Retail and Consumer Products Law Roundup - November 2018

Manatt, Phelps & Phillips, LLP

In This Issue:

  • California Now Requires Female Directors on Public Company Boards
  • From New York to Florida, Use Reviews With Caution
  • Card Networks and Merchants Reach New Settlement Terms
  • Pet Insurance Call Was an Ad Under the TCPA
  • Drivers’ Class Action Against Uber Crashes Into Arbitration
  • Website Needs Privacy, Sweepstakes Tweaks, CARU Recommends

California Now Requires Female Directors on Public Company Boards

By Katherine J. Blair, Partner, Capital Markets | Craig D. Miller, Partner, Financial Services Transactions

In a groundbreaking move to bring gender diversity to the boardroom, on Sept. 30, 2018, Governor Jerry Brown signed California Senate Bill 826 (SB 826), which amends the California Corporations Code to require public companies headquartered in California to have a minimum number of female directors on their board of directors.

SB 826 requires that, by no later than the end of 2019 (calendar year), all publicly held domestic and foreign corporations whose principal executive offices are located in California (based on a company’s most recent annual report on Form 10-K) and whose shares are listed on a major United States stock exchange (Public Companies) must have a minimum of one female director. According to SB 826, “female” means an individual that self-identifies as a woman, without regard to the individual’s designated sex at birth.

By the end of 2021, Public Companies must meet the following additional board requirements (the Board Requirements):

  1. If a Public Company’s number of directors is six or more, the Public Company must have a minimum of three female directors;
  2. If a Public Company’s number of directors is five, the Public Company must have a minimum of two female directors; and
  3. If a Public Company’s number of directors is four or fewer, the Public Company must have a minimum of one female director.1

SB 826 authorizes the California Secretary of State to impose fines for any violation of these requirements. These fines include (i) $100,000 for failing to timely file board information with the Secretary of State relating to compliance with SB 826, (ii) $100,000 for an initial violation of the Board Requirements, and (iii) $300,000 for any second or subsequent violation of the Board Requirements. In addition, the Secretary of State will publish the names of Public Companies that fail to meet SB 826’s requirements, which we anticipate will garner media coverage.

What to do now?

  • Public Companies should review the composition of their board of directors to assess whether they currently satisfy the bill’s requirements.
  • In addition, Public Companies should closely review their articles of incorporation and bylaws to determine whether their authorized number of directors (including any established range of directors) is sufficient to accommodate the required number of female directors and/or whether an amendment to the articles or bylaws may be required to be submitted to a shareholder vote.
  • Finally, Public Companies should also consider the impact of SB 826 in their proxy disclosures regarding how diversity is assessed in choosing their board composition, as currently required by SEC proxy regulations.

In signing SB 826, Governor Brown stated, “I don’t minimize the potential flaws that indeed may prove fatal to [the bill’s] ultimate implementation.” The constitutionality of SB 826 will undoubtedly be challenged by multiple groups and its applicability to corporations incorporated in other states (including Delaware) will be a source of further discussion in the courts, but for now, California is setting a high bar in its efforts to increase the number of women who are board decision makers for Public Companies.

1. We note that the bill is unclear as to the effect of vacancies in determining the number of required female directors relative to overall number of directors.

From New York to Florida, Use Reviews With Caution

By Richard P. Lawson, Partner, Consumer Protection

An enforcement action by the New York Attorney General’s Office and a lawsuit from the Federal Trade Commission (FTC) provide an important reminder about making adequate disclosures when using online reviews.

In New York, online attorney rating site Avvo reached a deal with AG Barbara D. Underwood that requires the company to revise its attorney rating system and improve its consumer disclosures. Previously, Avvo relied on attorneys to voluntarily provide the information used in their profiles (such as background or type of practice) that determined their rankings on a scale from 1 to 10, the AG explained.

As a result, attorneys who shared their information received higher ratings than those who elected not to participate and post information to the site, the AG alleged. Despite this, Avvo did not disclose to consumers the content and limit of its ratings system and instead claimed it was “unbiased.”

Pursuant to its agreement with the AG’s Office, Avvo’s site now tells users “clearly and conspicuously” that its ratings model relies on information attorneys add to their profiles and that the company does not independently collect all available information that could increase an attorney’s ratings.

Avvo will no longer refer to its ratings as “unbiased,” and the company promised to pay the state $50,000 to cover the costs of the AG’s investigation.

The FTC also had online reviews in its crosshairs as one of several problems with defendant Roca Lab’s advertising. In 2015, the agency filed suit against Roca Labs, its related corporate entities and two individuals for violations of Section 5 of the FTC Act. The agency alleged that Roca Labs made false and unsubstantiated weight loss claims, that it misrepresented that one of its promotional websites was an objective information website, and that it ignored its privacy promises by disclosing consumers’ personal health information in public court filings and to banks and payment processors.

Specific to online reviews, the defendants failed to disclose their financial ties to individuals who posted positive reviews about their products, the FTC said. The defendants solicited testimonials by offering to pay up to $1,000 to customers who met certain conditions (such as achieving a certain interim weight loss goal and demonstrating that loss in “before & after” pictures). Not only did the defendants not disclose that the people in the testimonials were paid, but they failed to reveal that employees were also directed to post positive reviews of the products on third-party blogs and websites.

In addition, the defendants sued and threatened to sue consumers who complained or shared their negative experiences online, and they enforced a nondisparagement or “gag clause” contained in their online terms and conditions that attempted to prohibit customers from publishing disparaging comments about the company or its products. The terms stated that the purchase price was “conditional” or “discounted” in exchange for the customer’s agreement to the gag clause, leaving the customer on the hook for the full price of the product ($1,580) and an additional $100,000 penalty if he or she breached the gag clause.

Last month, a federal judge in Florida granted summary judgment in the FTC’s favor on all counts. She agreed with the agency that the enforcement of the “gag clauses” to stop consumers from posting negative reviews was an unfair practice in violation of the FTC Act, and she entered a permanent injunction against the defendants.

“Because defendants admittedly suppressed negative information about the products and because … the absence of negative information could make a consumer more inclined to purchase Roca Labs products, the court finds that defendants’ practices have caused or were likely to cause substantial injury to consumers,” U.S. District Judge Mary Scriven wrote.

The court ordered supplemental briefing on the issue of the amount of the defendants’ $26.6 million in gross sales that should be awarded to the FTC for consumer redress.

To read the New York AG’s Office announcement of the Avvo settlement, click here.

To read the order in Federal Trade Commission v. Roca Labs, Inc., click here.

Why it matters: The two cases send a powerful message to advertisers that both state and federal regulators are keeping a close eye on reviews to ensure that necessary disclosures are being made. “My office will continue to protect New York consumers and ensure they get the transparency and accurate information they deserve,” New York AG Underwood said in a statement, while the FTC will pursue monetary penalties against Roca Labs based in part on its deceptively published online reviews.

Card Networks and Merchants Reach New Settlement Terms

By Anita L. Boomstein, Partner, Global Payments | Lisl J. Dunlop, Partner, Antitrust and Competition

Will the second time be the charm? Two credit card networks and merchants representing the class suing them reached a revised agreement to put an end to a 13-year-old antitrust class action concerning the interchange fees merchants must pay and the card network rules imposed on merchants.

Although the second proposed settlement attempts to circumvent the problems the court found with the first, merchants may still be unhappy with the result.

What happened

The highly publicized and protracted legal battle—more than 40 putative class complaints were filed in 2005—centers on allegations by merchants that the card networks violated the antitrust laws by engaging in a conspiracy to fix interchange fees and impose restrictions on merchants to prevent them from steering customers to cheaper, alternative forms of payment.

In 2012, the parties sought approval for a $7.25 billion settlement of the litigation. Reduced to $5.7 billion after thousands of class member merchants opted out of the agreement, the settlement involved two classes of merchants: one class receiving monetary relief and a second class entitled to injunctive relief. The settlement agreement did not provide for any opt-out rights for the second class of merchants, and would have extinguished any future claims that the networks’ rules (as altered by the injunction) were anticompetitive.

U.S. District Judge John Gleeson signed off on the original deal over vociferous objections from numerous class members. The objectors argued that the settlement agreement failed to provide an adequate solution for merchants because it did not include any reduction in or limits on interchange rates or fees, and only very limited changes to the restrictive rules.

Also, merchants generally could not benefit from the limited injunctive relief because they were unwilling or unable due to state laws to pass swipe fees directly on to customers via surcharges. In addition, merchants protested that the settlement required them to give an overly broad general release of all claims against the card networks relating to fees and card network rules.

The U.S. Court of Appeals for the Second Circuit reversed approval in 2016, holding that the two classes of merchants had conflicting interests and could not be represented by the same counsel. The panel also disapproved of the release, which was deemed unduly broad in that it, among other things, continued in perpetuity.

Returning to the drawing board, and after several mediation sessions, the parties have now reached a second settlement valued at potentially $6.2 billion (but no less than $5.56 billion). While most of the funds to pay the claims already have been set aside, the card networks will add $900 million in additional funds (subject to reductions for opt-outs capped at $700 million) to pay the merchants’ claims.

If approved, the settlement would be the largest-ever class settlement fund in an antitrust action, according to the Memorandum in Support for preliminary approval of the settlement, and it “is subject to none of the problems that led the Second Circuit to reject” the prior settlement.

The new settlement attempts to circumvent the problem of the inadequate representation of the injunctive relief class by removing injunctive relief from the settlement at this time. Approval of the proposed settlement is not contingent on the resolution of the claims of the injunctive relief class. It remains unclear when, and on what terms, any injunctive relief will be agreed on. Another change is that the release will now be in effect for only five years from the date the settlement receives final court approval and is somewhat narrower in that the future effect or continuation of rules-related claims is left to the injunctive relief settlement.

Noting that every stage of the litigation has been “fiercely contested” and “already consumed enormous resources of the parties and the courts for more than 13 years,” the Memorandum in Support requested that the court grant preliminary approval of the deal.

Why it matters

In this second iteration, the parties have attempted to solve some of the problems found in the first settlement by limiting the agreement to money damages only and allowing the injunctive relief class separately to negotiate a settlement, and by limiting the duration of the general release to five years. However, the many merchants that objected or opted out of the first settlement are likely to reject this one, as it fails to address the enormous financial burden merchants carry from interchange fees or contain any promise to change network rules as they apply to merchants.

Pet Insurance Call Was an Ad Under the TCPA

By Christine M. Reilly, Partner, TCPA Compliance and Class Action Defense | A. Paul Heeringa, Counsel, Financial Services Group

A call promoting pet insurance made to a recent kitten adopter constituted an “advertisement” pursuant to the Telephone Consumer Protection Act (TCPA), an Illinois federal court has ruled.

In Legg v. PTZ Insurance Agency, Ltd., one of the defendants, Pethealth, offered various services related to pet adoption and pet insurance. One service offered by its subsidiary defendant PTZ Insurance Agency (PTZ) is an initial 30-day free gift of pet health insurance. The gift is offered to adopters of pets from PTZ’s partner animal shelters, generally for pets that have a microchip implanted for safety.

During the adoption process, adopters fill out paperwork providing the shelter with their name, address, email address and telephone number. The paperwork provides that unless adopters opt out, they may be sent information and special offers by mail or email regarding products or services that may be of interest to them.

Adopters are sent at least two emails reminding them of the 30-day gift. In addition, they receive at least two prerecorded robocalls.

The “Day Two Call” stated: “Hi from the 24PetWatch Insurance Team. This is a friendly reminder to please confirm your 30-day gift of insurance if you haven’t done so already. It’s easy—check your inbox for the 24PetWatch email, click on the link and confirm your gift. If you have already confirmed, press 1 now to speak to a representative to extend your gift for [] days at absolutely no cost to you. Have a great day, and congratulations on adopting your new best friend.”

Slightly different, the “Day Six Call” stated: “Hello. We’re calling from 24PetWatch Pet Insurance to remind you that when you adopted your pet, you were given a 30-day gift of insurance and you only have [] day[] to activate it. Protect your pet from the unexpected and press 1 now to activate it or call [].”

Plaintiff Christopher Legg adopted a kitten from the Florida Humane Society in November 2014. As part of the adoption process, the kitten was fitted with a microchip and registered with 24PetWatch. The paperwork Legg completed specified only mail or email communications, but he did not opt out of receiving the offers.

Legg claimed he received four prerecorded calls on his cellphone from the defendants, offering the 30-day free gift. He filed suit under the TCPA and moved for summary judgment, arguing that the defendants made unsolicited advertising calls to his cellphone without his express written consent. The defendants countered that calls were simply reminders of a free gift and neither included the commercial availability of any product.

U.S. District Judge Robert W. Gettleman of the Northern District of Illinois considered each call in turn to reach a mixed decision.

The Federal Communications Commission’s (FCC) implementing regulations make it unlawful to use a prerecorded voice to initiate a call to a cellular phone that “includes or introduces an advertisement … other than a call made with the prior express written consent of the called party.” The regulations define an “advertisement” as “any material advertising the commercial availability or quality of any property, goods or services.”

The Day Two Call “does more than simply remind the recipient of the free gift,” Judge Gettleman said. “It points the recipient to an email sent from 24PetWatch.”

That email provided: “Dear Christopher Legg, You have only 24 hours left to confirm your 24PetWatch 30-day Gift of Insurance. Click here to confirm your gift now before this offer expires. Don’t forget that new adopters are also eligible for an $8.95 credit towards one of our comprehensive insurance policies; please call one of our agents at [] to find out about this upgrade today!”

“This email obviously touts the commercial availability of a product and constitutes an advertisement as defined by the regulations,” the judge wrote. “Because the Day Two Call introduces this email, the court concludes that the Day Two Call is an advertisement that requires prior express written consent. The court rejects defendants’ argument that it cannot look beyond the content of the calls to demonstrate that they are advertisements. The regulation prohibits calls that include or introduce an advertisement.”

As Legg pointed out, numerous courts have held that communications are advertisements when the call “leads” the recipient to other materials, Judge Gettleman said, citing decisions from federal courts in the District of Columbia and Illinois.

“Consequently, because the court concludes that the Day Two Call is an advertisement and requires express written consent, which plaintiff undisputedly did not give, plaintiff would be entitled to statutory damages for each Day Two Call he received,” the court wrote. “As noted, however, it is unclear how many, if any, such calls plaintiff received.”

Judge Gettleman reached a different conclusion, however, with respect to the Day Six Call, which made no reference to any email or other material. “That call was simply a reminder that the recipient had already received the free gift and that there were a limited number of days left to activate it,” the court wrote. “The call itself neither includes nor introduces the commercial availability of any product.”

Although the plaintiff argued that the Day Six Call directed recipients to “press 1,” which connected them to a sales agent who pitches defendants’ insurance products, the judge was not convinced. “But what happens when a recipient presses 1 (plaintiff did not) is hotly contested and cannot support a finding on summary judgment that the call constitutes an advertisement,” the court said.

Because the Day Six Call was not an advertisement, the defendants did not need express written consent to place it. They did need prior express consent in some form, the court said, but failed to establish they had it.

“All of the paperwork and computer screen shots indicate, however, that [the] communications would be by ‘mail or email,’” Judge Gettleman wrote. “Defendants have no evidence that even remotely suggests, let alone would support a jury verdict, that plaintiff Legg ever expressly agreed to receive pre-recorded telephone communications.”

Unable to demonstrate a genuine issue for trial, the court granted summary judgment in favor of the plaintiff, awarding statutory damages of $2,000 for the four calls. The court trebled the damages to $6,000, as the defendants did not respond to Legg’s argument that the violations were willful and knowing.

To read the memorandum opinion and order in Legg v. PTZ Insurance Agency, Ltd., click here.

Why it matters: As we previously reported, the court had denied class certification in this case based on the predominance of individualized issues of consent, but the defendants were not able to walk away with a second victory. Instead, Judge Gettleman found that one of the two calls did constitute an advertisement under the TCPA, and while the second did not, the defendants lacked the necessary consent and were therefore liable under the statute, with trebled damages.

Drivers’ Class Action Against Uber Crashes Into Arbitration

Why it matters

Uber drivers seeking to be classified (and compensated) as employees and not independent contractors were dealt a blow by the U.S. Court of Appeals, Ninth Circuit when the federal appellate panel reversed class certification and ordered the drivers to arbitration. The litigation began in 2013. Over the years, multiple class actions were consolidated and worked their way through the court system, including making a prior visit to the Ninth Circuit. In that ruling, the panel held that arbitration agreements between the drivers and Uber were neither substantively nor procedurally unconscionable and that the agreements delegated the threshold question of arbitrability to the arbitrator. With that background in mind, the Ninth Circuit granted Uber’s motion to compel arbitration, reversing the district court. The mere fact that the lead plaintiff opted out of arbitration did not bind the other drivers, the court said. In light of this conclusion, the court also decertified the class of approximately 160,000 drivers.

Detailed discussion

Douglas O’Connor and a fellow Uber driver filed a putative class action complaint against the company in August 2013, alleging claims for failure to remit the entire gratuity paid by customers to drivers in violation of California Labor Code Section 351 and for misclassifying the drivers as independent contractors and failing to pay their business expenses (including vehicles, gas and maintenance) in violation of California Labor Code Section 2802.

After several similar suits were consolidated with the original complaint, a California federal court judge certified a class of roughly 160,000 drivers in September 2015.

The court later ruled that the arbitration agreements signed by some of the drivers in 2014 and 2015 were unenforceable on public policy grounds, relying on the California Supreme Court’s decision in Sanchez v. Valencia Holding Co., because they contained a waiver of claims under the Private Attorneys General Act (PAGA).

Uber argued that the nonseverable PAGA waiver didn’t ban all PAGA claims but only prevented such claims from being arbitrated, with the blanket PAGA waiver found in a different section of the agreement that was severable. But the court disagreed.

The defendant appealed to the U.S. Court of Appeals, Ninth Circuit, telling the federal appellate panel that the 2014 and 2015 arbitration agreements featured an opt-out provision and that drivers who failed to exercise this choice should not be permitted to avoid the results. The court agreed and reversed the district court’s denial of Uber’s motion to compel arbitration. The agreements were not unconscionable, the court said, and the relevant provisions in the agreements delegated the threshold question of arbitrability to the arbitrator.

On remand, the district court upheld the class certification order and denial of the motion to compel arbitration for that class. Back before the Ninth Circuit, the federal appellate panel unequivocally ruled that the denial of Uber’s motions to compel arbitration must be reversed, rejecting the drivers’ alternative arguments that the arbitration agreements are unenforceable.

The drivers contended that the lead plaintiffs “constructively opted out” of arbitration on behalf of the entire class, but the court was not persuaded this was possible. “Nothing gave the O’Connor lead plaintiffs the authority to take that action on behalf of and binding other drivers,” the panel wrote, finding that the drivers’ only legal authority—a Georgia Supreme Court decision—relied on state law grounds and did not discuss the Federal Arbitration Act (FAA), which “requires courts to enforce agreements to arbitrate according to their terms.”

Alternatively, the drivers argued that the arbitration agreements were unenforceable because they contained class waivers in violation of the National Labor Relations Act (NLRA). This position was rejected by the Supreme Court earlier this year in Epic Systems v. Lewis, when a divided Court held that employers may require employees, as a condition of employment, to enter into arbitration agreements that contain class or collective waivers.

“In sum, the district court’s orders denying Uber’s motions to compel arbitration … must be reversed,” the panel said. In light of this ruling, the court also decertified the class created by the district court.

“Certification of the class by the district court … was premised upon the district court’s conclusion that the arbitration agreements were not enforceable,” the court explained. “The class as certified includes drivers who entered into agreements to arbitrate their claims and to waive their right to participate in a class action with regard to those claims. … [T]he question whether those agreements were enforceable was not properly for the district court to answer. The question of arbitrability was designated to the arbitrator.”

The panel reversed the denial of the motions to compel arbitration as well as the class certification orders.

To read the opinion in O’Connor v. Uber Technologies, Inc., click here.

Website Needs Privacy, Sweepstakes Tweaks, CARU Recommends

By Jesse M. Brody, Partner, Advertising, Marketing and Media

A coding website directed to kids should modify its privacy practices and include the odds of winning a sweepstakes in a disclosure in order to achieve compliance with both the Children’s Online Privacy Protection Act (COPPA) and the Self-Regulatory Program for Children’s Advertising, the Children’s Advertising Review Unit (CARU) has recommended.

Operated by Kano Computer Ltd., the website offers step-by-step toolkits that teach users how to program and code their own computers, among other products. According to the website, users can “Make apps, hack hardware, create games or code works of art” and “Share, learn from a cool community and remix friends’ ideas.”

The website also features the Kano World portal, where users can register, share their Kano creations and communicate with other users. In order to share and send messages, users must create a Kano World account. During the registration process, the site prompts a user: “Go find your mum or dad! Ask a parent, teacher or guardian to help (it’ll take less than a minute).”

However, the registrant is free to join without verifying that he or she has an accompanying adult, by simply clicking the “Join” button. The registrant is also asked for an email address and must accept the website’s terms and conditions. Although an email address is collected, no email is sent to notify the parent or guardian about information practices or that the child has registered.

At the bottom of its website, Kano advertises a sweepstakes offer: “Sign up to our newsletter to win a Computer Kit Complete. You’ll also receive the latest news, offers and projects straight to your inbox.” Users can enter and submit their email address, again without parental notification.

Based on its review of the site, CARU determined that the operator did not comply with the CARU Guidelines or COPPA with regard to privacy practices, and failed to clearly disclose the odds of winning a sweepstakes as required by the CARU Guidelines.

COPPA and the CARU Guidelines require that services use a reliable method of parental consent, and during its review, the self-regulatory body observed there was no privacy practice notice sent to parents or any attempt to obtain verifiable parental consent.

“CARU recommended that the Operator implement [a Federal Trade Commission (FTC)]-approved method for obtaining verifiable parental consent,” according to the decision. “The Operator informed CARU that it is currently working with legal counsel to implement more stringent rules to comply with COPPA and the General Data Protection Regulation (GDPR).”

Turning to the sweepstakes problem, CARU emphasized that it is “especially sensitive to children’s inherent vulnerabilities and recognizes that sweepstakes have the potential to enhance the appeal of products to children. As such, special care should be taken when using sweepstakes to guard against exploiting children’s immaturity.”

The CARU Guidelines specifically require that the likelihood of winning must be clearly disclosed, in language readily understandable to the child audience, with disclosures such as “Many will enter, few will win.”

“After carefully reviewing the Website, CARU determined that it did not comply with the Guidelines because it did not contain a proximate disclosure revealing the odds of winning, which CARU has held must be located immediately adjacent to the promotional copy,” the self-regulatory body wrote. “Therefore, in order to comply with the Guidelines, a sweepstakes like the one here must set up the online registration process so that registrants will automatically view a precise description of the chances of winning before they are able to enter.”

To read the press release about the decision, click here.

Why it matters: Kano agreed to modify its advertising in accordance with CARU’s decision by implementing an FTC-approved method for obtaining verifiable parental consent and updating the online registration process so that prior to entering the sweepstakes, registrants will view a disclosure about the odds of winning.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Manatt, Phelps & Phillips, LLP | Attorney Advertising

Written by:

Manatt, Phelps & Phillips, LLP

Manatt, Phelps & Phillips, LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at:

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit
  • New Relic - For more information on New Relic cookies, please visit
  • Google Analytics - For more information on Google Analytics cookies, visit To opt-out of being tracked by Google Analytics across all websites visit This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at:

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.