Initiative Act of 2020 authorized in division E of the National Defense Authorization Act for Fiscal Year 2021.”[7]  Also, in many instances, the America COMPETES Act incorporates artificial intelligence as an aspect of a broader research objective.[8]

             3.   Office of Science and Technology Policy Seeks Information Ahead of Updating the National Artificial Intelligence Research and Development Strategic Plan

In June of 2019, the Trump Administration last released an update to the National Artificial Intelligence Research and Development (AI R&D) Strategic Plan.[9] The plan set out eight strategic aims:

• Make long-term investments in AI research.
• Develop effective methods for human-AI collaboration.
• Understand and address the ethical, legal, and societal implications of AI.
• Ensure the safety and security of AI systems.
• Develop shared public datasets and environments for AI training and testing.
• Measure and evaluate AI technologies through standards and benchmarks.
• Better understand the national AI R&D workforce needs.
• Expand Public-Private Partnerships to accelerate advances in AI.

The National AI Initiative Act, which became law on January 1, 2021, calls for regular updates to the National AI R&D Strategic Plan to include goals, priorities, and metrics for guiding and evaluating how the agencies carrying out the National AI Initiative will:

• Determine and prioritize areas of artificial intelligence research, development, and demonstration requiring Federal Government leadership and investment;
• Support long-term funding for interdisciplinary artificial intelligence research, development, demonstration, and education;
• Support research and other activities on ethical, legal, environmental, safety, security, bias, and other appropriate societal issues related to artificial intelligence;
• Provide or facilitate the availability of curated, standardized, secure, representative, aggregate, and privacy-protected data sets for artificial intelligence research and development;
• Provide or facilitate the necessary computing, networking, and data facilities for artificial intelligence research and development;
• Support and coordinate Federal education and workforce training activities related to artificial intelligence;
• Support and coordinate the network of artificial intelligence research institutes.[10]

The Office of Science and Technology Policy, on behalf of the National Science and Technology Council’s (NSTC) Select Committee on Artificial Intelligence, the NSTC Machine Learning and AI Subcommittee, the National AI Initiative Office, and the Networking and Information Technology Research and Development National Coordination Office, is currently considering the input provided through comments in order to provide an updated strategic plan to reflect current priorities related to AI R&D.[11]

       4.   NIST is Reviewing Stakeholder Input Relating to Advancing a More Productive Tech Economy to Inform a Report that will be Submitted to Congress

On November 22, 2021, NIST issued a Request for Information (RFI) about the public and private sector marketplace trends, supply chain risks, legislation, policy, and the future investment needs of eight emerging technology areas, including:  artificial intelligence, internet of things, quantum computing, blockchain technology, new and advanced materials, unmanned delivery services, and three-dimensional printing.  The RFI sought comments to help identify, understand, refine, and guide the development of the current and future state of technology in the eight identified emerging technology areas to inform a final report that will be submitted to Congress.[12]  The comments are currently under review and includes policy suggestions and information regarding current technological trends.

       5.   The U.S. Department of Energy (DOE) Announces The Establishment of The Inaugural Artificial Intelligence Advancement Council (AIAC)

On April 18, 2022, the U.S. Department of Energy announced the establishment of AIAC, which will lead artificial intelligence governance, innovation and AI ethics at the department. Through internal and external partnerships with industry, academia, and government, the AIAC will coordinate AI activities and define the Department of Energy AI priorities for national and economic competitiveness and security.  The AIAC members will offer recommendations on AI strategies and implementation plans in support of a broader DOE AI strategy that is led by the Office of Artificial Intelligence and Technologies.[13]  Notably, the DOE also announced on March 24, 2022, that it would issue $10 million in funding for projects in artificial intelligence research to High Energy Physics to support research that furthers understanding of fundamental particles and their interactions by making use of artificial intelligence.[14]

       6.   Intelligence Advanced Research Projects Activity Launches New Biometric Technology Research Program

On March 11, 2022 the Intelligence Advanced Research Projects Activity (IARPA), the research and development arm of the Office of the Director of National Intelligence, announced the Biometric Recognition & Identification at Altitude and Range (BRIAR) program, a multi-year research effort to develop new software systems capable of performing whole-body biometric identification from great heights and long ranges.  The program’s goal is to enable the Intelligence Community and Department of Defense to recognize or identify individuals under challenging conditions, such as from unmanned aerial vehicles (UAVs), at far distances, and through distortions caused by atmospheric turbulence. BRIAR research contracts regarding research objectives have been awarded to several private companies and universities.[15]

       B.   Algorithmic Fairness & Consumer Protection

       1.   FTC Policy

a)   WW International Settlement

On March 4, 2022, the FTC entered into a settlement with WW International, Inc., formerly known as Weight Watchers, and a subsidiary called Kurbo, Inc. over allegations that they collected information from children through a weight loss app.[16]  WW has agreed to pay a $1.5 million penalty and delete personal information it obtained from underage users of the its Kurbo program without parental consent in order to resolve the FTC’s claims that it unlawfully gathered data from thousands of children.

As part of the settlement, WW and Kurbo will also be required to destroy all personal information they’ve already gathered without adequate notice or parental consent from minors through the Kurbo program; delete any models or algorithms they’ve developed using this data; and ensure that, moving forward, parents receive clear and direct notice of the collection, use and disclosure of their children’s information and are able to consent to these practices.

b)   FTC Priorities

Following the WW International settlement, Commissioner Rebecca Slaughter discussed the settlement, and noted that she hoped that the FTC’s increased use of algorithmic destruction as an enforcement tool would lead to discussions between the agency and Congress with respect to legislative or rulemaking action on privacy.[17]

Commissioner Slaughter also addressed the changing landscape following the “devastating” ruling in AMG Capital Mgmt., LLC v. FTC, a 2021 Supreme Court case which curtailed the FTC’s authority under Section 13(b) of the FTC Act to seek monetary redress for consumers.[18]  She noted that the AMG ruling informed the need for rulemaking authority, since consumers relied on the FTC to protect them and seek redress from companies that have violated the law.  Several Senators have introduced bills that would give the FTC the authority to seek restitution in federal district court, but no bills have yet been passed.

The FTC’s recent shift in focus to rulemaking has posed a challenge for the Commission, however, as it has been operating with only a partial slate of four Commissioners, leaving the Commission without a tiebreaker.  The Senate has largely deadlocked in their votes on a fifth Commissioner, but recently advanced the nomination of Alvaro Bedoya, which may allow for an acceleration of rulemaking by the FTC if he is ultimately confirmed.

       2.   Algorithmic Accountability Act of 2022

The Algorithmic Accountability Act of 2022[19] was introduced on February 3, 2022 by Sen. Ron Wyden, Sen. Cory Booker, and Rep. Yvette Clark.  If passed, the bill would require large technology companies across states to perform a bias impact assessment of any automated decision-making system that makes critical decisions in a variety of sectors, including employment, financial services, healthcare, housing, and legal services.  The Act’s scope is potentially far reaching as it defines “automated decision system” to include “any system, software, or process (including one derived from machine learning, statistics, or other data processing or artificial intelligence techniques and excluding passive computing infrastructure) that uses computation, the result of which serves as a basis for a decision or judgment.”  The Act comes as an effort to improve upon the 2019 Algorithmic Accountability Act after consultation with experts, advocacy groups, and other key stakeholders.

       3.   NIST

a)   NIST Releases Initial Draft of a Framework for AI Risk Management

On March 17, NIST released an initial draft of an AI Risk management Framework.[20]  The Framework is “intended for voluntary use in addressing risks in the design, development, use, and evaluation of AI products, services, and systems.”  NIST accepted public comments on this draft framework until April 29, 2022.

b)   NIST Releases Update to a Special Publication Concerning Standards to Manage Algorithmic Bias

Additionally, on March 16, NIST published an update to a previously released publication, Towards a Standard for Identifying and Managing Bias in Artificial Intelligence (NIST Special Publication 1270).[21]  The publication seeks to encourage standards for the adoption of artificial intelligence to help minimize the risk of unintentional biases in algorithms causing widespread societal harm.  The main distinction between the draft and final versions of the publication is the “new emphasis on how bias manifests itself not only in AI algorithms and the data used to train them, but also in the societal context in which AI systems are used.”[22]

       C.   Facial Recognition

Challenges to facial recognition technology have continued in early 2022.

Following bipartisan backlash, the U.S. Internal Revenue Service (IRS) decided to abandon its use of facial recognition software in February 2022.[23]  The IRS intended to utilize the software to authenticate taxpayers’ online accounts by having users uploading a video selfie.  Taxpayers reported frustration with the process and there were a host of security and privacy concerns raised regarding the collection of biometric data.

In March 2022, a federal proposed class action was filed in Delaware alleging that Clarifai Inc. violated the Illinois Biometric Information Privacy Act (BIPA) by accessing plaintiff’s profile photos on OKCupid and using them to develop its facial recognition technology without her knowledge or consent.[24]  The Complaint alleges that Clarifai has gathered biometric identifiers from more than 60,000 OKCupid users in Illinois and claims several violations of BIPA as well as unjust enrichment.  Plaintiff also seeks declaratory and injunctive relief, attorney fees, and statutory damages of up to $5,000 for each violation of BIPA.

Also in March 2022, the District Court for the District of Columbia dismissed a suit challenging the U.S. Postal Service’s use of facial recognition in the Internet Covert Operations Program.[25]  Plaintiff alleged that the U.S. Postal Service’s collection of personal data was unlawful because it failed to conduct a privacy impact assessment regarding data collection.  In addition, plaintiff accused the Postal Service of using Clearview AI’s controversial facial recognition service.  The court, however, made clear that failure to publish a privacy impact assessment is not sufficient to create an information injury for standing.

       D.   Labor & Employment

Employers are soon to be subject to a patchwork of recently enacted state and local laws regulating AI in employment.[26]  Our prior alerts have addressed a number of these legislative developments in New York City, Maryland, and Illinois.[27]  So far, New York City has passed the broadest AI employment law in the U.S., which governs automated employment decision tools in hiring and promotion decisions and will go into effect on January 1, 2023.  Specifically, before using AI in New York City, employers will need to audit the AI tool to ensure it does not result in disparate impact based on race, ethnicity, or sex.  The law also imposes posting and notice requirements for applicants and employees.  Meanwhile, since 2020, Illinois and Maryland have had laws in effect directly regulating employers’ use of AI when interviewing candidates.  Further, effective January 2022, Illinois amended its law to require employers relying solely upon AI video analysis to determine if an applicant is selected for an in-person interview to annually collect and report data on the race and ethnicity of (1) applicants who are hired, and (2) applicants who are and are not offered in-person interviews after AI video analysis.[28]

Washington, D.C. has also stepped into the ring by proposing a law that would prohibit adverse algorithmic eligibility determinations (based on machine learning, AI, or similar techniques) in an individual’s eligibility for, access to, or denial of employment based on a range of protected traits, including race, sex, religion, and disability.[29]  If passed, the law would require DC-based employers to conduct audits of the algorithmic determination practices, as well as provide notice to individuals about how their information will be used.  As noted above in Section II.b., the Algorithmic Accountability Act of 2022 would also impose requirements upon employers.

The U.S. Equal Employment Opportunity Commission (EEOC) remains in the early stages of its initiative that ultimately seeks to provide guidance on algorithmic fairness and the use of AI in employment decisions.[30]  Thus far, the EEOC has completed a listening session focused on disability-related concerns raised by key stakeholders.[31]

       E.   Privacy

The first quarter of 2022 included several interesting developments for artificial intelligence in privacy litigation.  Through its private right of action, a number of Illinois’ Biometric Information Privacy Act (BIPA) lawsuits have been filed in 2022.  These cases promise that BIPA will continue to be the focal point for AI privacy law.

       1.   Specific Personal Jurisdiction

Rule 9 Challenges to the forum’s exercise of jurisdiction over a defendant continue to be a good first option for defendants seeking an early exit from an BIPA-based lawsuit.[32]  A key inquiry for BIPA cases is typically the defendant’s contacts with the forum state.  Indeed, the Northern District recently held that an Illinois plaintiff’s choice to download an app, without much more, failed to create specific jurisdiction.[33]  In that case, Wemagine, a Canadian app developer, allegedly used artificial intelligence to extract a person’s face from a photo and transform it to look like a cartoon.  The Guitierrez court distinguished other cases with a greater connection to Illinois, noting that  the defendant was “not registered to do business in Illinois, ha[d] no employees in Illinois,” did not undertake “Illinois-specific shipping, marketing, or advertising, [n]or sought out the Illinois market in any way” and granted dismissal.[34]

However, while this dismissal tactic may useful, another recent case illustrates how it may only offer temporary reprieve, at least when plaintiffs are motivated to continue the fight elsewhere.  In a BIPA case filed in Illinois federal court, Clarifai, a technology company incorporated in Delaware and based in New York, allegedly accessed OKCupid dating profile images to build its facial recognition database.[35]  However, the Northern District of Illinois held that the company’s profile photo collection from Illinois-based residents and sale of pre-trained visual recognition models to two Illinois customers did not provide sufficient contacts with the state.[36]  Rather than be deterred, Plaintiffs subsequently refiled their complaint in Delaware, Clarifai’s state of incorporation.[37]

       2.   Novel Biometrics

The BIPA litigation landscape often involves technologies that use facial recognition and fingerprints.[38]  However, in 2021, the plaintiffs’ bar also began to explore the potential to use voice recordings, which have proliferated through automated business processing systems, as a foundation for BIPA lawsuits.  Many of these initial lawsuits suffered from factual pleading deficiency issues relating to how the business actually used the audio recording.  In such cases, Plaintiffs cannot simply claim that a defendant recorded a plaintiff’s appearance or voice.  Instead, they must show that the audio was used to create some “set of measurements of a specified physical component . . . used to identify a person.”[39]

The Northern District of Illinois recently emphasized this distinction as applied to audio recordings in deciding a motion to dismiss.[40]  In this case, plaintiff alleged that McDonald’s “deploys an artificial intelligence voice assistant in the drive-through lanes” to facilitate food orders and violated BIPA by collecting voiceprint biometrics.[41]  In assessing how the technology worked, the court noted that:

“[C]haracteristics like pitch, volume, duration, accent and speech pattern, and other characteristics like gender, age, nationality, and national origin—individually—are not biometric identifiers or voiceprints.  They surely can help confirm or negate a person’s identity, but one cannot be identified uniquely by these characteristics alone . . . .”[42]

Noting some skepticism and explicitly drawing inferences in the plaintiff’s favor the court nonetheless held that this was enough to survive a motion to dismiss, stating “[b]ased on the facts pleaded in the complaint . . . it is reasonable to infer—though far from proven—that Defendant’s technology mechanically analyzes customers’ voices in a measurable way such that McDonald’s has collected a voiceprint from Plaintiff and other customers.”[43]

For businesses subject to federal regulation, preemption arguments similar to those pled for fingerprint and facial recognition technologies may also provide a successful strategy to avoid BIPA liability for audio recordings.  In another recent case, American Airlines faced a BIPA complaint for using an interactive voice response software in the airline’s customer service hotline.[44]  The plaintiff alleged that “American’s voice response software collects, analyzes, and stores callers’ actual voiceprints to understand or predict the caller’s request, automatically respond with a personalized response, and ‘trace’ callers” customer interactions.[45]  In response, American argued that the Airline Deregulation Act preempted the BIPA lawsuit.  The court agreed, granting the motion to dismiss on the basis of federal preemption and holding that “[because] the state-law claims directly impact American’s interactions with its customers, and directly regulate the airline’s provision of services, that state law inherently interferes with the [Airline Deregulation Act]’s purpose.”[46]

These cases indicate that the plaintiffs’ bar will continue to think of creative applications for BIPA.[47]

       F.   Intellectual Property

Intellectual property has historically offered uncertain protection to AI works.  Authorship and inventorship requirements are perpetual stumbling blocks for AI-created works and inventions.  For example, in the United States, patent law has rejected the notion of a non-human inventor.  Last year, the Artificial Inventor Project and its leader, Dr. Thaler, made several noteworthy challenges to the paradigm.  First, the team created DABUS, the “Device for the Autonomous Bootstrapping of Unified Sentience”—an AI system that has created several inventions.[48]  The project then partnered with attorneys to lodge test cases in the United States, Australia, the EU, and the UK.[49]  These ambitious cases reaped mixed results, likely to further diverge as AI inventorship proliferates.

DABUS’ attempt to gain protection under a copyright theory recently failed in the United States.  The Copyright Review Board considered the copyrightability of a two-dimensional artwork, created by DABUS, titled “A Recent Entrance to Paradise.”  The board previously refused to register the work in August 2019 and March 2020.  In February, the board rejected a second request for reconsideration and the argument that human authorship was not necessary for registration.  While the specific question of copyright registration appeared to be a matter of first impression and no express requirement for human authorship exists in the Copyright Act, the board explained that “Thaler must either provide evidence that the Work is the product of human authorship or convince the Office to depart from a century of copyright jurisprudence.”[50]  The board reached back to Supreme Court decisions from 1884, which defined an “author” as “he to whom anything owes its origins” and a number of other sources to build a wall against the concept of non-human authorship.  For now, “A Recent Entrance to Paradise” is a dead end under U.S. copyright law.

   II.   EU POLICY & REGULATORY DEVELOPMENTS

The April 2021 European Commission’s proposal for the Regulation of Artificial Intelligence (“Artificial Intelligence Act”) continues to be the focus in the EU regarding AI matters.  Various players, from EU Member States to European Parliament Committees, are publishing suggested amendments and opinions, based on public consultations, to address the underlying shortcomings of the Act.

First, France assumed the Presidency of the Council of the EU in January 2022, a role formerly held by Slovenia, and has circulated additional proposed amendments to the Artificial Intelligence Act, particularly regarding definitions about “high-risk” AI systems.[51]  While the current Artificial Intelligence Act considers risks to “health, safety, and fundamental rights,” to be “high-risk,” some Member States argue that “economic risks” should also be factored in the same category.  Moreover, it was proposed that providers of “high-risk” AI technology should be liable for ensuring that their systems have human oversight under Article 14(4).[52]  Additionally, France suggested that the Commission’s desire for data sets to be “free of errors and complete” under Article 10(3) is unrealistic and that instead datasets should be complete and free of error to the “best extent possible,” which affords some leeway for providers of AI systems.[53]  Ultimately, finding a consensus among all relevant actors regarding the Artificial Intelligence Act is still far away:  indeed, some EU countries have yet to form official positions on the Act.

Second, several European Parliament committees, such as the Committee on Legal Affairs (“JURI”) and the Committee on Industry, Research and Energy (“ITRE”) have published their draft opinions about the Artificial Intelligence Act. After its public consultation in February 2022, JURI published its draft opinion in 2 March 2022: the opinion focuses on addressing the need to balance innovation and the protection of EU citizens; maximizing investment; and harmonizing the digital market with clear standards.[54] ITRE published its draft opinion a day later and called for an internationally recognised definition of artificial intelligence; emphasized the importance of fostering social trust between businesses and citizens; and flagged the need to future-proof the Artificial Intelligence Act given the onset of the “green transition” and continued advancements in AI technologies.[55] Finally, after their joint hearing in 21 March 2022, the European Parliament’s Committee on the Internal Market and Consumer Protection and the Committee on Civil Liberties, Justice and Home Affairs, who are jointly leading the negotiations of the Artificial Intelligence Act, are expected to produce a draft report in April.

Ultimately, the Artificial Intelligence Act continues to be discussed by co-legislators, the European Parliament and EU Member States. This process is expected to continue until 2023 before the Artificial Intelligence Act becomes law.[56]

____________________________

   [1]   U.S. Department of Defense, DoD Announces Release of JADC2 Implementation Plan, U.S. Department of Defense (March 17, 2022), available at https://www.defense.gov/News/Releases/Release/Article/2970094/dod-announces-release-of-jadc2-implementation-plan/.

   [2]   U.S. Department of Defense, Summary of the Joint Command and Control (JADC2) Strategy, U.S. Department of Defense (March 17, 2022), available at https://media.defense.gov/2022/Mar/17/2002958406/-1/-1/1/SUMMARY-OF-THE-JOINT-ALL-DOMAIN-COMMAND-AND-CONTROL-STRATEGY.PDF.

   [3]   U.S. Department of Defense, DoD Announces Release of JADC2 Implementation Plan, U.S. Department of Defense (March 17, 2022), available at https://www.defense.gov/News/Releases/Release/Article/2970094/dod-announces-release-of-jadc2-implementation-plan/.

   [4]   Catie Edmondson and Ana Swanson, House Passes Bill Adding Billions to Research to Compete With China, New York Times (Feb. 4, 2022), available at https://www.nytimes.com/2022/02/04/us/politics/house-china-competitive-bill.html.

   [5]   For more information, please see our Artificial Intelligence and Automated Systems Legal Update (2Q21).

   [6]   H.R.4521, 117th Cong. (2021-2022); S. 1260, 117th Cong. (2021).

   [7]   H.R.4521, 117th Cong. (2021-2022).

   [8]   See id. (“In general.–The Secretary shall support a program of fundamental research, development, and demonstration of energy efficient computing and data center technologies relevant to advanced computing applications, including high performance computing, artificial intelligence, and scientific machine learning.”).

   [9]   For more information, please see our Artificial Intelligence and Automated Systems Legal Update (2Q19).

  [10]   Science and Technology Policy Office, Request for Information to the Update of the National Artificial Intelligence Research and Development Strategic Plan, Federal Register (June 2, 2022), available at https://www.federalregister.gov/documents/2022/02/02/2022-02161/request-for-information-to-the-update-of-the-national-artificial-intelligence-research-and.

  [11]   Id.

  [12]   National Institute of Science and Technology, Study To Advance a More Productive Tech Economy, Federal Register (January 28, 2022), available at https://www.federalregister.gov/documents/2022/01/28/2022-01528/study-to-advance-a-more-productive-tech-economy#:~:text=The%20National%20Institute%20of%20Standards%20and%20Technology%20(NIST)%20is%20extending,Register%20on%20November%2022%2C%202021; comments available at https://www.regulations.gov/document/NIST-2021-0007-0001/comment.

  [13]   Artificial Intelligence and Technology Office, U.S. Department of Energy Establishes Artificial Intelligence Advancement Council, energy.gov (April 18, 2022), available at https://www.energy.gov/ai/articles/us-department-energy-establishes-artificial-intelligence-advancement-council.

  [14]   Office of Science, Department of Energy Announces $10 Million for Artificial Intelligence Research for High Energy Physics, energy.gov (March 24, 2022), available at https://www.energy.gov/science/articles/department-energy-announces-10-million-artificial-intelligence-research-high.

  [15]   Office of the Director of National Intelligence, IARPA Launches New Biometric Technology Research Program, Office of the Director of National Intelligence (March 11, 2022), available at https://www.dni.gov/index.php/newsroom/press-releases/press-releases-2022/item/2282-iarpa-launches-new-biometric-technology-research-program.

  [16]   The Federal Trade Commission, Weight Management Companies Kurbo Inc. and WW International Inc. Agree to $1.5 Million Civil Penalty and Injunction for Alleged Violations of Children’s Privacy Laws, Office of Public Affairs (March 4, 2022), available at https://www.justice.gov/opa/pr/weight-management-companies-kurbo-inc-and-ww-international-inc-agree-15-million-civil-penalty; United States v. Kurbo Inc and WW International, Inc, No. 3:22-cv-00946-TSH (March 3, 2022) (Dkt. 15).

  [17]   Rebecca Kelly Slaughter, Commissioner, Fed. Trade Comm’n, Fireside Chat with FTC Commissioner Rebecca Slaughter, Privacy + Security Forum (March 24, 2022).

  [18]   593 U.S. ___ (2021).

  [19]   117th Cong. H.R. 6580, Algorithmic Accountability Act of 2022 (February 3, 2022), available at https://www.wyden.senate.gov/imo/media/doc/Algorithmic%20Accountability%20Act%20of%202022%20Bill%20Text.pdf?_sm_au_=iHVS0qnnPMJrF3k7FcVTvKQkcK8MG.

  [20]   NIST, AI Risk Management Framework: Initial Draft (March 17, 2022), available at https://www.nist.gov/system/files/documents/2022/03/17/AI-RMF-1stdraft.pdf.

  [21]   NIST Special Publication 1270, Towards a Standard for Identifying and Managing Bias in Artificial Intelligence (March 2022), available at https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1270.pdf.

  [22]   NIST Pres Release, There’s More to AI Bias Than Biased Data, NIST Report Highlights (March 16, 2022), available at https://www.nist.gov/news-events/news/2022/03/theres-more-ai-bias-biased-data-nist-report-highlights.

  [23]   IRS, IRS announces transition away from use of third-party verification involving facial recognition (Feb. 7, 2022), available at https://www.irs.gov/newsroom/irs-announces-transition-away-from-use-of-third-party-verification-involving-facial-recognition.

  [24]   Stein v. Clarifai, Inc., No. 1:22-cv-00314 (D. Del. Mar. 10, 2022).

  [25]   Electronic Privacy Information Center v. United States Postal Service, No. 1:21-cv-02156 (D.D.C. Mar. 25, 2022).

  [26]   For more details, see Danielle Moss, Harris Mufson, and Emily Lamm, Medley Of State AI Laws Pose Employer Compliance Hurdles, Law360 (Mar. 30, 2022), available at https://www.gibsondunn.com/wp-content/uploads/2022/03/Moss-Mufson-Lamm-Medley-Of-State-AI-Laws-Pose-Employer-Compliance-Hurdles-Law360-Employment-Authority-03-30-2022.pdf.

  [27]   For more details, see Gibson Dunn’s Artificial Intelligence and Automated Systems Legal Update (4Q20) and Gibson Dunn’s Artificial Intelligence and Automated Systems Annual Legal Review (1Q22).

  [28]   Ill. Public Act 102-0047 (effective Jan. 1, 2022).

  [29]   Washington, D.C., Stop Discrimination by Algorithms Act of 2021 (proposed Dec. 8, 2021), available at https://oag.dc.gov/sites/default/files/2021-12/DC-Bill-SDAA-FINAL-to-file-.pdf.

  [30]   For more details, see Gibson Dunn’s Artificial Intelligence and Automated Systems Annual Legal Review (1Q22).

  [31]   EEOC, Initiative on AI and Algorithmic Fairness: Disability-Focused Listening Session, YouTube (Feb. 28, 2022) available at https://www.youtube.com/watch?app=desktop&v=LlqZCxKB05s.

[32]    For past examples of these tactic, see, e.g.,  Gullen v. Facebook.com, Inc., No. 15 C 7681, 2016 WL 245910 at *2 (N.D. Ill. Jan. 21, 2016) (holding that no specific jurisdiction existed because “plaintiff does not allege that Facebook targets its alleged biometric collection activities at Illinois residents, [and] the fact that its site is accessible to Illinois residents does not confer specific jurisdiction over Facebook.”).

[33]    Gutierrez v. Wemagine.AI LLP, No. 21 C 5702, 2022 WL 252704, at *2 (N.D. Ill. Jan. 26, 2022) (“There was no directed marketing specific to Illinois, and the fact that Viola is used by Illinois residents does not, on its own, create a basis for personal jurisdiction over Wemagine.”).

[34]    Id. at *3.

[35]    Stein v. Clarifai, Inc., 526 F. Supp. 3d 339 (N.D. Ill. 2021).

[36]    Id. at 346.

[37]    Stein v. Clarifai, Inc., No. 22-CV-314 (D. Del. March 10, 2022).

[38]     See, e.g., Rosenbach v. Six Flags Ent. Corp., 129 N.E.3d 1197 (Ill. 2019) (fingerprints); Patel v. Facebook Inc., 290 F. Supp. 3d 948 (N.D. Cal. 2018) (facial biometrics).

[39]     Rivera v. Google Inc., 238 F. Supp. 3d 1088, 1096 (N.D. Ill. 2017).

[40]     Carpenter v. McDonald’s Corp., No. 1:21-CV-02906, 2022 WL 897149 (N.D. Ill. Jan. 13, 2022).

[41]     Id. at *1.

[42]     Id. at *3 (emphasis added).

[43]     Id.

[44]     Kislov v. Am. Airlines, Inc., No. 17 C 9080, 2022 WL 846840 (N.D. Ill. Mar. 22, 2022).

[45]     Id. at *1.

[46]    Id. at *2.

[47]    Other recent complaints also include a lawsuit against a testing company for hand vein scans that are used to verify test taker identity (Velazquez v. Pearson Education, No. 2022-CH-00280 (Cook Co. Cir. Court Jan. 13, 2022)), AI-powered vehicle cameras that record facial geometry to monitor driver safety (Arendt v. Netradyne, Inc., No. 2022-CH-00097 (Cook Co. Cir. Court Jan. 5, 2022)), and an insurer’s use of an AI chat bot to analyze videos submitted by consumers for fraud (Pruden v. Lemonade, Inc., et al., No. 1:21-cv-07070-JGK (S.D.N.Y. Aug. 20, 2021).

  [48]   The Artificial Inventor Project ambitiously describes DABUS as an advanced AI system.  DABUS is a “creative neural system” that is “chaotically stimulated to generate potential ideas, as one or more nets render an opinion about candidate concepts” and “may be considered ‘sentient’ in that any chain-based concept launches a series of memories (i.e., affect chains) that sometimes terminate in critical recollections, thereby launching a tide of artificial molecules.”  Ryan Abbott, The Artificial Inventor behind this project, available at https://artificialinventor.com/dabus/.

  [49]   Ryan Abbott, The Artificial Inventor Project, available at https://artificialinventor.com/frequently-asked-questions/.

  [50]   Ryan Abbott, Second Request for Reconsideration for Refusal to Register A Recent Entrance to Paradise (Correspondence ID 1-3ZPC6C3; SR # 1-7100387071), United States Copyright Office, Copyright Review Board (Feb. 14, 2022), available at https://www.copyright.gov/rulings-filings/review-board/docs/a-recent-entrance-to-paradise.pdf (emphasis added).

[51]     European Union (French Presidency), Laying Down Harmonised Rules on Artificial Intelligence (Artificial Intelligence Act) and Amending Certain Union Legislative Acts Chapter 2 (Articles 8 – 15) and Annex IV Council Document 5293/22 (12 January 2022), available at https://www.statewatch.org/media/3088/eu-council-ai-act-high-risk-systems-fr-compromise-5293-22.pdf.

[52]     Id.

[53]     Id.

  [54]   European Parliament Committee on Legal Affairs, Draft Opinion on the proposal for a regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain Union Legislative Acts (COM(2021)0206 – C9-0146/2021 – 2021/0106(COD)) (2 March 2022), available at https://www.europarl.europa.eu/doceo/document/JURI-PA-719827_EN.pdf.

  [55]   European Parliament Committee Industry, Research and Energy, Draft Opinion on the proposal for a regulation of the European Parliament and of the Council laying down harmonised rules on artificial intelligence (Artificial Intelligence Act) and amending certain Union legislative acts (COM(2021)0206 – C9-0146/2021 – 2021/0106(COD)) (3 March 2022), available at https://www.europarl.europa.eu/doceo/document/ITRE-PA-719801_EN.pdf.

  [56]   Nuttall, Chris, EU takes lead on AI laws (21 April 2021), available at https://www.ft.com/content/bdbf8d8b-fdcc-410d-9d37-fec99b889f20.

The following Gibson Dunn lawyers prepared this client update: H. Mark Lyon, Frances Waldmann, Tony Bedel, Iman Charania, Kevin Kim, Brendan Krimsky, Emily Lamm, and Prachi Mistry.

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments.  Please contact the Gibson Dunn lawyer with whom you usually work, any member of the firm’s Artificial Intelligence and Automated Systems Group, or the following authors:

H. Mark Lyon – Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com)
Frances A. Waldmann – Los Angeles (+1 213-229-7914,fwaldmann@gibsondunn.com)

Please also feel free to contact any of the following practice group members:

Artificial Intelligence and Automated Systems Group:
H. Mark Lyon – Chair, Palo Alto (+1 650-849-5307, mlyon@gibsondunn.com)
J. Alan Bannister – New York (+1 212-351-2310, abannister@gibsondunn.com)
Patrick Doris – London (+44 (0)20 7071 4276, pdoris@gibsondunn.com)
Kai Gesing – Munich (+49 89 189 33 180, kgesing@gibsondunn.com)
Ari Lanin – Los Angeles (+1 310-552-8581, alanin@gibsondunn.com)
Robson Lee – Singapore (+65 6507 3684, rlee@gibsondunn.com)
Carrie M. LeRoy – Palo Alto (+1 650-849-5337, cleroy@gibsondunn.com)
Alexander H. Southwell – New York (+1 212-351-3981, asouthwell@gibsondunn.com)
Christopher T. Timura – Washington, D.C. (+1 202-887-3690, ctimura@gibsondunn.com)
Eric D. Vandevelde – Los Angeles (+1 213-229-7186, evandevelde@gibsondunn.com)
Michael Walther – Munich (+49 89 189 33 180, mwalther@gibsondunn.com)

© 2022 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.

Click for PDF

On April 25, 2022, the Consumer Financial Protection Bureau announced that it will begin relying upon a “largely unused legal provision” of the Dodd-Frank Act to supervise nonbank financial companies that purportedly pose risks to consumers.  To facilitate that process, the CFPB simultaneously promulgated a procedural rule that authorizes it to publish its decisions about whether certain nonbank entities present such a risk.  The CFPB has stated that it intends for these decisions to provide nonbank entities with guidance about the circumstances in which they may be subject to regulation.  Left unstated is the reality that the threat to publicly designate an entity as posing risks to consumers will provide the CFPB with additional leverage over such entities.

The CFPB’s announcement marks a significant expansion of its supervisory reach.  The CFPB said that it intends to “conduct examinations” of “fintech” companies and “to hold nonbanks to the same standards that banks are held to.”  And it is expected that the CFPB will assert the same authority over crypto firms.  The CFPB’s announcement comes at a time of increasingly intense competition among regulators to assert jurisdiction over fintech and digital assets firms.  Gibson Dunn represents many clients at the forefront of crypto and fintech innovation, and has deep experience challenging over-extension of agencies’ regulatory authority, including by financial regulators.  We stand ready to help guide industry players as the CFPB moves forward with its ambitious plans.

I. The CFPB’s Authority to Regulate Nonbank Entities

Historically, only banks and credit unions were subject to federal financial supervision.  That changed when Congress enacted the Dodd-Frank Wall Street Reform and Consumer Protection Act, Pub. L. No. 111-203, 124 Stat. 1376 (2010).

Under Dodd-Frank, the CFPB has supervisory authority over several categories of nonbank entities, including entities that provide mortgage, private student loan, or payday loan services.  12 U.S.C. § 5514(a)(1)(A), (D)–(E).  In addition, and most relevant here, the CFPB may regulate nonbank entities when it “has reasonable cause to determine”—after providing notice and an opportunity to respond—that the entity “poses risks to consumers” regarding the provision of consumer financial products or services.  Id. § 5514(a)(1)(C).

The CFPB issued a procedural rule in 2013 delineating the risk-determination process, but it has never before used this authority to supervise a nonbank.  As the CFPB’s April 25, 2022 announcement explains, however, that is about to change.  In the announcement, the CFPB said that it will begin exercising its “dormant authority” under Dodd-Frank to supervise nonbank entities—including “fintech” firms—that it has determined pose a risk to consumers.

The Dodd-Frank Act and the CFPB’s implementing regulations detail the risk-determination process and the consequences of being subject to regulation.

• The Risk-Determination Process. The CFPB promulgated detailed procedures for the process it uses to determine whether nonbank entities are a risk to consumers, and thus subject to regulation under Dodd-Frank.  See 12 C.F.R. §§ 1091.100–.115.  Those procedures give the CFPB discretion to initiate the risk-determination process through issuing a “Notice of Reasonable Cause,” id. § 1091.102, or through bringing charges in an adjudicatory proceeding, id. § 1091.111.  Whichever path the CFPB chooses, it must provide notice of the basis for the apparent risk and an opportunity for the nonbank entity to respond.  The CFPB has stated that it may base its risk determinations on “complaints collected by the CFPB, or on information from other sources, such as judicial opinions and administrative decisions,” as well as “whistleblower complaints, state partners, federal partners, or news reports.”  After considering the available evidence and any responses from the nonbank entity, the Director will decide whether it has “reasonable cause” to find a risk to consumers.  The Director’s decision to subject an entity to regulation under Dodd-Frank is subject to review under the Administrative Procedure Act.

• Regulation under Dodd-Frank. If the CFPB determines that a nonbank entity is subject to regulation based on a risk determination, then it faces the same level of regulation as banks.  Among other things, the CFPB can conduct examinations to ensure compliance with consumer financial laws, 12 U.S.C. § 5514(b)(1), require entities to comply with recordkeeping requirements, id. § 5514(b)(7), and is generally vested with exclusive enforcement authority over federal consumer financial laws, id. § 5514(c).  Notwithstanding the formal processes for making risk determinations, entities may also voluntarily consent to regulation under Dodd-Frank.  12 C.F.R. §§ 1091.110(a), 1091.111(a).

• Petition for Termination. In the event the CFPB determines after the Issuance of a Notice of Reasonable Cause that a nonbank entity poses a risk to consumers and is thus subject to regulation under Dodd-Frank, that entity may file a petition before the Director to terminate the decision and escape regulation under the Act.  12 C.F.R. § 1091.113(a).  That petition may be filed “no sooner than two years after” the decision, and only one petition may be filed per year.  Id.  The Director’s decision on a petition qualifies as “final agency action” that may be subject to review under the Administrative Procedure Act.  Id. § 1091.113(e)(3).

II. New Rule Allowing Publication of Risk-Determination Decisions

Accompanying its announcement to begin supervising fintech nonbanks, the CFPB issued a procedural rule amending the risk-determinations procedures.  Supervisory Authority Over Certain Nonbank Covered Persons Based on Risk Determination; Public Release of Decisions and Orders, 87 Fed. Reg. 25397 (proposed Apr. 29, 2022).

As a general matter, materials submitted in connection with a risk determination are considered confidential.  12 C.F.R. § 1091.115(c).  But with this new rule, which took effect on April 29, 2022, the CFPB may in the Director’s discretion publish decisions and orders made during the risk-determination process on the CFPB’s website.  According to the CFPB, this is designed to “increase the transparency of the risk-determination process” and give nonbank entities guidance about how the CFPB will enforce the Dodd-Frank Act moving forward.  Of course, the measure also affords the CFPB an opportunity to make headlines regarding its efforts to bring large, innovative, and/or well-known entities under its supervisory control.  The rule gives the nonbank entity subject to the order or decision an opportunity to file a submission with the CFPB regarding publication of the CFPB’s determination.  The Director also decides whether to publish on the CFPB’s website the decision about whether the risk determination will be publicly released.

The CFPB has requested public comments on the rule, which must be received by May 31, 2022.  Interested parties should consider commenting on the proposal to express any concerns, propose improvements, and to preserve their ability to bring a legal challenge to the rule.  For regulated entities, a challenge to the rule may be preferable to raising objections only after the CFPB has identified the entity by name in a published risk determination.

III. Implications for Fintech and Crypto Companies

The CFPB’s announcement of its intent to begin supervising fintech firms—which is believed to include crypto firms as well—represents a muscular expansion of the agency’s regulatory purview.  It is yet another aggressive action in the young tenure of Director Rohit Chopra—one that has been controversial and generally perceived as hostile to industry.  The consequences for fintech and crypto firms could be significant.  Although much will depend on the vigor with which the CFPB pursues its rediscovered supervisory authority, the CFPB stated that it intends to “conduct examinations” of fintech companies and to hold them to “the same standards that banks are held to.”  Further, the CFPB’s new procedural rule allows the agency to publicize its findings about the risks that a fintech or crypto company poses to consumers before the agency completes an examination of the company, contrary to the confidentiality principles encouraging full and frank communications between an entity and its regulator, which principles lie at the heart of the supervisory process.

The CFPB’s new assertion of jurisdiction is in keeping with the surge of interest among federal regulators in the fintech and crypto industries over the past year.  The SEC, CFTC, FinCEN, Treasury, and other agencies have been jockeying for position to regulate this fast-growing and innovative space.  Absent legislation from Congress clearly defining regulatory roles within the industry, that jockeying is likely to continue.  In March 2022, President Biden issued an executive order directing numerous agencies to evaluate the risks and benefits of digital assets.  The reports resulting from that executive order may only heighten scrutiny of the crypto industry and increase the number of regulators asserting jurisdiction over it.

*    *    *

As the CFPB decides which entities it will seek to regulate under Dodd-Frank, companies can take steps now to begin assessing their compliance with the laws administered by the CFPB.  Gibson Dunn represents many clients at the forefront of fintech, crypto, and blockchain innovation and stands ready to help guide industry players through this new era of CFPB regulation and the growing patchwork of federal regulation.  The Gibson Dunn team has the expertise to provide guidance and develop innovative arguments challenging the CFPB’s authority.  E.g., PHH Corp. v. CFPB, 839 F.3d 1 (D.C. Cir. 2016) (holding that the CFPB was unconstitutionally structured in violation of Article II and that the CFPB violated the APA), on reh’g en banc, 881 F.3d 75, 83 (D.C. Cir. 2018) (en banc) (vacating a $109 million penalty because the CFPB misinterpreted the statute and violated due process by retroactively applying its new interpretation); Bus. Roundtable v. SEC, 647 F.3d 1144 (D.C. Cir. 2011) (defeat of SEC “proxy access” rule).

Gibson Dunn’s lawyers are available to assist in addressing any questions you may have regarding these developments. If you wish to discuss any of the matters set out above, please contact Gibson Dunn’s Crypto Taskforce (cryptotaskforce@gibsondunn.com), or any member of its Financial Institutions, Global Financial Regulatory, Privacy, Cybersecurity and Data Innovation, Public Policy, or Administrative Law teams, including the following authors:

Ryan T. Bergsieker – Partner, Privacy, Cybersecurity & Data Innovation Group, Denver (+1 303-298-5774, rbergsieker@gibsondunn.com)

Ashlie Beringer – Co-Chair, Privacy, Cybersecurity & Data Innovation Group, Palo Alto (+1 650-849-5327, aberinger@gibsondunn.com)

Matthew L. Biben – Co-Chair, Financial Institutions Group, New York (+1 212-351-6300, mbiben@gibsondunn.com)

Michael D. Bopp – Co-Chair, Public Policy Group, Washington, D.C. (+1 202-955-8256, mbopp@gibsondunn.com)

Stephanie L. Brooker – Co-Chair, Financial Institutions Group and White Collar Defense & Investigations Group, Washington, D.C. (+1 202-887-3502, sbrooker@gibsondunn.com)

M. Kendall Day – Co-Chair, Financial Institutions Group, Washington, D.C. (+1 202-955-8220, kday@gibsondunn.com)

Roscoe Jones, Jr. – Co-Chair, Public Policy Group, Washington, D.C. (+1 202-887-3530, rjones@gibsondunn.com)

Eugene Scalia – Co-Chair, Administrative Law & Regulatory Practice Group, Washington, D.C. (+1 202-955-8543, escalia@gibsondunn.com)

Helgi C. Walker – Co-Chair, Administrative Law & Regulatory Practice Group, Washington, D.C. (+1 202-887-3599, hwalker@gibsondunn.com)

Associates Nick Harper and Philip Hammersley also contributed to this client alert.

© 2022 Gibson, Dunn & Crutcher LLP

Attorney Advertising:  The enclosed materials have been prepared for general informational purposes only and are not intended as legal advice.