GDPR Best Practices: How Companies Adapted to Comply

By: Jon Avidor

The European Union’s privacy regulation General Data Retention Protection Regulation (GDPR) came into effect on May 25, 2018, which prompted companies to quickly review or change the way in which it collects and process users’ personal data. The new regulation gives European Union citizens more control over the private information they share online and applies to all companies worldwide that do business with E.U. citizens. Compliance with GDPR is critical for companies, as non-compliance could cost a company fines of as much as 4% of its annual revenue or 20 million Euros, whichever is more. We looked at how companies including major brands have changed their terms of use and privacy policies in compliance with the newly effective GDPR rules and requirements as a follow-up to an earlier GDPR article.

 User-Friendly Language and Interface

The crux of GDPR is that users now have the right to their own data and must consent to companies collecting their data by opting in, rather than opting out.  For users to understand what data they are divulging, how that data is being used, and what a user can do to remove or update their data, companies had to update its terms of use and privacy policies to be understood by the average user. This required the use of less technical language and the inclusion of definitions for lesser-known or ambiguous terms.  For example, Google now includes explanatory videos of how Google uses the data it collects from its users, and Twitter includes scroll-over definitions for terms such as “location data” and “advertising partner data” so that users can have a better understanding of what these terms mean in regard to personal data. These terms are important to define for users because terms such as “location data”, “online identifiers” or “genetic data” are now deemed to be personal information under GDPR.

Additionally, shifting away from dense, aesthetically unpleasing terms of use and privacy policies, companies have updated their interfaces to create a better user experience. The less technical language coupled with the more user-friendly interface have made the terms of use and privacy policy easier and more inviting to read and understand.

Personal Privacy Controls

Most companies now include a privacy settings tab that allows users to review what specific personal data the website has collected, review or rectify that data, and approve what data the website may continue to retain or share. These controls also allow users to have a transparent understanding of how the companies will use the data provided by its users. Companies have also included step-by-step tutorials and guides on how users can access and review this information.  In some instances, such as LinkedIn, any visitor to the site, regardless of whether the user has a registered account, has the right to access and control their personal data on the site.  Some sites only provide this feature for users accessing their site with registered accounts.

Data Protection Officer

The role of a data protection officer (DPO) is a mandatory implementation under GDPR for public authorities that process person data, companies that systematically monitor personal data on a large scale or companies that collect or process sensitive personal data or data regarding criminal convictions and offenses. The appointed DPO (either a designated employee or a hired outside consultant) must possess expert knowledge of data protection law and practices. The DPO is responsible for educating its company and employees on important compliance requirements, training staff involved in data processing, and conducting routine security audits.

To comply with GDPR, large scale data processing companies, such as Salesforce and Google, have appointed DPOs that will be the point-person for its companies’ users to inquire about the data collection procedures of its companies and policies as it pertains both generally and individually.

GDPR Compliance Good-Faith Effort

There is no magic language or magic sauce that a company can use to ensure complete and total compliance with GDPR.  There are many complexities and unanswered questions regarding GDPR, making it difficult for companies to guarantee complete and total compliance. By demonstrating good-faith efforts to substantially comply with the requirements of GDPR, companies may be able to mitigate the risk of paying the exorbitant fines for noncompliance.

49 Shades of Grey: SEC Remarks Bring Some Welcome Crypto Clarity

By: Rob Griffitts

Earlier today, William Hinman, the Director of Corporation Finance at the SEC, made remarks at the Yahoo Finance All Markets Summit: Crypto that have crypto entrepreneurs and investors breathing a sigh of relief – namely, that ether, the second-largest cryptocurrency by market cap behind bitcoin, is not a security.

This wasn’t news to securities lawyers, because ether no longer passes the Howey test, as I pointed out earlier in the week.  I didn’t get into the reasoning for my position, but if you’re interested, Peter Van Valkenburgh lays out the argument very well.

What I want to bring to your attention here is the helpful guidance Hinman provided in his remarks (I really do think they’re helpful, despite the title, which I couldn’t resist).  The guidance is very welcome because, although the SEC has been very clear and consistent in its position that cryptocurrencies issued in ICOs are securities, the agency has not provided much else in the way of guidance.  Chairman Clayton occasionally made what I considered reassuring remarks, wherein he consistently reiterated that a significant factor is whether “the thing” (ie, the network on which the tokens will operate) has been built, or not.  In the former case, they’d be securities; in the latter case, perhaps not.  But beyond that, we’ve not had much to rely on except seventy years of case law, which is only of marginal help if you don’t know what the agency’s current thinking is, especially since all of those cases predate the blockchain.

Now, thanks to Hinman’s comments, we have more to chew on.  Granted, there’s no relief in his words for those wishing to conduct an ICO in the US and avoid the securities laws.  But for those companies whose business model provides for the sale or issuance of tokens other than in connection with a financing – very much a grey area – his comments provide useful guidance.

In fact, I think now we’ll begin to see the SEC issue ‘no-action letters’, which are responses to requests made of the SEC by companies that want to engage in certain activity, but prior to doing so, want assurance from the SEC that the agency won’t recommend enforcement action.  The no-action letters give comfort not only to the party making the request, but also provide helpful guidance on which other market participants can rely.  In other words, it’s another way for the SEC to define the regulations.  As a side note, if you intend to issue tokens and don’t believe they qualify as securities, get in touch – perhaps we can help you make a no-action request of the SEC.

Back to Hinman’s factors.  As you read through these, keep in mind that this is not an exhaustive list.  The determination of whether a token is, or is not, a security depends on the facts and circumstances of each particular case.

From his remarks:

“What are some of the factors to consider in assessing whether a digital asset is offered as an investment contract and is thus a security?  Primarily, consider whether a third party – be it a person, entity or coordinated group of actors – drives the expectation of a return.

  1. Is there a person or group that has sponsored or promoted the creation and sale of the digital asset, the efforts of whom play a significant role in the development and maintenance of the asset and its potential increase in value?
  2. Has this person or group retained a stake or other interest in the digital asset such that it would be motivated to expend efforts to cause an increase in value in the digital asset? Would purchasers reasonably believe such efforts will be undertaken and may result in a return on their investment in the digital asset?
  3. Has the promoter raised an amount of funds in excess of what may be needed to establish a functional network, and, if so, has it indicated how those funds may be used to support the value of the tokens or to increase the value of the enterprise? Does the promoter continue to expend funds from proceeds or operations to enhance the functionality and/or value of the system within which the tokens operate?
  4. Are purchasers “investing,” that is seeking a return? In that regard, is the instrument marketed and sold to the general public instead of to potential users of the network for a price that reasonably correlates with the market value of the good or service in the network?
  5. Does application of the Securities Act protections make sense? Is there a person or entity others are relying on that plays a key role in the profit-making of the enterprise such that disclosure of their activities and plans would be important to investors? Do informational asymmetries exist between the promoters and potential purchasers/investors in the digital asset?
  6. Do persons or entities other than the promoter exercise governance rights or meaningful influence?”

He goes on to provide additional “contractual or technical” considerations that can be used to determine whether the digital assets function more like a consumer item and less like a security.  They are:

  1. Is token creation commensurate with meeting the needs of users or, rather, with feeding speculation?
  2. Are independent actors setting the price or is the promoter supporting the secondary market for the asset or otherwise influencing trading?
  3. Is it clear that the primary motivation for purchasing the digital asset is for personal use or consumption, as compared to investment? Have purchasers made representations as to their consumptive, as opposed to their investment, intent? Are the tokens available in increments that correlate with a consumptive versus investment intent?
  4. Are the tokens distributed in ways to meet users’ needs? For example, can the tokens be held or transferred only in amounts that correspond to a purchaser’s expected use? Are there built-in incentives that compel using the tokens promptly on the network, such as having the tokens degrade in value over time, or can the tokens be held for extended periods for investment?
  5. Is the asset marketed and distributed to potential users or the general public?
  6. Are the assets dispersed across a diverse user base or concentrated in the hands of a few that can exert influence over the application?
  7. Is the application fully functioning or in early stages of development?

Make America [Insert Adjective Here] Again! Why Trademarking Someone Else’s Popular Phrase and the Mad Dash to the USPTO is Trivial

By: Jon Avidor and Torie Levine

Fake news. Covfefe. Make America Great Again. These are phrases and words that are a big part of our current culture and seem like opportunities to make some big money if monetized. But before you spend your energy, and more importantly your money, trademarking these popular catchphrases, consider whether they can be registered and if you are actually eligible for protection.

Trademark as a Source-Identifier

A trademark is any word, name, symbol, logo, slogan, sound, color, or any combination thereof used to identify and distinguish goods and/or services and indicate their source. The objective of a trademark is to allow the public to recognize certain goods and services as originating exclusively with a particular individual or company. It’s all about brand recognition and brand protection. Thanks to trademark registrations, you know that when you walk into the fast food restaurant with the golden arches and order a Coke® and a Big Mac® that you’re getting a cola soft drink with a distinctive taste, two all beef patties, special sauce, lettuce, cheese, pickles, onions on a sesame seed bun®, and, if you’re lucky, a Happy Meal® toy, and that you can expect a certain level of quality from Coca-Cola®, McDonald’s®, and, let’s say, Hasbro®.

The “Use in Commerce” Requirement

The United States is a first-to-use, rather than a first-to-file, jurisdiction, meaning that, all things being equal, priority ownership and use rights goes to the first party to have used a trademark in commerce. A trademark must be actively used in commerce, i.e. in connection with the commercial offering or sale of goods or services, in order to be protected under trademark law. The Lanham Act defines use in commerce to be “the bona fide use of a mark in the ordinary course of trade, and not made merely to reserve a right in a mark.” A mark will be considered to be in use in commerce when (1) goods are sold or transported in commerce and the mark is displayed on the goods or their containers, in association with the goods or on tags affixed to the goods, or if the nature of the goods makes placement impracticable and (2) services are rendered in commerce and the mark is used or displayed on materials to advertise or sell the services. If you plan to use a trademark in connection with certain goods and services in the future, you can apply for trademark protection on an intent-to-use basis, but you would not be eligible for registration unless and until the trademark is used in offering goods or services to the public.

Let’s say you want to trademark the phrase “fake news.” We know now that the trademark must be used in commerce, and you cannot simply trademark the phrase because you thought of it—trademark law protects brands, sellers, businesses, etc. and their goods and services, not conceptual ideas. “Easy solution,” you say. “Let’s put ‘fake news’ on t-shirts and hats and sell them.” D’oh®! The U.S. Patent and Trademark Office will refuse registration of a mark if the use of the mark is purely used as an ornamental or decorative feature on the goods, but not as a trademark to indicate the source of the goods. For instance, slogans displayed on t-shirts and hats can be considered merely ornamental because those purchasers would not automatically think the slogan identified the source of the goods but would just view the slogan as a decoration on the goods.

This brings us to the next issue: who can register that trademark?

Whose Trademark Is It Anyway?

Whether a trademark can be registered is one consideration in the application process, but equally important is whether you, as the applicant, have the exclusive right to use and exploit that trademark and its goodwill. A trademark must identify a source and be associated with the trademark owner and his, her, or its goodwill and recognition among the public and not with some other third party. Catchphrases that don’t identify the source of a product cannot be trademarked. Thus, political catchphrases like “Lock her up,” “Covfefe,” and “Fake News” are associated with President Donald Trump, not any other person applying for registration.

The slogan “Make America Great Again” is owned by Donald J. Trump for President, Inc. (Serial Nos. 85783371 and 86724115). The trademark is used in connection with everything from bumper stickers, to clothing, and political campaign services. Therefore, President Trump’s distinctive use of the phrase gives him an advantage over competitors because he is the sole identifiable source of the catchphrase. Or is he? Back in 1980, presidential and vice presidential candidates Ronald Reagan and George H. W. Bush used “Let’s Make America Great Again” as their campaign slogan, and undoubtedly sold bumper stickers, clothing, and used the mark in the same manner as Donald Trump and Mike Pence. But the association between Reagan and his campaign slogan precursor to MAGA largely faded from the memories of the American electorate, and in a hypothetical trademark dispute between the two campaigns, Trump and Pence would easily prevail over Reagan and Bush as having stronger claims to the trademark on the grounds of actual and current use in the marketplace and present brand recognition. The bottom line is that it’s all about timing, current use in the marketplace, and customer goodwill and brand recognition.

#Trademark

A hashtag is a word or phrase preceded by the symbol # that classifies or categorizes the accompanying text (such as a tweet). Many brand owners want to protect their hashtags from being used in a way that is misleading, disparaging, or confusing with that of a competitor. The Trademark Manual of Examining Procedure (TMEP) states that “a mark comprising or including the hash symbol (#) or the term hashtag is registrable as a trademark or service mark only if it functions as an identifier of the source of the applicant’s goods or services.” Like “.com” in relation to a website, hashtags often do not, if ever, add any distinctive value to a trademark that would make an otherwise generic or descriptive mark a distinctive trademark. The TMEP offers #SKATER for skateboarding equipment as an example of a mark that would be refused because it is merely descriptive. A hashtag would also not differentiate a trademark from the same or a confusingly similar prior trademark since, as with .com, # is largely functional and meant to facilitate searches within online social media.

That is not to say that it is impossible to register a hashtag mark. In fact, there are hundreds of hashtag marks registered including #EVERYDAYMADEWELL (Reg. No. 4895377) for online retail store and retail store services and conducting contests and #THE ESTEE EDIT (Reg. No. 4950926) for a fashion, beauty, and lifestyle blog. Yet, even if a hashtag mark is registered, there are challenges to enforcing the mark because tagging a topic on social media is not considered a trademark use under the Lanham Act. Additionally, using another company’s name in a hashtag can be considered fair use. Therefore, while the U.S. Patent and Trademark Office grants registrations for hashtags where they serve as a source identifier, there is still a lot of uncertainty of trademark protection for hashtags.

Think Twice Before You Try to Trademark a Catchphrase

A phrase or word can gain immense popularity in a manner of minutes and entrepreneurs looking to exploit that as a business opportunity should be careful to avoid wasting their time and money. Despite the appeal of trademarking popular catch phrases, it is ultimately difficult to achieve due to who the applicant may be. Further, even if you are able to successfully register the trademark, you still face the hurdle of protecting the trademark from infringement. After all, if the catchphrase is as popular as you think it is, there will be others flooding the market in the same way you are. If trademark genericide has shown us anything, having a federal trademark registration has little value if you cannot defend it from infringement.

 

***

*We would like to thank Torie Levine for her contribution to this article.

Forms of Communication Subject to Regulation & ICO Marketing Collateral

By: Steve Masur

ICOs have become a dominant topic of discussion both within the blockchain community and among securities attorneys and regulators. The US Securities and Exchange Commission (SEC) views an ICO as an offering of securities if it meets all of the elements of the ”Howie test,” based on an old court case which has become familiar to most entrepreneurs in the blockchain/cryptocurrency space. If it meets the elements of the test, an ICO is subject to relevant SEC regulations most of which relate to communications about the ICO.

Further guidance from the SEC seems to indicate that most tokens sold in ICOs, particularly those whose platforms are as yet undeveloped, are securities. A series of recent enforcement actions against companies whose ICOs the SEC deems to have violated the securities laws have come to be referred to as the “Great Rescission” of 2018 because they have resulted, or likely will result, in investors receiving rescission rights from the ICO (i.e., they can get their money back). This can be costly for a company and can disrupt its plans to develop and launch its platform.

Because the ICO market grew exponentially before the SEC could adequately determine how to apply existing regulations, customs emerged in ICO offerings that may not lend themselves to proper SEC compliance.  ICO issuers eagerly await further guidance from the SEC in their quest for some certainty about the requirements, and the SEC is hard-pressed to keep pace with emerging issues in this area. For now, as both sides struggle to apply the existing regulations to this new technology, it is clear that if an ICO token constitutes a security, SEC regulations relating to communications apply. So companies need to learn these regulations and adjust their approach to fit them in their ICOs to US investors.

Forms of Communication Subject to Regulation and Related ICO Issues

Offering Documentation and Advertising in General

Offering documents are the materials presented to investors in connection with a securities offering. They differ in length and detail depending on whether the offering is public or private, its size and the nature of the targeted investors.

For a public offering, they generally consist of a prospectus containing a description of the company, the terms of the offering, risk factors, how the proceeds of the offering will be used, audited financial statements, an analysis of the financial statements and other information about the issuer’s securities. This information is filed with and reviewed by the SEC in a registration statement, generally on a Form S-1.  Corporate communication, about the offering but also in general, is strictly regulated during the pendency of a public offering. However, because the vast majority of blockchain companies choose to avoid the arduous and expensive process of registering their ICOs as public offerings, this will focus mainly on private offerings which, by complying with certain requirements, are exempt from the registration requirement applicable to public offerings.

For a private offering, three likely scenarios emerge. Under the first two, the company plans to approach a number of “accredited investors” with a proposed offering in mind, generally using a Private Placement or Offering Memorandum (a “PPM” or “POM”). The PPM contains much the same information as a public offering prospectus but without the requirement that the financial statements be audited as long as all investors are accredited.  These PPM disclosure standards, while not statutorily mandated, are often followed to protect the company from investor lawsuits alleging fraud and misrepresentation.

In one of these two scenarios (under “Rule 506(c)” of Regulation D under the Securities Act of 1933, as amended), the company may engage in “general solicitation and advertising” of its offering beyond its principals’ circle of acquaintances, but to do so, it must comply with some fairly stringent requirements with respect to verification of its investors’ qualifications. For this reason, many traditional company’s have steered away from Rule 506(c) offerings. However, ICOs seem to favor them.

In the third scenario, the company negotiates a funding arrangement with a relatively small group of sophisticated investors. Often the investors themselves dictate the terms of the deal, and do not require the same level of disclosure as do “friends and family” or a broader circle of investors. As a result, the offering materials in this type of private offering often consist of a simple term sheet with a statement of risk factors. These documents are delivered with a business plan and other materials requested by the investors in their due diligence. These offerings are not advertised and are essentially private deals made with investors who are both accredited and sophisticated and are therefore deemed able to fend for themselves in evaluating the company and requesting information.

In addition to the PPM or term sheet, the private offering materials in all three scenarios contain a subscription or purchase agreement and generally a separate questionnaire under which each investor certifies that it meets the requirements for an investor in a private offering, including the specific factors that qualify it as “accredited”. The offering materials also often accompany or even incorporate the company’s business plan.

In each of the above scenarios, the company will generally limit its offering to “accredited investors” which is defined under the regulations based on income and asset tests for various types of investors. Note, that for a private offering involving non-accredited investors, the financial statements must be audited as with a public offering, and the company must comply with other specific disclosure requirements, which is part of what prompts companies to steer away from non-accredited investors.

The most commonly used form among ICOs appears to be under Rule 506(c) employing general solicitation and advertising. This, however, is subject to change as various trends emerge in this area. A growing contingency within the blockchain community is calling for a different offering structure under a relatively new SEC regulation, “Regulation CF.” in this context, CF stands for “Crowdfunding.”

Before an offering under Regulation CF is launched, communication about it is limited. An issuer can only engage in communications that do not mention the offering or raise public interest in the offeror. General advertisement of the company and its products or services is permitted, but any heightened advertising may raise suspicion that you are seeking out investors for your company. After the company has launched its offering by filing a Form C with the SEC the company may only engage in the following communications outside of the crowdfunding platform: communications that don’t mention the “terms of the offering”, and communications that just contain “tombstone” information. (Tombstone information is limited to just a limited set of hard factual information: (1) a statement that the issuer is conducting an offering pursuant to section 4(a)(6) of the Securities Act  the name of the intermediary through which the offering is being conducted and a link directing the potential investor to the crowdfunding platform; (2) the terms of the offering (the amount of securities offered, the nature of the securities, the price of the securities and the closing date of the offering period); and (3) factual information about the legal identity and business location of the issuer, limited to the name of the issuer of the security, the address, phone number and Web site of the issuer, the email address of a representative of the issuer and a brief description of the business of the issuer. Despite the general prohibition on advertising the terms of an offering, an issuer may communicate with investors and prospective investors about the terms of the offering through communication channels provided by the crowdfunding platform, as long as the issuer clearly identifies itself in all communications so as not to be misleading and persons acting on behalf of the issuer identify their affiliation with the issuer in all communications on the crowdfunding platform.

Offering materials, regardless of which type of offering is conducted, must be prepared in order to avoid the issuer saying either too much or too little. On the one hand, they should not include statements that amount to “puffery” which potentially overstate the merits of the investment or risk making false promises to investors. On the other hand, they must include all relevant information to the offering and the company, including risks of making an investment and any other statements that might be necessary to make other information “not misleading.” Also, any statements that are forward-looking or predictive of future events or probabilities should be couched in appropriate disclaimers and meaningful cautionary language.

ICO Offering Materials and Whitepapers

Many ICOs are conducted using “whitepapers” which describe the company, its blockchain solution and the tokens or coins being generated and ultimately issued. These whitepapers are often presented on a company’s website alongside of POMs or simple term sheets describing the terms of the token generation and sale, whether it is to be direct or through “Simple Agreements for Future Tokens (SAFTs),” the types of investors, the process for investing, detailed risk factors and standard cautionary language and disclaimers.

As long as the whitepaper has all of the legally recommended information or is accompanied by a standard POM or term sheet containing it, it should suffice to satisfy all of the offering material requirements and standards. However, because whitepapers are modeled more after the tradition of business-to-business marketing documents rather than securities offering materials, they tend to stretch the rules a fair amount, particularly when it comes to “saying too much.” Any language that purports to guaranty a return on investment or assure any appreciation in value should be avoided. Also, whitepapers should have their own disclaimers and cautionary language.

Some issuers and their attorneys seem to have difficulty conforming the language of the traditional POM to fit the token/coin issuance model. Tokens can be analogous to shares of stock in a corporation, but the analogy is not perfect and can break down in certain key areas such as governance and equity ownership. The description of the tokens in an ICO and all rights conferred (or not) upon investors must be clear and accurate. To achieve this, the company should retain counsel who understands blockchain and the nature of tokens and the ICO process to review all offering materials, including the whitepaper.

Also, because many companies seek to conduct ICOs on their own websites, they comply with the requirements of Rule 506(c), mentioned above, in order to employ general solicitation and advertising without having to limit their contacts with potential investors. However, they often issue public POMs that have strict confidentiality language in them, in several cases even requiring that investors return the offering materials to the company if they choose not to invest. This language comes from a private offering model in which the POM is considered a confidential document and the company does not engage in “general solicitation.” It makes no sense to post a document publicly on a website and claim that its contents are “strictly confidential.”  Again, careful review by a qualified attorney is key.

Solicitation/Advertising Materials

Similarly to offering materials and whitepapers, any supplemental materials used to promote or advertise offerings of a cryptocurrency or other token that constitutes a security should avoid any sort of puffery or overstatement of the potential for profit. Although supplemental materials need not contain all of the information in the offering materials, any information must be accurate and cannot omit anything that would render it misleading. Because of the general excitement and media attention surrounding cryptocurrency and ICOs, examples of puffery and unqualified promises of great appreciation in value abound. These are amplified by celebrity endorsements and the use of social media.

In addition, there are specific rules regulating the timing, nature, and content of soliciting and advertising materials in both public and private offerings. With respect to public offerings, specific rules under the Securities Act detail what can and cannot be said about an offering prior to the initial filing of offering materials with the SEC, while the SEC’s review is pending and after the SEC has declared the offering effective and it has commenced. For private offerings, general solicitation and advertising are only permitted in limited circumstances.

Press Releases, Social Media and Celebrity Endorsements

Press releases have a long history of being used by both public and private companies to announce major events and important news. For any entity engaged in offering securities, press releases should be carefully reviewed by an attorney to ensure they do not contain exaggeration or statements that could complicate or delay the offering. The same applies in the ICO context.

The same guidance applies to posts on social media. However, the ease with which posts can be made to social media, versus issuance of a traditional press release, poses certain risks in and of itself. Offhand remarks on social media have become the norm and, in many contexts, have replaced carefully thought out, planned communication strategies. The nature of social media also gives access and voice to a wide number of participants in a company’s ICO, many of whom favor social media over traditional means of communication partly for the very reason that they are disruptors themselves and favor more modern, open processes.

Celebrity endorsements, particularly over social media, pose even greater risks. They present the usual risks of overblown promises and exaggeration but also must be reviewed for accuracy by the person giving the endorsement or a representative and should only be used with written permission under a carefully drafted agreement. They may also be subject to heightened scrutiny because of the weight a celebrity’s voice can carry, rightly or wrongly.

Only one or two individuals in a company should have the ability to post about its tokens and, in particular, a token offering, on social media accounts. A process should be in place to review and approve each such posting, regardless of how insignificant it may seem. Also, any claims of celebrity endorsements or quotes should be vetted and approved in writing before being released by the named celebrity or another expert.

Best Practices

I recently had a conversation with a blockchain/crypto client who told me that after talking to eight different attorneys about the application of American securities laws, he had not received the same advice twice. This cannot continue. We need to get our arms around how these existing regulations apply. But more than that, we need to advocate. In some ways, existing regulations simply don’t fit.  In those cases, we need to figure out what does and demand that lawmakers and regulators act on it. Eventually, a consensus will emerge around how cryptocurrency and ICOs should be regulated in the US, and experienced, thoughtful securities attorneys will be part of forming that consensus. Until then, best practices have less to do with concrete guidance and more with making the best decisions and using the best judgment in an uncertain environment.

First, find an experienced securities lawyer whom you trust. It should be someone who understands blockchain and cryptocurrency but also is willing to learn and consider innovative ways to apply long-standing rules to entirely new issues. Your attorney should be able and willing to keep abreast of developments as they unfold and to inform you of and explain any changes to prior advice.

Second, once you have secured the counsel of a good lawyer, use it. Regardless of how excited you are about your ICO, pause for a moment before issuing any form of public or private communication and discuss it with your lawyer. Consider whether it is forward-looking, whether it is supported by documents or other evidence, whether it is premature or requires disclaimers. Make sure you include your attorney early in the ICO process to avoid going down the wrong path.

Finally, document your honest attempts at compliance. In a regulatory climate where the laws and regulations are lagging the technology, regulators will be less likely to bring harsh enforcement actions against those who have sincerely endeavored to comply with laws and regulations and can demonstrate it.

Why Malta? ICOs and the Application of Extraterritorial SEC Regulations

By: Steve Masur

Ever since the United States Securities and Exchange Commission (SEC) , and other government organizations started to clamp down in earnest on initial coin offerings (ICOs), companies planning their ICOs have been running away from the United States in droves.  Where are they going?  Top choices have included Gibraltar, Cayman Islands, Switzerland, Estonia, Singapore, Bermuda, the British Virgin Islands, and Malta.   Every jurisdiction is happy to accept an influx of new innovative companies, especially to the extent they bring jobs and money.   Some of these countries may even start offering tax incentives, the way they do in the film industry.

But what are the considerations for cryptocurrency companies?   Taxes, costs, language barriers, access to addressable markets, access to talented employees, and a wide variety of others.  However, one consideration makes Malta compelling for blockchain companies who wish to sell tokens to investors in the US; the extraterritorial application of US securities laws.

The SEC has asserted the right to apply US law outside the borders of the United States against fraudsters whose scams have affected US citizens.   Since the SEC has also asserted in public statements that all token offerings should be considered securities under US law, technically, any token offering not registered as a securities offering, or taking advantage of an exemption has violated US law.  As a result, in countries which do not have statutes specifically referencing cryptocurrencies, the SEC would be able to, and historically has brought enforcement actions against people located in foreign lands.

However, under the international norm of comity, or respect for the laws of other nations, the SEC might be compelled to refrain from applying US law where such law would be in conflict with local laws.  This would be especially true in the case of a country which had promulgated a body of regulation specifically governing token offerings and cryptocurrencies.

In May, Malta is expected to adopt new cryptocurrency statutes that define key legal terms for cryptocurrencies, create a new re-engineered corporate structure for use with decentralized business entities addressing liability concerns unique to them, and empowering a commission to promulgate and enforce regulations governing the trade of digital assets, including cryptocurrencies.

So it would seem that if you are looking for a safe place to launch a blockchain company or ICO, Malta is it.

However, by going to Malta, you are not dodging regulation.  You are probably signing up for more of it.  Malta’s idea is to make cryptocurrencies and ICOs legitimate, which means clear definitions of terms and clear rules for what you can and cannot do.  Furthermore, Malta is a member of the European Union (EU), which means you will have to comply with all EU rules, not only financial industry rules, or anything the EU may adopt with regard to crypto, but also privacy regulations like the new GDPR rules.

There will also be practical considerations.   The statutes have not been adopted yet, and the new governing commission will still need to be funded, staffed, and then start operations.  That could take some time.  Also, our clients report difficulties in opening bank accounts.  The banks are becoming increasingly wary of opening accounts for companies they know will be launching ICOs considered “illegal” in some countries, which will also likely be converting cryptocurrencies into fiat currency and depositing it for use in their operations.  As a result, rock solid KYC and AML compliance will become increasingly important for everyone in the value chain.

Conclusion?   It’s still a game anyone could win, but Malta is currently one of the leading innovators in the approach to adopt workable statutes for cryptocurrencies.

U.S. Regulators & Your Cryptocurrency: State Money Transmission Laws

By: Steve Masur

In part one of this series, I provided an overview of the US regulatory landscape that impacts cryptocurrency businesses.  This article resumes the topic and focuses on state money transmission laws.

State money transmission laws present stifling hurdles to cryptocurrency innovators operating in the US. As it stands now, 53 state and US territories have 53 different sets of money transmission regulations on the books.

Besides the fact that there are so many different sets of regulations, there are other complicating factors.

  • Most are ‘extraterritorial’ – meaning you have to obtain a license in every jurisdiction in which you have or solicit customers;
  • Many of the agencies that administer and enforce the regulations lack an understanding of blockchain and cryptocurrency businesses; they also lack the mandate, funds and willingness to engage with unfamiliar business models;
  • The regulations require you to obtain a license before you engage in the restricted activity, and the process of obtaining licenses can take years, if you’re lucky enough to get them at all;
  • The consequences for failing to comply are potentially severe, and violators face both state and federal criminal penalties, including up to five years in jail and millions in penalties, simply for operating without a license

It gets worse. The biggest problem these statutes pose to cryptocurrency businesses is that they were written long before the dawn of blockchain ten years ago, and, with few exceptions, it’s difficult, if not impossible, to determine whether those laws apply to cryptocurrency businesses.

How did we get here? Unlike federal money transmission laws, which are concerned primarily with money laundering and counter-terror financing, state money regulations exist to protect consumers. Until recently, businesses that transmitted money from one person to another had to take custody of the money in order to pass it along. The concern was that these businesses would lose or steal the money, and so laws were passed to protect against that. So, although they’re called “money transmission” laws, the activity they seek to regulate is actually the act of having custody over someone else’s money. And how is “custody” defined? It often isn’t, because when the laws were written, it was clear what was meant by the “transmission of money” and it was equally clear that it required “custody.”

Most companies in the cryptocurrency space don’t ever take custody of someone else’s cryptocurrencies in the traditional sense – in the sense that they can lose or steal it. Miners don’t, nor do software developers, non-custodial wallet providers or non-custodial exchanges. Yet all are burdened by state money transmission laws because all of them, arguably, somehow facilitate the “transmission of money.”

So what is a responsible cryptocurrency business that intends to operate in the US to do?  Until regulators provide clarity, the only option is to hire a law firm to consider the laws of all 53 jurisdictions and then apply for licenses in those jurisdiction where a license is potentially required. This process costs hundreds of thousands of dollars a year, a cost beyond the reach of all but the most well-funded startups.  The other option, of course, is to avoid operating in the US altogether, a path many are choosing to take.

Among the initiatives underway to fix this problem, the following two appear the most promising.

Regulation of Virtual Currency Businesses Act

The Uniform Law Commission (ULC) is a non-profit made up of lawyers and legal academics that drafts model laws in the hopes that states will adopt those models, thereby bringing about more uniform regulations. In November 2017 the ULC published a final version of its Regulation of Virtual Currency Business Act.

This model act substantially clarifies what virtual currency activity requires licensure, in large part by defining key words that are undefined in current regulations. For example, the acts of exchanging, storing and transferring all are based on having “control.” And “control” is defined as the “power to execute unilaterally or prevent indefinitely a virtual currency transaction.” This is well-crafted verbiage that mirrors the concept of “custody” in current regulations. In other words, when it comes to virtual currency activity, only actors that can execute unilaterally, or prevent indefinitely, a transaction, are in a position to lose or steal another’s virtual currencies.

Since the ULC only proposes laws, states must now adopt the model act. Unfortunately, this will likely take many years, assuming they adopt the model act at all. The Uniform Commercial Code (UCC), which is the most well-known model act created by the ULC, took about 10 years to be adopted by nearly all the states. That was in the late 50’s and early 60’s when things moved a bit more slowly, so perhaps we’ll see the model act get adopted in less than the decade it took before.

But however long it takes, the model act represents a significant accomplishment because it presents a clear-headed, informed and balanced framework to regulators who, like most everyone else, are struggling to understand cryptocurrencies.

Office of the Comptroller of the Currency (OCC): Federal Preemption

The OCC is a bureau within the Department of the Treasury, and is the federal agency that charters and regulates national banks. When a bank is chartered by the OCC, it is no longer subject to the various state laws. In other words, the OCC’s regulations preempt conflicting state regulations.

In December 2016, the OCC announced it would consider applications from financial technology companies to become special purpose national banks. The idea is that, by receiving a charter from the OCC, these companies could avoid conflicting state money transmission laws. The chief proponent of the initiative was OCC head Thomas Curry, who stepped down last year before the initiative could be finalized. Although it was initially left for dead after Curry’s departure and has been challenged by several states alleging that it exceeds the OCC’s authority, earlier this month the OCC said it expects to publish its position on the fintech charter initiative soon.

Were the OCC to create a path for fintech companies to receive a federal charter, it would be most helpful to companies that acknowledge they are subject to the various state licensure requirements. It would not help the many cryptocurrency companies that don’t believe they should have to comply with state regulations in the first place. Asking those companies to undergo the process of obtaining, and complying with, a national charter would not be a welcome solution to their dilemma. Relief for them in the form of federal preemption would require Congress to create a safe harbor, and with legislators now turning their attention to mid-term elections, it’s unlikely that this will get their attention anytime soon.

Legal Alert: Don’t Forget To Pay Your Annual Business Taxes

By: Steve Masur

Many states require domestic corporations, limited liability companies, and partnerships to pay an annual tax, known as franchise tax for corporations and annual tax or annual filing fee for LLCs and partnerships, for the privilege to do business and exist as an entity under that state’s laws. Be aware that these annual taxes are distinct from income tax. Franchise taxes are calculated different ways, but are usually based on the corporation’s capitalization. For LLCs and partnerships, they are usually a flat fee. Taxes continue to accrue on a business entity until it files a document to officially terminate its existence, often with the secretary of state. Failure to file and pay by the specified deadline may result in a penalty fee and monthly interest, and if in arrears for several years, termination of existence by the state.

Delaware Business Taxes

Franchise tax on entities incorporated or formed under the laws of the State of Delaware are due for corporations on March 1 and for LLCs and partnerships on June 1. Corporations’ franchise tax may be calculated here and will be the lesser of the two amounts under the authorized shares and assumed par value capital methods, plus a $50 annual report filing fee. LLCs and partnerships pay a flat fee of $300. You can pay your franchise tax and file your annual report online. Failure to file by the deadline will result in a $125 penalty on corporations and a $200 penalty on LLCs and partnerships, with interest of 1.5% per month on late payments.

New York Business Taxes

Domestic corporations and foreign corporations authorized to do business in the State of New York, among other types of general business corporations, must pay an annual franchise tax either on/before April 15 if operating on a calendar taxable year or within three-and-a-half months after the end of the corporation’s tax year. The tax due is equal to the highest of the three following bases under this schedule of taxation rates, plus the metropolitan transportation business tax:

  1. Business Income: Federal taxable income minus investment income and other exempt income apportioned to New York State
  2. Business Capital: Total business capital allocated to New York State after deducing liabilities attributable to assets
  3. Fixed Dollar Minimum (FDM): Graduated schedule of flat fees based on New York State receipts

You can pay your franchise tax online.

LLCs and partnerships, both domestic and foreign authorized to do business in New York, must pay an annual filing fee based on the income derived from New York State sources determined by a graduated schedule of flat fees. The fee is due within three-and-a-half months after the end of the entity’s tax year, and is submitted along with a Form IT-204-LL.

Corporations, LLCs, and partnerships may request a six-month extension to file or will otherwise incur late fees, though failure to pay for two consecutive years may result in automatic dissolution.

California Business Taxes

Corporations incorporated or doing business in the State of California, whether or not qualified or registered under California law to do business there, must pay an annual franchise tax equal to the greater of (a) the corporation’s net income derived from California sources multiplied by the appropriate tax rate (8.85% for C corporations and 1.5% for S corporations) or (b) the $800 minimum franchise tax. Corporations are required to pay franchise taxes even if they are inactive, operating at a loss, or have only existed for less than one year by the filing date and are filing a short-period tax return. Franchise taxes must be paid and submitted with a Corporation Franchise or Income Tax Return (Form 100/100S) on or before either on/before April 15 if operating on a calendar taxable year or within four months and fifteen days after the end of the corporation’s tax year.

LLCs doing business in California and/or registered with the California Secretary of State are subject to an annual tax of $800, due within four months and fifteen days after the end of the corporation’s tax year, with an LLC Tax Voucher (Form FTB 3522). LLCs are also subject to an additional fee based on the LLC’s total income derived from California sources, determined by a graduated schedule of flat fees.

California automatically allows for a six-month extension, after which non-payment will result in penalties and interest.

See this resource from Parasec for a full list of annual report due dates across the 50 states.

Spotify, a $1.6 Billion Dollar Lawsuit and Music Licensing Laws in the Digital Age

By: Jon Avidor

On December 29, 2017, Wixen Music Publishing, Inc. filed a $1.6 billion lawsuit against Spotify USA Inc. The complaint alleges that Spotify willfully infringed copyrights in thousands of songs, including songs from artists Tom Petty, Neil Young, and The Doors. The timing of the lawsuit is particularly problematic since Spotify plans to go public on April 3, 2018. But the suit also brings up another issue: the inadequacy of music licensing laws in the digital age.

How Music Licensing Works

Music is protected by copyright law. The Copyright Act of 1976 protects two types of copyrights in a recorded song: the musical composition and subsequent sound recordings. The composition consists of the music, together with any accompanying lyrics. The sound recording occurs when an artist records the performance of the musical composition. The Copyright Act grants certain exclusive rights, such as the right to reproduce, distribute, and perform publicly or by digital transmission, to the copyright holders, such the the composer and/or lyricist or a publisher and recording artist or its recording label.

An interactive streaming service, such as Spotify, must obtain a license for both the sound recording and underlying musical composition in order to reproduce and distribute songs. Revenue from the  recording license is paid to the owner or licensor of the sound recording, usually the artist or, more commonly, the artist’s label. Revenue from the composition license, known as a mechanical license, is paid to the owner or licensor of the composition, i.e., the composer and/or lyricist or music publisher, and allows the licensee to reproduce and distribute songs on CDs, records, permanent digital downloads (e.g., through iTunes), or interactive streaming services. To obtain a mechanical license, a licensee can negotiate directly with the copyright owner/licensor or get a compulsory license under which, in certain circumstances, the owner/licensor must grant permission to use the work either in a cable television rebroadcast, by PBS, in jukeboxes, for performance of master recordings on digital radio, and in phonorecords or digital downloads. The compulsory mechanical licensee must provide a Notice of Intention and remit a predetermined mechanical royalty, referred to as the statutory rate, to the copyright owner/licensor, again most commonly the publisher.

Distribution of music royalties by license masur griffits

Wixen v. Spotify

Wixen Music Publishing, Inc., an independent music publisher that administers the copyrights of more than 50,000 songs, filed a lawsuit on December 29, 2017 in the U.S. District Court for the Central District of California against interactive music streaming service Spotify (Spotify USA Inc.). The complaint alleges that Spotify obtained the sound recording rights, but did not obtain the composition rights, to the songs available for streaming to its more than 140 million active users and, as a result, Spotify illegally profited off of songwriters and publishers without obtaining and paying for a license.

Wixen alleges that Spotify relied on the Harry Fox Agency (HFA), a music licensing and royalty service, to obtain the required mechanical licenses but failed to do so as HFA “did not possess the infrastructure to obtain the required mechanical licenses.” Wixen stated that Spotify knew of HFA’s inability to secure the licenses but continued to exploit the unlicensed songs anyway thereby committing copyright infringement by making “unauthorized reproductions and engag[ing] in unauthorized distribution of the copyrighted musical compositions of Wixen’s client.”

Wixen requests $1.6 billion in damages, or $150,000 per composition, which is the maximum amount of statutory damages for willful copyright infringement, for each of the 10,784 musical compositions Wixen claims were infringed. Wixen also requested an injunction against Spotify’s continued unlicensed use of the songs and demanded Spotify establish procedures to enable it to comply with the Copyright Act.

This isn’t the first lawsuit of this type that Spotify has faced. In June 2017, Spotify reached a $43.5 million settlement in an unpaid royalty class action in Ferrick v. Spotify USA Inc. Maybe Taylor Swift was right when she knew Spotify was trouble when she walked in.

The Need for Music Copyright Reform

Whether Spotify’s alleged copyright infringement was knowing or willful or not, streaming services can only really be commercially successful if it maintains an extensive catalog of music and that poses a logistical compliance nightmare that copyright statutes have not adequately addressed in the digital age of music. Forbes estimates that, under the current licensing regime, interactive streaming services, like Spotify, Apple Music, and Google Play, have to file over 10,000 Notices of Intention per day. The volume of Notices of Intention, coupled with unreliable, missing, or conflicting data as to ownership and rights in many songs, deteriorates this anachronistic licensing framework.

However, there’s a bill working its way through Congress that might just shine bright like a diamond. Introduced in the House of Representatives by Rihanna Rep. Doug Collins (R-GA) on December 21, 2017, the Music Modernization Act (MMA) is meant to “provide clarity and modernize the licensing system for musical works” under Section 115 of the Copyright Act, which relates to compulsory licensing, and to establish fair rates and fees for mechanical royalties for that purpose. An identical bill was introduced in the Senate by Senators Orrin Hatch (R-UT), Lamar Alexander (R-TN), and Sheldon Whitehouse (D-RI) on January 24, 2018. The bills provide for:

  • Blanket Licenses: The proposed legislation eliminates the requirement under Section 115 for digital music providers to notify each copyright owner in exercising a compulsory license and instead provides for a blanket license from copyright owners through a mechanical licensing collective that will establish a database of musical works and the identity and address of the copyright owners or licensors. The MMA would provide certain protections against infringement actions for digital services who comply with the terms of the blanket license.
  • Standards for Determining Mechanical Royalty Rates: Currently, the Copyright Royalty Board sets the statutory rate for compulsory licensing, but the current legal standard does not consider market value. Under the proposed legislation, the legal standard will be replaced with one accounts for free-market conditions.
  • Random Assignment of Rate Court Proceedings: Instead of each performing rights organization (i.e., ASCAP, BMI) being assigned to a single federal rate court in New York to determine reasonableness of rates, the MMA proposes to have a district judge in proper jurisdiction be randomly assigned to settle rate disputes.
  • Evidence for Public Performance Royalties: The current Section 114(i) prohibits rate court judges from taking into account recording royalty rates as a benchmark when setting performance royalty rates. Under the proposed legislation, performing right organizations and songwriters would be able to present this evidence to obtain fairer rates.

The U.S. Copyright Office conducted a study in 2016 titled “Copyright and the Music Marketplace” that provided recommendations for reforming the existing licensing framework, many of which have been integrated into the Music Modernization Act.

The National Music Publishers Association (NMPA) released a statement of support, alongside me than 20 music industry organizations including RIAA, the Recording Academy, ASCAP, BMI, and SAG-AFTRA, endorsing the Music Modernization Act, the CLASSICS Act, the AMP Act, and a market-based rate standard for artists from satellite radio. These bills have not come without criticism, namely concerns that they would give more power to the already powerful music publishers to the determent of songwriters. The flip side of this argument, as The Verge notes, is that the MMA “prevents lawsuits like Wixen v. Spotify. If a streaming service sets aside the money it’s trying to allocate to a songwriter it can’t find, it can’t be sued later on for not finding the songwriter.” Whether the MMA is flawed or not, the music industry has been sitting, waiting, wishing for a copyright law that reflects how digital music is distributed and consumed, and if you believed in superstitions then maybe the MMA is a sign.
 
 *We would like to thank our intern Torie Levine for her contribution to this article.

The SEC, CFTC and Possible Future Of Utility Tokens

By: Steve Masur

A lot of people have been asking us what may happen with regards to regulation of ICOs in the United States. The U.S. Securities and Exchange Commission’s regulatory action against Munchee, Inc.’s ICO, coupled with the recent U.S. Senate Committee on Banking, Housing, and Urban Affairs hearing on cryptocurrencies, set off a massive regulatory change. By the end of 2018, many ICOs made available in the US market may need to be qualified as securities offerings, and complying with the U.S. securities laws may not be too burdensome or difficult, though it could affect the marketability of token offerings.

So What Happened?

On February 6, 2018, Securities and Exchange Commission (SEC) chairman Jay Clayton and Commodity Futures Trading Commission (CFTC) chairman J. Christopher Giancarlo testified in front of the Senate Banking Committee in a hearing entitled “Virtual Currencies: The Oversight Role of the U.S. Securities and Exchange Commission and the U.S. Commodity Futures Trading Commission,” and spectators have come away with four key things from the hearing:

  1. Clayton and Giancarlo used personal anecdotes to demonstrate that they don’t want to shut down coin offerings and cryptocurrencies in the United States. They acknowledged that the stock market feels inaccessible to main street investors and indicated they understand the role that cryptocurrency offerings can play in giving people the opportunity to gain access to early-stage investment opportunities, as well as the attractiveness of early liquidity.
  2. They are unsure of exactly how to deal with scams and fraudulent activity in the crypto space without creating too much of a chilling effect on activity. They are mindful that if they scare all of the ICOs offshore, they could scare a lot of innovation offshore and, with it, potential economic growth for the United States.
  3. They each see regulating cryptocurrency as partially within the SEC’s jurisdiction, partially within the CFTC’s jurisdiction, and partially within a grey zone in between. They understand that this creates the opportunity for them to expand their agencies’ jurisdictions and get more federal funding, as well as to surgically paint themselves out of responsibility of policing the more problematic areas in cryptocurrency regulation and push them to other agencies. They understand the need to collaborate on enforcement.
  4. They were crystal clear that an opinion letter from a law firm does not exempt a utility token offering from consideration as a securities offering under U.S. law.

What Might This Mean for Utility Token Offerings in the US?

First, it will likely be much more difficult to get a U.S. law firm to write an opinion letter stating that your token offering is not a securities offering. Second, there may be many fewer utility token offerings in the United States because of the regulatory requirements. Third, token offerings accessible to U.S. investors need to comply with U.S. securities laws, i.e., either be registered as a public offering or be exempt from registration. Fourth, since there are many countries that do not classify ICOs as securities offerings, many companies may choose to launch their ICOs offshore and geofence U.S. investors out of the offering, or at a minimum, subject them to Anti-Money Laundering (AML) and Know Your Customer (KYC) review and qualification. Finally, companies that believe they can conduct their ICO offshore may find they have not actually escaped U.S. enforcement jurisdiction if their business maintains sufficient contacts within the United States.

What Can You Do?

You might not need to scrap your plans to conduct a token offering in the United States and immediately move offshore, and may actually comply with U.S. securities laws without too much expense with strategic legal guidance. The SEC has set out rules for conducting a complaint securities offering, including Regulations D, A, A+, and CF, and the SEC made clear in the Munchee action that they will “scrutinize the market vigilantly for improper offerings that seek to sell securities to the general public without the required registration or exemption.” That said, in declining to impose a penalty, the SEC was sympathetic to Munchee’s efforts to comply by immediately stopping the ICO and refunding investors’ money before issuing any tokens.

With all of this said, the biggest problem that offerings qualified as securities under U.S. law face is decreased marketability. Long lockups and other limitations on trading mean that securities-tokens are not nearly as interesting to the whales during a presale, or to the general market afterwards. As a result, right now, the reputable cryptocurrency exchanges are unlikely to list new security tokens and tokens that are already listed, which are later defined as security tokens, are likely to be de-listed. So while security tokens may very likely have a bright future, at the moment, they are less marketable because of the uncertainty in how they will be practically regulated. The continued ability to list on the best known and most reputable exchanges is why so many companies planning to launch utility token ICOs are forum shopping for jurisdictions outside the U.S., signing SAFTS with accredited presale investors, and exploring foundations, and other corporate models that will allow their tokens to continue to avoid being considered securities.

While the law in the area is still unclear, law firms experienced in securities offerings and ICOs can evaluate compliance obligations for specific scenarios and offer valuable guidance in structuring a token offering that is both mindful of business objectives and conscious of risk.

Social Media Influencers Gaining New Followers – The Federal Trade Commission

By: Steve Masur

Influencers, social media stars who are sought after by the biggest technology, fashion, beauty, and luxury brands because of their army of followers, are gaining a new following – FTC regulators.

These social media stars engage their followers with picture perfect Instagram feeds of their daily lives, cute pets, top of the line fashion, and elaborate vacations including numerous sponsored product and brand mentions — often choosing to leave out any indicia that companies have paid them in cash, goods, or services for said Instagram posts. Financial rewards in any form, including free products and paid-for vacations, can run afoul of certain truth in advertising rules in place to prevent deceptive marketing. Proper disclosures must be made in order to comply. Authorities not only in the United States, but in places like the United Kingdom, and France have heightened their vigilance on social media in an effort to locate influencers who engage in deceptive marketing practices. (Source: Dalton, M. (2018). Social-Media Stars Are Turning Heads—of Regulators. [online] WSJ.  [Accessed 14 Feb. 2018]

In today’s society where our iPhones are permanently attached to our hands, consumers are constantly scrolling through Instagram feeds, Twitter timelines, and Facebook statuses. The days of flipping through magazines to keep up with the latest trends and cutting-edge products have become almost obsolete. To capitalize on this “social media generation”, brands have jumped on the social media bandwagon and have started to intensify efforts to create partnerships with influencers. Brands usually lure influencers in by wooing them with free clothes, technology products, luxurious vacations, and cash.

In return, brands are asking influencers to promote the brand to their followers by posting photos of clothing, beauty products, hotels, etc. In the case of some influencers their followers number in the hundreds of millions (that’s a lot of publicity!). Brands no longer have to spend millions of dollars on 2 page spreads in the pages of Esquire. Now brands can easily reach consumers with  the latest Adidas sneakers, fitness fads, and trending vacation destinations on their Instagram feed. Some brands and influencers have also entered into “affiliate marketing services,” which essentially is a contract which allows influencers to gain a commission based on the percentage of sales that are driven from their personal blogs and social media posts to companies e-commerce businesses.  (Source: Dalton, M. (2018). Social-Media Stars Are Turning Heads—of Regulators. [online] WSJ. [Accessed 14 Feb. 2018]

In April and September of 2017 the Federal Trade Commission (FTC) sent out warning letters to over one hundred social media influencers and celebrities warning them that a number of their social media posts had run afoul of FTC deceptive marketing rules. (Source: Anon, (2018). [online]  [Accessed 14 Feb. 2018].) Many influencers stated that they were unaware that their social media posts risked violating deceptive marketing advertising regulations. (Source: Dalton, M. (2018). Social-Media Stars Are Turning Heads—of Regulators. [online] WSJ.  [Accessed 14 Feb. 2018]) The FTC says that any material connection between a brand and an influencer must be disclosed, “material connections could consist of a business or family relationship, receipt of payment, free products or services or other incentives to promote a brand.” Even the act of “tagging” a brand in a social media post is an endorsement of the brand according to the FTC, and further disclosures as to any partnership the influencer has with the brand must be properly disclosed. The letters clarify that a post that simply states “thank you” is not adequate to disclose that this is a paid endorsement. Following these warning letters, the FTC created an FAQ sheet which provides guidance on the proper language that should be used by influencers to disclose brand partnerships and any affiliations (see examples below). (Source: Anon, (2018). [online]  [Accessed 14 Feb. 2018].

Illegal Social Media Ad Campaigns

Now that traditional advertising campaigns have forgone the pages of magazines and ended up on our social media feeds, brands and influencers must be more conscious than ever of the risks posed when proper disclosures are not made to the public on sponsored posts. Even celebrity designers are at risk of getting into hot water with the FTC. Kanye West caused frenzy on social media in early February when a number of photos with the hashtag #YeezySeason6 started popping up all over our Twitter timelines and Instagram feeds. The hashtag was displayed under photos of different social media influencers dressed in the newest release of West’s fashion line. West chose to forego a traditional fashion week show and use the power of influencers and social media to recreate photos of his wife, Kim Kardashian West, as a new cutting-edge advertising technique. However, there is a good chance that this campaign is actually illegal in the eyes of FTC regulators. (Source: The Fashion Law. (2018). Is Kanye West’s #YeezySeason6 Campaign Illegal? [online]  [Accessed 14 Feb. 2018].

The problem with the campaign is that there are no disclosures made under any of the posts. Because no disclosures were made (such as #ad), there is a high likelihood that consumers are unaware that the social media posts are a part of a formal advertising campaign and that the “Instagram models” are actually being compensated in return for posting the images on their social media accounts. This could be misleading to consumers and considered to be a form of deceptive marketing under the Federal Trade Commission Act. (Source: The Fashion Law. (2018). Is Kanye West’s #YeezySeason6 Campaign Illegal? [online] [Accessed 14 Feb. 2018].

The Federal Trade Commission Act allows the FTC to prevent deceptive practices. The Commission has determined that “a representation, omission or practice is deceptive if it is likely to: mislead consumers and affect consumers’ behavior or decisions about the product or service.” (Advertising and Marketing on the Internet: Rules of the Road, Federal Trade Commission (2018)(last visited Mar 6, 2018) In September of 2017, the FTC announced that it came to a settlement in the first case brought against social media influencers for deceptive marketing. The FTC brought suit against two famous YouTubers, Trevor Martin and Thomas Cassell, and their company CSGO Lotto, Inc., for failing to disclose to their followers that they were owners and officers of CSGO Lotto, Inc. when they promoted its online gambling service. Under the FTC laws about truth in advertising, they should have disclosed this to their followers. And they should have done so clearly. (If influencers are paid, they must disclose it, Consumer Information (2018) [last visited Mar 6, 2018] Consumers may feel differently about a certain post or endorsement if they know that an influencer has a financial connection to the brand, and this needs to be openly and clearly disclosed to avoid misrepresentation or deception of any kind.

By this point you are probably asking yourself, ‘how can I be sure that my brand does not run afoul of the FTC regulations?’ Below are a number of frequently asked questions and the FTC’s answers for best practices on social media disclosures.


Source: Federal Trade Commission

Q: Do I need to list the details of everything I get from a company for reviewing a product?

No. If you got $100 or $10,000 you could just say you were “paid.” But, that wouldn’t be good enough, however, if you’re an employee or co-owner.

Q: As an #influencer, I often use #ad to disclose brand affiliation, is that sufficient?

For Twitter #ad is sufficient as long as it’s easily noticed. But if #ad is mixed in with links, handles or other hashtags, readers may naturally just skip over all that clutter. With multiple links & hashtags, #ad may go unnoticed, best to make it visible in the beginning whenever possible.

Q: I’m an influencer. Whenever I mention/tag a product, do I have to say whether I got it for free or paid for it myself?

No. If you mention a product you paid for yourself or just happen to like, there isn’t an issue. The FTC is only concerned about endorsements made on behalf of a sponsoring advertiser. If an advertiser or someone working for an advertiser pays you or gives you something of value to mention a product.

Q: I’m well-known as a spokesperson for a product. Do I have to disclose I’m being paid each time I tweet about it?

If your followers know that you’re paid to endorse that product, no disclosure is needed, but if a significant portion of your followers don’t know that, the relationship should be disclosed. Determining whether followers are aware of a relationship could be tricky in many cases, so we recommend disclosure.

Q: If a U.S. influencer travels abroad for a U.S. brand, which laws do influencer’s posts need to follow – U.S., abroad or both?

U.S. law applies when it’s reasonably foreseeable that posts will affect U.S. consumers, which it would be. Foreign law might also apply.

Q: How does the FTC view non-U.S. influencers with a significant number of American followers?

U.S. law applies when it’s reasonably foreseeable that posts will affect U.S. consumers. So, if posting about products sold in U.S., they should disclose.

Q: Regarding built-in disclosures: Is the “includes paid promotion” mark on [YouTube] videos insufficient? The “Paid” tag on Facebook?

Don’t assume that disclosures built into platforms are sufficient. It depends on whether the tool clearly and conspicuously discloses the connection. FTC staff doesn’t think that the built-in YouTube and Facebook tools suffice. The same applies to the built-in Instagram tool.

Source: (The Fashion Law. (2018). MUST READ: The Federal Trade Commission Answers Common Influencer-Specific Questions. [online] [Accessed 14 Feb. 2018].)

For more on the FTC’s Endorsement Guidelines visit, https://www.ftc.gov/tips-advice/business-center/guidance/ftcs-endorsement-guides-what-people-are-asking