Disability-related lawsuits find new targets

Since at became law in 1990, there’s little doubt that the Americans with Disabilities Act (ADA) has helped make public buildings and businesses more accessible to the disabled. At the same time, however, brick-and-mortar businesses have long complained about the cost of ADA compliance, and claim that many ADA-related lawsuits are more about making money for lawyers than about actually increasing accessibility. Now that most shopping has moved online, lawsuits have begun to extend the ADA to websites and other online services, concepts which really didn’t exist at the time the law was passed.

For example, Home Depot was sued in 2015 by a blind Pennsylvania man alleging that the Home Depot website relied too heavily on images without the alternative text and descriptive links required to allow access by the sight-impaired. The same plaintiff had filed at least 68 similar lawsuits targeting online retailers. Companies from Target to eBay have been sued for ADA issues, and many companies have paid out millions to the government or class action plaintiffs, in addition to the cost of becoming compliant after the fact. Now, plaintiffs’ lawyers have begun targeting platform providers, in what may well result in a new wave of ADA litigation against the internet’s infrastructure providers.

While it’s increasingly clear that internet accessibility is required under the ADA, it’s less clear what constitutes an accessible website. Here are some of the steps you can take to make your website more accessible and less likely to result in a lawsuit or legal liability:

  • Perform a website audit, to determined what aspects of your website might not meet reasonable accessibility standards.
  • Update your website to comply with the Web Consortium’s Web Content Accessibility Guidelines 2.0 (WCAG), currently the closest thing there is to an accessibility standard under the ADA.
  • Make sure your development and design policies include guidelines for continuing WCAG compliance, since it’s all too easy to lose sight of accessibility in the stress of a new site or product rollout.
  • Train customer support and technical personnel to understand and facilitate use of your website by disabled customers, and to be sensitive to the needs and complaints of disabled users.

Although the Department of Justice is expected to issue guidelines some time in 2018, it’s probably not a good idea to wait. In addition to good risk management, it may well be good business, to keep both your disabled and able-bodied customers happy.

Do I really have to worry about the new European privacy rules?

Is it finally time to pay attention to European efforts to regulate privacy? At least according to pwc, the answer is yes.

Let’s face it – many Europeans regarded the former “Safe Harbor” as a loophole big enough to drive a truck through, and many US companies quietly agreed by effectively ignoring it. The GDPR is an attempt to address that more effectively, at least with respect to American companies with assets in Europe, particularly behemoths like Google and Facebook. As of May 25, 2018 most processing of European personal data will have to comply with the GDPR (General Data Protection Regulation), including processing by US-based companies. There are a few reasons for US companies to be more concerned about the GDPR than previous efforts to regulate privacy:

  • The GDPR has the effect of law, without the need for individual (and often inconsistent) country legislation.
  • All businesses which “target” EU nationals are subject to the regulation, no matter where they are based.
  • The fines have been increased significantly and can be tied to worldwide revenue, to ensure that they are meaningful for even the largest of companies.

Of course, it’s easy for EU officials to threaten Google, which has at least four data centers located in the EU, each presumably worth many millions of dollars. It’s a little harder for them to penalize US companies which don’t have assets on the ground in the EU, particularly given that US courts are likely to be skeptical of attempts to enforce the regulation against companies with no offices in Europe. So, how do you know if you should be worried about the GDPR? If you answer yes to any of the following you need to start getting your privacy house in order:

  • Do you have assets in Europe? As already noted, you should be GDPR compliant unless you’re willing to kiss those assets goodbye without compensation.
  • Do you have personnel in Europe? Even with limited assets on the ground, you need to consider the risk to your employees, and the subsequent risk to your company if they are penalized and decided to sue.
  • Is the European market is important to you, or is it expected to be important to you in the future? Obviously, an adverse judgement in the EU could result in loss of any European-based revenue, to say nothing of the loss of customers due to bad publicity.

Notwithstanding the hype, companies with no footprint in Europe and minimal aspirations of success in the European market probably have little to fear from the GDPR. That being said, given increasing concern over privacy on this side of the ocean, even those companies may want to consider implementing some of the GDPR requirements, to minimize any penalties and to make compliance easier if and when it becomes necessary. Besides, better privacy practices may well make business sense for a lot of US companies.

You’re running out of time!

Anderson Sophie Christmas Time Heres The Gobbler PublicDomain

Quick, I have dinner, you handle the rest!

When I say you’re running out of time, you may think I’m referring to time needed to buy presents, drawing the absolutely incorrect conclusion that I have not yet purchased a suitable present for my wife. I have. It’s just that she changed the ground rules on me and … oh, never mind, that’s not what I meant anyway.

What I meant is that you’re running out of time to register your DMCA Designated Agent under the new system we reported on earlier this year. Like it or not, agents designated under the old system are no longer valid starting January 1, 2018, so if you are in any way hosting third-party content you’ll want to register a new agent under the new system.

It’s not terribly difficult, so cruise on over to the US Copyright office’s website and register. You’ll need the following information for both the designated agent and the owner or operator of the website (which may or may not be the same):

  • Name
  • Address
  • Phone number
  • E-mail address

Oh, and you’ll need a credit card. You can’t use mine, I have a little more shopping to do.

Well, then we’ll just sue them!

Vinnie

I guess you could save a little money on counsel, if you really want to.

When working with international (especially German) clients, we sometimes get to the point where the client says “well, then we’ll just sue them.” Unfortunately, while filing a lawsuit is easy, winning anything more than a Pyrrhic victory is often hard.

There are a number of reasons for that, some of which international clients are also familiar with. In most countries, I suspect, litigation takes longer than the parties (particularly the plaintiff) might like, and involves more effort than seems necessary. Similarly, the parties are sinking cash into what already seems to be a lost cost, although in many countries they can get back what they’ve put into the litigation if they win (more on that later). Finally, collecting in any country can be a challenge, and can involve making difficult decisions about when to pursue collection and when not to.

In the United States, however, there are some additional things to consider before bringing a lawsuit. After all, bringing the lawsuit itself is markedly easier than it might be elsewhere, but successfully prosecuting one can be a lot harder. Some of those issues include:

  • As noted above, the loser doesn’t pay the fees of the winner. That means that, in calculating the damages you expect to collect, you have to deduct the expense of filing, carrying out, and collecting on the lawsuit from any award. Sure, you have all read about our seemingly generous regime of “pain and suffering” and other punitive damages, but in the average commercial dispute you can expect to knock off anywhere from thousands to hundreds of thousands of dollars from any actual damages you are awarded, and you’re not likely to get any of those extra damages to make up for it.
  • Adding to both that cost and the impact on your business is the US system of “discovery,” which allows both parties to demand documents, depose witnesses, and otherwise intrude on the daily business life of the other party. Given that flying just one executive to the United States for one day of depositions can costs thousands of dollars and three work days, that’s a cost foreign companies have to think a little more carefully about than their domestic US counterparts. And remember, that money is not coming back even if you win.
  • All of the above means that a party who can afford to win the “war of attrition” can make it difficult to collect on even larger amounts due by driving up litigation costs to the point that a smaller vendor can’t maintain the litigation long enough to collect. I suspect that’s true in most countries, but again, the prospect of never recovering those expenditures makes things more problematic.
  • And then there’s collection – an award in one jurisdiction can be hard to collect on in another, and none of that matters if the party you’ve won against has nothing to collect on. It’s important to do some research up front before filing that lawsuit, since a judgement for $250,0000 which cost you $15,000 to get is really just a loss of $15,000 if you can’t collect in the end.
  • Finally, it’s not all about money. The interruption to your business and stress caused by depositions and document collection and review can be significant, and even more so for non-US employees who aren’t used to that sort of thing. Equally importantly for the foreign employer, in some cases US discovery laws may be inconsistent with your own laws, requiring a difficult choice between compliance with US law or accepting a negative result in the US in order to comply with foreign law.

There are definitely times when a lawsuit is the right way to go, but suing “on principle” in the US rarely makes sense. A lawsuit is like any other business decision, so before filing make sure the return is going to be worth the investment.

German court decides Parents can’t access deceased child’s Facebook account

Facebook

A German appeals court has decided that the Facebook account belonging to a deceased minor cannot be accessed by the deceased minor’s parents, according to German business website Handelsblatt. A couple in Berlin sued for access to the Facebook records of their daughter after she was killed by a subway train in Berlin, hoping to find clues as to the events leading up to her death. They were particularly interested in the chat records, which they thought might provide clues as to whether the daughter’s death might have been a suicide.

The lower court decided for the parents, determining that the Facebook account was part of the deceased minor’s estate. In deciding to appeal, Facebook, the subject of much criticism in Germany for its handling of data privacy, found itself in the unusual position of defending those same rights. The appellate court decided against the parents, and refused access. It appears likely that the parents will appeal the decision.

In the United States, Facebook generally does not allow parents access to a child’s account, deceased or not. Facebook does allow parents to request that the account be terminated, rather than leaving it online in “memorialized” mode, and in rare instances Facebook will honor requests for account data by parents or other authorized individuals.

At the rate we’re going, we’ll soon be traveling with books and cassettes

IMG 1917

Let’s not go here again

As I watched the luggage carousel spin slowly around I was pretty well aware what I would see there – nothing, or at least nothing which belonged to me. We had barely made our connection in Frankfurt, after circling for hours, and the only thing which made it through to Philadelphia was a cat. I don’t even like cats.

No problem, right? We could just run out and buy luggage on the airline’s dime.

Or not. Airline liability for lost or damaged baggage on international flight is regulated by a treaty called the Warsaw Convention, which limits airline liability for checked baggage significantly. According to Delta’s website, that’s $9.07 per pound up to a maximum of $640. Normally the answer is simple – if it’s valuable, don’t check it. The proposed ban on laptops and tablets for flights to the US from Europe, however, adds a new wrinkle to that otherwise simple advice, since most business travelers don’t really have an alternative to traveling with a laptop. Most road warriors won’t be terribly happy about seven to nine hours of lost work time, to say nothing of that low-res airline entertainment. They’ll be even less happy if they can’t retrieve the laptop at the end of that long flight.

The bigger issue, of course, is security. A lost laptop means lost data, and lost data can result in all sorts of headaches depending on what’s actually on the laptop. While encryption can limit the damage, that still won’t compensate for the loss of productivity for business travelers who depend on their laptops for their daily work.

While business travel won’t stop, the laptop ban combined with other issues which make international travel more onerous may well hit the bottom line of airlines with international routes. It will also increase the interest in everything from insurance for lost luggage to rentals of laptops and similar equipment overseas (which brings with it additional security concerns). Some frequent travelers may even consider storing electronics at offices or apartments overseas, to ensure that they are able to get back to work quickly upon arrival.

In the grand scheme, however, Skype begins to look pretty attractive when the alternative is eight hours of airline entertainment or watching TV on a cell phone followed by a full cavity search on arrival.

Of course, you could always fly via Canada.

State of Incorporation

State of Incorporation

Alas, not the most popular state to incorporate in

Europeans often think that they are catching up to the US, at least in terms of harmonized and consistent laws, but in many instances our system is actually more federalized than that of Europe. Whereas you can now form a European corporation, US corporations are formed under the laws of a particular state, rather than under the federal (United States) law. Typically, that means you’ll have to decide between the state in which you’ll actually be headquartered or operating (assuming you know which state that is) and one of the states which has advantageous tax or corporate laws for corporate formation.

Traditionally, Delaware has been the first choice of most corporations because of its favorable tax and corporation laws, but other states such as Nevada, Alaska, and Wyoming have also been trying to get into the lucrative business of corporate services in recent years. If you’ll be operating completely within the border of a single state, you might as well incorporate in that state, but most German businesses are seeking to sell throughout the United States so a Delaware (or other law-tax state) corporation will be more advantageous. There is no equivalent to the European Corporation (SE) in the United States, so every US company will have to choose a state of incorporation.

Even more confusing, if you will be operating in a state outside of your state of incorporation you will have to file for authorization to do business in that state (or those states) as a foreign corporation. That’s right, a Delaware corporation doing business in California or even neighboring Pennsylvania is considered “foreign” for the purposes of state law, just as a German corporation would be, and may have to register as a foreign corporation. Although state laws regarding filing for authorization differ, it’s a safe bet to say that if you’ll have employees or physical assets based in a particular state you’ll be required to register in that state.

So, for example, if you form a corporation under the laws of Delaware, but will have your offices in New Jersey, you’ll form the corporation in Delaware and then file for authorization to do business in New Jersey. If you also have branch offices in California and North Carolina, you’ll need to file for authorization in those states as well. Filing for authorization in a particular state triggers other obligations as well, including the obligation to file an annual tax return and, usually, to file papers with the state relating to labor, taxes, and other fees. For any state in which you do not have a physical presence you’ll also need to pay a registered agent to accept mail and service of legal process on your behalf, which usually costs no more than $200 per year.

This is the first in an occasional series of posts on starting your business in the US.

New Green Card! Still Green!

Green Card

She’s having some well-founded second thoughts.

USCIS announced last week that the green card and employment authorization document (or EAD) would receive a makeover, in order to increase security and reduce the likelihood of tampering. The green card is granted to foreign nationals who wish to remain in the United States permanently, and who have passed through all of the (varied, but mostly lengthy) processes needed to become a permanent resident. The Employment Authorization Document, or EAD, is a document which is used to show that a foreign citizen is permitted to work in the United States.

The new green card remains largely green, and shows the Statue of Liberty. The EAD card will display the bald eagle and be red according to the USCIS, although they look a little more pink/purple to me. While the new cards will become available May 1, 2017, the USCIS will continue issuing the older-format cards for a while, in order to use up the existing inventory of card stock. Older green cards remain valid until they expire.

As a side note, I have to give them credit for that. For years, as a teenager, I cleaned the office of our local Congressman. At some point during that time the government clearly changed letterhead (as far as I can tell, it was a change from blue to black, that’s it). Either way, I ended up carrying out huge piles of pristine and unused stationary, letterhead, and envelopes to the trash for no sensible reason whatsoever.

Anyway, will have photos front and back, and will no longer display the individual’s signature. For more information about the green card, check out the USCIS webpage. Apparently, the cards were issued as part of the “Next Generation Secure Identification Document” project being carried out by the Department of Homeland Security, but I wasn’t able to find a single reference to that project other than announcements of the new green card.

Germany’s DeNIC offers (a bit) more privacy for some registrants

Whois screengrab

With the increasing focus on privacy in Europe, and ongoing challenges to the US-European “Privacy Shield” agreement, domain name registrants from Europe see domain names as (yet another) weak link in privacy rights. They wouldn’t be wrong in that – in order to protect domain name registrants in the case of the failure of a domain name registrar, all registrars are required to put the underlying registrant data in escrow with an accredited data escrow provider. Until recently, however, the only ICANN-approved data escrow provider has been the US company Iron Mountain, and as a result all of the agreements (and the underlying data) were subject to US law. That, of course, means they were subject to US law enforcement and civil litigation demands as well.

That has recently changed. According to heise online (in German), DeNIC, the German company in charge of the .de country level domain, has recently been accredited by ICANN as a third party data escrow provider for registrar data. DeNIC’s accreditation provides a European alternative to Iron Mountain, and provides some assurances that European data remains in Europe subject to European privacy laws. While that’s an improvement, domain registries must also escrow data, and there’s only a single provider for those services as well (can you guess who that might be?). DeNIC, looking to close that weak link in data protection, is actively seeking accreditation there as well.

While this particular service may not impact US business to any great extent, it does demonstrate an increasing interest in European alternatives under the current political climate. No doubt companies like XING (a German LinkedIn alternative) and UK online bookseller Wordery will seek to capitalize on increasing European concern over US service providers.

At the rate things are going, US disregard for privacy may create the European Internet champions that European lawmakers could not.

For more on DeNIC’s accreditation and continuing efforts, see this press release.

How will the new H-1B rules impact German companies?

Zeit Online recently ran an article about announcement by the Trump administration that H-1B visas will be more closely screened than before, and that the focus on protecting US workers will increase. While these changes will (eventually) impact some companies, particularly in the tech area, many German investors will be impacted only indirectly by changes to the H-1B program.

Most small to mid-sized German companies (the so-called Mittelstand) look to two other options for their personnel needs in the USA – the L visa and the E-visa. Neither visa has a separate mechanism to protect US workers because of their limited scope and purpose, and because other limitations (such as specific qualifications or business requirements) limit their use. Neither visa has been subject to the same level of alleged abuse as the H-1B visa (although the L visa has suffered some collateral damage), and thus far neither program has been subject to the same level of animosity from the Trump administration.

The L-visa allows current or recent employees of a German company to be transferred to a US subsidiary or affiliate if they meet certain qualifications. Since the visa is for the transfer of an existing employee, and is to further the exchange of knowledge between related companies, typically only a relatively small number of people can qualify. As a result, there should be little threat to US workers on a larger scale, who wouldn’t have the knowledge necessary for the position anyway since it is specific to the transferring company.

The E-visa allows German companies who trade extensively with the US (E-1) or invest in the United States (E-2) to hire a German national in the US to oversee that trade or investment. The idea is that the investment or trade would not happen without the assistance of someone whom the investor trusts, or someone who has at least the same cultural background as the investor/trader. Since the program is limited to nationals of a specific country with specific qualifications, the overall risk posed by the program to US workers is also limited.

This is not to say that the kerfuffle over H-1B visas doesn’t impact German companies at all. First of all, when H-1B visas become difficult to obtain the strain on other visa categories becomes much greater. The L-1B visa for non-managerial workers in particular has been utilized by companies who can’t obtain enough H-1B visas, often in ways which weren’t really intended uses for the visa. As L-1Bs become more difficult to get, more employers seek to obtain the more preferable L-1A (for managers), which increases scrutiny of that category as well. Not surprisingly, all of the extra scrutiny in the L category makes the E-visa a more attractive option for German companies which, in turn, makes those more difficult to obtain.

Of course, German companies who have already managed to establish a subsidiary in the US (especially in the IT industry) often find that their help wanted ads are answered by foreign nationals, who in turn require a visa (often an H-1B) for employment. As one of my clients once mentioned to me, the German headquarters was not at all happy about having established a US entity at great effort and cost, for the purpose of having an “American” presence, only to turn around and hire Indian nationals and spend money on additional visa applications.

Overall, German companies with a solid business plan and a real need can still obtain the visas they need, although with a little more effort and scrutiny. So far, most (but not all) of those German nationals can still enter the US without too much trouble, although sometimes with more scrutiny and effort there as well. The bigger question for the US is whether the constant barrage of bad news and border control horror stories will make Germans reconsider investing in the US at all.