Update on the Status of Initial Coin Offerings in Europe

by White & Case LLP

White & Case LLPWith crypto-currencies on the rise and technological developments providing great opportunities in the financial services sector, Initial Coin Offerings ("ICO") provide an innovative way of raising capital. They are particularly interesting for start-up companies as an alternative to venture capital financing. Equally, ICOs could become a novel path of financing for small and medium-sized enterprises ("SME") – an important objective of the European capital markets union. Regulators in a variety of countries have been making an effort to communicate regulatory guidance to issuers and investors and the common perception that the ICO market is unregulated no longer holds true.

What is an ICO?

ICOs are an increasingly popular method of start-ups and other companies to raise capital. Investors participate in the fundraising by transferring fiat currencies, such as US dollar ("USD"), Euro or Renminbi, or crypto-currencies, such as Bitcoin or Ether, to the issuer in exchange for digital tokens ("Tokens"). Tokens represent a holder’s right of benefit or performance vis-à-vis the issuer. Tokens may also be used (exclusively) for payment to the issuing company for its services or products. Contrary to a traditional initial public offering ("IPO"), most Tokens typically do not represent an ownership interest or dividend right in the issuer’s entity. ICO investors seek to directly benefit from the issuing company’s future business, while investors in IPOs tend to pursue a long-term interest in the value-creation of the IPO entity.

The underlying technology of the Tokens is based on blockchain (an electronic distributed and therefore generally fraud-resistant ledger, in which transactions are protocolled in a documented and reproducible way without a central authority (also referred to as distributed ledger technology - "DLT") which is maintained by a network of participants and computers. Utilizing cryptography to record transactions, blockchains process, verify and track the trade of the relevant virtual currency (Bitcoin or Ether) securely across independent network components.

Similarly to IPOs, the issuer can use the proceeds of the ICO to finance its business operations and future growth. In the event that Tokens are exchanged for other crypto-currencies, the issuing company can exchange them for fiat currencies, as required. As the features of Tokens issued in ICOs can vary widely, every Token has to be assessed individually. Tokens are typically tradable on virtual currency exchanges, creating a secondary Token market, which makes them fungible in the same way as shares.

To market an ICO, it is currently market practice that the issuing company publishes a whitepaper ("Whitepaper") on its website and certain virtual platforms (see further below under "Documentation Requirements and Liability Issues").

The international ICO market is developing rapidly. In 2016, approximately USD 94 million were raised through ICOs globally.1 In 2017, ICOs yielded an estimated USD 6.6 billion, exceeding USD 1.7 billion in December 2017 alone.2 Despite rising regulatory pressure, approximately USD 21.5 billion were raised in 2018.3 Although the second half of 2018 saw a light decline, 2019 already realised a total of USD 126.3 million through ICOs.4 This significant market growth and the fact that ICOs offer limited investor protection with many recorded fraudulent activities in the past have caught the attention of regulators all over the world. Many jurisdictions still rely on applying existing securities and financial market regulations to ICOs. However, efforts towards providing regulatory guidance to issuers, investors and financial markets as a whole are becoming more tangible.

To comply with regulatory requirements, potential ICO issuers should seek qualified securities’ counsel advice to conclusively analyse the applicable legal framework.

Types of Tokens

Although there is no established classification of Tokens, the categorisation introduced by the Swiss Financial Market Supervisory Authority ("FINMA") based on the economic functions of the Tokens proved to be widely accepted.5

  • Utility Tokens: are intended to provide access to a specific application or service but are not accepted as a means of payment for other applications. The value of the service or product depends on the perception of the investor, making him comparable to a purchaser of a product or service;
  • Asset Tokens (or Security Tokens): represent assets such as a debt or equity claim against the issuer as they promise the owner a share in the future profits or capital flows of the underlying company (sale of the tokens, dividends, interest). They resemble bonds, financial instruments or derivatives; and
  • Payment Tokens (or Currency Tokens): represent a means of payment for goods and services and are true virtual currencies with the most prominent example being Bitcoin. The holder has no claim against the issuer.

Tokens combining several features of these different token categories are referred to as Hybrid Tokens.

Financial Regulation of ICOs and Legal Classification of Crypto-Currencies and Tokens

Applicable regulations are not necessarily limited to those of the jurisdiction governing the ICO. When marketed to investors residing or domiciled in another jurisdiction, financial regulatory rules of such jurisdiction may equally apply to the ICO. A governing law clause does not dispense the ICO issuer from compliance with such financial regulation. Publishing the Whitepaper in a certain language may already be presumed as marketing of an ICO and consequently cause regulatory exposure. For example, a Whitepaper in German is likely to be considered as targeting investors in Germany, regardless of the issuer's residence, and would consequently subject the ICO to the complete scope of German regulation. Existing investor-targeting regulation, for example in relation to market sounding, should be considered to reduce the risk of incompliance until further guidance becomes available.

Issuers of ICOs will be required to limit accessibility of ICO information and documentation to those residents of those jurisdictions that were pre-determined prior to launching the ICO based on a regulatory feasibility analysis. Failure to do so is likely to increase regulatory scrutiny by competent regulators.

Further, the regulatory status of crypto-currencies, including Tokens, largely depends on the jurisdiction of the issuance and the rights associated with the crypto-currency. The purchase of Tokens issued in connection with an ICO can be qualified as a purchase of commodities, a purchase of rights or a purchase of securities, which may ultimately subject ICOs and Whitepapers to prospectus or other disclosure requirements.

The following outlines the current regulatory environment for certain jurisdictions.

European Union

On 9 January 2019, the European Banking Authority ("EBA")6 and the European Securities and Markets Authority ("ESMA")7 published two reports providing advice on crypto-assets for the European Commission ("EC"), and ESMA further to the EU Parliament and Council. These respond to the EC's 2018 FinTech action plan8 request for the European Supervisory Authorities ("ESAs") to assess the suitability of the current EU regulatory framework. The definition of crypto-assets provided by EBA and ESMA includes crypto-currencies and Tokens.

ESMA's report contains the outcome of its 2018 survey, which summarises the EEA Member States' views on the qualification of a sample set of crypto-assets as financial instruments under the respective national transposition of the Markets in Financial Instruments Directive II ("MiFID II"). Where crypto-assets qualify as transferable securities, the legal framework for the regulation and supervision of financial instruments applies to crypto-assets: the Prospectus Directive, the Transparency Directive, MiFID II, the Market Abuse Directive, the Short Selling Regulation, the Central Securities Depositories Regulation and the Settlement Finality Directive. Nevertheless, ESMA recognises the existence of gaps and issues in the current regulatory framework vis-à-vis crypto-assets. Where a specific crypto-asset does not qualify as a financial instrument, no financial regulation or supervisory rules will apply leaving investors exposed to substantial risks. However, according to ESMA, all crypto-assets and related activities should be subject to Anti-Money-Laundering ("AML") provisions.9

In May 2018, the European Parliament approved the fifth Anti-Money Laundering Directive ("MLD5") making an initial step for a regulatory framework. The MLD5 amends the previous Anti-Money Laundering Directive ("MLD4"), inter alia, by providing a legal definition for "virtual currencies". The Member States are obliged to implement MLD5 into national law within 18 months. The MLD5 further extends the scope of application of the MLD4 to (i) "providers engaged in exchange services between virtual currencies and fiat currencies" and (ii) "custodian wallet providers". Therefore, service providers are subject to the same regulatory framework, which applies for banks and other financial institutions under this directive.

In a report by the Securities and Markets Stakeholder Group ("SMSG") dated 19 October 201810, the SMSG advised ESMA that Payment/Currency Tokens should be viewed as financial instruments under MiFID II as they can be considered as investment objects. Utility Tokens, however, should only be added to the list of financial instruments if they are transferable. The report made different suggestions for Security or Asset Tokens depending on whether they are financial instruments under MiFID II and the Market Abuse Regulation and transferable security under the Prospectus Regulation. Further, the SMSG urged ESMA to clarify the definition of "commodity" in level 3 guidelines and to define the conditions when Security Tokens giving right to a commodity are to be considered MiFID II financial instruments. Lastly, the SMSG was asking ESMA to provide guidelines setting out minimum criteria for national authorities operating or wanting to operate a sandbox or innovation hub.

The EBA report provides an overview of the ambit of EU financial services law, in particular if crypto-assets qualify as financial instruments, electronic money or neither and the implications thereof. It also focusses on the secondary market (e.g. crypto exchanges). Generally, EBA's and ESMA's report concur.


In Germany, the Bundesanstalt für Finanzdienstleistungsaufsicht ("BaFin") will determine the applicability of certain national legislation including the German Banking Act (Kreditwesengesetz, "KWG"), the German Securities Prospectus Act (Wertpapierprospektgesetz, "WpPG"), the German Capital Investment Code (Kapitalanlagegesetzbuch), the German Capital Investment Act (Vermögensanlagengesetz, "VermAnlG") and the Payment Services Supervisory Act (Zahlungsdiensteaufsichtsgesetz) on an individual case-by-case basis. The application of such legislation will depend on the contractual arrangements of each ICO. Market participants providing services related to Tokens, dealing with Tokens or publicly offering Tokens must consider whether the Tokens constitute a regulated instrument under the applicable rules and legislation.11

Security Tokens may, under German law, qualify as securities under the German Securities Trading Act (Wertpapierhandelsgesetz, "WpHG") and the WpPG. If the rights represented by the Tokens are comparable to shares, bonds etc., they can be considered a transferable security which is one of the characteristic features for a security. They could equally represent a capital investment under the VermAnlG, which includes "other investments" as it can be assumed that a Token promises a dividend or other kind of interest payment. Under the WpPG and the VermAnlG, the offering of both securities and capital investments requires the publication of a prospectus approved by the BaFin.12

By contrast, pure Utility Tokens are not regulated as financial instruments. The BaFin will first ascertain whether a token actually qualifies as a payment token or as an equity token. If the assessment is negative, BaFin classifies the token as a pure utility token and no regulatory consequences apply.

With regard to Currency Tokens such as Bitcoin, the legal classification has, until recently, been controversial in Germany as the BaFin was of the opinion that Bitcoin qualified as financial instruments within the meaning of the KWG. The categorisation of Bitcoin as a financial instrument results in additional regulatory obligations, in particular licensing requirements as Bitcoin trading is deemed to involve the conduct of banking transactions and/or the provision of financial services. If the required BaFin licence has not been obtained, this may result in a statutory offense under the KWG, which provides for fines or imprisonment for up to five years.

In its ruling of 25 September 2018, the Berlin Court of Appeal renounced this categorisation and decided that Bitcoins do not constitute financial instruments within the meaning of the KWG, and, in particular, not units of account. Due to this fact alone, the KWG was not generally applicable here.


In a guideline published in February 2018, FINMA outlines its approach for enquiries regarding the applicability of financial market regulation to ICOs13 and complements FINMA's Guidance 04/2017 published in September 2017.14 FINMA will determine the applicability of regulatory law on an individual basis, distinguishing between Payment Tokens, Utility Tokens, Asset Tokens and Hybrid Tokens depending on the underlying economic function of the token. FINMA further considers if Tokens can be classified as securities and concludes that (i) Payment Tokens/crypto-currencies will not be treated as securities; (ii) Utility Tokens will not be treated as securities if their sole purpose is to confer digital access rights to an application or service and if the Utility Token can actually be used in this way at the point of issue. However, FINMA will treat Utility Tokens as securities if they additionally or only have an investment purpose at the point of issue; and (iii) Asset Tokens are treated as securities. If FINMA classifies ICO tokens as securities, they fall under the securities regulation with all the legal consequences this entails (e.g. possible prospectus requirement).

In a report dated 14 December 2018 by the Swiss Federal Council on the legal framework for distributed ledger technology and blockchain in Switzerland, the Federal Council concludes, inter alia, that the Swiss legal framework is already suitable for dealing with business models based on DLT and blockchain and provides further advice to create the best possible framework conditions.15

United Kingdom

On 23 January 2019, the UK Financial Conduct Authority ("FCA") launched a consultation (CP19/3) on Guidance16 for market participants on the classification of crypto-assets within the regulatory perimeters, in particular the Regulated Activities Order, MiFID II, the E-Money Regulations and the Payment Services Regulations. The FCA makes suggestions regarding the categorisation of, inter alia, Exchange Tokens (no "specified investment"), Utility Tokens (no "specified investment") and Security Tokens (possibly a "specified investment" and therefore within the regulatory perimeter). The Guidance also provides model Q&A on common related questions.17

In October 2018, the UK Crypto-assets Taskforce (comprising HM Treasury ("Treasury"), the FCA and the Bank of England) already published a final report on crypto-assets and their underlying technology assessing the associated risks and potential benefits, and setting out a new path for the regulation of crypto-assets in the UK.18 The Taskforce classifies crypto-assets by reference to three broad types: (i) Exchange Tokens (crypto-currencies, e.g. Bitcoin); (ii) Security Tokens (crypto-assets falling within the definition of an existing regulated investment in the UK); and (iii) Utility Tokens. The Taskforce emphasises that each crypto-asset must be assessed on a case-by-case basis to determine whether or not its features can bring it within the scope of existing financial regulation. However, the report contains no proposals to regulate Utility Tokens or Exchange Tokens in the UK (currently unregulated). The report also reaffirms the current regulatory position in the UK that crypto-assets are not considered to be a currency or money.


On 12 September 2018, the French Parliament passed a new ICO legislation creating a legal framework for ICOs in France. This regulation, which has yet to be ratified by the government (and is expected to come into force around summer 2019), provides, inter alia, (i) a legal definition for Tokens and crypto-assets; (ii) an optional approval from the Autorité des Marchés Financiers (AMF) for ‘utility’ ICOs; (iii) a legal framework for crypto-asset intermediaries (exchange platforms, custodians, investment advisors, etc.); and (iv) an ad hoc tax regime for investors and ICO issuers. It also establishes the accounting rules applicable to ICO issuers, ICO investors, and more generally any company holding any kind of crypto-currency or crypto-asset. This regulation, however, will not apply to Security Tokens as under French law, these are considered to be regular financial instruments and therefore may not benefit from any provision of this regulation. These token offerings will have to comply with the regulations applicable to public offerings of securities.

Documentation Requirements and Liability Issues

Generally, transaction documentation must include all necessary information to permit an average investor to make a reasonable investment decision. The documentation must be accurate and not misleading, comprehensive and transparent. It should include a description of the issuer's business, potential risk factors as well as a description of the characteristics of the Tokens. Statements on future developments must be reasonable and the use of proceeds be disclosed. If qualified as general terms and conditions, the terms of the sales documentation must comply with specific local requirements. While initially most ICOs were marketed globally, more and more ICOs are more restrictive and are only marketed to investors in certain jurisdictions or exclude investors in certain jurisdictions.19

In addition to the laws relating to the regulation of transferable securities or capital investments (depending on the classification of the Tokens), other aspects that have to be considered in connection with an ICO and the choice of the Token include anti-money laundering and financial crime requirements (as set out in the MLD5), privacy and data protection issues (as recently introduced by the General Data Protection Regulation in the EU) as well as accounting and taxation aspects.

Whitepapers relating to many previous ICOs may not always have complied with the above standards. Transparency and comprehensiveness of a Whitepaper are currently often not examined by regulatory authorities. Risk factors, if included at all, are frequently limited to vaguely standardised descriptions of potential conflicts. It is also doubtful to what extent a reasonable investment decision can be made in the absence of (audited) historic financial information, but conversely, ICOs commonly occur in the early stages of launching a business.

Unfortunately, at present there is no established case law available in respect of inaccurate, incomplete or misleading ICO documentation. This may change as a result of recent investigations or when investors are seeking damages for ICO investment losses. In April 2019, a first landmark decision on fraudulent ICOs is expected in the US after the ruling of a district court applying US securities law to the ICO in question.

Under German law, any shortcomings in the documentation of an ICO may result in the potential prospectus liability pursuant to § 311 German Civil Code.

ICOs for SME Financing

According to Eurostat, SME are referred to as the backbone of the European economy, providing a potential source for jobs and economic growth. In 2017, SME in the EU-28 non-financial business sector accounted for almost all EU-28 non-financial business sector enterprises (99.8 %), two-thirds of total EU-28 employment (66.4 %) and slightly less than three-fifths (56.8 %) of the value added generated by the non-financial business sector.20

However, due to the increase of borrowing costs caused by Basel III and the lack of transparency, this form of financing has become increasingly less attractive. At the same time, it is often not viable for SME to access the debt capital market at economically justifiable conditions, as the entry costs and continuing costs are relatively high compared to the (sometimes) little capital raised.

ICOs may offer a range of benefits, which are particularly attractive for SME21:

  • Low cost by efficiency savings: absence of intermediation and efficiency gains from the use of blockchains and automation and lower regulatory requirements.
  • Flexibility, speed and liquidity: possibility to invest in fractions of Tokens only, speed of execution thanks to the use of blockchain and DLT and almost immediate liquidity as Tokens issued can be traded instantaneously.
  • Unlimited investor pool: even small retail investors may invest, thereby providing greater diversity and heterogeneity of investors.
  • No risk of dilution: an ICO issuer does not share equity ownership or control in their company.

Unfortunately, these important benefits of ICOs are facing several disadvantages:

  • Regulatory uncertainty and arbitrage: differing regulatory frameworks depending on the jurisdiction(s) involved and possible absence of supervision, which may be exploited.
  • Absence of disclosure requirements: information asymmetries due to the absence of or differing disclosure requirements.
  • Lack of consumer and investor protection: risks associated with ICOs difficult to gauge for retail investors and legal uncertainty around compensation rights.
  • High fraud risk.

In order to become a sustainable alternative to traditional bank lending for SME financing purpose, it seems vital to create a robust regulatory and supervisory framework.

Regulatory Sandboxes and Innovation Hubs

In response to the criticism towards legislators and regulators for not keeping pace with industry practices and initiatives, regulators in several countries have opted to create "innovation facilitators" in the form of regulatory sandboxes and innovation hubs enabling potential providers to develop their business models and testing the boundaries of the law in a supervised environment.

Regulatory sandboxes and innovation hubs differ in their scope. An innovation hub is likely to be integrated within the supervisory authority responding to enquiries made by potential operators to what extent potential new products or services meet regulatory requirements and consumer protection expectations. Regulatory sandboxes go further and allow operators to offer a new product or service to actual consumers by ensuring compliance with consumer protection rules.

On 7 January 2019, the Joint Committee of ESAs published a report on sandboxes and innovation hubs.22 In the report, the ESAs analyse the innovation facilitators established to date within the EU. The ESAs also set out ‘best practices’ regarding the design and operation of innovation facilitators, informed by the results of their analysis and the experiences of the national competent authorities in running them. Further, options for future EU-level work on innovation facilitators are being discussed.

Conclusion and Outlook

ICOs offer an attractive alternative to raise capital, in particular for SME as faster financing at lower costs with a more diverse investor base is possible. Although the majority of countries still have no specific ICO regulation in place, blockchain technology does not release users from the need to comply with the existing regulatory framework. However, recent developments indicate that the assumption of some market participants that ICOs were entirely unregulated is misleading. Some countries are acting as pioneers for the implementation of ICO regulations pathing the way to a more regulated approach to this new financing technique, e.g. Malta, Liechtenstein and France where legislation regarding ICO regulation is under way. With the global nature of ICO issues, the co-operation at international level to prevent regulatory arbitrage and to provide sufficient investor protection is vital in the elaboration of a legal framework.

A "new coin on the block"?

There may, however, be a safer trend in sight. The "new coin on the block" are stablecoins. Stablecoins are crypto-assets whose prices are linked to a stable value like fiat currencies (e.g. USD, EUR) or commodities (e.g. gold). To avoid the volatility of most crypto-currencies, their value is fixed in relation to their underlying asset while thereby offering many of the transactional benefits of digital assets with enhanced stability. In this way, stablecoins offer a bridge between the traditional financial markets and the emerging opportunities offered by crypto-currency technologies. Despite its potential attractiveness, the question about legal certainty remains the same.

An interesting time lies ahead. Regulators and legislators now have to collaborate closely to establish a framework, which allows both for the creation of new forms of financing methods, particularly for SME, without at the same time neglecting consumer protection issues. Initiatives such as the recent ESMA, EBA and ESA reports as well as recommendations by the Financial Action Task Force are important stepping stones towards a sound legal framework regulating ICOs and crypto-assets.

Click here to download PDF.

5 See SMSG Advice to ESMA, Own Initiative Report on Initial Coin Offerings and Crypto-Assets, 19 October 2018, available at: https://www.esma.europa.eu/sites/default/files/library/esma22-106-1338_smsg_advice_-_report_on_icos_and_crypto-assets.pdf

9 For a more detailed analysis of the EBA and ESMA reports, see the White & Case Client Alert: Cryptoassets and ICOs: EU Regulators Show their Hand, available at: https://www.whitecase.com/sites/whitecase/files/files/download

10 SMSG Advice to ESMA, Own Initiative Report on Initial Coin Offerings and Crypto-Assets, 19 October 2018, available at: https://www.esma.europa.eu/sites/default/files/library/esma22-106-1338_smsg_advice_-_report_on_icos_and_crypto-assets.pdf
11 BaFin: "Hinweisschreiben, WA 11-QB 4100-2017/0010", 20 February 2018, available at: https://www.bafin.de/SharedDocs/Downloads/DE/Merkblatt/WA/dl

12 As recently confirmed in the reply by the German Government to an official inquiry (Drucksache 19/6975, 14 January 2019), available at: http://dip21.bundestag.de/dip21/btd/19/069/1906975.pdf
13 Swiss Financial Market Supervisory Authority: "Guidelines for enquiries regarding the regulatory framework for initial coin offering (ICOs)", 16 February 2018, available at https://www.finma.ch/de/news/2018/02/20180216-mm-ico-wegleitung/
14 Swiss Financial Market Supervisory Authority: "Guidance 04/2017: Regulatory Treatment of Initial Coin Offerings", 29 September 2017, available at: https://www.finma.ch/en/~/media/finma/dokumente/dokumentencenter/

16 FCA Guidance on Cryptoassets, available at: https://www.fca.org.uk/publication/consultation/cp19-03.pdf
17 For more information on the Guidance, see the White & Case Client Alert: ICOs and Security Tokens: FCA Consults on Crypto Guidance available at: https://www.whitecase.com/publications/alert/icos-and-security-tokens-fca-consults-crypto-guidance
18 Cryptoassets Taskforce: final report, available at: https://assets.publishing.service.gov.uk/government/uploads/system/

uploads/attachment_data/file/752070/cryptoassets_taskforce_fi nal_report_final_web.pdf
19 An overview is available online at: https://www.smithandcrown.com/icos/
20 Annual Report on European SMEs 2017/2018, available at: https://ec.europa.eu/growth/smes/business-friendly-environment/performance-review_en#annual-report
21 As set out in OECD report on Initial Coin Offerings (ICOs) for SME Financing, published on 15 January 2019, available at: http://www.oecd.org/finance/ICOs-for-SME-Financing.pdf
22 Fintech: Regulatory Sandboxes and Innovation Hubs, available at: https://eba.europa.eu/documents/10180/2545547/JC+2018+74+Joint+


[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© White & Case LLP | Attorney Advertising

Written by:

White & Case LLP

White & Case LLP on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide

JD Supra Privacy Policy

Updated: May 25, 2018:

JD Supra is a legal publishing service that connects experts and their content with broader audiences of professionals, journalists and associations.

This Privacy Policy describes how JD Supra, LLC ("JD Supra" or "we," "us," or "our") collects, uses and shares personal data collected from visitors to our website (located at www.jdsupra.com) (our "Website") who view only publicly-available content as well as subscribers to our services (such as our email digests or author tools)(our "Services"). By using our Website and registering for one of our Services, you are agreeing to the terms of this Privacy Policy.

Please note that if you subscribe to one of our Services, you can make choices about how we collect, use and share your information through our Privacy Center under the "My Account" dashboard (available if you are logged into your JD Supra account).

Collection of Information

Registration Information. When you register with JD Supra for our Website and Services, either as an author or as a subscriber, you will be asked to provide identifying information to create your JD Supra account ("Registration Data"), such as your:

  • Email
  • First Name
  • Last Name
  • Company Name
  • Company Industry
  • Title
  • Country

Other Information: We also collect other information you may voluntarily provide. This may include content you provide for publication. We may also receive your communications with others through our Website and Services (such as contacting an author through our Website) or communications directly with us (such as through email, feedback or other forms or social media). If you are a subscribed user, we will also collect your user preferences, such as the types of articles you would like to read.

Information from third parties (such as, from your employer or LinkedIn): We may also receive information about you from third party sources. For example, your employer may provide your information to us, such as in connection with an article submitted by your employer for publication. If you choose to use LinkedIn to subscribe to our Website and Services, we also collect information related to your LinkedIn account and profile.

Your interactions with our Website and Services: As is true of most websites, we gather certain information automatically. This information includes IP addresses, browser type, Internet service provider (ISP), referring/exit pages, operating system, date/time stamp and clickstream data. We use this information to analyze trends, to administer the Website and our Services, to improve the content and performance of our Website and Services, and to track users' movements around the site. We may also link this automatically-collected data to personal information, for example, to inform authors about who has read their articles. Some of this data is collected through information sent by your web browser. We also use cookies and other tracking technologies to collect this information. To learn more about cookies and other tracking technologies that JD Supra may use on our Website and Services please see our "Cookies Guide" page.

How do we use this information?

We use the information and data we collect principally in order to provide our Website and Services. More specifically, we may use your personal information to:

  • Operate our Website and Services and publish content;
  • Distribute content to you in accordance with your preferences as well as to provide other notifications to you (for example, updates about our policies and terms);
  • Measure readership and usage of the Website and Services;
  • Communicate with you regarding your questions and requests;
  • Authenticate users and to provide for the safety and security of our Website and Services;
  • Conduct research and similar activities to improve our Website and Services; and
  • Comply with our legal and regulatory responsibilities and to enforce our rights.

How is your information shared?

  • Content and other public information (such as an author profile) is shared on our Website and Services, including via email digests and social media feeds, and is accessible to the general public.
  • If you choose to use our Website and Services to communicate directly with a company or individual, such communication may be shared accordingly.
  • Readership information is provided to publishing law firms and authors of content to give them insight into their readership and to help them to improve their content.
  • Our Website may offer you the opportunity to share information through our Website, such as through Facebook's "Like" or Twitter's "Tweet" button. We offer this functionality to help generate interest in our Website and content and to permit you to recommend content to your contacts. You should be aware that sharing through such functionality may result in information being collected by the applicable social media network and possibly being made publicly available (for example, through a search engine). Any such information collection would be subject to such third party social media network's privacy policy.
  • Your information may also be shared to parties who support our business, such as professional advisors as well as web-hosting providers, analytics providers and other information technology providers.
  • Any court, governmental authority, law enforcement agency or other third party where we believe disclosure is necessary to comply with a legal or regulatory obligation, or otherwise to protect our rights, the rights of any third party or individuals' personal safety, or to detect, prevent, or otherwise address fraud, security or safety issues.
  • To our affiliated entities and in connection with the sale, assignment or other transfer of our company or our business.

How We Protect Your Information

JD Supra takes reasonable and appropriate precautions to insure that user information is protected from loss, misuse and unauthorized access, disclosure, alteration and destruction. We restrict access to user information to those individuals who reasonably need access to perform their job functions, such as our third party email service, customer service personnel and technical staff. You should keep in mind that no Internet transmission is ever 100% secure or error-free. Where you use log-in credentials (usernames, passwords) on our Website, please remember that it is your responsibility to safeguard them. If you believe that your log-in credentials have been compromised, please contact us at privacy@jdsupra.com.

Children's Information

Our Website and Services are not directed at children under the age of 16 and we do not knowingly collect personal information from children under the age of 16 through our Website and/or Services. If you have reason to believe that a child under the age of 16 has provided personal information to us, please contact us, and we will endeavor to delete that information from our databases.

Links to Other Websites

Our Website and Services may contain links to other websites. The operators of such other websites may collect information about you, including through cookies or other technologies. If you are using our Website or Services and click a link to another site, you will leave our Website and this Policy will not apply to your use of and activity on those other sites. We encourage you to read the legal notices posted on those sites, including their privacy policies. We are not responsible for the data collection and use practices of such other sites. This Policy applies solely to the information collected in connection with your use of our Website and Services and does not apply to any practices conducted offline or in connection with any other websites.

Information for EU and Swiss Residents

JD Supra's principal place of business is in the United States. By subscribing to our website, you expressly consent to your information being processed in the United States.

  • Our Legal Basis for Processing: Generally, we rely on our legitimate interests in order to process your personal information. For example, we rely on this legal ground if we use your personal information to manage your Registration Data and administer our relationship with you; to deliver our Website and Services; understand and improve our Website and Services; report reader analytics to our authors; to personalize your experience on our Website and Services; and where necessary to protect or defend our or another's rights or property, or to detect, prevent, or otherwise address fraud, security, safety or privacy issues. Please see Article 6(1)(f) of the E.U. General Data Protection Regulation ("GDPR") In addition, there may be other situations where other grounds for processing may exist, such as where processing is a result of legal requirements (GDPR Article 6(1)(c)) or for reasons of public interest (GDPR Article 6(1)(e)). Please see the "Your Rights" section of this Privacy Policy immediately below for more information about how you may request that we limit or refrain from processing your personal information.
  • Your Rights
    • Right of Access/Portability: You can ask to review details about the information we hold about you and how that information has been used and disclosed. Note that we may request to verify your identification before fulfilling your request. You can also request that your personal information is provided to you in a commonly used electronic format so that you can share it with other organizations.
    • Right to Correct Information: You may ask that we make corrections to any information we hold, if you believe such correction to be necessary.
    • Right to Restrict Our Processing or Erasure of Information: You also have the right in certain circumstances to ask us to restrict processing of your personal information or to erase your personal information. Where you have consented to our use of your personal information, you can withdraw your consent at any time.

You can make a request to exercise any of these rights by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

You can also manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard.

We will make all practical efforts to respect your wishes. There may be times, however, where we are not able to fulfill your request, for example, if applicable law prohibits our compliance. Please note that JD Supra does not use "automatic decision making" or "profiling" as those terms are defined in the GDPR.

  • Timeframe for retaining your personal information: We will retain your personal information in a form that identifies you only for as long as it serves the purpose(s) for which it was initially collected as stated in this Privacy Policy, or subsequently authorized. We may continue processing your personal information for longer periods, but only for the time and to the extent such processing reasonably serves the purposes of archiving in the public interest, journalism, literature and art, scientific or historical research and statistical analysis, and subject to the protection of this Privacy Policy. For example, if you are an author, your personal information may continue to be published in connection with your article indefinitely. When we have no ongoing legitimate business need to process your personal information, we will either delete or anonymize it, or, if this is not possible (for example, because your personal information has been stored in backup archives), then we will securely store your personal information and isolate it from any further processing until deletion is possible.
  • Onward Transfer to Third Parties: As noted in the "How We Share Your Data" Section above, JD Supra may share your information with third parties. When JD Supra discloses your personal information to third parties, we have ensured that such third parties have either certified under the EU-U.S. or Swiss Privacy Shield Framework and will process all personal data received from EU member states/Switzerland in reliance on the applicable Privacy Shield Framework or that they have been subjected to strict contractual provisions in their contract with us to guarantee an adequate level of data protection for your data.

California Privacy Rights

Pursuant to Section 1798.83 of the California Civil Code, our customers who are California residents have the right to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes.

You can make a request for this information by emailing us at privacy@jdsupra.com or by writing to us at:

Privacy Officer
JD Supra, LLC
10 Liberty Ship Way, Suite 300
Sausalito, California 94965

Some browsers have incorporated a Do Not Track (DNT) feature. These features, when turned on, send a signal that you prefer that the website you are visiting not collect and use data regarding your online searching and browsing activities. As there is not yet a common understanding on how to interpret the DNT signal, we currently do not respond to DNT signals on our site.

Access/Correct/Update/Delete Personal Information

For non-EU/Swiss residents, if you would like to know what personal information we have about you, you can send an e-mail to privacy@jdsupra.com. We will be in contact with you (by mail or otherwise) to verify your identity and provide you the information you request. We will respond within 30 days to your request for access to your personal information. In some cases, we may not be able to remove your personal information, in which case we will let you know if we are unable to do so and why. If you would like to correct or update your personal information, you can manage your profile and subscriptions through our Privacy Center under the "My Account" dashboard. If you would like to delete your account or remove your information from our Website and Services, send an e-mail to privacy@jdsupra.com.

Changes in Our Privacy Policy

We reserve the right to change this Privacy Policy at any time. Please refer to the date at the top of this page to determine when this Policy was last revised. Any changes to our Privacy Policy will become effective upon posting of the revised policy on the Website. By continuing to use our Website and Services following such changes, you will be deemed to have agreed to such changes.

Contacting JD Supra

If you have any questions about this Privacy Policy, the practices of this site, your dealings with our Website or Services, or if you would like to change any of the information you have provided to us, please contact us at: privacy@jdsupra.com.

JD Supra Cookie Guide

As with many websites, JD Supra's website (located at www.jdsupra.com) (our "Website") and our services (such as our email article digests)(our "Services") use a standard technology called a "cookie" and other similar technologies (such as, pixels and web beacons), which are small data files that are transferred to your computer when you use our Website and Services. These technologies automatically identify your browser whenever you interact with our Website and Services.

How We Use Cookies and Other Tracking Technologies

We use cookies and other tracking technologies to:

  1. Improve the user experience on our Website and Services;
  2. Store the authorization token that users receive when they login to the private areas of our Website. This token is specific to a user's login session and requires a valid username and password to obtain. It is required to access the user's profile information, subscriptions, and analytics;
  3. Track anonymous site usage; and
  4. Permit connectivity with social media networks to permit content sharing.

There are different types of cookies and other technologies used our Website, notably:

  • "Session cookies" - These cookies only last as long as your online session, and disappear from your computer or device when you close your browser (like Internet Explorer, Google Chrome or Safari).
  • "Persistent cookies" - These cookies stay on your computer or device after your browser has been closed and last for a time specified in the cookie. We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.
  • "Web Beacons/Pixels" - Some of our web pages and emails may also contain small electronic images known as web beacons, clear GIFs or single-pixel GIFs. These images are placed on a web page or email and typically work in conjunction with cookies to collect data. We use these images to identify our users and user behavior, such as counting the number of users who have visited a web page or acted upon one of our email digests.

JD Supra Cookies. We place our own cookies on your computer to track certain information about you while you are using our Website and Services. For example, we place a session cookie on your computer each time you visit our Website. We use these cookies to allow you to log-in to your subscriber account. In addition, through these cookies we are able to collect information about how you use the Website, including what browser you may be using, your IP address, and the URL address you came from upon visiting our Website and the URL you next visit (even if those URLs are not on our Website). We also utilize email web beacons to monitor whether our emails are being delivered and read. We also use these tools to help deliver reader analytics to our authors to give them insight into their readership and help them to improve their content, so that it is most useful for our users.

Analytics/Performance Cookies. JD Supra also uses the following analytic tools to help us analyze the performance of our Website and Services as well as how visitors use our Website and Services:

  • HubSpot - For more information about HubSpot cookies, please visit legal.hubspot.com/privacy-policy.
  • New Relic - For more information on New Relic cookies, please visit www.newrelic.com/privacy.
  • Google Analytics - For more information on Google Analytics cookies, visit www.google.com/policies. To opt-out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout. This will allow you to download and install a Google Analytics cookie-free web browser.

Facebook, Twitter and other Social Network Cookies. Our content pages allow you to share content appearing on our Website and Services to your social media accounts through the "Like," "Tweet," or similar buttons displayed on such pages. To accomplish this Service, we embed code that such third party social networks provide and that we do not control. These buttons know that you are logged in to your social network account and therefore such social networks could also know that you are viewing the JD Supra Website.

Controlling and Deleting Cookies

If you would like to change how a browser uses cookies, including blocking or deleting cookies from the JD Supra Website and Services you can do so by changing the settings in your web browser. To control cookies, most browsers allow you to either accept or reject all cookies, only accept certain types of cookies, or prompt you every time a site wishes to save a cookie. It's also easy to delete cookies that are already saved on your device by a browser.

The processes for controlling and deleting cookies vary depending on which browser you use. To find out how to do so with a particular browser, you can use your browser's "Help" function or alternatively, you can visit http://www.aboutcookies.org which explains, step-by-step, how to control and delete cookies in most browsers.

Updates to This Policy

We may update this cookie policy and our Privacy Policy from time-to-time, particularly as technology changes. You can always check this page for the latest version. We may also notify you of changes to our privacy policy by email.

Contacting JD Supra

If you have any questions about how we use cookies and other tracking technologies, please contact us at: privacy@jdsupra.com.

- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.