Bryan Cave Leighton Paisner Retail Blog

Retail Law


Main Content

Biometric and Facial Recognition Lawsuits and Regulation “Face” National Expansion

October 27, 2020


The federal government is looking to put its finger on the pulse of biometric privacy with the proposed National Biometric Information Privacy Act of 2020 (S. 4400) “to regulate the collection, retention, disclosure, and destruction of biometric information.” Class action litigation over biometric privacy has already exploded across the country, so far centering on the alleged use of facial recognition and employee timekeeping technologies. In the last few years alone, cases have been brought on behalf of hundreds of thousands of claimants. If enacted, the National Biometric Information Privacy Act will all but ensure this number increases exponentially. This client alert provides a comprehensive overview of the proposed National Biometric Information Privacy Act and a comparison to other privacy statutes.

Click here to read the article in full.

California Extends Employee and B2B Exemptions under the CCPA

October 13, 2020


Governor Gavin Newson signed into law AB 1281 on September 29, 2020. The bill amends Section 1798.145 of the California Consumer Privacy Act (CCPA), but it only becomes operational if voters do not approve a ballot initiative that amends the CCPA on the November 3rd election—namely, the California Privacy Rights Act (CPRA).

Click here to read the Alert in full.

September 24, 2020 If a business that operates a loyalty program provides a “notice of financial incentive,” is it required to disclose a numeric valuation of the value of a consumer’s data?

September 24, 2020


Not necessarily.

If a loyalty program constitutes a “financial incentive,” the regulations implementing the CCPA require that a business provide a “notice of financial incentives” which, among other things, should include an explanation of how the financial incentive is “reasonably related” to the value of the consumer’s data.1  As part of that explanation, the business is purportedly required to provide a “good-faith estimate of the value of the consumer’s data that forms the basis” for the financial incentive and provide a “description of the method” used to calculate that value.2

The regulations implementing the CCPA indicate that a business may use any “reasonable and good faith method for calculating the value of the consumer’s data” to the business, but instructs the business to at least “consider” the following eight enumerated valuation methodologies:3

  • The marginal value to the business of the sale, collection, or deletion of a consumer’s data;
  • The average value to the business of the sale, collection, or deletion of a consumer’s data;
  • The aggregate value to the business of the sale, collection, or deletion of consumers’  data divided by the total number of consumers;
  • Revenue generated by the business from sale, collection, or retention of consumers’  personal information;
  • Expenses related to the sale, collection, or retention of consumers’ personal information;
  • Expenses related to the offer, provision, or imposition of any financial incentive or price or service difference;
  • Profit generated by the business from sale, collection, or retention of consumers’  personal information; and
  • Any other practical and reasonably reliable
  • Does the CCPA require that the benefits conferred by a loyalty program be “reasonably related” to the value of a consumer’s data to the business?

    September 18, 2020


    Arguably no.

    The CCPA makes clear that a business can offer different prices or rates to consumers as part of a financial incentive program if those different prices or rates are “directly related to the value provided to the business by the consumer’s data.”1  The CCPA does not, however, directly prohibit the offering of a financial incentive if the value provided to the business by the consumer’s data is not “directly related” to the value of the financial incentive.

    The CCPA also states that a business may not, through a financial incentive program (or any other activity), discriminate against a consumer because the consumer “exercised any of [their] rights” under the CCPA (e.g., access, deletion, or opt-out of sale), unless the difference in price, rate, or quality that forms the basis of the discrimination is “reasonably related to the value provided to the business by the consumer’s data.”2

    In commentary published with the issuance of the regulations implementing the CCPA, the California Attorney General informally suggested that the Act might be interpreted as requiring that the benefit provided by all loyalty programs should be “reasonably related to the value of the consumer’s data to the business.”3  The California Attorney General did not explain, however, the basis for his assertion, and such a position would directly conflict with the text of the CCPA (described above) which applies the “reasonable relationship” test only to situations in which “discriminat[ion]” is prompted by the “exercise[] . . . of the consumer’s rights.”4 Furthermore, in other statements made

    California Passes COVID-19 Supplemental Paid Sick Leave Law

    September 17, 2020


    On September 9, California Governor Newsom signed a bill that establishes COVID-19 supplemental paid sick leave (“COVID-19 PSL”) for California workers generally not covered by the federal Families First Coronavirus Response Act (“FFCRA”).

    Important Dates

    Employers are required to begin providing COVID-19 PSL by September 19.

    Employers must also post a notice in their workplace by September 19.  If employees are not physically present in the workplace, the employer may disseminate the notice electronically.

    Starting in the first pay period after September 9, employers must provide notice in a wage statement (or a separate writing provided on pay day) of an employee’s available COVID-19 PSL each pay period.

    The requirement to provide COVID-19 PSL expires on December 31, 2020 or upon the expiration of any federal extension of the Emergency Paid Sick Leave Act established by the FFCRA.

    Covered Employers & Employees

    California’s new law applies to private employers with 500 or more employees in the United States.  It also applies to any public or private entity that employs health care providers or emergency responders and that has elected to exclude such employees from emergency paid sick leave under the FFCRA.

    Workers are entitled to COVID-19 PSL only if they are (1) employed by a covered employer AND (2) leave home to perform work for their employer.

    Reasons for Leave

    Employees are entitled to COVID-19 PSL when they are unable to work because they:

    • are subject to a federal, state, or local quarantine or isolation order related to COVID 19;
    • are advised

    Has the retail industry adopted the “Do Not Sell My Personal Information” link?

    September 2, 2020


    Yes and no.

    While the majority of retailers include a “Do Not Sell My Personal Information” link on their homepage or in their privacy notice, 38.89% do not.1

    For more information and resources about the CCPA visit

    This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions

    1. BCLP, January 2020: Survey of the Retail Industry’s Privacy Practices.

    Virtual DC Summit: 10 Need-to-Know Insights for Uncertain Times

    August 31, 2020


    BCLP’s professionals from our DC office and beyond will explore how the COVID-19 crisis and the upcoming election are impacting key regulatory and administrative areas of law. This virtual meeting will deliver “quick hit” presentations ranging from key election issues to potential changes in trade guidelines to consumer protection policy updates and more.

    During this dynamic virtual event, attendees will have the opportunity to select topics in real time after hearing from our Washington Office Managing Partner, Susan Kovarovics, and Washington-based Senior Policy Advisor Dave Russell on widespread matters of importance. A full list of breakout sessions available through the program is below.

    • Accessibility Issues – presented by Heather Goldman and Merrit Jones
    • Antitrust Compliance and Litigation – presented by Phil Bartz and Jake Kramer
    • DC Emergency Act and Consumer Protection In Financial Services – presented by Ben Saul
    • Employment and Labor – presented by Lily Kurland and Marilyn Fish
    • Federal Enforcement Actions During COVID-19 – presented by Mark Srere, Jennifer Mammen and Terry Pritchard
    • Force Majeure – presented by Alec Farr
    • International Trade – presented by Susan Kovarovics and Megan Barnhill
    • M&A and Corporate Finance – presented by Jonathan Nesher
    • PPP Compliance and Loan Forgiveness – presented by Ashley Ebersole and Rob Klinger
    • Public Policy – presented by Dave Russell

    Date Wednesday, September 16, 2020 Time 9 a.m. to 10:45 a.m. PDT 10 a.m. to 11:45 a.m. MDT 11 a.m. to 12:45 p.m. CDT 12 p.m. to 1:45 p.m. EDT

    Register >

    Do most retailers use third party behavioral advertising cookies?

    August 14, 2020



    As the following chart indicates, there is a wide disparity between the quantity of third party behavioral advertising cookies used by retailers:1

    Greatest Quantity Smallest Quantity Average Quantity 44 2 22.4


    When compared against other industries, the retail sector ranks 1st in their average deployment of advertising cookies.

    For more information and resources about the CCPA visit

    This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

    1. BCLP, January 2020: Survey of the Retail Industry’s Privacy Practices.

    FDA Reaches Voluntary Agreement with Manufacturers to Phase Out Certain Short-Chain PFAS in Food Packaging

    The U.S. Food and Drug Administration has announced that manufacturers of certain per- and polyfluoroalkyl substances (PFAS) used for grease proofing in paper and paperboard for food packaging (for example, as coatings on some fast food wrappers, to-go boxes, and pizza boxes) have voluntarily agreed to phase out sales of these substances for use as food contact substances in the United States, following new analyses of data raising questions about potential human health risks from chronic dietary exposure.

    Starting in January 2021, three manufacturers will begin a three-year phase out of their sales of certain substances that contain 6:2 FTOH for use as food contact substances in the U.S. marketplace.  It may take up to 18 months after the phase-out period to exhaust existing stocks of paper and paperboard products containing these food contact substances from the market. A fourth manufacturer informed the FDA in 2019 that they have stopped sales of their short-chain PFAS products in the U.S. market.

    According to the FDA, this phase out balances uncertainty about the potential for public health risks with minimizing potential market disruptions to food packaging supply chains during the COVID-19 public health emergency.  Earlier this year, FDA scientists published their analyses of studies on certain PFAS used in food packaging. Their analyses of data from rodent studies raised questions about a subset of short-chain PFAS that contain 6:2 fluorotelomer alcohol (6:2 FTOH)

    Have retailers updated their privacy notices for the CCPA?

    August 11, 2020



    The vast majority of retailers updated their privacy notices to account for the CCPA.1 Note that while most institutions updated their privacy notices in relation to the CCPA, many failed to account for all of the substantive requirements of the act.

    For more information and resources about the CCPA visit

    This article is part of a multi-part series published by BCLP to help companies understand and implement the General Data Protection Regulation, the California Consumer Privacy Act and other privacy statutes.  You can find more information on the CCPA in BCLP’s California Consumer Privacy Act Practical Guide, and more information about the GDPR in the American Bar Association’s The EU GDPR: Answers to the Most Frequently Asked Questions.

    1. BCLP, January 2020: Survey of the Retail Industry’s Privacy Practices.

    Proposition 65 – OEHHA Proposes Safe Harbor Concentrations and Blanket Protections for Exposures to Acrylamide and Other Listed Chemicals in Cooked or Heat Processed Foods

    On August 4, 2020, the Office of Environmental Health Hazard Assessment (OEHHA), the lead agency that implements Proposition 65 and has the authority to promulgate and amend regulations, released a proposed regulation providing that intake of listed chemicals formed by cooking or heat processing foods would not represent an exposure for the purposes of Proposition 65 if the concentrations are reduced to the lowest level currently feasible. The proposed regulation would also establish maximum concentration levels for acrylamide in specific foods that are deemed by OEHHA to be the lowest levels currently feasible. Concentrations of acrylamide at or below the level identified for the specified products would not require a warning. Public comments concerning this proposed action must be received by OEHHA by October 6, 2020.

    Proposition 65 prohibits a person in the course of doing business from knowingly and intentionally exposing any individual to a chemical that has been listed as known to the state to cause cancer or reproductive toxicity without first giving clear and reasonable warning to such individual. An exemption from the warning requirement is provided when the exposure is below established safe harbor levels.

    Currently, there are regulatory exceptions from the warning requirement for exposures to naturally occurring chemicals in foods, specific concentrations of naturally occurring arsenic in rice, and for certain exposures to listed chemicals in water or air. The proposed regulation would create an additional exception from the warning requirement for listed chemicals that are unavoidably created in foods during cooking or heat processing and that

    US COVID-19: Risky Business – Navigating Workplace Issues Involving High Risk Employees

    As states across the country see spikes in COVID-19 cases, employers continue to wrestle with how to handle “high risk” employees, i.e., employees who are at an increased risk for severe illness from COVID-19.  Guidance from a variety of agencies on the topic, including the Equal Employment Opportunity Commission (“EEOC”), the Centers for Disease Control and Prevention (“CDC”), and the Occupational Safety and Health Administration (“OSHA”), has been published in waves, leaving many to wonder how this guidance may or may not continue to be relevant.

    Below are six important areas of the law to consider when navigating this evolving landscape.  As a reminder, each individual employee’s circumstances are unique, so while employers should have a consistent procedure in place for triaging high risk employees’ presence in the workplace, employers should also be prepared to develop individualized solutions based on an employee’s specific needs.

  • The Americans with Disabilities Act (“ADA”): Employees with certain underlying health conditions may qualify as “high risk” and thus be entitled to a reasonable accommodation under the ADA.  While accommodations may include a leave of absence or telework arrangement, other possible accommodations include permitting the employee more frequent hygiene breaks, excusing the employee from attending group meetings/gatherings, and reconfiguring the employee’s workspace.  It is important that employers not act unilaterally with respect to implementing accommodations.  Instead, the interactive dialogue process should be used early on to identify what, if any, accommodations an employee may need and/or receive.  As a reminder,
  • US COVID-19: Remember the FMLA: DOL Issues New Q&A on COVID-related FMLA Issues

    July 24, 2020


    With all of the attention being given to COVID-19-related leave under the Families First Coronavirus Response Act (“FFCRA”), we mustn’t forget the (traditional) Family and Medical Leave Act (“FMLA”).  To remind us, the federal Department of Labor (“DOL”) recently issued new FMLA Q&A on COVID-19-related subjects.

    COVID-19 Testing:  The DOL clarified that the FMLA’s “reinstatement” requirement does not interfere with an employer’s ability to require all employees to take a COVID-19 test before coming to the office.  (See Q&A #13.)  This is because employees who have taken FMLA leave are still subject to the same actions that would have applied to the employee had the employee not taken FMLA leave.

    For BCLP discussions about what the federal Equal Employment Opportunity Commission (“EEOC”) has said about COVID-19 related testing, see this blog post on 4 Takeaways from the EEOC’s New Guidance on Antibody Testing, Older Workers, and Accommodations and this one on EEOC Updates COVID-19 Guidance, Permitting Employers To Administer COVID-19 Tests and Clarifying Accommodation Obligations.

    Telemedicine:  The DOL clarified that, until December 31, 2020, and in light of the current pandemic-related demands on health care providers and PPE/supplies, “telemedicine” visits will count as “in-person visits” for FMLA purposes.  (See Q&A #12.)  This decision is significant because one of the common categories of serious health condition under the FMLA – “incapacity plus treatment” – requires certain “in-person” visits to a health care provider.  According to the DOL, a telemedicine visit will constitute an in-person visit as long as it:

    • Includes an

    US COVID-19: New FFCRA Q&A – Return to Work Issues

    July 22, 2020


    On July 20, as part of a barrage of new guidance relating to the Families First Coronavirus Response Act (“FFCRA”), Family and Medical Leave Act (“FMLA”), and Fair Labor Standards Act (“FLSA”), the federal Department of Labor (“DOL”) issued four new FFCRA Q&As relating to “return to work” issues.

    Three of the new Q&As (95-97) explain the interconnection between FFCRA leave and furlough:

    • Hours of FFCRA leave taken prior to furlough count against an employee’s total FFCRA leave entitlement (i.e., the fact that an employee took FFCRA leave and subsequently was furloughed does not mean that the employee’s FFCRA entitlement starts over upon return to work);
    • Hours/weeks on furlough do not count against an employee’s FFCRA entitlement;
    • Post-furlough requests for FFCRA leave should be treated as “new” requests for FFCRA leave (i.e., employees should be required to provide appropriate documentation in support of post-furlough leave requests); and
    • Employers may not make furlough decisions (such as which employees to recall from furlough) based on a desire to avoid providing FFCRA leave.

    The remaining new Q&A (94) relates to the “reinstatement” obligation under the FFCRA.  While recognizing that employees who take protected FFCRA leave are, generally, entitled to be restored to their same or equivalent position when returning from leave, the DOL clarifies that employers may take certain steps to reduce potential exposure of employees in the workplace.

    Specifically, in regards to an employee who took Paid Sick Leave under the FFCRA to care for a family member who was

    FTC Deceptive Advertising Health Claims Settlement – Scientific Proof Required

    July 1, 2020


    “Treats Chronic Pain… Clinically Proven… Smart Device… Approved by the FDA…” These are all claims the Federal Trade Commission (FTC) says defendants made advertising the Willow Curve, a low-level light therapy device  (LLLT), and all of which the FTC says are false and deceptive. In a settlement announced June 25, 2020, the Willow Curve LLLT device defendants will be subject to a $22 million judgment which includes penalties being paid by two individual physicians who led the involved company LLCs. Defendants also will be prohibited from future allegedly deceptive refund and native advertising campaigns.

    “’When LLLT sellers say their devices will relieve pain, they’d better have the scientific proof to back it up,” said Andrew Smith, Director of the FTC’s Bureau of Consumer Protection, in a June 25 press release. ‘People looking for drug-free pain relief deserve truthful information about these products.’”

    FTC Complaint Causes of Action. The complaint asserts  the following six counts against defendants which target all aspects of the allegedly improper marketing and sales of the product.

  • False or Unsubstantiated Efficacy Claims
  • False Proof Claims
  • False Claims About FDA’s Review
  • Deceptively Formatter Advertisements
  • Defendants’ Provision of Means and Instrumentalities of Deception
  • False Refund and Risk-Free Claims
  • The complaint also contains substantial snapshots of advertising and marketing materials, including scripting of infomercials, native content “research” materials, and alleged testimonials.

    All of the claims are based on alleged violations of the Federal Trade Commission (FTC) act, specifically  Sections 5(a) and 12, 15 U.S.C. §§ 45(a) and 52,

    Managing Counter-Party Risk in the Pandemic – Part III:

    Part III: Supplier considerations: Assessing and leveraging your leverage

    As most global markets attempt a return to normal (or a new form of normal) business, it is hard to imagine a sector or an industry that isn’t already reeling from the effects of the past three months. Getting back on your feet is hard enough in the current environment, without having to worry about further setbacks impacting your business. But how would you react if your key supplier called tomorrow to let you know that they were insolvent and unable to provide you with goods or services? Worse, what if you had already placed (and paid for) a large order with them that was critical to your ability to continue business?

    In addition to the customer risk mitigation measures we looked at in Part II of this series, management needs to have in place systems and options to avoid the impact of supply-chain risk. Continuously monitoring your supply chain is essential during this period, to avoid the risk of your suppliers’ misfortunes infecting your own business (particularly for your critical suppliers and those for which there doesn’t appear to be a possible replacement).

    But what is the legal position? What can (and can’t) you do if you catch wind that your key supplier is about to pull down the shutters? In the US, a termination provision in your supply agreement allowing you to terminate for insolvency or bankruptcy events (so-called ipso facto clauses) is completely unenforceable. In fact, any

    The attorneys of Bryan Cave Leighton Paisner make this site available to you only for the educational purposes of imparting general information and a general understanding of the law. This site does not offer specific legal advice. Your use of this site does not create an attorney-client relationship between you and Bryan Cave LLP or any of its attorneys. Do not use this site as a substitute for specific legal advice from a licensed attorney. Much of the information on this site is based upon preliminary discussions in the absence of definitive advice or policy statements and therefore may change as soon as more definitive advice is available. Please review our full disclaimer.