Rubber Biscuit Law – Corporate Transparency Act version

by | Jan 2, 2025 | Corporate

Joliet Jake and Elwood Blues famously perform a remake of the The Chips song “Rubber Biscuit” on SNL.  

It’s a silly song – the lyrics are mostly gibberish, for example, they start “Cow cow hoo-oo Cow cow wanna dib-a-doo Chicken hon-a-chick-a-chick hole-a-hubba…” (and get more ridiculous from there)

Every time I think about the Corporate Transparency Act (CTA), this song comes to mind – more so lately because the CTA has been enjoined nationally, un-enjoined, and then re-enjoined in the span of just a few days in December.  If you are keeping tally, it is currently enjoined nationwide as of the posting of this article. 

Worse, after it was un-enjoined nationwide, FinCEN decided to allow only 13 days (the number of days it was enjoined) as an extension.  Even more oddly, when the CTA was first enjoined many months ago, the court said the CTA was unconstitutional, but then only enjoined its enforcement against the particular plaintiffs in the case – complicating any meaningful timely nationwide review.

Many of our clients have filed their Business Owner Information reports at FINcen (Website), and our advice is to either do so, or prepare on short order to do so. Their webpage states: “[A]s of December 26, 2024 … the injunction issued by the district court in Texas Top Cop Shop, Inc. v. Garland is in effect and reporting companies are not currently required to file beneficial ownership information with FinCEN.” While we feel some of the regulations they issued may have to be adjusted – it is likely the law will survive in some form or another. However, if you have not filed, or form a new company and do not want to file, as of now, there is no legal obligation to do so, and when its finally resolved, we can do the rubber biscuit song hopefully one more time . . .

Does your website need to be ADA compliant? It’s complicated…

by | Sep 4, 2024 | ADA, Software

The Americans with Disabilities Act, 104 Stat. 327 was enacted in 1990 and generally requires that persons that are disabled, defined as having “a physical or mental impairment that substantially limits one or more major life activities of such individual” (42 USCS § 12102) may not be “discriminated against on the basis of disability in the full and equal enjoyment of the goods, services, facilities, privileges, advantages, or accommodations of any place of public accommodation by any person who owns, leases (or leases to), or operates a place of public accommodation.” 42 USCS § 12182.  A “public accommodation” is defined in  42 USCS §§ 12181 requiring (1) that such entity affect commerce and (2) that such entity be in a list, which list is comprised entirely of businesses that have physical facilities, such as hotels and motels, restaurants and bars, theatres, auditoriums and convention centers, lecture halls, and include “a bakery, grocery store, clothing store, hardware store, shopping center, or other sales or rental establishment…”

Courts have required businesses that have physical locations that are places of public accommodation to also make their websites ADA compliant. See Nat’l Fed’n of the Blind v. Target Corp., 452 F. Supp. 2d 946 (N.D. Ca. 2006). However, some courts have also determined that Web site services offered by businesses that are solely online and have no physical locations can be places of public accommodation. Gathers v. 1-800-Flowers.com, Inc., 2018 U.S. Dist. LEXIS 22230, 2018 WL 839381 (D. Mass. 2018) (flowers.com); Access Now, Inc. v. Blue Apron, LLC, 2017 U.S. Dist. LEXIS 185112, 2017 WL 5186354 (D. N.H. 2017) (blueapron.com).

Other courts, however, have ruled that the websites of even actual places of public accommodation are not required to be accessible:  Gil v. Winn-Dixie Stores, Inc., 993 F.3d 1266 (11th Cir.), vacated as moot 21 F.4th 775 (11th Cir. 2021). Contrary to the Winn-Dixie case, at least one case has held that a restaurant’s Web site and mobile application was required to be accessible to comply with ADA, because of the obligation of the restaurant to provide auxiliary aids and services to customers while in the restaurant. Robles v. Domino’s Pizza, LLC, 913 F.3d 898 (9th Cir.), cert. denied, 140 S. Ct. 122 (2019).

One court summarized the cases, ultimately siding with what it described as the majority rule – that holds that a Web site alone, not connected to a physical location, is not a “place of public accommodation” – “Whether a website is subject to the ADA has occasioned a split of authority among the federal courts. There is broad agreement that a website is subject to the ADA if it operates as a gateway or nexus to a physical location. … Where the federal courts differ is on the precise issue before us: whether a stand-alone website is subject to the ADA. … The split of authority tracks a broader issue, which arose prior to the website cases; namely: Does the ADA apply only to physical locations open to the public? The federal courts have treated the answer to the broader question as determinative of the issue of websites.” Martin v. Thi E-Commerce, LLC, 95 Cal. App. 5th 521, 529 (2023).

So, if you offer a “software service” solely online, does your software have to comply with the ADA?  And if it does, how do you do it?

As to the first question, until the Supreme Court decides the split in cases, or Congress unambiguously amends the law, whether your service offered solely via a remote service has to comply with the ADA will largely turn on whether you can be sued in a jurisdiction where the courts have held that the ADA applies to all publicly available websites (the circuits where that appears to be the rule are the 1st, 2nd and 7th – basically the Northeast and the Northern Midwest) or whether the plaintiff has to show some nexus to a physical business (those appear to be the 9th and 6th circuits – which is most of the west coast). A map of the circuits is available here.

Another factor is that you may be licensing your service to a company that itself has physical locations, or that contractually requires ADA compliance. Additionally, the functionality you offer may itself be used by companies that are required to be ADA compliant, so your software will need to be compliant in those cases.

What does “ADA compliant website” mean though?  The Department of Justice has noted that developers should reference the Web Content Accessibility Guidelines (WCAG) promulgated by the World Wide Web Consortium, commonly referred to as W3C.  See https://www.justice.gov/opa/pr/justice-department-publish-final-rule-strengthen-web-and-mobile-app-access-people (April 8, 2024).  While these rules apply to public entities (state and federal agencies and so forth), they are “reference” for private parties. The DOJ has not adopted WCAG as a regulatory requirement.

You can test any Web site for general compliance easily – using Chrome, or a Chromium based browser, open the Developer Tools, click on Lighthouse, and run a report.  For example, I ran a Lighthouse report on the above DOJ link. My tools are reporting that that the DOJ web page is 95% accessible. Its only failure noted was “[aria-*] attributes do not match their roles.” “ARIA” is a reference to Accessible Rich Internet Applications – and more specifically, is a set of standards to allow the development of more interactive and dynamic content for non-disabled persons, while allowing disabled persons to use screen readers to interact with those tools. See https://www.w3.org/WAI/standards-guidelines/aria/

The current WCAG guidelines (October 2023) are daunting, very dense, and very specific. The actual guides when I print them are 99 pages long including the notes and references. Thankfully a much shorter quick reference exists: https://www.w3.org/WAI/WCAG22/quickref/

Fully complying with the WCAG adds considerable development cost and effort for any modern website, and also affects maintainability and extendibility. However, it is an important concept and should be considered up front in all software development projects, especially those with rich interactive user interfaces. Fixing prior developed sites for WCAG compliance can be very expensive.

Do you have to 100% comply with WCAG?  While some plaintiffs have argued that a Web site must be fully WCAG compliant (Langer v. Pep Boys Manny Moe & Jack of Cal., 2021 U.S. Dist. LEXIS 8680, 2021 WL 148237 (N.D. Ca. 2021)(one video that was not closed captioned was asserted to violate the ADA)), it is not clear that the courts have viewed such failure, alone, as a violation. However, if the web site is in violation of the ADA, courts have held that a court can order a web site operator to comply with WCAG (e.g. Robles v. Domino’s Pizza, LLC, 913 F.3d 898 (9th Cir. 2019)).

Failure to comply with the ADA for a Web site can cause significant potential liability; however, as shown above, even the agency charged with enforcing the ADA is not itself 100% compliant with WCAG (as of the date of this article).

For more information contact Mike Oliver.

Maryland recently adopted a new privacy act, however privacy laws won’t really work until …

by | May 10, 2024 | Privacy, Privacy Law

TL;DR; – they prevent companies from denying services to people that use technology to block tracking and ads. 

Maryland recently adopted the Maryland Online Data Privacy Act of 2024, available here: https://mgaleg.maryland.gov/2024RS/bills/sb/sb0541e.pdf It goes into effect in October of 2025. Does it increase Maryland consumer privacy rights? – yes (sort of). But it follows many other laws that really just do not address the key issue, and it perpetuates the privacy law and compliance cat-and-mouse game. That “game” is obtaining consent. To understand the cat-mouse, read the Sephora decision. Sure, there are other provisions like data minimization – but making a claim solely based on that would be hard. Claims are almost always based on failure to obtain consent.  So, as long as a provider can comply with the consent rules, they are 90% of the way to the clear.

The advertising business, which has been around for centuries but really took off with the advent of radio and TV, thrived for 50+ years without tracking or massively collecting personal information on consumers. The Internet just acted as a giant enabling device – and all these privacy laws have really done virtually nothing to slow it down because of one word: consent.  The new Maryland law does not really change this concept. To elaborate: 

There are basically two types of services on the Internet – those that cost money (so called “paywalled services”), and so called “free” services – which are primarily the user-to-user social media sites. I say “so called” because they are not truly free – you are the product – these sites even expressly tell you – your personal data is productized. There are also some hybrid types – the best example are the hardware manufacturers like Roku and Smart TV makers, that you pay one time for the product, but the product then comes laden with data gathering, Personal Information collecting and selling software.

So what is the key legal change we need to really make privacy a right? Forcing any data collector to respect a consumer’s technological choice to block tracking and advertising. Period.

As it stands now, US privacy-consent law is mostly opt out, and when its opt in, the providers force you to agree – so it’s a Hobson’s choice – don’t use my service, or agree to use of your Personal Information. 

In a truly free market competitive system this would work – because you could make a choice based on the service, and how much you valued your privacy (and if the laws and user interfaces were better, a knowing understanding of how they would use your Personal Information).  However, our actual system is dominated by essentially only a few providers – Meta, X, Reddit, Google YouTube, TikTok and maybe one or two others.  None of those providers give you a choice to not allow them to use and sell your Personal Information – because their service simply does not work if you do not consent. All this does is result in horrid user interfaces – pop up consents and re-confirmations with gibberish, unintelligible explanations of how they use your Personal Information. Try using a browser that technologically blocks those uses – many services just do not work at all.

While those observations are bad enough, the same happens on paid services – banks, hospitals, insurance companies, streaming providers (easily the worst) – services we pay for – many will not work at all if you block third party tracking on a browser.

So, is the new Maryland privacy law good?  Apart from the fact it should have been enacted 10 years or more ago, I guess its a start, but its just the same can getting kicked down the road – its just a little harder to kick – but all of the service providers that rely on selling your Personal Information already have this figured out. The Genie is way too far out of the bottle to meaningfully fix our privacy systems in the US.  Instead users have to suffer through horrible user interfaces and user experiences for sake of us “consenting” to who-knows-what they do with our Personal Information, just to connect to their friends and family on social media. 

Effective advertising does not need all the personal data – in fact, artificial intelligence can now probably do a better job of just guessing your preferences based on whatever you are searching for, viewing or browsing on, without knowing one actual personal detail about you . . . 

 

Now is the winter of our discontent – so begins the first Act of the Chronicles of the Corporate Transparency Act

by | Jan 8, 2024 | Business Law, Corporate

The Corporate Transparency Act went into full effect on January 1, 2024. For all existing “reporting companies” on 12/31/2023 – they must complete the filing by January 1, 2025.  New reporting companies formed in the US on and after 1/1/2024 must file within 90 days of formation. The filing is done at https://boiefiling.fincen.gov/fileboir – either by downloading a fillable PDF, or by completing the form online.

A “reporting company” is essentially any corporation or LLC formed by filing with an applicable State corporation office in the US, unless the entity is exempt (see https://www.fincen.gov/boi-faqs#C_2 for a list) – and that list has some oddball exemptions, for example, accounting firms are exempt, but not law firms, and “Venture capital fund adviser[s]” are also exempt.  So the first issue is that any existing or newly formed company must determine if it is exempt from this disclosure.

If a company is not exempt, now it must gather all the relevant documentation for “beneficial owners”.  A beneficial owner is:

  • “with respect to an entity, an individual who, directly or indirectly, through any contract, arrangement, understanding, relationship, or otherwise … exercises substantial control over the entity [or] owns or controls not less than 25 percent of the ownership interests of the entity;”
  • but does not include “(i) a minor child, as defined in the State in which the entity is formed, if the information of the parent or guardian of the minor child is reported in accordance with this section; (ii) an individual acting as a nominee, intermediary, custodian, or agent on behalf of another individual; (iii) an individual acting solely as an employee of a corporation, limited liability company, or other similar entity and whose control over or economic benefits from such entity is derived solely from the employment status of the person; (iv) an individual whose only interest in a corporation, limited liability company, or other similar entity is through a right of inheritance; or (v) a creditor of a corporation, limited liability company, or other similar entity, unless the creditor meets the requirements of subparagraph (A).”

See https://www.govinfo.gov/content/pkg/USCODE-2021-title31/pdf/USCODE-2021-title31-subtitleIV-chap53-subchapII-sec5336.pdf

Each beneficial owner and each “company applicant” has to report identification information and it is onerous: 

(A) The full legal name of the individual;

(B) The date of birth of the individual;

(C) A complete current address consisting of: (1) In the case of a company applicant who forms or registers an entity in the course of such company applicant’s business, the street address of such business; or (2) In any other case, the individual’s residential street address;

(D) A unique identifying number and the issuing jurisdiction from one of the following documents: (1) A non-expired passport issued to the individual by the United States government; (2) A non-expired identification document issued to the individual by a State, local government, or Indian tribe for the purpose of identifying the individual; (3) A non-expired driver’s license issued to the individual by a State; or (4) A non-expired passport issued by a foreign government to the individual, if the individual does not possess any of the documents described in paragraph (b)(1)(ii)(D)(1), (b)(1)(ii)(D)(2), or (b)(1)(ii)(D)(3) of this section; and

(E) An image of the document from which the unique identifying number in paragraph (b)(1)(ii)(D) of this section was obtained.

See https://www.federalregister.gov/d/2022-21020/p-1229

Unfortunately this affects nearly all of our corporate and business clients, the majority of which will not be exempt.  While I recognize that the purposes of this Act are laudable – to prevent, or least make easier to discover, funding of illegal activity (see note), the Act, like so many other laws and regulations, is going to be a major burden to small business with, in the author’s view, little benefit.  Criminals are going to either not report, report fraudulently, or avoid reporting by hiding under an exemption.

And to top it all off, the use of this Act to actually commit fraud has already started.  When you visit the main page, at the top, the site warns “Alert: FinCEN has been notified of recent fraudulent attempts to solicit information from individuals and entities who may be subject to reporting requirements under the Corporate Transparency Act.” Sooner or later this database will also likely be breached and sensitive data leaked to hackers and other criminals for misuse.

 (note:  From the opening of the proposed rules for the CTA “Illicit actors frequently use corporate structures such as shell and front companies to obfuscate their identities and launder their ill-gotten gains through the U.S. financial system. Not only do such acts undermine U.S. national security, but they also threaten U.S. economic prosperity: shell and front companies can shield beneficial owners’ identities and allow criminals to illegally access and transact in the U.S. economy, while creating an uneven playing field for small U.S. businesses engaged in legitimate activity.”)

 For assistance in compliance with the CTA, please contact Mike Oliver

 

Celebrating our 10th Anniversary!

by | May 1, 2023 | Firm Matters

Ten years ago today Kim and I arrived at our new temporary offices to start the firm. On our first anniversary I did a short retrospective of that 1st year. I do not recall having any thoughts of how long or even if we would be around in 5 or 10 years – it was more just surviving day to day back then.

A lot has happened over the years but we have been blessed that our core team has remained in tact and we have been able to hire Jen to help Kim and her growing Trademark practice thrive. We would not have made it 10 years without Larry, Karri, Tina and Jen with us, and also Lisa, Melissa, Adam and Pamela – all who helped us along the way.

We also would not have come this far without our clients. We are very thankful of the trust our clients put in us, many of whom have been with us from the start. We strive every day to provide a great work environment for our staff, and great personal, professional, efficient and knowledgeable legal service to our clients.

While our practice is very busy and at least I still take it day by day, with 10 years behind us, we can now look forward to another 10 years!

Best regards, Mike