HOW THE PASSING OF PROPOSITION 24 WILL CHANGE THE CCPA
In 2018, California adopted the most extensive privacy provisions in the United States, the California Consumer Privacy Act of 2018 (CCPA.) Emulating provisions adopted in Europe’s General Data Protection Regulation (GDPR), the CCPA gives California consumers of certain, generally larger, businesses rights relating to the use and sale of personal information like names, addresses or internet purchasing history. In general, the CCPA provides consumers with the right to learn what categories of personal information are collected or sold; to request businesses delete their personal information or opt-out of the sale of their personal information; and creates liability for failing to reasonably protect consumers’ personal information.
California residents voted 56%-44% in the November 2020 election to amend and expand the CCPA through the passage of Proposition 24, the California Privacy Rights Act (CPRA). Proposition 24 imports more of the GDPR’s provisions, providing additional consumer privacy rights over sensitive information. It also expands penalties established through the CCPA, and creates a new agency in California to oversee and enforce consumer data privacy laws. Most of the provisions of CPRA go into effect on January 1, 2023, although the creation of the new state agency and requirements for developing new regulations will immediately go into effect. Businesses must comply with the regulatory provisions of the CCPA until those new regulations are in place.
Most notably, the proposition 1) creates a new administrative enforcement agency and eliminates the existing 30-day period to cure CCPA violations to avoid penalties; 2) slightly narrows which businesses are subject to the consumer data privacy requirements; and 3) provides customers with new data privacy rights, including limiting the sharing of personal data.
Changes to Administrative Enforcement Procedures and Penalties
Under the existing CCPA, a business can be penalized for violation of the regulations only if it does not cure any alleged noncompliance within 30 days after being formally notified by the California Attorney General’s office. Prop 24 creates a separate agency to enforce the CPRA – the California Privacy Protection Agency — and eliminates the existing 30 day opportunity to cure compliance oversights (but provides instead for discretion in whether to impose penalties or allow time to cure), effective January 2023. As a result, all businesses subject to the CPRA will need to be in compliance with the CPRA to avoid the potential issuance of administrative fines once the provisions go into effect in 2023. The new California Privacy Protection Agency will be responsible for investigating violations and assessing administrative penalties, although violations will still be subject to enforcement actions brought by the Attorney General as well. Among other changes, Prop 24 also increases the penalty up to $7,500 on businesses that violate the consumer privacy rights of minors.
Changes which Businesses Must Comply with Consumer Data Privacy Laws
Proposition 24 changes which type of businesses will be subject to California’s consumer data privacy requirements. To be subjected to the CPRA, a business must either:
- Derive at least 50% of its annual revenue from selling or sharing (as opposed to just selling under CCPA) the personal information of California consumers;
- Have gross revenue over $25 million (unchanged); or
- Buy, sell, or share the personal information of more than 100,000 (increased from 50,000 under CCPA) California consumers/households. (Helpfully, the standard now counts only California consumers or households; the CCPA also counted “devices.”)
Other notable changes include:
- Delays the applicability of the CCPA to personal information of a business’s own employees and other business-to-business communications until 2023.
- Requires rulemaking for the protection of trade secrets from disclosure as a result of a consumer request.
- Expands consumer “right to know” requests beyond the prior 12-months, beginning with data collected after January 1, 2022.
Napa County Moves to Orange Reopening Tier
On Tuesday, October 20, Napa County was approved to move to the Orange, Moderate Risk Level reopening tier under California’s Blueprint for a Safer Economy. As a result, effective Wednesday, October 21, many businesses will be able to expand their activities under the Orange Tier guidelines.
Wineries will begin to be allowed indoor tasting, with capacity limited to 25% or 100 people, whichever is less.
Restaurants will be allowed to increase their inside dining capacity to 50% or 200 people, whichever is less.
Bars, breweries and distilleries that have not previously been allowed to open without food service will be allowed to reopen, though only for outside activities.
Information on other businesses and their allowed activities under different tiers is available at https://www.countyofnapa.org/2739/Coronavirus-COVID-19
Napa County is expected to issue additional specific local guidance on reopening requirements in advance of the official change to Orange Tier operations. Additional information from the County and answers to Frequently Asked Questions can be found on the County website.
2020: The Year Testing Availability and Technology Failed Our Wine Industry Economy
Accurate, available and cost-effective diagnostic tools have never been more critical to economic survival than in 2020. While the world waits for a COVID-19 vaccine, large segments of our economy have been closed or hamstrung by government restrictions or voluntary measures implemented to slow the spread of the novel coronavirus. The lack of readily available, quick and accurate COVID-19 testing has been a primary contributor to the implementation of restrictions that have put millions out of work and slowed or recessed economic growth. Now, California and other west coast wine regions have been placed in another impossible situation as a result of the lack of testing resources and technologies available to make timely decisions about the quality of wine grapes.
The 2020 fires, the first round of which was caused by the lightning storms of August 16-19, occurred earlier in the harvest season than the fires and smoke exposure of previous years. The timing and breadth of these fires has caused an enormous demand for smoke taint testing at the go-to laboratory for smoke taint analysis- ETS Laboratories- although ETS and the Napa Valley Vintners have compiled a list of other testing resources available in state and abroad. Because of the enormous and unprecedented demand for ETS services, even with technicians working around the clock, some wineries and growers are shipping their samples overseas in hopes of getting results prior to the pick date.
Smoke taint tests primarily come in two forms: (a) whole berry testing where grape berries are analyzed for “free” guaiacol and 4-methylguaiacol (two of the primary indicators of smoke taint); and (b) wine tests where guaiacol and 4-methylguaiacol are measured in wine that has been fermented or micro-fermented. In the second test, where smoke taint is present, the guaiacol levels will be higher because some or most of the guaiacol that had been bound to sugars in the grapes will have released from the sugars through fermentation.
Whole berry testing was generally considered the most reliable testing option after the 2017 fires. However, it was known that smoke taint characteristics would increase after sugar bonds broke during fermentation and would continue to exacerbate through aging. In 2018, wineries started harvesting small batches of grape clusters to perform in-winery micro-fermentations to then test for smoke taint. Many growers objected to this process because of a lack of transparency regarding the micro-fermentation methodology or any uniformly recognized industry standard protocol. Some growers suspected that grape rejections were based on business factors, such as a wine supply glut, rather than actual smoke taint.
Now in 2020, the demand for testing is so intense that ETS is posting timing updates to receive test results on the landing page for their website. That is, please accept our condolences- ETS is currently reporting results from samples received on August 26 and samples received on September 10 will be reported by October 20.
This delay causes significant problems for wineries and growers. First, wineries cannot evaluate smoke impacts to grapes in real time to make informed grape harvest and acceptance decisions. Second, even if a winery will rely on an “old” test, the delay in receiving even dated information may result in grapes passing maturity and being subject to other defect liabilities. For growers, the problem is more severe and immediate. Growers across the state are watching grapes mature on the vines and many have no definitive answers from the wineries regarding a pick and delivery date or rejection.
In other cases, wineries are offering to process fruit but delay determination on quality until after fermentation. This risk for growers may payoff if smoke taint fears are worse than their reality, but if the fermented wine is ultimately rejected, some growers may be left without any compensation or insurance claim for an entire year of farming and nurturing the 2020 crop. Growers should be speaking regularly with their crop insurance agents and adjusters to determine whether they can maintain claim rights for rejections that occur in the winery, an option that had not previously been available.
In circumstances where pick decisions have not been made because of the lack of timely technical analysis, the delay will result in effective rejection and a much more complicated crop insurance claim process. For every fraction of increased Brix in grapes, the grapes also lose water, or desiccate, meaning that there will be lower tonnage, negatively impacting the purchase price for tonnage-based grape purchase agreements. Two extreme heat spikes over the past 30 days have further exacerbated the rate of desiccation. The delay in making informed pick or rejection decisions may also negatively impact growers’ ability to deliver sound and merchantable fruit and meet any contractual quality standards even if the grapes are shown not to be adversely impacted by smoke conditions.
For growers who have crop insurance, and want to make a claim for unharvested fruit, they need the winery to reject the crop, evidence of an independent analysis of the crop showing smoke taint, and the crop insurance adjuster to evaluate the tonnage of the crop in the vineyard. Any crop insurance payment will be based on either the contract price, or the average price set by the government-backed insurance program, multiplied by the crop tonnage and then reduced further by the policy coverage, which is based on the historic average yields on the vineyard, the amount of coverage purchased, the manner in which the farm units were defined by the policy and broken up by contract and less a deduction because the crop was not harvested. The longer that winery and grower are delayed in determining whether smoke taint is present, the lighter the tonnage and further reduced crop insurance claim. For growers who have recently planted vineyards, add to the insult the inability to show the progressive increase in crop yield on the vineyard for future crop insurance policies.
On top of all this, most Grape Purchase Agreements have provisions that allow for acceptance or rejection of grapes at the time of delivery, but while such a provision may be suitable to reject raisinated grapes or grapes that don’t meet the contractual Brix requirements, they are not well suited for rejection/acceptance based on smoke taint where meaningful inspection cannot occur on the crush pad at delivery. Even contracts that have specific smoke provisions, those provisions were predicated on the assumption that smoke taint test results could be obtained in a timely manner for a contract where time is of the essence in performance. With contracts that don’t adequately address the unexpected inundation of testing needs and a crop insurance program that doesn’t accommodate in-vineyard rejection without test results, wineries and growers are also challenged to consider contract amendments that attempt to mitigate the crop quality risks of this season.
I have always believed that strong relationships between wineries and growers are the cornerstone of this industry that I love and the basis for making beautiful wines that I love to drink. This harvest, like this year, is pushing many of us to the edge. And while testing resources are available and good people are doing their best, for a fire season that has cost lives and livelihoods, this 2020 harvest has shown that we do not have the testing and technology available to support the wine industry economy in the face of climate change.
The industry should demand and advocate for necessary and appropriate changes to crop insurance claim requirements that reflect the reality that smoke impacts are not like other grape defects that can be evaluated in the vineyard. For wineries that are partnering with their growers and taking the risk on grapes that they cannot adequately evaluate in the vineyard, a holistic approach is required to support these efforts and collaborations both on the production side and for the grower who has been left, in many cases, with no better option as a result of conditions they could not control. Much like the emergency relief put in place to allow businesses to adapt to the restrictions required to respond to the COVID-19 pandemic, state and local emergency action can support this industry now.
This year will end and that sounds great, but the challenges of climate change won’t go away on December 31. It is time to use our creativity and resources to prepare for the challenges of the future, at least so we can drink beautiful wine at the end of a long, hard-fought day trying to solve these problems.
Join DP&F’s Richard Mendelson for Free Webinar: Doing Business in the Time of COVID
DP&F’s Richard Mendelson will be the moderator for a star-studded panel of Napa business executives in a free Zoom webinar on Doing Business in the Time of COVID. Giving the perspective of the wine industry will be Jean-Charles Boisset, owner of Raymond Cellars and JCB Collection, and Emma Swain, CEO of St. Supery Estate Vineyards & Winery. They will be joined by Lindsey Gallagher, President and CEO of Visit Napa, who will address the tourism challenges of COVID on the Napa Valley. The webinar is being presented as part of the North Bay Business Journal’s Impact Napa conference and will take place on Wednesday, September 30, 2020 from 10:00-11:30 a.m. It is FREE for all to attend, just register at the following link:
PPP Forgiveness Terms Substantially Relaxed
The terms of the usage of PPP loans were just substantially relaxed by the Paycheck Protection Program Flexibility Act of 2020 – H.R. 7010. PPP recipients now have 24 weeks (the “covered period”), to use the loan proceeds instead of the original eight weeks and still receive forgiveness of the loan amounts. However, recipients of already issued loans can elect to still use the original 8 week period for purposes of their forgiveness application calculations if that is more favorable.
The PPP Flexibility Act also provides significant relief involving the provisions that reduce loan forgiveness amounts where staffing levels have declined. It adds additional time to cure cuts in staffing or compensation levels that reduce forgiveness amounts, extending the deadline from June 30 to December 31, 2020. It also adds a provision that allows two exceptions to the forgiveness penalties for staffing reduction. Where the loan recipient can document that it was unable to rehire staff because their prior employees, and similarly qualified employees, were not available, the forgiveness reduction will not apply. It also will not apply where the recipient is unable to return to the same level of business activity as before February 15, 2020 due to sanitation, social distancing or any other customer or worker safety requirements related to federal COVID-19 requirements or guidance.
It also eases the prior restriction developed through the regulatory process that 75% of PPP loan funds were required to be spent on payroll costs. The new PPP Flexibility Act provision requires only 60% of funds be used on payroll costs, allowing 40% to be spent on other specifically allowed costs of mortgage interest, rent and utility payments.
Further, it substantially extends the original PPP loan payment deferral terms. Originally, no payments of principal, interest or fees were required for six months. Now, no payments are required at all until a forgiveness determination is made, so long as the forgiveness application is filed within 10 months of the end of the “covered period.” That works out to a total of more than 15 months from when the loan is originated without any payments – the 10 months begin to run after the end of the extended 24 week period for using the funds. If the forgiveness application is not filed by the 10 month deadline, payments on the loans begin.
Finally, the PPP Flexibility Act removes a restriction on those that receive PPP loan forgiveness from also taking advantage of a delayed payment of employer payroll taxes. Now, PPP loan recipients who seek loan forgiveness will also be able to use the deferred payroll tax payment provisions of Section 2302 of the CARES Act. Those provisions allow for payment of 50 percent of specifically defined applicable employment taxes for 2020 to be paid by December 31, 2021, and the remainder by December 31, 2022.
Updated PPP Guidance Deems Smaller Loans ‘Necessary’
Today, May 13, 2020, the Treasury Department issued a major revision to its interpretation of the Payroll Protection Program’s requirement that loans under the program be “necessary.” On April 24, it had issued proposed rules regarding the required certification that the “current economic uncertainty makes this loan request necessary,” and provided a safe harbor for entities that may have certified this under a misapprehension of the standard to return funds that were obtained previously. It emphasized that borrowers must “certify in good faith that their PPP loan request is necessary,” under the threat of potential criminal prosecution for certifications made without sufficient need.
In a near-complete reversal, it has now said, effectively, never mind. With a newly provided FAQ answer, Treasury now says that all PPP loan recipients of amounts of less than $2 million “will be deemed to have made the required certification concerning the necessity of the loan request in good faith.” While this gives additional comfort to those that accepted and retained loans in the past, it is too late and highly disappointing for those that, in good faith, considered the prior interpretation and decided to return their loans out of fear of the risk it could later be found to be unnecessary.
The potential risk for those with loans above the $2 million threshold has also been substantially pared back. The updated guidance tempers the potential consequences to repaying the funds: “If SBA determines in the course of its review that a borrower lacked an adequate basis for the required certification concerning the necessity of the loan request, SBA will seek repayment of the outstanding PPP loan balance and will inform the lender that the borrower is not eligible for loan forgiveness. If the borrower repays the loan after receiving notification from SBA, SBA will not pursue administrative enforcement or referrals to other agencies based on its determination with respect to the certification concerning necessity of the loan request.”
Highlights of Napa County’s Updated Shelter in Place Order Including Cloth Face Covering Requirement
Here are the key changes in the new Order:
- The Order requires wearing cloth face coverings when inside places of business and in workplaces when interacting with any person where six feet of physical distancing cannot be maintained.
- A Face Covering is Not Required When: at home; in your car alone or solely with members of your household; exercising outdoors provided you are staying at least six feet apart from anyone who is not a member of your household (but it is recommended that you have a face covering with you and readily accessible); when eating or drinking.
- Who Should Not Wear a Face Covering: Children 6 years old or younger may not need a face covering and children under 2 should not wear one; anyone who has trouble breathing or is unable to easily remove a face covering without assistance; anyone who has been advised by a medical professional not to wear a face covering.
- Essential businesses must require their employees wear a face covering in any area where others may be present, even if there are no customers or members of the public present at the time. Essential businesses should inform customers about the requirement of wearing a face covering, including posting signs at the entrance to the store or facility.
- All workers operating public transportation, or operating other types of shared transportation are required to wear a face covering when at work in most settings.
- Workers doing minimum basic operations, like security or payroll, essential infrastructure work, or government functions should wear a face covering when six feet of physical distance cannot be maintained.
- For more information on cloth face coverings, including links to guidance on how to make your own mask, see the Napa County requirement here.
- The Order states that businesses will be permitted to reopen within the State of California’s framework that identifies four-stages to reopening.
- Non-essential businesses will be permitted to reopen according to the State’s four-stage framework. It is anticipated that Early Stage 2 non-essential businesses may be able to open as early as Friday, May 8, 2020. The list of those businesses, and how they will be allowed to operate, will be provided by the State.
- Counties may be able to move into Deep Stage 2, but only after the State Public Health Officer provides criteria and procedures for doing so, as well as the template for submitting a “readiness plan” that requires self-certification by the Public Health Officer and approval by the Board of Supervisors.
- Stage 3 non-essential businesses will not be able to reopen until the Governor determines, on a statewide basis, that counties can move into Stage 3. The Governor has also said this stage is months away.
- The Order allows drive-in activities that can comply with physical distancing requirements.
- All construction is now allowed but it must comply with Construction Site Requirements to maintain social distancing and sanitation (see Appendix B to the Order).
- The Order allows outdoor recreation sports that can comply with physical distancing requirements; however, person-to-person contact sports are still prohibited.
- The list of approved outdoor recreation activities can be found here.
- Golfing, use of tennis courts, and use of swimming pools (public and semi-private) are permitted as long as they are used in compliance with social distancing protocols. (The specific, detailed requirements for golf courses remain the same – see Appendix C of the Order).
- You can exercise outdoors if you will not be in close contact with other people or using equipment that other people outside your household have touched. Fitness centers, gyms, recreational centers, fitness equipment at parks, climbing walls, basketball courts, and other shared sports facilities remain closed.
- Comment on the Short-Term Lodging Industry
- The Napa County Public Health Officer has advised the lodging industry that reservations beginning on and after June 1, 2020 may be accepted. However, this is not a guarantee that the reservations can be honored, and short-term lodging businesses should inform customers that their reservations will be cancelled if the local and/or state Shelter-At-Home orders continue to prohibit short-term lodging at that time. Further, lodging businesses should consider how they will provide appropriate sanitation and enforce physical distancing protocols when they are allowed to reopen.
- The Compliance Task Force will not engage in enforcement activities for lodging businesses that are currently accepting reservations for dates beginning June 1, 2020 and beyond, but making new reservations for dates in May is still prohibited and subject to enforcement.
For more information please contact Marissa Buck.
Additional Paycheck Protection Program Funding Approved; Disaster Loan Program Expanded To Farmers
On April 24, H.R. 266, the Paycheck Protection Program and Health Care Enhancement Act, was signed into law. In addition to providing significant funding for health care providers ($75 billion) and testing ($25 billion), the stimulus package revives the CARES Act’s Paycheck Protection Program (PPP) with an additional $310 billion in funding for forgivable loans. This expanded stimulus and relief package sets aside a portion of that funding for smaller lenders. The additional funding does not change the limits on the availability of the PPP’s forgivable loans, nor change the priority of borrowers in obtaining those loans.
However, in reaction to various reports on public companies obtaining PPP loans, the Treasury Department updated its PPP FAQs and this morning, April 24, issued additional proposed rules regarding the required certification that the “current economic uncertainty makes this loan request necessary,” and provided a safe harbor for entities that may have certified this under a misapprehension of the standard to return funds that were obtained previously. Borrowers must “certify in good faith that their PPP loan request is necessary.”
The legislation also makes one significant change to the CARES Act, by now allowing agricultural enterprises (i.e., farmers) to seek Economic Injury Disaster Loans. The SBA’s EIDL Program is typically not available to agricultural enterprises, which would normally turn to the USDA’s FSA Emergency Farm Loan program in a natural disaster. However, that program covers actual damages to crops. With the change to the provision made in H.R. 266, agricultural enterprises can now seek EIDLs from the SBA for economic losses, including a $10,000 advance that does not need to be repaid. However, even with the additional funding whether new applicants will be able to obtain EIDLs is unclear. Applications are processed on a “first come, first served” basis, and reports indicate a very large volume of applications that have not been funded already. The SBA had paused accepting applications for EIDLs pending additional funding. Details on the EIDL program are available on the SBA’s website here.
Coronavirus (COVID-19) Resources
Updated May 4, 2021
In addition to our periodic blog posts on Coronavirus related news, DPF has compiled a list of Coronavirus resources, including those specifically aimed at the alcohol beverage and hospitality industries, that may be of interest to our clients.
CALIFORNIA STATE RESOURCES
CA Coronavirus Regional Stay Home Order: https://covid19.ca.gov/stay-home-except-for-essential-needs/
CA Coronavirus Safer Economy Guide: https://covid19.ca.gov/safer-economy/
CA Coronavirus Roadmap – Counties: https://covid19.ca.gov/roadmap-counties/
CA Coronavirus Roadmap Reopening Guidance: https://covid19.ca.gov/roadmap/#guidance
CA Coronavirus Industry Reopening Guidance: https://covid19.ca.gov/industry-guidance/
CA Coronavirus Portal: https://covid19.ca.gov/
03/19/2020 Governor’s Executive Order re Shelter in Place Order: https://covid19.ca.gov/img/N-33-20.pdf
03/20/2020 List of Designated Essential Workforce under Executive Order: https://covid19.ca.gov/img/EssentialCriticalInfrastructureWorkers.pdf
County Coronavirus Site: https://www.countyofnapa.org/2739/Coronavirus-COVID-19
Social Distancing Protocol: https://www.countyofnapa.org/DocumentCenter/View/17123/Appendix-A-Social-Distancing-Protocol?bidId=
Industry Guidance: https://www.countyofnapa.org/2840/Industry-Guidance
Professional Services (offices): https://www.countyofnapa.org/DocumentCenter/View/17586/Professional-Services-Sector-Reopening-Guidelines
Restaurant Specific Facts: https://www.countyofnapa.org/DocumentCenter/View/17712/Restaurant-Specific-FAQs-ENG
Health Notice for Public Pool and Spa Operation: https://www.countyofnapa.org/DocumentCenter/View/17696/Health-Notice-for-Public-Pools-and-Spas-in-Napa-County-5-19-2020
Social Distancing and Sanitation Protocol – Public Swimming Pools:https://www.countyofnapa.org/DocumentCenter/View/17695/Swimming-Pool-Social-Distancing-and-Sanitizing-in-Napa-County-5-19-202
Updates to Napa County Shelter at Home Orders (Updated May 6, 2020): https://www.countyofnapa.org/2813/Shelter-at-Home-Order
04/02/2020 Shelter at Home Order Extension: https://www.countyofnapa.org/DocumentCenter/View/17112/Shelter-at-Home-Order-4-3-2020–?bidId=
03/20/2020 Shelter at Home Order (Updated 03/22/2020): https://www.countyofnapa.org/DocumentCenter/View/16684/Shelter-at-Home-FAQ_ENGLISH
County Coronavirus site:https://socoemergency.org/emergency/novel-coronavirus/
Santa Rosa City Temporary Sick Leave Ordinance for COVID-19:https://srcity.org/3348/Temporary-Sick-Leave-Ordinance
Covid-19 Check App FAQs:https://sonomacounty.ca.gov/Health/Disease-Control/Coronavirus/FAQ-COVID-app/
Economic Development Board – COVID – 19 App/Strategies to Help Reopen Local Businesses:http://sonomaedb.org/Business-Assistance/Coronavirus/Business-Management-Plans/
04/01/20 Extension of Shelter in Place Order: https://socoemergency.org/order-of-the-health-officer-shelter-in-place-extended/
Original Shelter in Place Order: https://socoemergency.org/order-of-the-health-officer-shelter-in-place/
County Coronavirus site:https://coronavirus.marinhhs.org/
Guidelines for Businesses: https://marinrecovers.com/agencies/guidelines-for-businesses/
Golf Courses and Racket Clubs: https://marinrecovers.com/parks-outdoor-recreation/
Outdoor Recreational Activity Businesses: https://marinrecovers.com/parks-outdoor-recreation/
Recreational Equipment Rentals: https://marinrecovers.com/parks-outdoor-recreation/
Pet Groomers: https://marinrecovers.com/personal-services/
Summer/Sports Camps and Child Care:https://marinrecovers.com/summer-camps-youth-activities/
Shelter in Place Order: https://coronavirus.marinhhs.org/marin-public-health-order-may-15-2020
Other County Shelter in Place Orders and county-specific COVID-19 sites Information:
Mendocino County (Red Tier): https://www.mendocinocounty.org/community/novel-coronavirus
Contra Costa County (Red Tier):https://www.coronavirus.cchealth.org/
Solano County (Red Tier):https://www.solanocounty.com/depts/ph/ncov.asp
ALCOHOL BEVERAGE INDUSTRY RESOURCES
U.S. Department of Treasury’s Alcohol and Tobacco Tax and Trade Bureau (TTB) Coronavirus Specific Information (updated 3/30/2020): https://www.ttb.gov/coronavirus
03/31/2020 TTB Industry Circular re Postponement of Tax Payment and Filing Due Dates: https://www.ttb.gov/industry-circulars/ttb-industry-circulars-2020-2
California Department of Alcoholic Beverage Control COVID-19 Updates: https://www.abc.ca.gov/law-and-policy/coronavirus19/
05/20/2020 Fifth Notice re Regulatory Relief: https://www.abc.ca.gov/fifth-notice-of-regulatory-relief/
05/15/2020 Fourth Notice re Regulatory Relief: https://www.abc.ca.gov/fourth-notice-of-regulatory-relief/
04/21/2020 Third Notice re Regulatory Relief: https://www.abc.ca.gov/third-notice-of-regulatory-relief/
04/01/2020 Second Notice re Regulatory Relief: https://www.abc.ca.gov/second-notice-of-regulatory-relief/
03/19/2020 First Notice re Regulatory Relief: https://www.abc.ca.gov/notice-of-regulatory-relief/
03/21/2020 FAQ re Regulatory Relief: https://www.abc.ca.gov/law-and-policy/coronavirus19/frequently-asked-questions/
California Wine Institute COVID-19 Resources Page: https://wineinstitute.org/news-alerts/coronavirus-covid-19-update
California Wine Institute “Winery Tasting Rooms Reopening Protocols” (posted 5/13/2020):
California Craft Breweries COVID-19 Resources Page: http://californiacraftbeer.com/covid-19-resources-for-craft-breweries-ongoing-list/
Brewers Association Coronavirus Resource Center: https://www.brewersassociation.org/brewing-industry-updates/coronavirus-resource-center/
Distilled Spirits Council of the U.S. COVID-19 Page: https://www.distilledspirits.org/news/discus-monitoring-covid-19-industry-news/
California Artisanal Distillers Guild Updates: https://twitter.com/CADISTILLERS
Note that regional trade associations are also providing their members with significant helpful information regarding the Coronavirus outbreak and regulatory response.
HOSPITALITY, TOURISM AND TRAVEL INDUSTRY RESOURCES
California Restaurant Association Coronavirus Resources: https://www.calrest.org/coronavirus-resources
National Restaurant Association COVID-19 Resources: https://restaurant.org/covid19
California Hotel & Lodging Association: https://calodging.com/coronavirus-information-resources
U.S. Travel Association: https://www.ustravel.org/toolkit/emergency-preparedness-and-response-coronavirus-covid-19
Napa County Tourism (Visit Napa Valley): https://www.visitnapavalley.com/
Sonoma County Tourism: https://www.sonomacounty.com/
EMPLOYER RESOURCES: FEDERAL
EEOC Question and Answer Page (added 05/06/20): https://www.eeoc.gov/eeoc/newsroom/wysk/wysk_ada_rehabilitaion_act_coronavirus.cfm
PPP Loan Forgiveness Guidance (added 05/20/20)
The U.S. Department of the Treasury – SBA Form PPP Forgiveness Application: https://home.treasury.gov/system/files/136/3245-0407-SBA-Form-3508-PPP-Forgiveness-Application.pdf
The U.S Department of the Treasury PPP Loan Resource page: https://home.treasury.gov/system/files/136/Paycheck-Protection-Program-Frequently-Asked-Questions.pdf
Cares Act Resource (added 04/01/20)
The U.S. Department of the Treasury CARES Act Resource page: https://home.treasury.gov/cares
The SBA CARES Act Resource page: https://www.sba.gov/page/coronavirus-covid-19-small-business-guidance-loan-resources
IRS – CORONAVIRUS TAX RELIEF: https://www.irs.gov/coronavirus
The following were added on 04/01/20
The IRS FAQs regarding tax credits for paid leave under the FFCRA: https://www.irs.gov/newsroom/covid-19-related-tax-credits-for-required-paid-leave-provided-by-small-and-midsize-businesses-faqs
The IRS FAQs regarding CARES Act: https://www.irs.gov/newsroom/faqs-employee-retention-credit-under-the-cares-act
IRS new tax form, Form 7200, that can be used to request the advance tax credits under both the FFCRA and the CARES Act. The form and the draft instructions (final instructions are expected shortly), can be found here: https://www.irs.gov/forms-pubs/about-form-7200
CYBERSECURITY AND INFRASTRUCTURE SECURITY AGENCY (CISA) GUIDANCE ON ESSENTIAL CRITICAL INFRASTRUCTURE WORKERS: https://www.cisa.gov/sites/default/files/publications/CISA-Guidance-on-Essential-Critical-Infrastructure-Workers-1-20-508c.pdf
FEDERAL MOTOR CARRIER SAFETY ADMINISTRATION: https://www.fmcsa.dot.gov/newsroom/us-department-transportation-issues-national-emergency-declaration-commercial-vehicles
U.S. SMALL BUSINESS ADMINISTRATION: https://www.sba.gov/page/coronavirus-covid-19-small-business-guidance-loan-resources
U.S. OFFICE OF PERSONNEL MANAGEMENT TELEWORK GUIDANCE: https://www.telework.gov/guidance-legislation/telework-guidance/emergency-telework/
DEPARTMENT OF LABOR RESOURCES
COBRA Premium Subsidy: https://www.dol.gov/agencies/ebsa/laws-and-regulations/laws/cobra/premium-subsidy
Families First Coronavirus Response Act (FFCRA) requirements and questions:
Questions about Coverage and the Poster:
Poster Questions: https://www.dol.gov/agencies/whd/pandemic/ffcra-poster-questions
Coverage Questions: https://www.dol.gov/agencies/whd/pandemic/ffcra-employer-paid-leave
EMPLOYER RESOURCES: STATE AND COUNTY
STATE OF CALIFORNIA EMPLOYMENT DEVELOPMENT DEPARTMENT
Work Sharing Program: https://www.edd.ca.gov/unemployment/Work_Sharing_Program.htm
Disaster Unemployment Assistance: https://edd.ca.gov/about_edd/disaster_related_services.htm
Emergency and Disaster Payroll Tax Extension: https://edd.ca.gov/Payroll_Taxes/Emergency_and_Disaster_Assistance_for_Employers.htm
DEPARTMENT OF INDUSTRIAL RELATIONS (DIR):
COVID-19 2021 Resources: https://www.dir.ca.gov/dlse/COVID19Resources/FAQ-for-SPSL-2021.html
COVID-19 2021 Supplemental Paid Sick Leave Poster: https://www.dir.ca.gov/dlse/2021-COVID-19-Supplemental-Paid-Sick-Leave.pd
Cal/OSHA webinars: https://www.dir.ca.gov/dosh/coronavirus/webinars.html
Cal/OSHA regulations: https://www.dir.ca.gov/OSHSB/documents/COVID-19-Prevention-Emergency-apprvdtxt.pdf
Cal/OSHA requirements: https://www.dir.ca.gov/dosh/coronavirus/Health-Care-General-Industry.html
COVID-19 AB 685 FAQ: https://www.dir.ca.gov/dosh/coronavirus/AB6852020FAQs.html
COVID-19 Emergency Temporary Standards – Fact Sheets – Model Written Program: https://www.dir.ca.gov/dosh/coronavirus/ETS.html
COVID-19 Emergency Temporary Standards FAQ: https://www.dir.ca.gov/dosh/coronavirus/COVID19FAQs.html
COVID-19 FAQ: https://www.dir.ca.gov/dlse/2019-Novel-Coronavirus.htm
Workers’ Comp. Notice Requirement – SB 1159: https://www.dir.ca.gov/dwc/Covid-19/FAQ-SB-1159.html
Expansion of CA COVID-19 Supplemental Paid Sick Leave – AB 1867: https://www.dir.ca.gov/dlse/FAQ-for-PSL.html
Poster for non-food sector employers with 500 or more employees can be accessed here: https://www.dir.ca.gov/dlse/COVID-19-Non-Food-Sector-Employees-poster.pdf
Worker Safety in Wildfire Regions: https://www.dir.ca.gov/dosh/Worker-Health-and-Safety-in-Wildfire-Regions.html
Heat Illness Prevention and High Heat Requirements: https://www.dir.ca.gov/DOSH/HeatIllnessInfo.html
Cal/OSHA Guidance on Face Coverings: https://www.dir.ca.gov/dosh/coronavirus/Face-coverings-poster.pdf
Cal/OSHA Guidance on Requirements to Protect Workers from Coronavirus: https://www.dir.ca.gov/dosh/coronavirus/Health-Care-General-Industry.html
Cal/OSHA Guidance on Protecting Workers During a Pandemic: https://www.osha.gov/Publications/OSHAFS-3747.pdf
Cal/OSHA Guidance on Developing an Emergency Action Plan: https://www.dir.ca.gov/dosh/dosh_publications/iipp.html
Exception to Cal WARN Act 60-day notice requirement for layoffs: https://www.gov.ca.gov/wp-content/uploads/2020/03/3.17.20-EO-motor.pdf
Waiver of one-week waiting period for UI benefits and SDI: https://www.gov.ca.gov/wp-content/uploads/2020/03/3.12.20-EO-N-25-20-COVID-19.pdf
The latest orders can be found on the Governor’s website here: https://www.gov.ca.gov/newsroom/#:~:text
LABOR AND WORKFORCE DEVELOPMENT AGENCY: https://www.labor.ca.gov/coronavirus2019/
CALIFORNIA GOVERNOR’S OFFICE OF BUSINESS AND ECONOMIC DEVELOPMENT: https://business.ca.gov/coronavirus-2019/
STATE OF CALIFORNIA FRANCHISE TAX BOARD: https://www.ftb.ca.gov/about-ftb/newsroom/news-releases/2020-2-more-time-to-file-pay-for-california-taxpayers-affected-by-the-covid-19-pandemic.html
NAPA/SONOMA SMALL BUSINESS DEVELOPMENT CENTER (Includes Coronavirus-specific Business Assistance Webinars and Small business “survival guide”): https://www.napasonomasbdc.org/covid-19
HEALTH SERVICES RESOURCES
For the latest information about the coronavirus in Sonoma County and advice from health experts on prevention and care, call 2-1-1, text your zip code to 898-211 or visit (copy/paste) https://socoemergency.org/
For the latest information about the coronavirus in Napa County visit https://www.countyofnapa.org/2739/Coronavirus. You may also call Napa County’s information line at (707) 253-4540 (Monday – Friday, from 9am to 12pm and 1pm to 5pm).
CA Dept. of Public Health Resource Page:
California Correctional Health Care Services: https://cchcs.ca.gov/covid-19-interim-guidance/
CDC – Centers for Disease Control & Prevention: https://www.cdc.gov/coronavirus/2019-ncov/community/organizations/businesses-employers.html
Coronavirus – How to Protect Yourself/If You Think You Are Sick:
EPA EXPANDS COVID-19 DISINFECTANT LIST: https://www.epa.gov/newsreleases/epa-expands-covid-19-disinfectant-list
CA ABC Loosens Regulations for Alcohol Beverage Retailers and Delivery
The California Department of Alcoholic Beverage Control issued a notice on March 19, 2020 temporarily loosening certain regulations during the current state of affairs. While primarily focused on retailers, there are some potentially helpful provisions that impact alcohol beverage producers, too.
A few things to keep in mind. First, local regulations and restrictions may also govern and restrict the ability of licensees to engage in these activities. Second, this move by the ABC is temporary. ABC plans to notify the industry 10 days before these guidelines terminate.
Below is a summary of ABC’s March 19 notice.
3/21/2020 Update: CA ABC has issued a FAQ for it’s 3/19/2020 Notice of Regulatory Relief
ON-PREMISE RETAILERS SELLING ALCOHOL “TO GO”
ALCOHOL IN MANUFACTURER PRE-PACKAGED CONTAINERS: If you hold an on-premise retail license that allows you to sell beer and wine or beer wine and spirits, you can sell that beer and wine to go for off-premise consumption in the original container/bottle (barring any condition on your license). That was true prior to the ABC notice, and still holds. However, if you hold an on-premise retail license that allows you to sell beer, wine and spirits, you can now sell all those beverages (beer, wine and spirits) in the original container/bottle.
ALCOHOL IN RETAILER PACKAGED CONTAINER: Under ABC’s new notice, if you operate a restaurant / “bona fide eating place”, you can now package whatever alcohol your license allows you to sell (beer and wine only for a Type 41; beer, wine, and premixed cocktails/drinks if you are a Type 47) in a container with a “secure lid or cap” so long as that cap does not have a sipping hole or opening for a straw, or could otherwise be consumed without removing the lid/cap. However, that container must be sold in conjunction with a meal prepared for pick-up or delivery.
Retailers that want engage in this type of activity must have a prominent posting (either on the premise, online, or in any way possible to alert consumers or the person transporting the beverage) that states, “Alcoholic beverages that are packaged by this establishment are open containers and may not be transported in a motor vehicle except in the vehicle’s trunk; or, if there is no trunk, the container may be kept in some other area of the vehicle that is not normally occupied by the driver or passengers (which does not include a utility compartment or glove compartment (Vehicle Code section 23225)). Further, such beverages may not be consumed in public or in any other area where open containers are prohibited by law.” UPDATE 3/24/2020: ABC has created a PDF of that notice so that retailers can easily print and post.
TAKE OUT WINDOWS: Some licensees have conditions on their license that prohibit the sale / delivery of alcohol to persons in cars or to consumers outside of the licensed premises through a take-out window or slide-out tray. Those prohibitions are temporarily lifted.
DELIVERY TO CONSUMERS: Even before the emergency notice, most business that hold a license that permits them to sell alcohol to consumers for off-premise consumption can also deliver those beverages to the consumer, so long as the sales transaction (other than the delivery) takes place at the licensed premise. In other words, the order must be received at the licensed premise, and payment is processed there. You can’t just show up at someone’s door and swipe a credit card there.
The temporary notice now allows for the following:
- If you are allowed to sell to consumers for off-premise consumption, you can accept payment, including cash, at the point of delivery.
- Although the CA ABC Act is silent as to whether Craft Distillers have the right to make deliveries away from the premises, the notice now allows Type 74 craft distillers can also deliver to consumers, but must limit sales to 2.25 liters per consumer per day.
- These delivery privileges are not limited to delivery to a consumer’s residence, but also allow for curbside delivery to consumers immediately outside the licensed premises.
HOURS OF OPERATION: State law prohibits the retail sale of alcohol between 2:00am and 6:00am. Some licensees have even more restrictive hours through conditions placed on their license. However, those license conditions are now lifted for off-premise sales, though the 2am-6am state law is still in place.
RETURNS: Generally, there are restrictions on the ability of producers and wholesalers from accepting returns from retailers. Those restrictions are temporarily lifted. It doesn’t mean that wholesalers and producers are required to accept all returns from retailers, just that they can if they choose to. However, producers/wholesalers cannot condition the acceptance of a return on a requirement to purchase in the future. This is consistent with TTB latest guidance on returns as well.
RETAILER-TO-RETAILER SALES: Under California law, retailers cannot purchase alcohol from other retailers. Under the temporary guidance, an off-premise retailer (grocery store, bottle shop, etc.) can now buy inventory from on-premise retailers (such as bars and restaurants).
EXTENSION OF CREDIT: Normally, California law imposes a maximum 30 day credit on the purchase of alcohol by a retailer from a wholesaler or producer. That 30 day limit is temporarily lifted. Note, however, once the temporary guidance is revoked, the extended credit term will also terminate (i.e., the retailer will have to pay the amount due at that time).
For a list of Coronavirus related resources, please see our Resources Page.
Resources for Addressing Economic Losses due to the Public Health Emergency
The ongoing COVID-19 public health emergency, including the directive to close winery tasting rooms, is causing significant disruption to California’s businesses. Businesses that have, or are unsure whether they may have, insurance coverage for losses caused by this situation should contact their carriers promptly to inquire into their potential claims.
In addition, because there is a declared disaster including many counties in the San Francisco Bay area and other wine regions, affected wineries and other businesses typically are eligible to borrow up to $2 million under the U.S. Small Business Administration (SBA) Economic Injury Disaster Loans (EIDLs) program. Major employers may be able to borrow more than the typical $2 million limit.
These low-interest loans can provide working capital to cover ordinary and necessary financial obligations that cannot be met due to the ongoing public health emergency. Rates are set by a formula that is capped at 4%. Loans can be obtained to cover the actual economic injury, as determined by the SBA. The loans are intended to help businesses through the disaster and recovery period.
The approval of a loan is not guaranteed and loans must go through an underwriting process. Approved loans generally require collateral. The available amounts may be reduced or offset by the availability of business interruption or other insurance that covers the same losses. The SBA also assesses ability to repay as well as other potential contributions to cover the losses from business owners and affiliates in considering whether to approve the loans. To learn more or apply for a loan, go to https://disasterloan.sba.gov/ela.
Whether or not you are interested in an SBA loan, be sure to contact your insurer to confirm whether you may already have coverage for the ongoing interruption. For more information on the current declared disaster allowing for SBA EIDLs in California, including eligible counties and other terms, a fact sheet is available at https://disasterloan.sba.gov/ela/Declarations/ViewDisasterDocument/3429. Those in other states can visit https://disasterloan.sba.gov/ela/Declarations/Index to determine if they are in an eligible location.
For a list of Coronavirus related resources, please see our Resources Page.
Additional Guidance For Wineries in Light of Recent Government Actions
Since the Governor’s announcement on Sunday recommending the temporary suspension of on-premise alcoholic beverage businesses, including winery tasting rooms, certain cities and counties have instituted “Shelter-in-Place” ordinances, and both the California ABC and the California Wine Institute have issued additional guidance on the operation of alcohol beverage licensed premises, including wineries.
Given the various orders and guidance currently in place, we have provided below a brief summary of the current state of play for wineries. Please note that things are rapidly changing and while we will do our best to issue updates, we highly recommend that all licensees sign up for the California ABC email updates, and also keep an eye on orders from their local governments.
GOVERNOR’S DIRECTIVE – Statewide Recommendations
- On Sunday, March 15, 2020, Governor Gavin Newsom announced that he was directing the closure of “all bars, nightclubs, wineries, brewpubs, and the like.”
- The California ABC has since clarified that the directive is aimed at suspending on-premise retail privileges (that is, the service of alcohol for consumption at the licensed premises). For wineries, the directive applies to their tasting room and event operations in pouring wine and serving customers for on-premise consumption. It has no impact on their production operations, and wineries can continue to have consumers purchase and pick up wine for off-premise consumption, subject to any further local restrictions such as the shelter-in-place orders discussed below.
- After discussing the directive with the Governor’s office, Wine Institute has recommended that wineries take the following steps:
- Ensure visitor and employee safety by intensify cleaning and sanitation procedures;
- Operate the facility in compliance with social distancing guidance (such as instituting procedures to keep individuals 6 feet apart);
- Implement recommendations from the CDC and California Department of Public Health re washing hands, avoiding close interpersonal contact, encouraging employees to remain at home when sick, and instituting additional precautions for older employees and customers.
For other operational recommendations, please see our Employer Guide to Navigating COVID-19 from earlier this week.
LOCAL GOVERNMENT “SHELTER-IN-PLACE” ORDERS – Enforceable Restrictions
- As of March 18, 2020, a number of counties in Northern California (including Alameda, Contra Costa, Marin, Napa, San Francisco, San Mateo, Santa Clara, Santa Cruz, and Sonoma) have issued shelter-in-place orders.
- Wineries that have operations in any jurisdiction that have implemented such an order have legal obligations to alter their current operations to comply with their specific county’s order.
- In its recent guidance, issued prior to the Sonoma County order, Wine Institute concluded that winery businesses meet the definition of “essential businesses” because they constitute “businesses that supply other essential businesses (grocery stores and other food outlets) with the support or supplies necessary to operate.” According to Wine Institute, wineries can engage in the following activities in those Shelter in Place jurisdictions: “vineyard management, wine production operations, bottling, warehousing, sales, delivery and shipping.” However, this “does not include wine tasting and events ….”
- The Sonoma County order includes a provision that more directly addresses winery operations. Specifically, the following activities are deemed “essential” under the Sonoma County Ordinance: “Agriculture, food, and beverage cultivation, processing, and distribution, including but not limited to, farming, ranching, fishing, dairies, creameries, wineries and breweries in order to preserve inventory and production (not for retail business).” It is unclear whether, by excluding “retail business,” Sonoma County is restricting wineries and tasting rooms from engaging in the sale of wine in sealed containers for off-premise consumption, or whether the language is only meant to address retail sales for on-premise consumption.
- Napa County’s order goes into effect at 12:01am on Friday March 20. It includes a provision that deems the following businesses as “essential”: “Any form of cultivation of products for personal consumption or use, including farming, ranching, livestock, and fishing, and associated activities including but not limited to activities or businesses associated with planting, growing, harvesting, processing, cooling, storing, packaging, and transporting such products, or the wholesale or retail sale of such products, provided that, to the extent possible, such businesses comply with Social Distancing Requirements set forth in subsection (j) of this Section 10 and otherwise provide for the health and safety of their employees.”
Please note that this is a rapidly evolving situation, and many more cities and counties may implement Shelter-in-Place measures over the next days and weeks ahead. It is also possible that the ordinances on which this blog post, and Wine Institute’s guidance are based, may be revised.
ADDITIONAL ABC GUIDANCE
- ABC has issued additional guidance regarding the Governor’s directive on steps licensees can take to minimize risk.
- ABC has stated that retail licensees that comply with the Governor’s directive or local government restrictions will not have their licenses suspended.
- ABC offices in shelter in place jurisdictions are closed to the public. ABC Staff will be available to answer questions over the phone, and you can still mail applications to those local offices. Other ABC local office closures will be posted here.
- ABC is not currently accepting, processing, or approving special event or daily licenses in light of guidance on gatherings.
ADDITIONAL WINE INSTITUTE INFORMATION
- Wine Institute has been in direct communication with ABC and has shared the following information:
- ABC will not enforce state regulations that limit the extension of credit to 30 days.
- ABC is looking at additional relaxation of regulations in light of the current situation.
- For more information, go to https://wineinstitute.org/news-alerts/ca-abc-suspends-ca-credit-regulations-enforcement-clarifies-wine-take-out-sales-in-restaurants
- In addition, TTB has informed Wine Institute that “it does not expect any service interruptions but urges all wineries to register and utilize COLAs Online and Permits Online immediately since most of its staff is now teleworking.” For more information, go to https://wineinstitute.org/news-alerts/ttb-relaxes-consignment-sale-restrictions-urges-online-colas-and-permit-submissions
Wine Institute has a helpful resource page dedicated to Coronavirus related updates, which can be accessed here.
For a list of Coronavirus related resources, please see our Resources Page.
Governor Issues Guidance / Directive on Closure of CA Bars, Clubs, Winery Tasting Rooms, On-Premise Retailers
On Sunday, March 15, 2020, Governor Gavin Newsom announced that due to efforts to reduce the potential spread of the novel coronavirus, he was directing the closure of “all bars, nightclubs, wineries, brewpubs, and the like.” Restaurants, however, are not directed to close at this time, but are subject to reduction of occupancy and social distancing guidelines. Although the Governor did not explicitly state as much, the closure directive appears aimed at suspending on-premise retail privileges (i.e., the service of alcohol for consumption at the licensed premises), whether those privileges are exercised at stand-alone premises or at locations tied to alcohol beverage production facilities, such as tasting rooms.
The directive is not an order, but has the same force as the Governor’s guidance last week regarding non-essential social functions over 250 attendees.
While the Governor announced that the directive would apply to “wineries,” it appears that this may only apply to a winery’s tasting room operations, and does not impact production operations. A number of on-premise licensees may also have off-premise retail privileges. It is unclear whether the Governor’s directive allows these licensees to sell sealed bottles for consumption off the licensed premises during the closure period.
We have been in contact with representatives of the California Department of Alcoholic Beverage Control and expect further guidance on Monday, March 16. We will update this post with any additional information.
For a list of Coronavirus related resources, please see our Resources Page.
Proposed CCPA Regulations Zig-Zag On Logo, Personal Information
Remember a few weeks ago when we said to be on the lookout for a new “Do Not Sell My Information” button that looked like this?
The latest version of the proposed California Consumer Privacy Act (CCPA) regulations, released for comment on March 11, 2020, has struck the prior version’s proposed opt-out button. But it hasn’t replaced it with a new one. The latest version of the regulations thus only creates more uncertainty as to how the “Do Not Sell My Information” provisions of the CCPA are to be implemented. With enforcement scheduled to begin July 1, 2020, time is growing short for clarity on the regulations.
The latest revision has also undone the significant provision added in the prior version that IP addresses not linked to a particular identifiable consumer are not considered “personal information.” Without that clarification, one is left to wonder whether that suggests that IP addresses unlinked to a particular consumer are nevertheless personal information.
The new version of the proposed regulations does provide some minor further clarification on the content of privacy policies, requiring that both the source and business or commercial purpose for information collected or sold be described in a “manner that provides consumers a meaningful understanding of the information being collected” and why the information is collected or sold.
Other minor modifications have been made to regulations addressing the sale of data of minors; responses to requests to delete; requirements of “service providers;” opt-out control functions; and how data can be valued.
The text of the revised regulations can be found here.
A further comment period is open until March 27, 2020.
Napa County Winery Permitting in State of Flux
The Napa County Board of Supervisors has undertaken a series of major regulatory moves involving winery and vineyard permitting over the course of the past year. Critics of the various regulatory changes abound on all sides of the issues, with the board navigating a difficult path between wine industry, agricultural, environmental and anti-growth interests.
First, on Dec. 4, 2018, the board adopted Resolution No. 2018-164, generally referred to as the “Compliance Policy.” Among other items, the resolution created a March 29, 2018 deadline for applications to cure existing permitting nonconformance; a process to request a “status determination” of existing rights; and a mandatory winery production volume and grape source reporting program. As expected, this Compliance Policy has generated a greater than normal workload for the county, slowing the processing times for most use permit related applications. The Compliance Policy dictates that future applicants with operations exceeding their use permit limits will need to document compliance with existing use permit limitations for one year before any modification to their permit can be considered.
Second, the board passed the Water Quality and Tree Protection Ordinance (No. 1438) on April 9, 2019. A reaction to the narrow defeat of “Measure C” on the June 2018 ballot, the ordinance increased tree and vegetation retention and preservation requirements, tree mitigation ratios, established setbacks from municipal water supply reservoirs and wetlands, and provides for new stream setbacks for smaller order streams. New projects will need to address the additional limitations created by those rules. It remains to be seen how much impact the new rules will have on prospective development.
Third, with the pendulum swinging back towards permit holders and future applicants, the board at its April 23, 2019, meeting adopted Resolution No. 2019-53 to clarify the applicability of the county’s road and street standards. While in the past all use permit modifications triggered the need to comply with the most current driveway fire safe access standards, those standards have seen multiple updates making even relatively new wineries seeking a minor permit modification incur significant costs to upgrade access to the latest 22-foot width requirements. The policy change clarified that only a major modification to a use permit triggered the need for such roadway updates. This small but significant change makes requesting a minor modification to a use permit much more palatable to many applicants, since it avoids the sometime significant costs of constructing driveway improvements that were previously required for even minor operational changes or small remodeling projects.
And fourth, on May 21, 2019, as a continuation of the swing towards addressing project applicant concerns, the board debated and then directed the planning director to study changes to the use permit application and modification process, with an eye towards making permitting for small wineries easier, as well as clarifying what types of permit modifications fall within the minor and major modification categories. The development of new or revised rules in that regard is ongoing, and will continue to be evaluated by the board throughout the remainder of the year.
The true impact or benefit of these rule changes is not entirely clear at this point. But we can see the beginnings of the impacts of the Compliance Policy. Initial reporting in the North Bay Business Journal indicated that the Compliance Policy had generated significantly fewer applications than anticipated – 54 applications, including 33 for use permits and 21 for status determinations. The first key piece of the Compliance Policy – applications to update or conform activities to permit limits – are slowly working through the county’s planning process. The Compliance Policy provided an incentive that those that applied prior to the deadline could continue with their current operations while their applications are processed.
The second key Compliance Policy option – status determinations – have also been working their way through the County’s review process. ModernNapa county Use Permits are lengthy documents, containing a litany of generally-boilerplate standard conditions of approval, which are tailored to each permit as appropriate. Historic permits vary significantly however, with lesser detail than their modern brethren. This variation between older and newer use permits was one of the policy rationales for including this option as part of the Compliance Policy, as a winery owner may not be fully aware of how the county currently interprets its use permit. To allow for wineries to take advantage of this process, the Compliance Policy provided a tolling of the deadline to submit an application for winery owners who applied for a status determination prior to the March 29, 2018 application deadline. This resulted in an extension of time to file a use permit modification, with the Compliance Policy’s benefits of continuing current operations. Once the owner receives the county’s interpretation of its permit, it can then determine what if any use permit modification for which it might want to apply. As those status determinations are issued, additional applications for modifications of use permits are certain to be submitted. While the status determinations have not been released publicly, we have seen the county consistently opine that the operations approved by a use permit include only those anticipated in the applications for those permits, and additionally limited by the specific conditions in the permit approval documentations.
The last component of the Compliance Policy is the mandatory wine volume and grape source reporting requirement, which as with the other deadlines has seen its stated beginning date of July 1, 2019 come and go with no such program being actually implemented. However, this mandatory reporting program is being developed by the county and when ultimately adopted will require submission of documentation setting forth the volume of wine produced and the source of grapes used in that production at each Napa winery. The mandatory volume and grape source reporting policy is slated to trigger an inspection and full evaluation of all permit compliance if that reporting shows a violation of either limit. The promise of such an inspection may have encouraged voluntary applications to cure existing issues, especially if the recent larger than average harvests caused a production limit exceedance. However, that policy has yet to actually be implemented, and it remains to be seen when it will be put into practice.
In sum, there have been a number of developments that have put the focus on winery permitting in Napa county over the last year. The landscape is likely to change further as additional permitting process changes are evaluated and debated, and the mandatory reporting process goes into effect. Napa county wineries need to stay alert: operating conditions are subject to sudden change.
2 With some limited exceptions for wineries not in Agricultural Preserve or Agricultural Watershed zoning districts, or not subject to the 75% Napa County grape source rule, which do not need to provide grape source data. Volume reporting requirements still apply to all wineries however.
Authored by Joshua S. Devore.
© 2019 North Bay Business Journal. Reproduction in any form prohibited without permission. • Reprint from August 26, 2019 Pages 14 & 15
Winery Websites and ADA Compliance
The recent news of lawsuits filed against New York wineries has caused industry members to ask if they face any litigation risk if their websites are not accessible to people with disabilities under the Americans with Disabilities Act (“ADA”). The answer is “maybe.” There is considerable ambiguity in the law as to which companies are required to make their websites ADA-compliant and what actually constitutes ADA compliance.
This blog post provides a brief overview of the New York litigation and the current status of federal law governing websites and the ADA. Wineries should check in with their information technology vendors to determine what, if any, accessibility features are currently part of their websites, not only to avoid potential claims, but also to make sure their businesses are open to all consumers.
What’s the New York case all about?
The lead plaintiff in these actions is legally blind and uses screen-reading software to access website content. That software only functions correctly if the website incorporates certain screen-reading compatible features, such as alternatives text for images and videos. Plaintiff claims that the ADA requires the winery to make certain information on their websites accessible to visually impaired persons, including: e-commerce features, wine club membership instructions, ability to book or make reservations, hours of operation, and location of the winery. Plaintiff ultimately claims that Defendant’s failure to remedy such accessibility barriers is a discriminatory practice against blind and visually impaired people, in violation of the ADA and certain New York laws. Plaintiffs are seeking injunctive relief on their ADA claim and an order requiring the wineries to take “all the steps necessary” to make their websites compliant with the ADA.
This type of case is not unique to the wine industry. Over the past two years, there have been a slew of cases filed against businesses for allegedly violating the ADA by not making their websites accessible to people with disabilities.
What is the ADA?
The ADA is a federal civil rights law that prohibits discrimination based on disability. Under Title III of the ADA, any place of “public accommodation,” such as businesses generally open to the public, must provide individuals with disabilities full and equal enjoyment of goods, services, facilities, and accommodations. Places of public accommodation include shops and facilities serving food or drink.
States have also adopted their own laws that require businesses to provide access to persons with disabilities. For example, New York State’s Civil Rights Law and California’s Unruh Civil Rights Act set forth those states’ accessibility requirements. Local governments may have their own regulations, too. Plaintiffs in the New York winery lawsuits have claimed that the wineries are also in violation of the New York City Human Rights Law because they operate a physical location in the city. Note – this blog post focuses solely on the ADA requirements, and compliance with state and local laws regarding accessibility are beyond the scope of this article.
Do winery websites need to be ADA compliant?
Here’s where things get confusing. Courts have been all over the board on which businesses must make their websites ADA compatible.
In general, websites that service places of public accommodation are required to make their websites accessible to visually impaired persons. In the wine industry context, this means that, wineries that have tasting rooms, or that allow for tours, tastings, and on-site purchases, likely need to make their website accessible to the visually impaired under the ADA.
Wineries that have no physical location of their own for customers to visit, taste, or purchase wine are less at risk from an ADA claim. The Ninth Circuit Court of Appeals has held that a website that is not tied to a place of public accommodation or that is attached to a place that does not qualify as a public accommodation is not subject to the ADA. (eg. Weyer v. Twentieth Century Fox Film Corp., 198 F.3d 1104 (9th Cir. 2000)). That being said, there are cases in which courts have concluded that a stand-alone website service without a physical location can itself be considered a place of public accommodation, and subject to ADA requirements. Moreover, in 2014, the DOJ entered into several settlements agreements with online-only vendors, requiring each time, compliance with the WCAG (see below). In other words, not having a physical location may not be enough.
How do I make my website ADA-compliant?
Ready for even more confusion? Currently, there are no federal guidelines for how to make a website ADA compliant. The Department of Justice (“DOJ”) had contemplated adopting a new rule to outline how private companies’ websites can comply with the ADA. But in 2017, the department decided to halt its proposed rulemaking activity on this front.
Although the DOJ failed to issue guidance on website accessibility requirements, the World Wide Web Consortium, an international standards organization, has published coding standards for accessibility, the Web Content Accessibility Guidelines, often referred to as WCAG 2.0 AA.
While there is nothing in federal law that states that implementation of WCAG 2.0 AA automatically means a website is ADA compliant, the complaints filed against the New York wineries all seek relief that would require the wineries to comply with WCAG 2.0 AA. Moreover, the DOJ has previously argued in ADA enforcement actions that companies can comply by making their websites and mobile apps conform to WCAG 2.0 AA standards.
Action Items for Wineries
Given the fluid state of the law surrounding the application of the ADA to websites, there is no clear answer as to which businesses must make their websites ADA-compatible, or even what is required for a website to be considered ADA-compatible under federal law.
Wineries should check in with their IT vendors and professionals to determine if their websites, apps, and mobile sites have implemented accessibility features per the WCAG 2.0 AA, and if not, assess if the cost of doing so would cause hardship to the company. Implementing such features may not only help stave off legal actions, but would also signal that your winery is accessible to all consumers.
UPDATE (11/13/2018): The Wine Institute recently circulated additional information regarding the ADA and winery websites.
U.S. Supreme Court Decision May Open the Door (Or Slam it Shut!) On Direct to Consumer Shipping by Retailers
The Supreme Court of the United States has agreed to hear the appeal in a case that could drastically change the landscape for direct to consumer wine shipments by retailers in the United States.
On Thursday September 27, 2018, the Supreme Court granted the appeal in Tennessee Wine & Spirits Retailers Association v. Byrd. Specifically, the Court will consider whether Tennessee’s alcoholic beverage regulations, requiring in-state retail license applicants to satisfy minimum in-state residency requirements, discriminate against out-of-state residents and thus violate the Dormant Commerce Clause of the Constitution. (The Dormant Commerce Clause is a legal doctrine that prohibits states from discriminating against interstate commerce in favor of in-state commerce).
While not apparent on its face, the Court’s decision in this case has the potential to open the door to direct to consumer shipping by retailers, or slam it firmly shut. This is because, in answering the question above, the Court will likely have to address whether its 2005 decision in Granholm v. Heald (summarized below), which prohibited states from discriminating against out-of-state wineries, also prohibits discrimination against out-of-state retailers.
The Supreme Court held in Granholm that if a state allows in-state wineries to ship their wines directly to consumers within the state, the state must also permit out-of-state wineries to ship wines to consumers in the state on even handed terms. While the decision did not require states to allow direct-to-consumer shipping by wineries, in practice, post-Granholm, most states decided to permit direct to consumer shipping by both in-state and out-of-state wineries.
Since 2005, the question of whether Granholm’s equal treatment holding applies to only alcohol beverage producers, or whether it should be applied more broadly to retailers and wholesalers, has been hotly contested with little consensus. This has resulted in a type of stalemate for direct-to-consumer shipping by retailers, with only 13 states allowing such shipments.
If the Supreme Court does finally take up this question as part of its analysis (which, of course, it does not have to!), it paves the way for big changes for retailer direct-to-consumer shipping. If the Court holds that Granholm is limited to alcohol producers, that would effectively kill the prospects for direct to consumer shipping by out-of-state retailers. If, on the other hand, the Court holds that Granholm also prohibits laws which discriminate against out-of-state retailers (which, from a legal precedent standpoint, would make sense), the doors to direct-to-consumer shipping by retailers would swing wide open. Of course, as history has shown us with wineries, major work would still have to be done to enact legislation to give out-of-state retailers such rights, but the option would at least finally be there to do so.
We will be watching with interest to see where this goes, but the shipping landscape for wine could soon be changing!
What you need to know about California’s new Consumer Privacy Act
If you recently updated your company’s privacy policies in response to the European Union (“EU”) General Data Privacy Regulation (“GDPR”) in the United States – or, decided you did not have to – you may be suffering from some whiplash in light of the recently approved California Consumer Privacy Act.
On June 28, 2018, Governor Brown signed into law the California Consumer Privacy Act of 2018 (“CCPA”) (AB 375) codified in California Civil Code (“Cal. Civ. C.”) Part 4 of Division 3, relating to privacy. The GDPR reinforced E.U.’s users’ privacy rights, and the CCPA pursues similar goals.
State Senator Bill Dodd (D-Napa), co-sponsor of the bill, says CCPA puts California once again in “the lead in protecting consumers and holding bad actors accountable. My hope is other states will follow, ensuring privacy and safeguarding personal information in a way the federal government has so far been unwilling to do.”
Sen. Dodd added that “[a] lot of time and effort was put into the original bills and the initiative. This is a great example of people working together and getting something done for consumers.”
Before you start rewriting your privacy policies and terms and conditions of use, there are two important caveats. First, the law will not go into effect until January 1, 2020, so you have significant lead time if you need to come into compliance. Second, CCPA only applies to those engaged in business in California that either: (a) have annual gross revenues of $25 million or more; (b) buy, receive, sell, or share the personal information of 50,000 or more consumers (defined in the CCPA as California residents), households or devices on an annual basis; or (c) have 50% or more of its annual revenues coming from the sale of personal information of California residents. Cal. Civ. C. §1798.140(c)(1)(a), (b) and (c). Note, however, that you may already be covered by existing California data privacy laws that do not contain these limitations.
The CCPA also includes a comment period that may result in changes to the law before it goes into effect, so it is possible that there will be additional changes to the requirements discussed below. If you believe you will be adversely affected by the law, you may be able to comment on those provisions. But, as of now, the thresholds to be covered are set so if you are a small business with less than $25 million in revenue, not annually dealing in 50,000 consumers’ data, or not in the business of selling personal information, you are not covered by the CCPA.
The CCPA brings many of the concepts in the GDPR to California. But, the two are not entirely overlapping or harmonious. The CCPA shows more concern over the sale of consumers’ information, but does not address data processing in the extensive way that the GDPR does. Since there has been much discussion of the obligations under the EU’s GDPR already (see our earlier post here), this post summarizes some of the key similarities and differences between the two regulations.
Similarities Between GDPR and CCPA
Among the most noticeable similarities, the two regulations provide consumers with the right to obtain disclosure of the personal information a company has, as well as disclosure of the source of collection, the nature of the information collected, whether the information was disclosed, transferred or sold to third parties and the business purpose justifying the storage of data. Cal. Civ. C. §1798.110(a)(1) through (5); GDPR Art. 14 Sec.1 (b) through (c) and Art. 13 Sec.1(c). The GDPR further provides that a business must disclose the period during which the information is stored. GDPR Art. 13 Sec. 2(a).
Under the GDPR, a user may require at any time and without limitation, disclosure of the personal information held by a company. GDPR Art. 15. The CCPA provides for a similar system, but companies are only required to respond to two requests from any individual consumer in any twelve month period. Cal. Civ. C. §1798.100(d). The CCPA also requires the business to provide the information free of charge, within 45 days of the request. Cal. Civ. C. §1798.130(a)(2).
Both the GDPR and the CCPA provide users with a right of deletion of their personal information. Both also set forth exceptions that enable a company to deny a deletion request. But the CCPA provides more exceptions than the GDPR does. First, both allow a business to refuse to delete someone’s personal information for certain legitimate interests such as third party safety and protection, to satisfy legal requirements, protect third parties’ interests and rights, to guarantee individuals’ freedom of speech and expression and allow use of information for scientific, historical, and statistical research in the public interest. Cal. Civ. C §1798.105 (d)(1) through (9); GDPR Art. 17 Sec. 3(a) through (e). The CCPA, as the GDPR, Art. 17 Sec. 1(a), additionally allows a business to deny a disclosure request if the information held by the company is necessary to complete a transaction for which the information was collected or reasonably expected by the business in the course of its relationship with the consumer (Cal. Civ. C. §1798.105(d)(1)), or if the information is necessary to identify, debug, and repair errors that impair existing intended functionality (id at (3)).
Both regulations provide users with a right to opt-out if a business sells personal information about the consumer to third parties. Cal. Civ. C. §1798.120(a); GDPR Art. 21. The CCPA further authorizes a business, every 12 months, to contact individuals who previously opted out to obtain their consent to sell their information. Cal. Civ. C. §1798.135(a)(2)(B)(5).
Both regulations require businesses to inform a user of the consequences of refusing to disclose his personal information. The CCPA however, specifically prohibits a business from discriminating against a user who refused to provide his personal information or otherwise exercise its rights under CCPA, and the law gives a detailed list of prohibited discriminatory practices. Cal. Civ. C. §1798.125(a)(1)(A) through (D). Among those practices, a business may not refuse to sell goods or services to a consumer, charge different prices or rates, or provide a different level or quality of goods or services to the consumer.
Both regulations also require a business to collect information for proper purposes. The GDPR requires it be “collected for specified, explicit and legitimate purposes” as well as “adequate, relevant and limited to what is necessary.” GDPR Art. 5 Sec. 1(b) and (c). Similarly, the CCPA requires collection by a business be “reasonably necessary and proportionate to achieve its operational business purpose.” The CCPA adds that if a business wishes to collect more than what is strictly relevant to its operational purpose, notice to the data subject must be provided. Cal. Civ. C. §1798.100(b).
The CCPA, as the GDPR, sets special restrictions regarding the use of information from individuals aged 13 to 16. The CCPA prohibits a business in actual knowledge that a consumer is under 16 years of age from selling the individual’s information, unless the child, between 13 and 16 years old, personally consents to the sale, or the child’s parents consent on behalf of a child under 13 years old. Cal. Civ. C. §1798.120(d). The GDPR’s Article 8 precludes the use of such information at all without parental consent, when consent is required for use of the data.
Lastly, the GDPR and the CCPA both create private causes of action for data subjects. However, enforcement mechanisms are distinct. The GDPR creates local “supervisory authorities” where private individuals can file complaints against an entity’s use of their data. It also has a private right of action for damages. The CCPA similarly creates a private cause of action for data subjects, Cal. Civ. C. §1798.150(b)(1), and provides for enforcement of its provisions by the California Attorney General. Cal. Civ. C. §1798.150(b)(1)(A).
It should also be noted that previous California laws already covered some of the concepts included in the GDPR. And those provisions are not limited to the $25 million revenue cap or other limitations on the applicability of the CCPA. Prior laws include the obligation to provide reasonable security of personal information (Cal. Civ. C. §1798.81.5), notification of data breaches (Cal. Civ. C. §1798.82), and disclosure of data sharing for marketing purposes (Cal. Civ. C. §1798.83). (Compare with GDPR Arts. 32, 34, and 13 respectively). Thus, the CCPA adds to an already existing California data privacy regime; it does not replace it.
Obviously, the main difference between the GDPR and the CCPA is their respective applicability. The GDPR applies to E.U. residents’ personal information whereas the CCPA applies to personal information of California residents. But the biggest conceptual difference is the GDPR’s focus on data processing. The GDPR contains far more requirements for data processors, including specific dictates on data protection. It is concerned both with the accuracy of data and its security; and the risk that inaccuracy or misappropriation may negatively impact persons’ fundamental rights.
The CCPA too attests a goal to prevent the misuse of consumer’s data, specifically referencing the Cambridge Analytica data mining situation in its findings. AB 375, Sec. 2(g). It reemphasizes the “duty to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information” in its private cause of action. Cal. Civ. C. §1798.150(a)(1). That duty comes from preexisting California law. Cal. Civ. C. §1798.81.5.
However the CCPA spends more time addressing the purchase and sale of consumers’ data, and the business aspects of dealing in customer data than technical security. This fundamental difference makes the concerns of the CCPA somewhat easier to address from a practical standpoint, as it is less technically intensive than the GDPR. For example, GDPR Chapter IV’s lengthy technical requirements are not reflected in the CCPA. There are no requirements for appointments of Data Protection Officers, codes of conduct, or certification mechanisms.
Another noticeable distinction between the two regulations concerns the duration for which a business may keep users’ data. The GDPR expressly requires that personal information is not stored for more than what is necessary for the business to provide its services or sell its goods. The CCPA does not provide any standard regarding the data retention period. Prior California law requires data be disposed of properly to ensure it is unreadable or undecipherable; but it does not dictate when. Cal. Civ. C. §1798.81.
The GDPR also requires businesses to allow consumers to update or complete their information. The CCPA does not have any equivalent provision, even though certain companies’ systems may allow users to complete or update their information. While the CCPA’s requirements that deletion can be requested may implicitly require businesses to delete inaccurate information, the CCPA does not clearly require a correction mechanism.
The CCPA also expressly authorizes companies to provide financial incentives to users to encourage data disclosure. Among the permitted financial incentives: a company may make payments to consumers as compensation for collection of their data, or offer different prices, rates level or quality of goods or services. The CCPA however indicates that financial incentives a business may offer must be “directly related to the value provided to the consumer by the consumer’s data.” Cal. Civ. C. §1798.125(b)(1). The CCPA also provides that a business shall not offer financial incentives that are “unjust, unreasonable, coercive, or usurious in nature.” Cal. Civ. C. §1798.125(b)(4). This financial incentive provision appears to be in tension with the anti-discriminatory provisions of Cal. Civ. C. §1798.125(a)(1). Thus, any financial incentives offered may need to be closely tied to an actual value provided.
Further, the CCPA requires a business to update their privacy policies at least once every 12 months and provide a list of information subject to the update, such as data subjects’ rights, the categories of information collected or the nature of the information sold to third parties. Cal. Civ. C. §1798.130(a).
As previously mentioned, CCPA does not become effective until January 1, 2020, and reports suggest there are likely to be at least some revisions before that deadline. But until then, companies should consider reviewing their collection and use of consumer personal information and determine if any revisions to their practices and privacy policies are needed.
This blog post is only a summary and provides only general information regarding some notable portions of the CCPA. It is not a complete discussion of obligations under the CCPA, and does not constitute legal advice upon which anyone may, or should rely.
For more information about the CCPA’s requirements and your obligations, please contact Joshua S. Devore or Louise Mercier.
GDPR Is Here – The New European Union Data Protection Regulation Goes Into Force
You’ve probably received a barrage of emails in the past week from a wide variety of websites that you may (or may not) remember having an account with, telling you that they’re updating their privacy policies. The reason: the European Union (“EU”) has reached the official start date of its new General Data Protection Regulation (“GDPR”). It is a wide-ranging regulation that is based on the notion that it “protects fundamental rights and freedoms of natural persons and in particular their right to the protection of personal data.”
But I’m not in the European Union?
The GDPR is striking in its breadth and claims to apply in two circumstances. First, it applies to EU entities that handle personal data, even if the entities outsource the handling of the data outside of the EU.
Second, and importantly for this audience, the regulation claims to apply to companies located outside of the EU, but who handle E.U. citizens’ personal data. That’s a pretty broad claim of jurisdiction, and on its face would suggest that a U.S. Company that got data from an EU person either for purposes of a commercial transaction, or to track their behavior in the EU (e.g., website cookies), is subject to the rule. So, for example, a winery that had a single sale to an E.U. person in its wine club database might appear to meet the requirements to comply with the GDPR.
Hold on, how can the European Union tell me what to do in the United States?
The provisions of the GDPR provide limits to these broad jurisdictional assertions by namely providing that it “does not apply to the processing of personal data … in the course of an activity which falls outside the scope of [E.U.] law.” GDPR Art. 2 Sec. 2(a). So, if you simply happen to acquire the data of an E.U. person in your U.S. database while going about the course of your U.S. business, the GDPR does not apply to you. You don’t have to purge your U.S.-based email lists of E.U. persons, or block them from accessing your U.S.-based website, as long as the activities you are engaged in are solely under U.S. law. And, keep in mind that it only applies to actual people: a person means just that, not a “legal person” such as a corporation. The GDPR does not limit your collection or handling of data on E.U. companies – but it does apply to their individual employees. Additional information can be found regarding when the regulation does not apply here. The European Commission has also begun to promulgate some guidance.
Thus, you should review your particular situation carefully to determine whether or not your activities might be under E.U. law.
Should I just follow the GDPR anyway to be safe?
Even if you are not sure whether the GDPR technically applies to you or could be enforced against you, the GDPR contains a set of provisions that could simply be considered good business practices, even if you have a good argument they are not legal obligations. The GDPR is high-minded and based on the notion that protecting personal data is a fundamental right. Its provisions include providing users with additional rights over whether and how companies use their data, to know why and for which purposes their information is gathered and for how long will the Company retains such data.
So, what do I do?
First, if you don’t want to comply with the GDPR but think you might otherwise be subject to it, you could just delete or block EU persons from your system. You would not be alone in doing that, some large and noteworthy organizations have taken this course
Otherwise, if you intend to retain EU citizen information in your system and comply with GDPR provisions, you need to determine if you are a “processor” of data or just a “controller.” The terms are fairly self explanatory: the “processor” of data is the one that actually processes personal data on behalf of the “controller,” who “determines the purposes and means of the processing.”
You also need to determine whether you fall below the threshold of 250 employees that trigger additional record keeping and other obligations (unless processing of personal data is a regular activity of the business).
Even smaller companies have obligations under the GDPR though. Those obligations are subject to a general balancing requirement of weighing the risks created against the level of effort needed to address those risks. For example, the amount of data security needed by your organization should take “into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.” GDPR Art. 32, Sec. 1. The European Commission has put out some helpful guidance for how smaller business should approach complying with the GDPR, complete with a reassuring note that: “The less risk your activities pose to personal data, the less you have to do.”
Unlike many complicated statutes, the requirements of the GDPR are fairly easy to read (well, some of them anyway). Most importantly, the rights of the “data subject” (the person whose data you have) are set out in Articles 13-15 of Chapter III of the GDPR in fairly plain language.
Some steps all organizations that are concerned with GDPR compliance should take include:
- Contact your IT staff and request that they review existing data protection measures to prevent any breach of data privacy, and make appropriate updates – but only to the extent reasonable and proportionate to the risk;
- Update your privacy policies and disclosures to be more transparent with users and provide them with additional information regarding the reason why you are retaining their information, how long you will retain their information and let them know of their rights to request deletion or transfer of their data;
- Give thought to the type of information you gather, and collect only useful information; and
- Consider your current retention policies, and do not keep data for longer than needed.
In addition, and particularly important for smaller organizations that outsource their IT functions, if you are a controller you must contact your data processor and enter into a new or revised contract in which a number of items set out in Article 28, Section 3 of the GDPR are detailed. But while much of the technical obligations may fall on the processor, keep in mind that controllers are ultimately responsible for accountability with the GDPR’s principles of processing of personal data. You have the obligation to make sure the data you control is treated appropriately: an obligation that isn’t new at all.
This blog post is only a summary and provides only general information regarding some notable portions of the GDPR. It is not a complete discussion of your obligations and not legal advice upon which anyone may or should rely.
For more information about the GDPR’s requirements and your obligations, please contact Joshua S. Devore.
Steel and Aluminum Tariffs Could Impact U.S. Alcohol Beverage Producers
As has been widely reported, the President of the United States has proposed enacting steep tariffs on U.S. imports of steel and aluminum. These tariffs could both directly impact U.S. alcohol beverage products that use those materials such as beer, and result in retaliatory tariffs targeting U.S. goods nominally unrelated to steel and aluminum, including U.S. wine and spirits.
The direct impacts on the costs of steel and aluminum containers, particularly in canned beer and the growing canned wine segment, could obviously impact the competitiveness of U.S. beer and wine. Major beer manufactures have expressed strong objection to the tariffs and projected job losses throughout the industry. As the Wall St. Journal reported, some industry experts have speculated that this cost increase may push consumers away from beer and towards other alcohol beverages typically packaged in glass.
But Washington Post reporting suggests U.S. wine manufacturers, especially those that export their products, should temper any expectations of a gain from such a shift. Retaliatory tariffs are a distinct possibility, including from some of the U.S.’s historically strongest trade partners. The E.U. has already threatened retaliatory tariffs against Kentucky bourbon. Canada, the largest exporter of steel and aluminum to the U.S. and the second largest export market for U.S. wine behind the European Union, may follow suit. One Canadian trade lawyer, Lawrence Herman, has suggested a tariff on U.S. wine exported to Canada as a first response: “‘Canadian consumers are not going to be prejudiced’ because there are many alternative sources of wine in the world.”
A number of affected alcohol beverage industry groups have already spoken out on their plans to contact the Commerce Department to voice their concerns. It remains to be seen whether the tariffs will actually be implemented, and if so, whether they will apply to all countries, or exclude favored trading partners.