Bryan Cave Leighton Paisner Retail Blog

Retail Law

Other Posts

Main Content

Retailers Should Consider Whether Behavioral Advertising Is Sale of Information Under CCPA

The California Consumer Privacy Act (“CCPA”) was enacted in early 2018 as a political compromise to stave off a poorly drafted, and plaintiff’s friendly ballot initiative.  Although the CCPA is scheduled to go into force in early 2020, there is a great deal of confusion regarding the requirements of the CCPA, including the degree to which it aligns with other privacy regulations such as the European General Data Protection Regulation (“GDPR”).

To help address that confusion, BCLP published the California Consumer Privacy Act Practical Guide, and is publishing here a multi-part series that discusses the questions most frequently asked by retailers concerning the CCPA

Q. If a website participates in behavioral advertising, does the CCPA require that it disclose that it is “selling” consumers’ information?

The California CCPA requires that a business that “sells” personal information disclose within its privacy policy a “list of the categories of personal information it has sold about

Retailers Should Consider Potential Rewards and Risks of Using APIs

May 14, 2019

Categories

Application programming interfaces, or “APIs,” have become a critical part of ecommerce, and retailers are increasingly finding new and creative ways to use APIs to enhance their offerings and their business.  For example, Kroger deploys an API with information about its groceries, locations, coupons, and loyalty programs.  BestBuy similarly offers APIs to third parties, including one for recommended purchases.  LensCrafters, Williams-Sonoma, and other retailers have further deployed APIs to expand consumer access to their information.  Still, many other retailers are connecting to PayPal and other fintech companies to provide multiple secure checkout options.

This post is the first in a two-part series concerning emerging uses and considerations involving APIs.

The provision of public APIs has exploded in recent years amid ecommerce. More than 60 percent of eBay listings are added via API.  At least 50 percent of Salesforce transactions are via APIs.  Ecommerce service companies Shopify

New California Law Requires Collection of Sales Tax From Third-Party Online Retailers

Under a new California law signed by Governor Gavin Newsom on Thursday, out-of-state online retailers that make more than $500,000 from California sales must collect sales tax from their California customers.

Although the largest online retailers already collect California sales tax, smaller retailers that sell through the sites have not paid state taxes until recently.  The new law clarifies that online sales platforms must collect tax for products sold on their websites even if they come from so-called third-party retailers, but provides an exemption for out-of-state retailers that make less than $500,000 from California sales.

As we previously reported, the U.S. Supreme Court held in South Dakota v. Wayfair that states can tax purchases from out-of-state sellers.  After that ruling, numerous states, including California, took steps to begin collecting sales tax from out-of-state retailers.

On April 1, California started requiring out-of-state retailers to register with the state and begin charging

CPSC Notifies Consumer Product Manufacturers of Possible Data Breach of Safety Information

A number of retailers and manufacturers have recently received notices from the U.S. Consumer Product Safety Commission concerning a possible data breach. The CPSC’s letter advises recipients of an unauthorized release of confidential information that did not go through the procedures of 15 U.S.C. § 2055, also known as “Section 6(b)” of the Consumer Product Safety Act (CPSA).

Section 6(b) is intended to encourage candor between the CPSC and regulated companies, by assuring that sensitive information will be handled under procedures intended to ensure the accuracy and fairness of any disclosure.  Section 6(b) restricts the CPSC’s public disclosure of manufacturer and product specific information, and applies to information from which the public can readily determine the identity of a manufacturer.

The breach appears to concern a mass inadvertent disclosure of nonpublic manufacturer and product specific information.  It appears the information could have been released months ago, but the CPSC only recently

Labor Department Proposes Changes to Minimum Salary for Overtime Exemptions

The United States Department of Labor has issued a notice of proposed rulemaking that would change the minimum salary levels necessary for an employee to be properly classified as exempt from the overtime compensation requirements of the Fair Labor Standards Act.  Under the proposed rule, the minimum salary for most exemptions would rise from $455 per week ($23,660 annualized) to $679 per week ($35,308 annualized).  The minimum annual compensation for the “highly compensated employee” exemption would rise from $100,000 to $147,414.

For employees in the executive, administrative and professional exemptions, the proposed rule would permit nondiscretionary bonuses and incentive payments (including commissions) to satisfy up to ten percent (10%) of the required minimum salary.  In addition, provided that the employee has received at least ninety percent (90%) of the required minimum compensation in each payroll week for 52 weeks, the employer would be permitted to make a single “catch-up” payment

USDA and FDA to Jointly Regulate Cell-Cultured Food Products

The U.S. Department of Health and Human Services’ Food and Drug Administration (“FDA”) and the U.S. Department of Agriculture’s Food Safety and Inspection Service (“FSIS”) formally agreed on March 7 to share regulatory authority over cell-cultured meat products (“CCM”) derived from livestock or poultry.

As we previously reported, regulatory authority over CCM has been a much contested issue. FSIS purports to have jurisdiction over CCM under the Federal Meat Inspection Act (“FMIA”), while FDA purports to have jurisdiction under the Federal Food, Drug, and Cosmetic Act (“FFDCA”). Instead of battling over jurisdiction, the agencies have decided to collaborate – both will have oversight but at different stages of production. Essentially, FDA will oversee the initial stages of production, while FSIS will take on authority during cell harvesting.

While the details have yet to be refined, the agreement broadly allocates the agencies’ respective roles and responsibilities as follows:

Retailers Should Consider Impact of California Consumer Privacy Act on Employee Data

Retailers and other employers with operations in California should be aware of the potential application of the California Consumer Privacy Act (“CCPA”) to data collected about California employees.  Although the CCPA refers to “consumers,” as currently drafted the CCPA’s definition of a “consumer” also will apply to California-based employees.

As we previously reported, the CCPA grants consumers various rights with regard to their personal information held by businesses.  This is part of a multi-part series addressing frequently asked questions concerning the CCPA.

Which employers will have to comply with the CCPA?

Employers with employees in California will need to comply with the CCPA if their business falls into one of the following three categories:

  • Their business buys, sells, or shares the “personal information” of 50,000 “consumers” or “devices”;
  • Their business has gross revenue greater than $25 million; or
  • Their business derives 50% or more of its annual revenue from sharing
  • Avoiding the California Consumer Privacy Act Litigation Tsunami: What Does it Mean to “Do Business” in California?

    Companies that do business in California know that it is a magnet for class action litigation.  The California Consumer Privacy Act (“CCPA”), a new privacy law that applies to data collected about California residents, will provide even more incentive to plaintiff’s attorneys to bring suit in California.

    The CCPA was enacted in early 2018 as a political compromise to stave off a poorly drafted ballot initiative.  Although the CCPA is scheduled to go into force in early 2020, there is a great deal of confusion regarding the requirements of the CCPA, including the degree to which it aligns with other privacy regulations such as the European General Data Protection Regulation (“GDPR”).  To help address that confusion, BCLP is publishing a multi-part series to address the most frequently asked litigation-related questions concerning the CCPA.  BCLP is also working with clients to assess – and mitigate – litigation risks for when the CCPA goes

    Bioengineered Food Disclosure Rules Finalized, Require Disclosure of “Detectable” GMOs

    On December 21, 2018, the U.S. Department of Agriculture’s (USDA) Agricultural Marketing Service (AMS) published its final rule implementing the National Bioengineered Food Disclosure Standard (NBFDS) signed into law by President Obama in 2016.   The NBFDS preempted state and local genetic engineering labeling requirements and charged AMS with developing a national mandatory standard for disclosing the presence of bioengineered (BE) food.  The rule takes effect on February 19, 2019, and implementation will be phased in over the next three years.

    As we previously reported, the NBDS requires food manufacturers, importers of food labeled for retail sale in the U.S. and some U.S. retailers to disclose foods and ingredients produced from foods that are or may be bioengineered.  The final rule defines “bioengineered food” as any food that “contains genetic material that has been modified through in vitro recombinant deoxyribonucleic acid (DNA) techniques and for which the modification

    Public Forums Underway in California Consumer Privacy Act Rulemaking

    January 14, 2019

    Categories

    The California Consumer Privacy Act (“CCPA”), was passed last summer as a compromise to avoid a highly restrictive privacy regime slated to appear on the November 2018 ballot in California.  Amidst much controversy and debate, the California Attorney General’s Office is set to draft implementing regulations for the new law.  As part of that process, six public rulemaking workshops have been scheduled for the public to provide comments and voice concerns.  The first  took place on January 8, 2019 in San Francisco and was attended by a cross-section of trade associations and privacy advocacy groups.  Although the public comments covered a variety of topics, a few themes emerged:

    • Industry groups want to more closely align the CCPA’s provisions with other privacy regulations such as the European Union’s General Data Protection Regulation (“GDPR”). Many businesses have already undertaken the Herculean task of coming into compliance with the EU law.  They

    California Court Grants Nonsuit in Website Accessibility Trial

    A California court has dismissed a website accessibility case shortly after commencing trial, issuing a sua sponte nonsuit on grounds that the defendant credit union’s website is not subject to the ADA.

    Martinez v. San Diego Credit Union, San Diego Superior Court Case No. 37-2017-00024673, would have been the only known website accessibility lawsuit to go to trial in the state of California. Instead, after commencing trial, the Court ordered the parties to submit trial briefs, inquired whether the parties would object to the Court issuing a sua sponte ruling at the outset of the case, and then granted the nonsuit.  In so ruling, the Court advised the parties that it agreed with the defendant credit union’s position that the complaint failed to state facts sufficient to constitute a cause of action, and that it wished to save plaintiff’s counsel the expense of flying its expert witness from the East

    California Joins States Banning Flame Retardants; San Francisco Ban to Take Effect in 2019

    November 16, 2018

    Categories

    California Governor Jerry Brown has signed into law a ban on flame retardants in certain household products. Starting January 1, 2020, it will be prohibited to sell or distribute children’s products, mattresses, and upholstered furniture that contain flame retardants in concentrations above 1,000 parts per million (ppm) in the state of California.

    In addition to banning the sale of products containing flame retardants, the law requires the International Sleep Products Association to survey mattress producers every three years to determine what materials are being used to meet flammability standards.

    The Bureau of Electronic and Appliance Repair, Home Furnishings, and Thermal Insulation is authorized to enforce the new law and adopt implementing rules and regulations.

    In passing the bill, the Legislature cited evidence that flame retardants do little to increase fire safety, and expressed concerns about the link between flame retardants and various health problems, such as developmental problems in children

    FDA Provides Guidance for New Nutrition and Supplement Facts Labels

    On November 5, the FDA released non-binding guidance intended to answer questions related to Nutrition Facts and Supplement Facts Label and Serving Size final rules. As we previously reported, the rules were finalized in May 2016 and initially set a general compliance date of July 2018. The FDA has extended that deadline to January 1, 2020 for manufacturers with $10 million or more in annual food sales. Manufacturers with less than $10 million in annual food sales have an extra year to comply, until January 1, 2021.

    The May 2016 rules require a revamped Nutrition Facts label that, among other things,

    • Increases the type size of certain nutrition information.
    • Requires declaring actual amount, in addition to percent Daily Value, of vitamin D, calcium, iron and potassium.
    • Requires declaring “Added sugars,” in grams and as percent Daily Value.
    • Updates the list of nutrients that are required or permitted.
    • Removes “Calories from

    DOJ Says Online Businesses Have “Flexibility” in How to Make Websites Accessible

    As we reported in June, a bi-partisan assembly of 103 members of the House of Representatives wrote a letter to Attorney General Jeff Sessions and asked the Department of Justice (“DOJ”) to “state publicly that private legal action under the ADA with respect to websites is unfair and violates basic due process principles in the absence of clear statutory authority and issuance by the department of a final rule establishing website accessibility standards.” That letter urged the DOJ to “provide guidance and clarity with regard to website accessibility under the … ADA.”

    On September 25, the DOJ responded to that letter. While the response does not directly address the members’ questions, it does state that the DOJ “is evaluating whether promulgating specific web accessibility standards through regulations is necessary and appropriate to ensure compliance with the ADA.”

    The letter also provides some guidance that could prove useful to retailers

    California Passes Amendments to Consumer Privacy Act

    California Governor Brown recently signed into law SB 1121, which amends the California Consumer Privacy Act of 2018 to provide much-needed relief to retailers and other businesses that collect consumer information. The amendments take effect immediately.

    The California Retailers Association (CRA) worked successfully with other business leaders as part of the Privacy Coalition to secure passage and signature of SB 1121, and will continue to work on a more comprehensive clean-up bill in 2019.

    As we previously reported, the Act grants consumers various rights with regard to their personal information held by businesses, including:

    • The right to request that a business provide it with specific information the business has collected about them, including categories of information sold, and third parties to whom information is sold.
    • The right to request deletion of personal information the business has collected about the consumer. The business must comply unless one

    California Amends Slack Fill Law to Provide Additional Exemptions

    Governor Jerry Brown recently signed into law Assembly Bill 2632, which amended California’s slack fill statute to create several exemptions. This amendment will be an additional hurdle to the plaintiff bar, which has been flooding the courts with slack fill related lawsuits in recent years. These lawsuits, typically filed as class actions, allege that product packaging is misleading to the extent it contains nonfunctional empty space, known as slack fill, which causes consumers to believe they are receiving more of the product than they actually are.

    The new law, which will amend California Business and Professions Code Sections 12606 and 12606.2, includes the following key changes:

    • The amended law exempts packaging sold in a mode of commerce that “does not allow the consumer to view or handle the physical container or product.” It could be argued that this exempts online sales.
    • The amended law exempts product packaging that clearly
    The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.