By

Trademarks in National Parks

A looming trademark dispute involving our national parks illustrates the importance of clarifying trademark ownership.

A looming trademark dispute involving our national parks illustrates the importance of clarifying trademark ownership. Photo by David Liff.  License CC-BY-SA.

Like the giant sequoias, there is a trademark dispute rising out of Yosemite National Park. Delaware North, a concessions powerhouse, has operated the hotels, restaurants, and other concessions in Yosemite since 1993. Their contract is set to expire in 2016, and as other firms line up to bid on the new contract, Delaware North has made clear to the Park Service that it claims to own the intellectual property in the names of famous sites like the Ahwahnee Hotel and Curry Village. The National Park Service disputes this claim, and says that the names, which historians suspect have been in use for over 100 years, belong to the American people. Delaware North claims the IP is worth $51 million, and says it will seek that amount if the Park Service wants to use the names without Delaware North’s permission.

Background on Trademark Law

The situation implicates some core issues of trademark law and serves as a good trademark primer for entrepreneurs unfamiliar with the field. Words, phrases, logos, and other designators of a product’s source are granted protection under federal law via the Lanham Act. While registering a trademark with the federal government grants certain protections and other benefits, one does not need to register a trademark for protection to exist. For both registered and unregistered marks, trademark protection is gained through use of the mark in commerce in a way that serves as a source designator. While registering a mark gives the registrant nationwide priority to the mark over subsequent users, the first user of any mark has rights to it, registration or not, given certain geographical and industry limitations.

Delaware North’s Potential Trademark Rights

Delaware North acquired the trademark registrations from the company from which it bought the Yosemite properties. Delaware North subsequently sold the properties to the National Park Service, but retained assets like furniture, vehicles, and as Delaware North argues, the IP) and began running the concession for the Park Service. Delaware North’s ownership of the registrations in the park properties, however, is not conclusive as to the marks’ rightful owners. As the National Park Service points out, if another party used the mark as a source designator before the registration, they could have rights in the mark. While a party that has not used a mark for more than three years is generally considered to have abandoned the mark, Delaware North should not expect the Park Service and other interested groups to give up easily.

Lessons for Entrepreneurs

The takeaway for entrepreneurs is that trademark rights can become extremely valuable and it is of the utmost importance to establish whether or not you have rights in a mark you are using early on. This can be especially important when partnering with third parties. Entrepreneurs should understand that ownership of tangible property does not necessarily mean that rights in related intellectual property are secured. As a product or service is marketed to the public under a consistent brand, the trademark rights in that brand will likely increase in value. Entrepreneurs should ensure that they have the necessary rights in any brand related to their products or services.

By

Are Trademark Disputes Brewing in the Craft Beer Industry?

The craft beer industry may be ripe for trademark disputes due to the increasing number of breweries, limited number of beer-related puns, and large number of small-scale operations.

Trademark is an important but often overlooked area of the law for new startups and small businesses. Many entrepreneurs believe that merely registering a company with a state as an LLC or Corporation secures trademark rights in the name or brand, while others assume they can secure protection by maintaining a website or social media presence. It is true that each of these steps might help expand protection, but neither will definitively establish the right to prevent others from using a particular mark or independently bestow rights on a company. The lack of understanding has become especially problematic in the expanding market for craft beer, where the exploding number of breweries, limited number of beer-related puns, and large number of small-scale operations have created a veritable minefield of potential trademark issues.

Limited Number of “Punforgettable” Trademarks

One issue stems from the desire to utilize existing pop culture and media to create attention grabbing, punforgettable (see what I did there?) trademarks. “Hoptimus Prime,” “The Empire Strikes Bock,” and “Harry Porter” are certainly memorable, but trading on protected intellectual property and brands can engender lawsuits from big companies with vast resources. These companies are even more likely to bring suits against breweries now that there is some precedent for licensing out popular intellectual property to beer labels (see Game of Thrones branded beer here. 

Local Nature of Early-stage Breweries

A second issue is more problematic because it is difficult to foresee and thus less preventable. The foundation of a trademark infringement claim is customer confusion, and the likelihood of confusion predictably increases when more participants join the market. But when starting out, the primary concern of a small brewery is brewing good beer, and trademark registration is probably doesn’t even enter the mindset of young entrepreneurs trying to keep costs as low as possible. So while a brewery in Oregon may create its own mark independently and believe it to be original, there is no guarantee that a brewery in Massachusetts hasn’t been using the same mark for its own beer. The problem is compounded by the fact that with so many players in the craft beer space, it can be difficult to determine whether someone else is using a mark even if you take the time to search beforehand.

How to Help Protect Yourself

A trademark can be a word, symbol, phrase, design, logo, product packaging, or some combination. The essential requirement is that the mark be used as source designator, so that customers associate the mark with a particular brand or company. For example, Budweiser’s trademarks include its crowned logo and “king of beers” slogan.  Both of these trademarks have been associated with the Budweiser brand, so that when a customer sees them they assume some relationship to Budweiser. For small breweries without the budget for a trademark attorney, the best option to test the availability of a desired mark is to scour the web. First, search the free trademark database and perform a general Google search including your trademark and related terms like “beer,” “brew,” “IPA,” etc. Beer rating sites like beeradvocate.com, which features over 93,000 beer brands, can also be a useful resource for assessing what marks are already being used in the market.

Unfortunately, it may be impossible to know exactly which marks are being used in a fairly regional industry. Since beer can’t generally be sold and shipped to customers across the web, common law trademark protection without registration is far more common, and small breweries may have local clout that doesn’t transcend regions. Still, by performing a few simple searches and conducting due diligence early on, craft beer makers could avoid a lot of potentially ugly legal disputes down the road if business expands and conflicts arise. When thinking long term in any industry, having a memorable mark is great, but avoiding legal disputes is probably better.

By

Updates to Michigan’s Legislative Battle to Permit Ride-sharing Statewide

The Michigan House of Representatives failed to pass on Wednesday HB 5951 which would have permitted ride-sharing companies like Uber and Lyft to operate in Michigan and preempted any more-restrictive local regulations.  The House may take up the bill again today.

The Michigan House of Representatives failed to pass on Wednesday HB 5951 which would have permitted ride-sharing companies like Uber and Lyft to operate in Michigan and preempted any more-restrictive local regulations. The House may take up the bill again today.

We recently overviewed Michigan’s proposed legislation, HB 5951 that would effectively allow ride-sharing services like Uber and Lyft to operate statewide by preempting local regulations. Here is a quick update to the status of this proposed legislation.

Michigan’s House of Representatives Fails to Pass HB 5951 on Wednesday

As reported by MLive, Michigan’s House of Representatives did not pass HB 5951 yesterday.  A House committee approved the bill last week and sent it to the House floor for a vote.  The bill would permit ride-sharing services to operate in Michigan provided they met certain requirements (outlined here) that are largely consistent with Uber’s current practices.

Yesterday, the House failed to pass the bill.  The bill is still alive, however.  Here is what happened, as outlined in the Journal of the House of Representatives for yesterday’s session.

  • The House made certain changes to the bill, including exempting from Michigan’s Freedom of Information Act any list of ride-sharing drivers provided to the state as required by the bill.
  • An amendment was proposed, but failed to pass, that would allow local municipalities to still pass their own ride-sharing regulations, even those more restrictive than state law.  This would effectively strip HB 5951 from having its primary impact (of having uniform state-wide requirements for ride-sharing services).  In particular, the amendment stated:

    Sec. 11. (1) This act does not prohibit a municipality or a group of municipalities that form an authority to regulate transportation network companies under the municipal partnership act, 2011 PA 258, MCL 124.111 to 124.123, or the public transportation authority act, 1986 PA 196, MCL 124.451 to 124.479, from adopting a rule, ordinance, or resolution that is more restrictive than this act.

  • When at least 50 representatives voted against the bill’s passage, the House passed on the agenda item.
  • The House will reconvene at 10am today, December 11, and may take up the bill again.  You can watch a live webcast of today’s House session here.

Opposition from Insurance Industry

Michigan's insurance industry continues to oppose HB 5951.

Michigan’s insurance industry continues to oppose HB 5951.

The insurance industry continues to vigorously oppose the bill in its current form, as laid out in its December 9 letter to the House.  One of their primary complaints is the gap in coverage for a ride-sharing driver who is on duty, but not currently carrying a passenger.

According to the executive director of the Insurance Institute of Michigan, HB 5951 leaves a gap in coverage that “may leave drivers and passengers of ride sharing companies at financial risk.”

In the meantime, all eyes will be on the House floor today to see if an agreement can be reached to allow HB 5951 to pass a House vote.

By

Uber’s Regulatory Drama Continues: Portland Sues Uber

The City of Portland sued Uber on December 8 seeking to enjoin Uber from operating in the city limits.

The City of Portland sued Uber on December 8 seeking to enjoin Uber from operating in the city limits.

Yesterday’s post discussed Michigan’s proposed bill HB 5951 which would implement state regulations permitting ride-sharing services such as Uber and Lyft to operate in the state of Michigan provided they met certain regulations that are largely consistent with Uber’s existing practices.  That bill would preempt various city regulations (such as Ann Arbor’s), some of which conflicted with Uber and Lyft’s existing practices.  Just a few days after Michigan’s house committee approved HB 5951 and recommended the house pass the bill, a strikingly different approach has been taken in Portland, Oregon.

City of Portland v. Uber

On Monday, December 8, the City of Portland sued Uber seeking to enjoin Uber from operating in the city of Portland.  This lawsuit comes just days after Uber began operating in Portland on Friday, December 5.  The conflict involves Portland City Code Chapter 16.40, which requires as follows:

  • “for-hire transportation” drivers must obtain a “for-hire transportation” permit
  • for-hire vehicles must have certain decals and plates
  • taxicabs must adhere to certain fare and meter rates
  • taxicabs must adhere to certain regulations related to wheelchair accessibility
  • for-hire vehicles must maintain certain levels of insurance
  • taxicabs must maintain a dispatch system in operation 24 hours/day
  • taxicabs must service city-wide 24 hours/day, 7 days a week and accept any request received within the city
  • taxicab companies must have at least 15 cabs in their fleet and have at least 2/3 of their fleet in service at all times
  • for-hire vehicles must pass regular inspections
  • for-hire vehicles must be equipped with digital security cameras

According to the City of Portland’s complaint, which can be read here, Uber violates Portland City Code because it:

  • does not hold a valid company permit
  • all prospective Über customers must first download the Uber app and enter into an online agreement under terms dictated by Uber, including a waiver of any and all liability to Uber
  • the customer must provide credit card information to Uber, which is charged, rather than having drivers collect a fare from the customer
  • customers hail an Uber vehicle through the Uber app instead of a human dispatcher
  • the Uber app calculates fares based on time and distance rather than through a certified taxi meter
  • Uber’s drivers and vehicles are personally insured, and Uber does not require its drivers to purchase commercial at insurance
  • Uber does not require its drivers to be certified by the City of Portland
  • Uber’s drivers are not required to be dispatched to all ride requests in the city, but rather only to passengers who can pay via credit card and have access to the Uber app or website to request a vehicle

Portland’s Cease and Desist Letter to Uber

On December 8, the City of Portland sent a cease and desist letter to Uber demanding that Uber cease operations in the city limits.  The cease and desist letter is attached to the complaint as Exhibit A. While there have been varying reports of the city’s enforcement against individual Uber drivers, it does appear the

Support for Uber and Success in Other Markets

As of publication, close to 10,000 individuals have signed a petition to support Uber’s operations in Portland.   Uber remains wildly popular and it generally overcomes the legal obstacles it has faced in other markets.  As previously reported, Uber faced initial obstacles in Ann Arbor and Detroit.  While Ann Arbor sent Uber cease and desist letters, it generally did not crack down on Uber’s operations, and now a Michigan bill is likely to preempt any local regulations.  In Detroit, Uber worked with the city to enter into an operating agreement stipulating how the company could operate in Detroit.

Ride-sharing In and Around Portland

While regulatory issues are nothing new to Uber, the situation in Portland is slightly unique.  Uber is already operating in several cities in close proximity to Portland, for instance, Vancouver Washington.  Additionally, various tweets, such as the one below, were bring broadly disseminated citing the limited availability of traditional taxi services in and around Portland:


 Going Forward

Going forward, the legal questions related to whether Uber is complying with Portland’s City Code appear to be relatively clear:  Uber is not.  As in other cities, this is likely not a legal battle, but rather one of politics and policy.  If Portland desires to have Uber available in its city, it will ultimately amend its city code to provide for transportation network companies such as Uber, to obtain permits to operate in the city.  Alternatively, as happened in Michigan, the state of Oregon could pass statewide regulations that preempt the regulations of any particular municipality, thus permitting Uber to operate statewide as long as it abides by the state-level regulations.

So far, Uber’s tactics of commencing operations and then working out any regulatory hurdles have worked out with staggering success.  Indeed, Uber recently raised another $1.2B at an amazing $40B valuation.  So far, Uber has proven that massive customer acquisition can cure all evils – even legal and regulatory ones.

 

By

Transportation Network Company Bill Supported by Uber Moves to House Vote in Michigan

The Michigan House of Representatives will vote on HB 5951 which would implement state regulations largely consistent with Uber and Lyft's existing practices.

The Michigan House of Representatives will vote on HB 5951 which would implement state regulations largely consistent with Uber and Lyft’s existing practices.

On December 4, Michigan’s House Energy and Technology Committee approved HB 5951.  The bill provides for state regulation of transportation network companies such as Lyft and Uber.  Uber supports the bill because it is consistent with its existing practices.  The bill would supersede any local regulations, such as the city regulations underlying Ann Arbor’s cease and desist letters to Uber and Lyft earlier this year.

Overview of HB 5951

HB 5951 directs the state to issue permits to any transportation network company that meets certain requirements, including:

  • the company carries insurance meeting certain minimum coverage thresholds;
  • drivers are at least 21 years old;
  • each driver maintains a Michigan chauffeur’s license;
  • the company performs background checks on and collects driver history reports from each drive;
  • that each driver vehicle undergoes a yearly safety inspection.

As reported here by Mlive, Michael White, manager of Uber’s Michigan operations, says Uber supports the bill and that Uber’s current practices are largely consistent with the bill’s requirements.

Existing Local Regulations

Currently, various municipalities provide their own regulations purported to cover ride-sharing services such as Uber or Lyft.  For example, as widely reported by outlets such as Business Week and MLive, on May 14 the city of Ann Arbor issued cease and desist letters to Uber and Lyft.  Other cities in Michigan, permitted Uber and Lyft to operate.  For example, Detroit entered into an operating agreement with these companies to permit their operation.  Section 11 of HB 5951 provides: “A local unit of government shall not enact or enforce an ordinance regulating a transportation network company.”  Accordingly, HB 5951 effectively trumps any local ordinances such as those of Ann Arbor seeking to restrict Lyft or Uber from operating.

Uber Urges Support for HB 5951

Beyond Michael White’s strong testimony in favor of HB 5951 at the committee level, today Uber also launched a marketing campaign urging its users to email their state representatives in support of HB 5951.  Michigan Uber users were emailed information about 5951, and a one-click mechanism for emailing the appropriate state representative.

On December 8th, Uber Michigan users received emails from Uber asking for their support of HB 5951.

On December 8th, Uber Michigan users received emails from Uber asking for their support of HB 5951.

HB 5951 Opposition
Not everyone supports HB 5951, however.  As noted here, the taxi industry and  Michigan Municipal league oppose the bill.  Objections include:
  • the bill does not require companies like Uber and Lyft to have large enough insurance policies;
  • the bill is unfair to taxi and limousine services that remain subject to harsher regulations; and
  • the bill may undo some beneficial regulations on limousine services (see the comments here).

In the end, Michigan’s legislature will have the final say.  The bill appears to have momentum and some have noted they expect it to become law before the end of the year.

By

An EGG-cellent Example of How a Law Suit Can Backfire: Unilever v. Hampton Creek

Unilever, maker of Hellman's, sued Hampton Creek for false advertising and unfair competition over its egg-free "Just Mayo" product.

Unilever, maker of Hellman’s, sued Hampton Creek for false advertising and unfair competition over its egg-free “Just Mayo” product.

Hampton Creek, according to its website, is “a company dedicated to [helping everyone] eat delicious food that’s healthier, sustainable, and affordable.”  Earlier this year, Hampton Creek was featured on This Week in Startups where it demonstrated its “Just Mayo” product.

Just Mayo

Just Mayo is an egg-free dressing designed to replace traditional egg-based mayonnaise.  Indeed, one of the main points of Just Mayo, appears to be to avoid the use of eggs.  According to Hampton Creek CEO Joshua Tetrick, eggs are some of the most inefficient food products, requiring an energy to food ratio of 39:1.  Hampton Creek on the other hand achieves an energy to food ratio of 2:1.  According to Tetrick, Just Mayo resulted from two years of research and development by Hampton Creek.

The Lawsuit

Unilever sued Hampton Creek for false advertising and unfair competition.  See the Complaint.

On October 31, 2014, Conopco (a company that does business as Unilever), the maker of Hellman’s mayonnaise, sued Hampton Creek for false advertising and unfair competition under  the Lanham Act (federal law) and various state laws.  According to Unilever, the Food and Drug Administration regulations define “mayonnaise” as “the emulsified semi-solid food prepared from vegetable oil” and containing an “acidifying” ingredient of either (1) vinegar or (2) lemon or lime juice, and an “egg yolk-containing” ingredient.  Unilever also alleges that “mayo” is a commonly understood synonym for “mayonnaise.”  Therefore, according to Unilever, Hampton Creek is falsely advertising its product by calling it “mayo” when it does not include any “egg yolk-containing ingredient.”  See the Complaint here.

False Advertising Under the Lanham Act

False advertising plaintiff’s typically have to prove:

(1) the defendant made a false or misleading statement of fact in a commercial advertisement about a product;

(2) the statement either deceived or had the capacity to deceive a substantial segment of potential consumers;

(3) the deception is material, in that it is likely to influence the consumer’s purchasing decision;

(4) the product is in interstate commerce, and the plaintiff has been or is likely to be harmed by the statement.

Should the case progress, it will be interesting to see how a court addresses the second element above. Just Mayo is specifically and clearly marketed as being egg free.  Therefore, regardless of the FDA’s definition of “mayonnaise” it would seem hard to suggest that Hampton Creek’s “Just Mayo” brand could deceive or have the capacity to deceive a substantial segment of potential consumers looking for traditional egg-based mayonnaise.

The Backlash

Shortly after Unilever initiated its suit, it received significant public backlash.  Well known chef Andrew Zimmerman initiated a petition on Change.org asking Unilever to stop bullying Hampton Creek.  In the word of Zimmerman:

Unilever, a UK-based 60 billion dollar multinational corporation, filed a lawsuit confessing that Hampton Creek is taking away market share from a couple of its products: Hellmann’s and Best Foods. Thus, as Unilever admits, it’s attempting to rely on an archaic standard of identity regulation that was created before World War II to mandate that Hampton Creek removes its products from store shelves.

As of November 20, the petition had over 70,000 online signatures.

Additionally, as reported by One Green Planet, marketing experts have stated that Hampton Creek received over $3M of free product placement based advertising per day in the week following the lawsuit.  Accordingly Hampton Creek received over $21M of marketing benefits in just the first week following the lawsuit.

The Lesson

It will be interesting to see how far Unilever presses the lawsuit.  It is unlikely that they expected this degree of backlash and this outpouring of support for Hampton Creek.  Indeed, given the increasing awareness of the need for sustainable food sources, and allergy-friendly foods, the public opinion appears to be that Hampton Creek is on the right side of history.  Accordingly, filing a lawsuit against a competitor requires much deeper analysis than whether one is likely to prevail on its legal claim.  Here, even if Unilever ultimately prevails on its claims (which is not a certainty, as discussed above), it’s quite possible that Hampton Creek might end up the winner.

By

The Risks of Corporate Incubators May Outweigh the Generous Rewards

Corporate incubators can nurture a small startup with big company resources.

Corporate incubators can nurture a small startup with big company resources.  Photo by Pete Prodoehl.

We have seen a recent wave of fortune 500 companies breaking into the entrepreneurship game by establishing their own corporate incubators – Nike, Google, Microsoft and Samsung just to name a few. This article provides an overview of considerations for whether your start-up should accept an offer to join a corporate incubator.

Overview of Corporate Incubators

Corporate incubators are industry specific accelerators that help start-ups and entrepreneurs build a successful company/product but only within the structure of a large corporation. As compared to the traditional accelerator (e.g. Techstars or Ycombinator) that invest money and resources in a broad array of startups which span many platforms, corporate incubators are designed to help the sponsor build a portfolio of long-term product options, develop offshoots to existing products and generate innovative ideas that can help the sponsor grow its profits.

Why Established Companies Seek to Incubate Startups

Corporate incubators and accelerators are a vital source for idea generation and growth. Particularly for markets that are constantly evolving, an in-house incubator can help large companies pivot and change directions or develop a new business quickly. Even for companies in mature industries where M&A is drying up quickly (i.e. manufacturing or many food & beverage sectors), incubators and accelerators have become a part of their corporate structure to derive new profits. Not only do corporate incubators provide valuable ideas but they can also provide a company with home grown talent if the company runs short on valuable human capital. Given the level of visibility and access corporate executives have to talented young entrepreneurs through the incubator, it is not uncommon for the sponsor to make employment offers from its toy chest full of start-ups.

Benefits to Joining a Corporate Incubator

While joining a corporate incubator may seem like “selling out,” the benefits of a corporate sponsor may be too much temptation for any starry-eyed entrepreneur to resist. Corporate incubators give a start-up access to the company’s vast array of resources such as R&D, legal services, mentorship and often stable financial assistance to help the start-up scale its business. Furthermore, as compared to your typical accelerator or incubator, corporate incubators are generally industry focused and can provide tailored mentorship and resources that even some of the top accelerators such as Ycombinator or Techstars may not have access to. Not only are the resources a substantial benefit but another advantage is that a corporate incubator can immediately place a start-up on the radar of a strategic acquirer. Getting support from a corporate sponsor can be a significant step in the right direction for a start-up and often signals that the entrepreneurs may be on to something big and therefore should think seriously about an offer to join a corporate incubator. Like most things in life, however, there is often no such thing as a free lunch and there some serious challenges that start-ups should be aware of before joining the corporate payroll.

Considerations to Joining a Corporate Incubator

(1)  Make sure you have clean title to your intellectual property

Joining a corporate incubator can be tricky when it comes to IP related issues especially when dealing with who owns any new IP that comes out of the incubation process. Before starting at a corporate incubator, make sure that all IP that has been created by any of the founders or employees has been documented and assigned to the business. While negotiating with a corporation is not easy and offers are often provided on a take-it-or-leave-it basis, try to work with legal counsel to ensure that any and all IP developed while in the incubator belongs to your start-up.

(2)  Corporate bureaucracy can crush a start-up’s flexibility

One of the best aspects of being a start-up is the ability to be nimble and make quick decisions when needed. Large corporations are often not afforded this benefit as their size and governance structure can slow decision-making. If the corporation running the incubator obtains certain veto or control rights in a startup, that startup may lose its ability to make quick decisions. Getting caught up in such corporate bureaucracy and indecision (or a slow and lengthy decision making process) can quickly destroy a budding company. A startup can protect against this risk by closely reviewing the deal documents and avoiding granting the company running the incubator control over important decisions that a startup needs to make quickly (i.e., hiring, product direction, market strategy, issuances of equity to new hires, etc.) If the company running the incubator insists on such control rights, a startup should get to know and staying aligned with the key corporate decision makers and stakeholders.

(3)  Corporate sponsorship may drive away venture capital funding

If you do choose to join a corporate incubator, don’t be surprised if you don’t have too many venture capitalists knocking on your door at the end. While VCs won’t necessarily be bothered by the “selling out” aspect of corporate sponsorship, they will be very concerned about having to deal with XYZ conglomerate as a significant investor not only with a sizeable equity stake but also potentially pro-rata rights and big city corporate lawyers to enforce all the initial investor rights agreed to by the start-up. Even if VCs can get over having to deal with the corporate sponsor, many will be concerned with whether the management team has that magical start-up wherewithal that makes them worth investing in. VCs often view companies in corporate incubators as being hand-held and as a result may not have learned the hard lessons necessary to run and scale a successful business.

Conclusion

Joining a corporate incubator or accelerator can be one the best steps a young and potentially successful company can take and should be given serious thought if such an offer should present itself. It is important, however, to understand the risks of doing so and what it can mean for your company’s brand, image and future opportunities as it starts to take-off. Finally, if you do choose to join a corporate incubator, always always always have a well thought out Plan B in your back pocket as large companies are known for pulling the plug on such corporate programs without much notice even with the slightest downturn in quarterly earnings.

 

 

By

Regulations to be Aware of When Starting a Peer-to-Peer Money Transfer Company

ZackRobockBlogPicDetectiveTransferring money between friends can be a big hassle, and a number of startups are seeking to offer new peer-to-peer money transfer options.  However, given the fungibility of money and increasing concern with terrorist financing, money laundering and fraud, there are a number of regulatory requirements to be aware of.

Companies in the peer-to-peer money transfer industry are generally referred to as “money transmitters.”  Federally, money transmission is defined as “the acceptance of currency, funds, or other value that substitutes for currency from one person and the transmission of currency, funds, or other value that substitutes for currency to another location or person by any means.”  This does not include a company that sells a product or provides a service and accepts money electronically; rather, it applies to the business of facilitating funds transfers from one customer to another customer.  PayPal, Venmo, Western Union, and MoneyGram are some common examples.

First, a money transmitter must comply with state regulations in every state in which it does business – not just the state in which it is organized.  In Michigan, for example, this would entail compliance with the Money Transmission Services Act (“MTSA”), which requires registration and licensing with the Department of Insurance and Financial Services (“DIFS”).  Among other requirements, the MTSA requires that a money transmitter:  (a) have a net worth of $100,000 or more, depending on number of locations (§487.1013(1)); (b) have a surety bond of at least $500,000(§487.1013(5)); and (c) submit a list of all criminal convictions, material litigation and bankruptcy events for each control person of the money transmitter (§ 487.1012(2)).  Money transmitters must pay a $600 investigation fee upon application, plus a $2,500 base license fee, plus an annual license fee set by the DIFS.  Requirements in other states may vary from Michigan’s.

ZachRobockBlogPicMoney

Second, on a federal level, a money transmitter falls under the broader heading of a money service business (“MSB”), which also includes currency exchange, check cashing, traveler’s checks, money orders, and stored value/prepaid cards.  All MSBs must comply with the Bank Secrecy Act (“BSA”), which is designed to prevent and detect money laundering and terrorist financing.  The Financial Crimes Enforcement Network (“FinCEN”) is the federal regulatory agency primarily responsible for BSA compliance.

Under the BSA and related regulations, MSBs must register with FinCEN.  This registration is a bit different than state-level registration; the FinCEN registration is meant to enable MSBs to electronically file certain reports required under the BSA.  MSBs must file currency transaction reports (“CTR”) with FinCEN for any transaction that involves more than $10,000 in currency.  This does not apply to money transfers conducted entirely electronically; it only applies to transactions in which more than $10,000 in physical currency is deposited, withdrawn or exchanged.

The next type of report, a Suspicious Activity Report (“SAR”) is more applicable than CTRs to online money transmitters.  A SAR must be filed with FinCEN if a single transaction (or related series of transactions) appears ‘suspicious’ and equals $2,000 or more.  A transaction is ‘suspicious’ if it appears to:  involve funds derived from or in furtherance of illegal activity; be structured to evade reporting requirements (i.e. the $10,000 CTR threshold); or serve no apparent business or lawful purposes.  An MSB is required to maintain a copy of every SAR filed and the accompanying supporting documentation for a period of five years after filing.  MSBs should also keep records of investigations that do not culminate in a SAR filing in order to demonstrate an effective SAR program.

In addition to SAR-specific recordkeeping, the BSA outlines a number of other recordkeeping requirements, both for recording transactions and identifying customers.  Notably, if the customer (sender or recipient) is not an established customer, then for every transaction, an MSB is required to obtain an identification number (i.e. social security number, alien identification number, passport number) or to record a lack thereof; for in-person transactions, the MSB must also verify the customer’s identity by checking a government-issued identification card.  If the customer is an “established customer” then the MSB need not verify this information for each transaction; however, the definition of established customer requires that customer information – including a social security number (or similar identification) – be kept on file.  ‘Know Your Customer’ (KYC) best practices include verification of customer information at the time of account opening – either by documentary methods (i.e. review of government document) or non-documentary methods (i.e. checking a customer’s Social Security Number against credit reporting agency records); however, an MSB is not explicitly required to verify customer information under the BSA regulations.

Finally, MSBs are required to implement a process to receive, process, and respond to law enforcement requests for information.  Under Section 314(a) of the Patriot Act, certain law enforcement agencies may request information through FinCEN from financial institutions regarding customers or transactions reasonably suspected of involvement in money laundering activities.  An MSB must designate a point person to receive such requests, provide that person’s contact information to FinCEN, and ensure that requests are handled in a timely manner.

 

By

New California “Do Not Track” Privacy Policy Requirements

Do Not Track ImageThe use of tracking software by websites is widespread. Advertising companies and social networks use technology such as cookies to track the websites consumers visit and the route they take from one website to another. For instance, tracking technology can tell the difference between whether you got to a website through a Google search or by clicking on a hyperlink in a news article. Companies can then use this information to build a profile on individuals in order to target advertising on different websites that they visit. Advertising companies are then able to discriminate to different consumers based on the profiles the companies build. Additionally, advertising companies are able to make money by selling these valuable profiles to websites.

The use of this type of tracking software is, as probably expected, controversial. Privacy advocates believe this tracking to be an invasion into web users’ privacy and that the companies doing this tracking fail to adequately disclose the full extent to which this tracking is taking place. These advocates are also concerned with the extent of information tracked, which can include highly sensitive and personal data about health issues, location, and finances. On the other hand, advertisers and companies using the data love the technology because it allows companies to target consumers more accurately and allows advertisers to charge more for better data. This data can be particularly valuable for startups looking to increase the number of users and grow their web presence.

As a result of these concerns, privacy advocates have taken some steps to try and remedy these concerns. Software developers have designed software to try and prevent websites from tracking user activity across the web. The technology works by placing a signal on the users computer that tells websites the user does not want to be tracked. This signal is currently ineffective because there is no requirement that advertisers follow the signal. The World Wide Web Consortium (W3C), an organization that sets standards for the web, created a working group composed of privacy activists, advertisers and others, to try and develop a standard approach to “Do Not Track” signals. In September 2013, however, the effort ended in failure when the constituent parties could not agree on an approach and decided to disband.

Despite the failure of the W3C efforts, once again California leads the way in regulating and shaping regulation of online privacy, this time as it applies to “Do Not Track” signals. California has taken an assertive stance in developing regulations concerning online privacy by passing the Online Privacy Protection Act (CalOPPA) and establishing the Office of Privacy Protection as part the California Department of Justice. Given California’s large and tech-savvy population it is incredibly important for startups to keep apprised of and comply with California privacy regulations as they will almost certainly be operating in the state. In October 2013, Governor Jerry Brown signed into law an amendment to CalOPPA that regulates the use of Do Not Track signals by websites operating within the state. The new amendment is applicable to websites that collect “personally identifiable information” which includes things like name, address, email address, telephone number, or other identifiers that allow the website to contact the user and went into effect January 1, 2014. Rather than requiring that websites comply with Do Not Track signals, the law now requires that websites describe in their privacy policy how they react to “Do Not Track” signals, and indicate whether third parties can collect “personally identifiable information”, if they track user activity, in addition to the previous CalOPPA requirements. Websites may also meet the new requirement by posting a “clear and conspicuous hyperlink” to a description of any program that the website uses to manage online tracking and give the consumer the ability to opt-out. As a result, websites are not forced to cease tracking user activity, but simply requires a website to tell the user what they are doing. Websites who do not comply, are subject to a warning from the California Attorney General requiring the operator to comply within thirty-days and also faces the possibility of lawsuits from the state government and private parties.

The new law has come under fire from both sides of the online privacy debate. Some, such as Eric Goldman, a Professor at Santa Clara University School of Law, argue that the law hurts websites and consumers by imposing additional compliance costs on websites, not providing true disclosure because consumers rarely read privacy policies, and failing to cover all tracking technologies. Others, such as Chris Cronin, an information security professional, argue that the law falls short because it is weak and does not require websites to protect user privacy or comply with “Do Not Track” signals. Regardless, given California’s de facto ability to set national privacy standards and the fact that compliance with the new law is simple, it behooves startups to comply with the new recommendations by amending their privacy policies.

By

COPPA: Protecting Children’s Privacy Online

COPPA is designed to protect the privacy of children, but complying with COPPA can be difficult for startups.

COPPA is designed to protect the privacy of children, but complying with COPPA can be difficult for startups.  Attribution: Mike Licht.

Do you operate a website or app that is targeted at children? Even if your website or app is targeted at a general audience, do you know that you collect some personal information from children? If you answered either of those questions with a “yes” or even a “maybe,” there is a good chance you are subject to the Children’s Online Privacy Protection Act of 1998 (COPPA). Under COPPA, operators of a website or online service directed to children under the age of 13, or who knowingly collect personal information from children under the age of 13, are generally prohibited from collecting this information without parental consent. While there are exceptions and safe harbors to this general rule, compliance can be quite burdensome for start-ups with limited resources.

The Trouble with Verifiable Parental Consent

The Federal Trade Commission (FTC), charged with regulating COPPA, proclaims, “the primary goal of COPPA is to place parents in control over what information is collected from their young children online.” Hence, compliance with COPPA requires some method of obtaining verifiable parental consent for the operator to use, collect, or disclose a child’s personal information. This is the hurdle that trips up most startups falling under COPPA. As you can see below, the process of obtaining this consent is burdensome and inconsistent with the startup’s efforts to onboard new users with as little friction as possible. One FTC-recommended approach requires operators covered by the rule to perform all of the following:

  1. Post a clear and comprehensive online privacy policy describing their information practices for personal information collected online from children;
  2. Provide direct notice to parents and obtain verifiable parental consent, with limited exceptions, before collecting personal information online from children;
  3. Give parents the choice of consenting to the operator’s collection and internal use of a child’s information, but prohibiting the operator from disclosing that information to third parties (unless disclosure is integral to the site or service, in which case, this must be made clear to parents);
  4. Provide parents access to their child’s personal information to review and/or have the information deleted;
  5. Give parents the opportunity to prevent further use or online collection of a child’s personal information;
  6. Maintain the confidentiality, security, and integrity of information they collect from children, including by taking reasonable steps to release such information only to parties capable of maintaining its confidentiality and security; and
  7. Retain personal information collected online from a child for only as long as is necessary to fulfill the purpose for which it was collected and delete the information using reasonable measures to protect against its unauthorized access or use.

As a writer, I will be lucky if you actually read through all seven steps, let alone comprehended what each required for compliance. Now, imagine trying to advise a start-up to implement each of those . . . yeah, right.

Why You Should Comply with COPPA

While there are exceptions to obtaining prior parental consent, they are too narrow for the scope of this post, and unlikely to have much impact on COPPA compliance. So, why should operators care about being subject to COPPA, and how can they reasonably comply? Violators of the rule can be held liable for civil penalties of up to $16,000 per violation, which can add up quickly and debilitate a cash-strapped start-up from moving forward.

Realistic Solutions for Complying with COPPA

1. Don’t Fall Under COPPA by Clearly Avoiding Children User’s – The cheapest and easiest way to comply with COPPA is to simply not fall under the rule in the first place—don’t target children under the age of 13, and ensure that you aren’t collecting personal information from children under the age of 13.

2. “Age-gate” to Avoid Falling Under COPPA – In order to avoid COPPA’s coverage, consider using one of the following free options that utilize an “age gate” function, which requires a user to enter their date of birth in order to certify their age, before entering a website or app:

  1. If the user is under the age of 13, you can just deny their access to the website or app.
  2. If the user is under the age of 13, you can also allow the user to only access the online service through a “safe-mode” that does not collect, use, or disclose a child’s personal information. This means prohibiting a child from setting up any type of account or profile, and requires close monitoring of a child’s activities. For example, any text or input of any kind from a child must be monitored to prevent identification of the anonymous user profile.

3. Use a Safe Harbor Program – One plausible route for obtaining verifiable parental consent is through the FTC-approved COPPA safe harbor programs. Examples of these safe harbor programs include iKeepSafe, KidSAFE, and TRUSTe. While there seems to be some uncertainty surrounding these programs, the prospect of having service providers handle companies’ COPPA compliance is appealing and most likely the direction we are heading. These programs can serve as a portal for parents to read the privacy policies of multiple websites and provide consent, all in one easy-to-use location. Of course, this comes at a cost.

Understandably, some operators will fall under the umbrella of COPPA due to their business model. In this case, it is highly recommended that you consult a COPPA compliance attorney before launching the online service. However, if it is possible to exclude children from your online service, consider the aforementioned approaches for bypassing COPPA.