CALIFORNIA SUPREME COURT CHANGES STANDARD FOR CLASSIFYING WORKERS AS INDEPENDENT CONTRACTORS
On April 30, 2018, the California Supreme Court changed the standard used to determine whether a person is an independent contractor or employee of a company.
The Dynamex Operations West, Inc. v. Superior Court case centered around whether delivery service drivers for Dynamex were independent contractors or employees. For the past 30 years, companies relied on a multi-factor test in California that focused on whether the company had control over the how the work was being completed to classify a worker. Dynamex, also relying on this standard, argued that their drivers were independent contractors because the drivers set their own driving schedules, used their own vehicles, had the ability to decline delivery assignments and could work for multiple companies.
The Supreme Court, however, adopted a new standard in the Dynamex case and ruled that the drivers were in fact employees and allowed the drivers to be certified for a class action lawsuit.
The new “ABC test” will likely make it difficult for companies to classify workers as independent contractors in California because it presumes all workers are employees unless the company can demonstrate that the worker:
A). is free from the control and direction of the hiring entity in connection with the performance of the work, both under the contract for the performance of such work and in fact; and
B). performs work that is outside the usual course of the hiring entity’s business; and
C). is customarily engaged in an independently established trade, occupation, or business of the same nature as the work performed for the hiring entity.
Part A of the test includes similar language from the previous test with respect to control; however Parts B and C impose new restrictions on companies being able to classify a worker as an independent contractor. For Part B, the Supreme Court provided an example that a plumber or electrician who is hired by a retailer to perform maintenance work at a retail store is truly an independent contractor because the work being provided is outside the usual course of the retailer’s business. Part C is designed to identify those workers who have decided to go into business for themselves, regardless of whether the worker has actually formed a separate entity.
With this new standard in place, companies should reevaluate existing agreements with independent contractors to ensure whether these workers are indeed independent contractors under the new ABC test or should now be classified as employees and afforded the benefits of an employee.
Missed this year’s first FTE Workshop? Then, join us Saturday, May 5th for our spring session!
The program is open to entrepreneurs that are starting companies in areas that are likely to draw venture capital investment. (The workshop is not applicable to service providers.) Click here to RSVP
During our five hour program (runs from 10am – 3pm), you will learn how to:
- Determine the value of your company
- Put together a capitalization table
- Understand how VCs screen potential investments
- Understand the differences between trademarks, copyrights and patents and when you need them
- Choose co-founders
- Network at startup events — the right way
The program will be taught by LAVA board members and veterans of the venture space. The program is generously sponsored by Crowley Corporate Legal Strategy.
LAVA Members are free; non-members $50. LAVA members will receive first preference, but membership is not necessary to be accepted.
NEW EUROPEAN REGULATIONS REGARDING DATA PRIVACY WILL IMPACT HOW U.S. BUSINESSES COLLECT AND USE PERSONAL DATA
February 12, 2018
By: Angela Bandich, Esq.
The European Union’s (“EU”) new data privacy rules, called the General Data Protection Regulation (“GDPR”), will become effective on May 25, 2018 and will impact how U.S. businesses collect and use personal data.
1. Geographical Scope of the GDPR
Despite being a European regulation, the scope of the GDPR reaches far beyond just the EU. In fact, any company that (i) offers goods and/or services to individuals (called “Data Subjects”) who are located in the EU (even if there’s no payment involved) or (ii) monitors the behavior of Data Subjects in the EU will be subject to the GDPR if the company collects and processes their Personal Data. This means the GDPR rules will apply to companies even if the companies are not located in the EU.
“Personal Data” is defined in the GDPR as any information relating to an identified or identifiable natural person (someone who can be identified, directly or indirectly, by reference to data such as name, an identification number, location, an online identifier, or other factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person).
The GDPR will therefore likely apply to most companies, particularly those in e-commerce, travel, software or media industries that are global in their reach. For example, in response to the GDPR, Facebook recently notified its users that it will be updating its data policies and procedures (https://newsroom.fb.com/news/2018/01/control-privacy-principles/).
2. Obligations of Companies
As a result of the GDPR, companies now need to ensure that Personal Data of Data Subjects is (i) collected for specified, explicit, and legitimate purposes, (ii) limited to what is necessary in relation to those purposes, (iii) accurate and up to date, (iv) kept no longer than necessary for the purposes, and (v) processed in a secure manner.
Furthermore, the collection and processing of Personal Data is only lawful under the GDPR if the company satisfies one or more of the following:
- The Data Subject has given consent to the processing of his personal data for the specific purpose(s); or
- Processing is necessary:
- for the performance of a contract for which the Data Subject is a party;
- for compliance with a legal obligation;
- to protect the vital interests of a Data Subject or other natural person;
- for the performance of a task carried out in the public interest or under official authority; or
- for purposes of legitimate interests, except where such interests overridden by the fundamental rights and freedoms of a Data Subject that requires protection of his or her Personal Data.
Consent. If a company claims that the Personal Data was collected and processed based on consent from the Data Subject, the company must be able to prove it. If a request for consent is included in a written document with other matters, the request must be clearly distinguishable from the other matters and presented intelligibly and in clear and plain language. The Data Subject also has the right to withdraw his or her consent at any time and the Data Subject must be informed of such right prior to giving consent. Finally, the GDPR states that consent must be freely given, particularly in situations where the performance of a contract, including providing services, is conditional on the Data Subject giving consent to the collection and processing his or her Personal Data which is not necessary for the performance of the contract.
There are also specific rules in the GDPR related to the collection and processing of data of children (Article 8) and special categories of Personal Data (Articles 9 and 10).
Article 30 also requires that each company and any third party representatives that assist with the processing of Personal Data maintain records of processing activities, unless the company qualifies for exemption. Designating a Data Protection Officer may also be required under Articles 37-39 if the company’s processing activities require regular and systematic monitoring of Data Subjects on a large scale or of special categories of Personal Data.
Security Measures and Breaches. Companies must implement technical and organizational measures to “ensure a level of security appropriate to the risk” associated with the likelihood and severity of impact to the rights and freedoms of Data Subjects upon a breach (Article 32).
If there is a breach of Personal Data, a company is required to notify an appropriate EU supervisory authority within seventy-two (72) hours after becoming aware of the breach, unless the Personal Data involved in the breach is unlikely to result in a “risk to the rights and freedoms” of the Data Subject or other natural persons. If the security breach is likely to result in a high risk to the rights and freedoms of the Data Subject, the company must notify also the Data Subject of the breach without “undue delay” (Articles 33 and 34). This means that companies and their IT teams must be able to evaluate every breach to determine which level of notice is required, if any.
3. Rights of Data Subjects
Data Subjects have specific rights under the GDPR, including but not limited to:
- Access to Data (Articles 12 – 15): the right to obtain information about their Personal Data, free of charge (with exceptions), if requested. Companies should also be aware that some information should also be provided to the Data Subject at the time when the Personal Data is collected, such as: the identity and the contact details of the controller of the Personal Data, contact details of the data protection officer, if applicable, the purposes of the Personal Data processing; the recipients of the Personal Data, if any, and whether the Personal Data is to be transferred to another country.
- Right to rectify (Article 16): the right to have companies rectify any inaccurate Personal Data that is collected without undue delay.
- Right to be Forgotten (Article 17): the right to request that Personal Data be erased, without undue delay.
- Right to Restrict (Article 18): the right to restrict the processing of their Personal Data in the future.
- Data Portability (Article 20): the right to receive the Personal Data collected about the Data Subject in a commonly used, machine readable format to transmit the Personal Data elsewhere.
- Right to Object (Article 21): the right to object to the processing of Personal Data, particularly if profiling is based on the automatic processing of the Personal Data under Article 6(1)(e) or (f).
4. Penalties for non-compliance
Data Subjects have the right to file complaints with supervisory authorities in the EU, as well as right to receive compensation for damages suffered as a result of non-compliance with the GDPR (Article 82).
Administrative fines are also possible, depending on the specific circumstances of each individual case. Depending on the type and severity of the non-compliance, the fine can be as much as 20,000 EUR or four percent (4%) of the company’s total worldwide annual revenue, whichever is higher. How the EU plans to enforce such penalties against non-EU companies, however, is not clear.
As a result of the GDPR, companies should implement changes to their data collection and data privacy policies that allow for enough flexibility to be able to analyze and report security breaches, as well as respond to requests by Data Subjects. Companies should also understand what types of Personal Data is being collected from Data Subjects, where the Personal Data is being stored, what the security measures are in place around the Personal Data and who has access to the Personal Data.
Click here for the full GDPR text: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN
On January 18th, the Securities and Exchange Commission (SEC) released a Staff Letter addressed to the Investment Company Institute and the Asset Management Group of the Securities Industry and Financial Markets Association (SIFMA).
The letter outlined the SEC’s concerns about cryptocurrency exchange-traded funds (ETFs). Specifically, the letter stated that there are “significant outstanding questions concerning how funds holding substantial amounts of cryptocurrencies and related products would satisfy the requirements of the [Investment Company Act of 1940] and its rules.”
The letter identified 5 specific areas of concern:
- Potential manipulation and other risks
The letter posed several questions under each area of concern, some of which are: (i) What are the policies and procedures to determine the fair value of cryptocurrency related products? (ii) How would funds classify the liquidity of cryptocurrencies and cryptocurrency related products? (iii) How would the custody requirements be satisfied for cryptocurrency holdings? (iv) How would the fragmented, volatile and high-volume trading characteristics of cryptocurrencies allow ETFs to comply with market price requirements? and (v) How will ETFs ensure investor protection with cryptocurrencies that have a higher opportunity for fraud and manipulation than traditional securities?
The letter concluded by saying the SEC does “not believe that it is appropriate for fund sponsors to initiate registration of funds that intend to invest substantially in cryptocurrency and related products” until the questions in the letter are satisfactorily addressed. The SEC also stated that it has requested that sponsors withdraw registration statements that have already been filed for such products.
The full letter can be found here:
Staff Letter: Engaging on Fund Innovation and Cryptocurrency-related Holdings
I am so excited to be back at Loyola Law School teaching Business Planning I: Financing the Start-Up and Venture Capital Financing this semester!
The course motivates students to consider the legal and business implications involved in forming and operating an emerging business. The course, much like my First Time Entrepreneur Workshop, analyzes:
- The deal cycle of a start up company
- Selecting a business entity
- Structuring the economic benefits
- Management control among various owners
- Protecting intellectual property
- Raising capital
During this course law students learn to apply these ideas by reviewing and analyzing legal documents typically used in organizing and financing a start-up. The goal of the class is to prepare students for the types of projects and challenges they will one day confront as lawyers.
I look forward to this semester, I know it’ll be a great one!
On Friday, November 10th StartEngine hosted a summit focused on regulated ICOs.
Check out the Top 10 Highlights from the event:
- Management and company counsel might need to consult with local legal counsel in other countries to ensure compliance with rules and regulations of other countries. The level of compliance requirements might ultimately result in eliminating countries from the token offering. For those countries that do not get eliminated, be sure to include relevant disclosures by country (and state).
- There are several possible federal exemptions and securities regulations that can be used, such as 506(c), the Crowdfunding regulation, Regulation A+, and Regulation S. If you’re relying on more than one, be sure you’re complying with the requirements of each, as they may be different. Also, be careful to also comply with state securities exemption requirements, if necessary.
- In order to comply with the advertising rules for US and non-US investors, consider having the tokens sold in the US be different from tokens sold to foreign investors.
- Company should consider as a risk factor what the implications are if their token cannot handle the large number of users at the end of their token sale.
- “Curb your enthusiasm”, meaning what you say today in marketing and advertising can be used against you later.
- When determining whether an investor is accredited, go beyond just a questionnaire. Get bank statements or a letter from their accountant to verify income.
- The variety of possible exemptions and securities regulations all have different resale restrictions to be considered and complied with during token sales.
- Be extra diligent when doing your know your customer (KYC) and anti-money laundering (AML) checks.
- Some investors think there is too much emphasis on who the Company’s advisors are during an ICO. Instead, the focus should be on identifying for investors: (1) who is on the management team? (2) what is the opportunity? (3) what is the smart contract code itself and has it been audited? (4) what is the overall marketplace analysis? and (5) what is the company’s expectation for the use of proceeds?
- Investors should have engineers and coders on their team to look at the smart contract code during diligence.
If you missed the event or for more information visit: https://www.startengine.com/ico
Our Top Ten Legal Mistakes Made by First Time Entrepreneurs event next week will now be held at WeWork Pasadena (177 E Colorado Blvd, Suite 200, Pasadena, CA 91101).
Date: Thursday October 19, 2017
Time: 6:00pm – 7:00pm
Location: WeWork Pasadena
The event is FREE to all attendees, but RSVPs are requested: https://connectpasadena.com/events/top-10-legal-mistakes-made-by-first-time-entrepreneurs.