Currents Vol. XXIV, No. 1 | 2020 by Currents: Journal of International Economic Law

2020

pre-sort first class u.s. postage paid houston, tx permit no.8451

urrent C S J o u r n a l o f I n t e r n at i o n a l E c o n o m i c L aw

2020

South Texas College of Law Houston

Vol. XXIV, No.1

Free Trade Areas for Chinaâ&#x20AC;&#x2122;s Belt and Road Gonzalo Villalta Puig

Cross Border Trade Compliance Courtney V. Flores, Tim Brown, Mel Chavez, David Mortlock, Ellen C. Smith

Vol. XXIV No. 1

south texas college of law houston currents: journal of international economic law 1303 San Jacinto Street Houston, Texas 77002-7006

Currents

Journal of International Economic Law

Symposium: Compliance in International Corporate Legal Practices:

Managing Cross Border Internal Investigations Thuy P. Tran, Eleanor Benmenashe, Ashley Coselli, Michael Miner, Marla Moore Chief Compliance Officer Roundtable Natalia Shehadah, Steven Gyeszly, Jay Martin, Ryan Rabalais, John Sardar

Changing Landscape of International Anti-Bribery and Corruption Compliance Margaret Mousoudakis, Joy Dowdle, Sergio Leal, David Searle

Present and Future Data Privacy Outlook Wendell J. Bartnick, Shenna Bradshaw, Alexandra ChughtaiHarvey, Mary Isensee

Where can you get back Volumes and Issues of

urrent C S J o u r n a l o f I n t e r n at i o n a l E c o n o m i c L aw

You can order them through Hein! We have obtained the entire back stock, reprint and microform rights to currents. Complete sets to date are now available. We can also Furnish single volumes and issues.

William S. Hein & Co., Inc. 1285 Main Street Buffalo, New York 14209 800-828-7471 or 716-882-2600

Contents

3 Free Trade Areas for China's Belt and Road Gonzalo Villalta Puig 14 Cross Border Trade Compliance: Background Madison Hastings 21 Cross Border Trade Compliance Courtney V. Flores, Tim Brown, Mel Chavez, David Mortlock, Ellen C. Smith 34 Anti-Bribery Laws and Investigation: Background Jordan Sloane

Changing Landscape of International Anti- Bribery and Corruption Compliance 42

Margaret Mousoudakis, Joy Dowdle, Sergio Leal, David Searle

Journal of International Economic Law

52 Managing Cross Border Internal Investigations Thuy P. Tran, Eleanor Benmenashe, Ashley Coselli, Michael Miner, Marla Moore

General Data Protection Regulation and California Consumer Privacy Act: Background 62

Jonathan Mckinney, Esther-Sarah Wilmot, Greta Carlson, Elizabeth Slezak

70 Present and Future Data Privacy Outlook Wendell J. Bartnick, Shenna Bradshaw, Alexandra Chughtai-Harvey, Mary Isensee 79 Chief Compliance Officer Roundtable Natalia Shehadah, Steven Gyeszly, Jay Martin, Ryan Rabalais, John Sardar

Are Changes to the U.S. Patent System Objectively Killing Innovation? 87

Nick Cornor

Negotiating Under the New EU Copyright Directive 2019/790 and GDPR 106

Adam Freeland

Career Paths in International Corporate Legal Practice 123

Currents 24.1 2020

Letter From The Editor

Currents

Dear Readers: The Editorial Board of CURRENTS: Journal of International Economic Law (CURRENTS: JIEL) is proud to present an issue constituting the collective insights of the international compliance community of Houston. Specifically, this issue embodies the 2019 Symposium on Compliance in International Corporate Legal Practices—Legal Developments and the Talent Needs of the Future Agenda. Our authors come from compliance departments of some of Houston’s leading domestic and multinational corporations. Volume 24.1 illustrates the key role that compliance holds in international economic law. The live panels at the conference produced five articles in this issue highlighting how international trade and business is altered by U.S. government and international regulations and corporate attempts to comply with such regulations. As the articles make clear, the compliance attorney ensures that business moves forward properly against the backdrop of regulatory laws. In addition to covering the Compliance Symposium articles, Volume 24.1 contains an article written by Gonzalo Villalta Puig, Professor of Law at The University of Hull, UK, titled Free Trade Areas for China’s Belt and Road Initiative. Additionally, Volume 24.1 contains two student notes: “Are Changes to Patent Law Objectively Killing Innovation?” and “Negotiating Under the New EU Copyright Directive and GDPR.” Finally, our CURRENT Events report is a new feature in CURRENTS: JIEL. As the name suggests, CURRENT Events is a comment researched and written by staff members. We are delighted to provide a platform for students to engage collectively on a journal beyond editing. This CURRENT Events focuses on the changes to data privacy law as a result of the GDPR and the CCPA . I also wish to express thanks to Natalia Shehadeh (’99), Senior Vice President and Chief Compliance Officer at TechnipFMC, and Skyler Obregon (2011), Regional Compliance Counsel at TechnipFMC, both for their vision in leading this symposium and for their continued dedication to the pursuit of excellence in legal education as South Texas alumni. We are also grateful to the outstanding professionals who joined us and provided key insights into the ethical dilemmas facing corporations and businesses wishing to stay up to speed with the ever-changing business climate. Finally, we would like to thank Professor Cherie O. Taylor, our faculty advisor, for her continued commitment to students who seek to develop transactional skills in international economic law. I would like to thank the entire staff and Editorial Board. Everyone worked tirelessly to get this issue ready and faced unique challenges that were both embraced and overcome. Further, on behalf of the 2019-2020 Editorial Board, I would like to thank Dean Barry for his unwavering support of the IILP & NS and CURRENTS: JIEL as well as former Dean Donald Guter for his inspiration and leadership. The Editorial Board always welcomes article submissions on any topic in the field of International Economic Law. Please visit our website at https://www. stcl.edu/academics/law-reviews-journals/currents/ for additional information about how to submit and our publication schedule. We hope you enjoy our special issue on corporate compliance.

CURRENTS is published by South Texas College of Law Houston. Please cite CURRENTS as CURRENTS: JIEL 24.1, 2020. Please direct inquiries and correspondence to: Editorial Board

CURRENTS South Texas College of Law Houston 1303 San Jacinto Street, Suite 219 Houston, Texas 77002-7006 E-mail: currents@stcl.edu

Editorial Board 2019-2020 Editor-in-Chief Adam Freeland Managing Editor Elizabeth Slezak Articles/Notes Editors Greta Carlson Kendra Watson Project Editor Esther-Sarah Wilmot Members Marielle Brisbois Elliott Deese Madison Hastings Lucian Hill Carla Lassabe Ashley Maskus Jonathan McKinney Margaret Marrow Elizabeth Nevle Sarah Reese Jordan Sloane Alexis Summers Jared Vann Kyle Vento Faculty Advisors Assistant Dean Elizabeth A. Dennis Professor C. O’Neal Taylor

Publications Coordinator Jacob Hubble

Credits

Adam Freeland Editor-in-Chief CURRENTS: Journal of International Economic Law Currents 24.1 2020

Publication Services Jacob Hubble

Free Trade Areas for China's Belt and Road G O N Z A L O

This article studies China’s Belt and Road Initiative and its call to open free trade areas with the customs territories along the routes that it covers. It argues that, as a solution to the problems of the World Trade Organization to liberalise trade at the multilateral level, China should indeed attempt to enter into plurilateral and bilateral agreements with its largest trading partners. It further argues that China should work for those agreements to be comprehensive and contemporary. —————————————————

I. Introduction ————————————————— The Belt and Road Initiative of the Government of the People’s Republic of China (China) proposes to develop a land and

V I L L A LTA

P U I G

Gonzalo Villalta Puig is Professor of Law at The University of Hull. He is the inaugural holder of The University of Hull established Chair in the Law of Economic Integration for his research into the constitutionalisation of free trade in non-unitary market jurisdictions. Professor Villalta Puig was formerly a Professor of Law and Outstanding Fellow of the Faculty of Law at The Chinese University of Hong Kong. He is an Overseas Fellow of the Australian Academy of Law, a Fellow of the European Law Institute, and an Associate Member of the International Academy of Comparative Law. Professor Villalta Puig chairs the International Association of Constitutional Law’s Research Group for Constitutional Studies of Free Trade and Political Economy and is a member of the Committee on the Procedure of International Courts and Tribunals of the International Law Association. He is the Associate Editor of the Global Journal of Comparative Law (Brill Nijhoff).

sea transportation and telecommunications

—————————————————

II. Belt and Road Initiative’s Call to Open Free Trade Areas ————————————————— In September 2013, the President of China, Xi Jinping, announced the Silk Road Economic Belt in a speech at Nazarbayev University in Astana (now Nur-Sultan), the capital of the Republic of Kazakhstan (Kazakhstan).3 A month later, he announced the 21st Century Maritime Silk Road in a speech to the People’s Consultative Assembly of the Republic of Indonesia (Indonesia) in Jakarta.4 China’s State Council and the Central Committee of the Communist Party of China5 refer to the Silk Road Economic Belt and 21st Century Maritime Silk Road

network that infrastructurally connects

China should indeed attempt to enter into

collectively as the Belt and Road Initiative

China with the European Union (EU) and

bilateral and plurilateral FTAs with its largest

(Yi Dai Yi Lu一带一路),6 a multi-purpose

much of the rest of the world.1 The Belt and

trading partners along the trade routes

initiative which, for China’s National

Road Initiative also proposes to open free

that the Belt and Road Initiative covers,

Development and Reform Com[mission

trade areas (FTAs) by agreement2 with the

namely, the Cooperation Council for the

(NDRC), “aims to promote the connectivity

customs territories along the routes that it

Arab States of the Gulf (Gulf Cooperation

of Asian, European and African continents

covers. It is this element of the Belt and Road

Council (GCC)), the Eurasian Economic

and their adjacent seas … [into] a community

Initiative that is the subject of this article

Union (EAEU), the Economic Community

of shared interests, destiny and responsibility

The rationale for the Belt and Road

of West African States (ECOWAS), and the

featuring mutual political trust, economic

Initiative is to facilitate access to markets

EU. It further argues that China should

integration and cultural inclusiveness.”7

for China’s ever-larger goods and services

work for those FTAs to be comprehensive

As an initiative, as a project, as a plan, as

exports. On that premise, this article

and contemporary deals that closely replicate

a program, as a process, as a strategy, indeed

argues that, as a solution to the problems

the China-Australia Free Trade Agreement

as a vision,8 this statement of purpose(s),

of the World Trade Organization (WTO)

(ChAFTA), which is China’s most ambitious

however abstract in expression, evidences

to liberalise trade at the multilateral level,

FTA to date.

an undeniable commitment on the part of 3

Currents 24.1 2020

the Chinese government to trans-regional

and telecommunications network counts, for

Ministry of Commerce with State Council

development. In that respect, the Belt and

its construction, with USD 200 billion (and,

Authorisation in March 2015—calls on

Road Initiative finds certainty in elements of

into the future, USD 6 trillion) in financial

countries along the Belt and Road to promote

ancient Chinese thought. Notably, through

support for (high rate) loans21 from the Asia

“unimpeded trade.”35 Inasmuch as the Joint

the virtues of ren-li-yi, Confucianism calls

Infrastructure Investment Bank (AIIB),22

Communiqué of the Leaders’ Roundtable of

for a moderate approach to ensure that

New Development Bank (NDB) and the Silk

the Belt and Road Forum for International

the obligations of government are towards

Road Fund (SRF) (with a separate treasury

Cooperation (Joint Communiqué) of

addressing poverty and underdevelopment.

of USD 40 billion) as well as the financial

May 2017 can double as an organisational

Thus, the Silk Road Spirit—“peace and

support of the China Development Bank,

charter, 36 the Belt and Road Initiative

cooperation, openness and inclusiveness,

The Export-Import Bank of China and

represents a “shared commitment to build

mutual learning and mutual benefit”11—

China’s largest state-owned banks.23

[an] open economy, ensure free and inclusive

further enhances that otherwise free and fluid

The Belt and Road Initiative is, however,

trade, oppose all forms of protectionism

commitment of the Belt and Road Initiative

so much more than a trade route. It is a

[and] endeavor to promote a universal,

to respectful socio-political and economic

“mega strategic initiative,” a “going-global

rules-based, open, non-discriminatory and

development.12# Devoid of any legal form

strategy,”26 a “geo-economic vision”27 from

equitable multilateral trading system with

in the absence of a definitional treaty or

the world’s second largest economy, largest

WTO at its core.”37 Two years later, for the

foundational charter,13 the Belt and Road

goods exporter, and third largest investor28

second Belt and Road Forum of April 2019,

Initiative can only be a public good for it

for seventy of the world’s countries and two-

the Joint Communiqué ever diplomatically

aims to promote infrastructural (physical and

thirds of its population. With a projection

reaffirmed the determination “to pursue

digital) connectivity and economic (trade

to cover more than 30% of world trade

trade and investment liberalization and

and investment) cooperation15 between Asia

by 2050, 30 the Belt and Road Initiative

facilitation” and the aspiration “to further

and Europe as it rebuilds the Silk Road of

will, most probably, redefine the terms of

open our markets, reject protectionism,

old through land corridors and maritime

globalisation, reset the world’s economic

unilateralism and other measures that are

routes.

balance, and reregulate the multilateral

incompatible with WTO rules.”38

Ultimately, the Belt and Road

trading system.31 And it will do so as an

The diplomatic, non-binding

Initiative18 is a trade route between China

instrument of free trade.

approach here is deliberate. It is precisely

and its largest trading partner, the EU,

—————————————————

because of such “maximised flexibility

The Belt and Road Initiative is, however, so much more than a trade route.

the value of economic cooperation between

albeit one that passes through other trading partners in Europe, Asia, and Africa19 with economies of considerable size, including – within the EAEU – Central Asia’s largest economy (Kazakhstan) and the eleventh largest economy in the world (the Russian Federation (Russia)), the largest oil producer in the world (the GCC), the most dynamic economic region in the world (ASEAN), the largest economy in the Pacific (the Commonwealth of Australia (Australia)), and – within ECOWAS – the largest economy in Africa (the Federal Republic of Nigeria (Nigeria)). This land and sea transportation

————————————————— Even though the Belt and Road Initiative cannot qualify as an international organisation or even as an international agreement,32 its soft law33 regime promotes the freedom of trade to an almost constitutional status. The foundational normative blueprint 34 document of the Belt and Road Initiative— the Vision and Actions statement put out by China’s National Development and Reform Commission, Ministry of Foreign Affairs, and 4

Currents 24.1 2020

regarding institutions and norms”39 that governments in “a partnership-based, relational approach”40 promotes free trade. This freedom is not through the surrender of sovereignty 41 in the Bretton Woods rule-based international economic system but through the spontaneous process of economic integration that inevitably comes with infrastructural connectivity 42 and investment for development in a “hub-andspoke … trial-and-error”43 network where China leads but only to share power and responsibility44 with its partner countries in

dialogue and for mutual benefit.

Iran and Iraq as notable exceptions.54

evolve into a kind of extra-regional, counter-

Yet, however participatory, China leads

While China should work with Belt

model60 free trade area between the customs

the initiative with authoritative confidence.

and Road Initiative participant customs

territories that lie across China and Europe,61

Despite the selfless rhetoric, it leads with a

territories in an attempt to advance

the Belt and Road Initiative is certainly not

set of fairly pragmatic objectives all around

multilateral trade negotiations through

as such and cannot be as such, by nature.

the ideal of wider and deeper economic

the WTO, China should and does indeed

By its nature, the Belt and Road

integration for diversification.

The first

accept that the WTO no longer functions

Initiative maximises flexibility in an extralegal

objective is to open up new export markets

as a trade liberalisation forum but as a trade

policy space devoid even of a constituting

beyond the ever protectionist United States

dispute settlement body. Indeed, since the

instrument, it is also, by nature, different

and the still stagnant EU and simultaneously

introduction of the Doha Development

from an FTA. Unlike an FTA, which

secure access to resources in Africa and the

Agenda, international trade law and policy

prescribes a system of non-discrimination

Persian Gulf. The second objective is to

have experienced a kind of paradigm

norms and dispute settlement in exchange

reform the economy; that is, to rely less

shift from non-discriminatory multilateral

for mutually exclusive market access and

on the increasingly vulnerable mercantile

trade liberalisation to discriminatory non-

other trade preferences, the Belt and Road

labour-intensive manufacturing model of

multilateral trade liberalisation.55

Initiative groups together seemingly random

old through the promotion of domestic

—————————————————

but decidedly inclusive connectivity for trade,

consumption in a knowledge economy that develops China’s western provinces and reduces excess production capacities in steel, cement, aluminium and other essentials of construction.48 The third objective is to effectively use the country’s vast foreign currency reserves and, at the same time, internationalise the renminbi (yuan).49 The Belt and Road Initiative, however, presents itself more nobly as a WTOaligned framework for multilateral, non-discriminatory integration through cooperation. In that tone, the Vision and 50

Actions statement pledges that the Chinese government will work “to build a community of shared interests, destiny and responsibility featuring mutual political trust, economic integration and cultural inclusiveness.”

China has certainly benefitted from its membership of the WTO’s multilateral trading system, 52 without which its mercantilist–all-exports–economic model would not be sustainable. Indeed, “fifty-two of the sixty-five countries along the Belt and Road route” are WTO Members with only 53

If, however, the Belt and Road Initiative is to promote predictability, consistency, and coherence,65 it will, sooner rather than later, need to give itself a code—a book of rules of conduct. ————————————————— The ultimate objective of the Belt and Road Initiative, therefore, is not so much to overtake the WTO

but to bypass it

with the establishment of a global, Belt and Road FTA—the opening, in other words, of a common market for all countries along the route. 57 The basic idea is “to consolidate and upgrade a dense network of bilateral Free Trade Agreements (FTA) into a multilateral arrangement, anchored by China’s gravitational pull and vast open market.”58 China’s State Council in fact acknowledges that “the long-term goal is to forge a global FTA network that further covers countries along the route of the Belt and Road Initiative and other important countries.”59 While the ultimate objective of the Belt and Road Initiative may well be to

cooperation for coprosperity, and public, rather than private projects,62 without much if any regulatory specification.63 Development ahead of rules is the approach.64 If, however, the Belt and Road Initiative is to promote predictability, consistency, and coherence,65 it will, sooner rather than later, need to give itself a code—a book of rules of conduct.66 Those rules will inevitably and invariably have to come from the most effective instrument of international trade law known to date, the FTA, either bilateral or plurilateral in form.67 True enough, the Belt and Road Initiative68 already shows particular concern for the simplification and harmonisation of international trade procedures (such as customs clearance procedures), the removal of regulatory divergences and other non-tariff barriers to trade, the liberalisation of trade in services especially through electronic commerce, and the protection of foreign investment.69 The Vision and Actions statement proposes to address these concerns by “opening free trade areas.”70 The Joint Communiqué of May

Currents 24.1 2020

2017 indeed follows up this proposal with a

South Korea, India, Australia and New

areas, including electronic commerce,

welcome to “the development of free trade

Zealand. China is also progressing joint

government procurement, intellectual

areas and signing of free trade agreements by

feasibility studies with Colombia, Canada,

property rights and competition.

interested countries.”71

Fiji, Papua New Guinea, Nepal, Bangladesh,

—————————————————

A single FTA that unites the Belt and Road

Mongolia, and Switzerland. Admittedly,

Initiative participant customs territories is a

several of these agreements and prospective

most unlikely prospect and not only because

agreements do have an obvious geopolitical

of its loose constitutional configuration.

relationship with the Belt and Road Initiative

Despite the (imperfect) model of the

but others do, most notably, the Australia-

Comprehensive and Progressive Agreement

China FTA (ChAFTA).75 Indeed, the model

for Trans-Pacific Partnership (TPP-11), too

for Belt and Road Initiative FTAs should be

many are the political, economic, cultural,

ChAFTA, even if China may be reluctant

and even security considerations for such a

to adopt a template approach to trade

plurilateral agreement to ever form. Among

negotiations.76

these considerations, perhaps the most

Signed on 17 June 2015, ChAFTA

important is the difference in economic

is not only China’s most recent large-type

development. The differences are greater than

trade agreement but also its most ambitious.

the similarities.

ChAFTA is a model because, the South Korea

Instead, China, together with its Special

FTA aside, it is with the most developed

Administrative Regions of Hong Kong72 and

economy that China has dealt with to date

Macau, should negotiate the establishment

– Australia is the 13th largest economy in the

of FTAs with its largest trading partners in

world – and also because of its profile as a

each of the regions that the Belt and Road

‘comprehensive, high-quality and balanced

Initiative covers: the EU in Europe, the

interest’77 deal. It is ambitious as it is strategic

EAEU in Eurasia and Central Asia, the GCC

because ChAFTA 78 is China’s first trade

in Western Asia and ECOWAS in Africa,

agreement to deliberately implement the Belt

apart from ASEAN in Southeast Asia and

and Road Initiative.79

Australia in the Pacific. Already, as of 15

On trade in goods, more than 85

July 2019, China has signed FTAs with 15

per cent of exports now enter duty free or

trading partners, including Australia and

at preferential rates and this percentage

New Zealand in the Pacific, South Korea,

will rise to 98 per cent by the end of the

Singapore and ASEAN in Asia, Switzerland73

implementation period. On trade in services,

and Iceland in Europe, Chile, Peru and Costa

Australia has opened its services sector to

Rica in South America, as well as Pakistan,

China on a negative list mode, being the first

Georgia and The Maldives.74 China is in

country to do so, while China offers Australia

negotiations with Sri Lanka, Mauritius,

its best-ever services commitments in a trade

Israel, Palestine, Norway, Moldova, Panama,

agreement. In the investment area, the two

as well as Japan and South Korea as part of

sides give each other most-favoured-nation

a trilateral deal and, at a regional level, the

treatment. In addition, ChAFTA enhances

GCC and ASEAN’s Regional Comprehensive

bilateral communication and cooperation

Economic Partnership (RCEP) with Japan,

in more than ten contemporary trade topic 6

Currents 24.1 2020

Indeed, the model for Belt and Road Initiative FTAs should be ChAFTA, even if China may be reluctant to adopt a template approach to trade negotiations. ————————————————— ChAFTA, then, is a model FTA with provisions that substantially liberalise and facilitate trade over and beyond the WTO normative framework. It should be the template for all other FTAs under the Belt and Road Initiative. ChAFTA is not, however, the only template. —————————————————

III. Belt and Road Initiative’s Trading Partners ————————————————— The Protocol to Amend the Framework Agreement on Comprehensive Economic Co-operation between the Association of Southeast Asian Nations (ASEAN) and China (Protocol)80 presents another valuable precedent, not altogether dissimilar to ChAFTA. The Protocol comprises a new-generation FTA that regulates most future-focused issues in trade, including cross-border electronic commerce, customs clearance procedures, trade in finance and telecommunications services, and even economic and technical cooperation. It establishes a Future Work Programme, which serves as a basis for further bilateral economic integration. The Protocol also serves as a basis for the advancement of negotiations for the Regional Comprehensive Economic

Partnership (RCEP) 81 between ASEAN

in the Middle East,”86 China considers that

and those countries with which ASEAN

Saudi Arabia still does not allow adequate

Prospective FTA negotiations between

has trade arrangements, China as well as

market access to third-country service

China and the EAEU would have the

Australia, New Zealand, Japan, South Korea,

suppliers and investors.87 The concerns are

support of the framework available through

and, importantly for the Belt and Road

mainly to do with participation in major

their Trade and Economic Cooperation

Initiative, India. Negotiations for RCEP are

government projects and the regulation of

Agreement, now in force. Even then, they

likely to close by the middle of 2020 (the

safety standards, including the transparency

would have to address the specific issues

twenty-sixth round of negotiations was held

of the Halal certification approval process.

that the bilateral trade relationship raises.

in July 2019). Seven of 20 chapters of the

Conversely, these concerns are much the

These issues are evident from the trade policy

trade pact are now closed, such as sanitary

same concerns that Saudi Arabia has with

review exercise that China and Russia—as

measures and rules on industrial standards.

China, which translate into a call for the

the largest EAEU Member State economy

However, sensitive chapters, including

further simplification of customs clearance

among WTO Members—regularly undergo

foreign investment, electronic commerce

procedures (rules of origin requirements)

within the WTO.

rules and tariff reductions (in particular,

and the removal of foreign direct investment

For Russia, which has in China its

zero-tariff lists) are still up for negotiation.

restrictions,90 including a relaxation of anti-

largest trading partner,92 the concerns are

dumping measures.91

to do with the transparency, accountability

—————————————————

and competitiveness of China’s trade

ACFTA is already in force, so is ChAFTA. Apart from these trade agreements, China is still to establish FTAs along most of the other customs territories that the Belt and Road Initiative covers, including the GCC and the EUEA as halfway points and ECOWAS and the EU as final destinations of the east-west trade route. A.

Gulf Cooperation Council Negotiations between China and the

GCC for a ‘comprehensive and high-quality agreement’ 82 begun in 2004 but were suspended in 2009. They resumed in 2016— the third round was held in December of 2016—but the parties have made no further progress since then.83 The prospective establishment of an FTA between China and the GCC should aim to remove the various barriers that currently impede bilateral trade. The trade relationship between China and the GCC’s largest Member State, Saudi Arabia, is a relevant case study.84 Even though “the economic cooperation between China and Saudi Arabia has developed by leaps and bounds” and “Saudi Arabia has 85

For China, the concerns are with the need to further open up the Russian market under the principle of fair competition and improve its level of trade facilitation. ————————————————— The recent political fracture of the GCC into two opposite sides each respectively led by Saudi Arabia and Qatar has put a halt on FTA negotiations. If and when negotiations resume, they would have to simplify safety standards requirements and overall improve customs clearance procedures, liberalize trade in professional services through mutual recognition as well as protect, promote, and facilitate pre-establishment and postestablishment party-to-party investment. Possibly in reaction to the current state of paralysis of the GCC and in order to further promote free and open trade in the wider region, China is in the midst of FTA negotiations with Palestine and Israel.

become the largest trading partner of China

Eurasian Economic Union

policies and practices,93 especially in the area of innovation technologies, intellectual property, and trade facilitation with the need to simplify procedures and bring greater clarity to China’s Compulsory Certificate and other safety standards.94 For China, the concerns are with the need to further open up the Russian market under the principle of fair competition and improve its level of trade facilitation.95 Accordingly, an FTA between China and the EAEU would have to address the regulation of safety standards as part of a wider effort to improve customs procedures as well as facilitate the further liberalisation of trade in services and ensure the liberalisation, protection, promotion, and facilitation of party-to-party investment. It does not seem an unlikely prospect, especially in the light of the political affinity that these regions recently share.96 In support of the implementation of the Belt and Road Initiative in the Eurasian region, China has signed an FTA with

Currents 24.1 2020

Georgia, which entered into force in January

relative poor quality of Chinese goods

European Commission’s Investment Plan for

2018. In terms of trade in goods, Georgia

imports: "substandard, pirated/counterfeited

Europe.108 To facilitate two-way investment,

now imposes zero tariffs on almost 100 per

products."100 The other ECOWAS Member

China and the EU are in negotiations for a

cent of its total imports from China; China

States would likely share this concern

bilateral investment agreement, which is now

will progressively impose zero tariffs on 94

and, accordingly, would call on China to

in its twenty-second round of negotiations

per cent of its total imports from Georgia.

improve its protection and enforcement of

(July 2019). And to facilitate the prospect

In terms of trade in services, both sides will

Intellectual Property Rights (IPRs).

of an FTA, the EU-China Trade Project

further open their markets to each other

other concerns are with China’s unethical

on the basis of their WTO commitments.

technology transfer practices, government

The WTO’s Trade Policy Review exercise

In addition, both sides have reached broad

subsidies through State-Owned-Enterprises

for both the EU and China reveals the

consensus in many areas such as environment

(SOEs) and the full performance of Trade

need for a bilateral FTA precisely because

and trade, competition, intellectual property,

Facilitation Agreement obligations.

the barriers to trade between them are too

101

The

102

Despite the cooperative spirit of the

investment and electronic commerce.

provides trade related technical assistance.

problematic for the WTO alone to solve.

Importantly, this deal is China’s first FTA

Belt and Road Initiative,

an FTA between

China’s concerns with the EU are largely to

since it formally launched the Belt and Road

China and ECOWAS does then seem an

do with “[the] EU’s extensive use of anti-

Initiative.

unlikely prospect. The unlikelihood is even

dumping measures, high level of subsiding

greater in the light of the different stages

for agriculture, strict export control on high-

negotiations with Moldova for an FTA.

of economic development between China

tech products to China and particularly the

and ECOWAS:

TRQ [tariff-rate quota] on poultry products

In parallel, China is presently in Economic Community of West

103

104

building trade capacity

would be paramount. In the meantime

from China.”109

An FTA between China and ECOWAS

and in support of the implementation of the maritime element of the Belt and Road

—————————————————

would have to address the type of barriers that bar the trade relationship between China

initiative for Africa, China signed an FTA

and Nigeria, which are logically extensive

with the Maldives in December 2017. In

to the wider interregional relationship. The

September 2018, China concluded FTA

WTO’s trade policy review would suggest

negotiations with Mauritius and is presently

that bilateral concerns are primarily to do

in negotiations with Sri Lanka.

with trade in goods.

African States

European Union

China considers that the ECOWAS

The EU is the final destination of the

common external tariff structure is

trade route that the Belt and Road Initiative

unpredictable with a large gap between

proposes to open for China, with the

applied tariff rates and bound tariff rates.97

Netherlands and the Republic of Germany

China, moreover, has concerns with the

as the distribution hubs.105 After all, “[the]

complexity and relative backwardness

EU is the biggest trading partner and

of customs procedures, the high cost of

largest import source of China, and China

doing business in the region, the lack of

is the largest import source, second biggest

transparency in many trade policies and

trading partner and export market of the

the persistence of foreign direct investment

EU.”106 Importantly, as the Memorandum

barriers.98

of Understanding on the EU – China

With China as its third largest trading

Connectivity Platform denotes, 107 the

partner,99 Nigeria has concerns with the

Belt and Road Initiative complements the 8

Currents 24.1 2020

The EU is the final destination of the trade route that the Belt and Road Initiative proposes to open for China, with the Netherlands and the Republic of Germany as the distribution hubs. ————————————————— Among China’s concerns, the most important is with EU anti-dumping measures 110 and their analogue country methodology as a non-market economy country.111 China is not only upset at the extent of the EU’s anti-dumping measures and countervailing investigations on many of its goods (especially, iron and steel products),112 but is also upset at the duration of some of these measures, in some cases, almost 20 years.113 Another important concern is with trade in agricultural goods. The EU average

applied most-favored nation (MFN) rate

It translates into a concern with foreign

Belt and Road Initiative covers. The article

for agricultural goods was 14.1 per cent in

operator access to and the independence

has further argued that China should work

2017.

of China’s judicial system

for those FTAs to be comprehensive and

114

Tariff-rate quotas make access for

125

and a concern

China’s agricultural goods to the EU market

with competition enforcement in order to

even more difficult. Other concerns include

“achieve a level playing field among the

restrictions on EU high-tech exports to

private and state-owned entities.”

There are

a transportation and telecommunications

China,

greater investment cooperation

additional concerns, though less important,

network to move through. The Belt and Road

and fairer treatment to Chinese enterprises,

including inadequate protection of foreign

Initiative proposes to build that network

and greater ease of business visa application

investment;

insufficient enforcement of

for China. China, however, will need the

procedures.116

trade secrets and other IPRs;128 different

agreement of its trading partners if it is to

behind-the-border measures, especially in

free the movement through that network into

bilateral and more multilateral in nature. They

relation to the attribution of licenses;

preferential market access for its products.

are largely to do with China’s performance as

the need for cybersecurity measures to be

a WTO Member. The first concern is with

proportionate and technology-neutral.130

115

The EU’s concerns with China are less

126

127

129

and,

policy transparency. The EU considers that

In summary, the EU “count[s] on China

concerns over the distortion that comes with

to concretely demonstrate its commitment to

public intervention in economic activities

transparency and non-discrimination, actively

are due to a lack of transparency. The EU,

participate in current and future WTO

therefore, calls on China to “truly honour

negotiating activities, help find multilateral

its transparency obligations in the WTO”

solutions to current trade problems and fill

and, specifically, to publish and translate all

the gaps in the trade rulebook, in particular

its trade-related laws and measures.

The

in relation to subsidies.”131 Specifically, in

EU, in particular, objects to China’s deficient

relation to China’s Belt and Road Initiative,

notification of subsidies and China’s rather

the EU cautiously considers that “[d]

unclear

system of provision of incentives

one in the right way, more investment

for SOEs. “Openness has to go hand in

in cross-border infrastructure links can

hand with fairness”, the EU claims.119 In

unleash growth potential with benefits for

sum, the EU’s first concern is with China’s

all. But such initiatives must be based on a

mercantilism (Made-in-China 2025 local

level-playing field for trade and investment

content requirements), use of subsidies and

with full adherence to market rules and

overcapacity in steel and other sectors and

international norms.”132

forced technology transfers.120 Competition

—————————————————

117

118

has to be fair.

In conclusion, goods and services do need

IV. Conclusion

121

The second concern is with China’s business environment.

contemporary deals much like ChAFTA.

—————————————————

The EU considers

This article has assessed the significance

that doing business in China is difficult.123

of FTAs to the Belt and Road Initiative.

The concern is, fundamentally, with state

It has argued that, as a solution to the

intervention in what ought to be a market

problems of the WTO to liberalise trade at

economy; in other words, for the EU,

the multilateral level, China should attempt

China’s government should be an economic

to enter into FTAs with its largest trading

regulator not an economic operator.

partners along the trade routes that the

122

124

Currents 24.1 2020

End Notes 1.

See generally Gonzalo Villalta Puig, Unimpeded Trade? The Significance of Free Trade Areas to the Belt and Road Initiative of the People’s Republic of China, in Legal Dimensions of China’s Belt and Road Initiative 103, 104 (Lutz-Christian Wolff and Chao Xi eds., Wolters Kluwer Law & Business 2016). 2. Nat’l Dev. & Reform Comm’n, Ministry of Foreign Affairs & Ministry of Commerce of China, with State Council Authorization, Vision and Actions on Jointly Building Silk Road Economic Belt and 21-st Century Maritime Silk Road (2015) [hereinafter Vision & Actions]. 3. Xi Jinping, President of the People’s Republic of China, Promote People-to-People Friendship and Create a Better Future (Sept. 7, 2013). 4. Xi Jinping, President of the People’s Republic of China, Speech at People’s Representative Council of Indonesia (Oct. 2, 2013), reprinted in Wu Jiao, President Xi gives speech to Indonesia’s parliament, ChinaDaily.com.cn (Oct. 2, 2013), http://www.chinadaily.com.cn/ china/2013xiapec/2013-10/02/ content_17007915.htm. 5. Press Release, Fifth Plenary Session of the 18th CPC Cent. Comm., Suggestions of the CPC Central Committee on the Thirteenth Five-year Plan for National Economic and Social Development (Oct. 29, 2015). 6. M. Bart Kasteleijn, Legal and Economic Aspects of Chinese ‘Belt & Road Initiative’ Investments into Europe via the Netherlands, 14 Global Trade & Cust. J. 238, 238 (2019) (explaining that the Belt and Road Initiative was originally named “New Silk Roads” and later renamed “One Belt One Road”). 7. Vision & Actions, supra note 2; see also David M. Ong, The Asian Infrastructure Investment Bank: Bringing ‘Asian Values’ to Global Economic Governance?, 20 J. of Int’l Econ. L. 535, 548 (2017). 8. Kasteleijn, supra note 6, at 239. 9. Kasteleijn, supra note 6, at 238. 10. Tao Li & Zuoli Jiang, Human Rights, Justice, and Courts in IEL: A Critical Examination of Petersmann’s Constitutionalization Theory, 21 J. of Int’l Econ. L. 193, 210 (2018). 11. Vision & Actions, supra note 2; see also Li & Jiang, supra note 10,

at 204. 12. Liao Li, The Legal Challenges and Legal Safeguards for the Belt and Road Initiative, 14 Global Trade & Customs J. 211, 211 (2019). 13. Kasteleijn, supra note 6, at 238; Heng Wang, China’s Approach to the Belt and Road Initiative: Scope, Character and Sustainability, 22 J. Int’l Econ. L. 29, 43 (2019) [hereinafter H. Wang]; Lingliang Zeng, Conceptual Analysis of China’s Belt and Road Initiative: A Road towards a Regional Community of Common Destiny, 15 Chinese J. Int’l L. 517, 539 (2016). See generally Yun Zhao, International Governance and the Rule of Law in China under the Belt and Road Initiative (Cambridge: Cambridge University Press, 2018); Michael M Du, China’s “One Belt, One Road” Initiative: Context, Focus, Institutions, and Implications, 2 Chinese J. Global Governance 30 (2016); Guiguo Wang, Legal Challenges to the Belt and Road Initiative, 4 J. Int’l & Comp. L. 309 (2017); 14. Li & Jiang, supra note 10, at 204. 15. Li, supra note 12, at 211. 16. Julien Chaisse & Mitsuo Matsushita, China’s “Belt and Road” Initiative: Mapping the World’s Normative and Strategic Implications, 52 J. World Trade 163, 163 (2018). 17. Kasteleijn, supra note 6, at 238. 18. Vision & Actions, supra note 2. 19. Jiangyu Wang, China’s Governance Approach to the Belt and Road Initiative (BRI): Relations, Partnership, and Law, 14 Global Trade & Customs J. 222, 222 (2019) [hereinafter J. Wang]. 20. Fan Zhai, China’s Belt and Road Initiative: A Preliminary Quantitative Assessment, 55 J. Asian Econ. 84, 85 (2018); Cem Nalbantoglu, One Belt One Road Initiative: New Route on China’s Change of Course to Growth, 5 Open J. Soc. Sci. 87 (2017). 21. Kasteleijn, supra note 6, at 239 (“The lending rate . . . averaged 6%, which is way above the World Bank’s average lending rate of 1.5% above London Inter bank Offered Rate (LIBOR) lending rate.”). 22. Hong Yu, Motivation Behind China’s ‘One Belt, One Road’ Initiatives and Establishment of the Asian Infrastructure Investment Bank, 26 J. Contemp. China 353, 354 (2017).

23. The AIIB functions independently of the Belt and Road Initiative. However, the AIIB Articles of Agreement states: “The purpose of the Bank shall be to … improve infrastructure connectivity in Asia by investing in infrastructure and other productive sectors.” Asian Infrastructure Inv. Bank, Articles of Agreement (2015); see also Kasteleijn, supra note 6, at 239. 24. Peter Ferdinand, Westward Ho— the China Dream and “One Belt, One Road”: Chinese Foreign Policy under Xi Jinping, 92 Int’l Aff. 941 (2016); see also Yiping Huang, Understanding China’s Belt & Road Initiative: Motivation, Framework and Assessment 40 China Econ. Rev. 314 (2016). 25. J. Wang, supra note 19, at 222. 26. Li, supra note 12, at 214. 27. H. Wang, supra note 13, at 30. 28. Li, supra note 12, at 214. 29. H. Wang, supra note 13, at 30. 30. Kasteleijn, supra note 6, at 239. 31. Kasteleijn, supra note 6, at 239. 32. J. Wang, supra note 19, at 224. 33. J. Wang, supra note 19, at 224. 34. J. Wang, supra note 19, at 224. 35. Vision & Actions, supra note 2; see also Press Release, Joint Communiqué of the Leaders’ Roundtable of the 2nd Belt and Road Forum for International Cooperation, Ministry of Foreign of Affairs of China ¶ 6 (Apr. 27, 2019) [hereinafter Joint Communiqué]; Cary Huang, Game On: How the US and China are Vying for Dominance in the Battle of the Asia-Pacific Trade Facts, S. China Morning Post, Nov. 17, 2015, at A4; see generally Justin Yifu Lin, “One Belt and One Road” and Free Trade Zones – China’s New Opening-up Initiatives 10 Frontiers of Econ. In China 585 (2015). 36. See H. Wang, supra note 13, at 32; J. Wang, supra note 19, at 224. 37. Joint Communiqué of the Leaders’ Roundtable of the 2nd Belt and Road Forum for International Cooperation, Ministry of Foreign of Affairs of China ¶ 7 (May 15, 2017). A different Belt and Road Initiative paper also calls “to uphold the multilateral trading system and avoid and oppose any form of unilateralism and trade protectionism,” Statement of the Co-Chairs of the Forum on the Belt and Road Legal Cooperation, Ministry of Foreign Affairs of China (July 3, 2018); Li, supra note 12, at 219. 10

Currents 24.1 2020

38. Joint Communiqué, supra note 35, ¶ 10. Even the Security Council of the United Nations “[w]elcomes and urges further efforts to strengthen the process of regional economic cooperation, including measures to facilitate regional connectivity, trade and transit, including through regional development initiatives such as the Silk Road Economic Belt and the 21stCentury Maritime Silk Road (the Belt and Road) Initiative.” S.C. Res. 2344, ¶ 34 (Mar. 17, 2017). 39. H. Wang, supra note 13, at 29. 40. J. Wang, supra note 19, at 223. 41. J. Wang, supra note 19, at 228. 42. Joint Communiqué, supra note 35, ¶ 7 (stating that “connectivity contributes to . . . trade”). 43. H. Wang, supra note 13, at 29. 44. J. Wang, supra note 19, at 223, 228. 45. Chaisse & Matsushita, supra note 16, at 169. 46. Chaisse & Matsushita, supra note 16, at 165. 47. Chaisse & Matsushita, supra note 16, at 184. 48. Chaisse & Matsushita, supra note 16, at 169. 49. Chaisse & Matsushita, supra note 16, at 169. 50. Jiaxiang Hu and Jie (Jeanne) Huang, Dispute Resolution Mechanisms and Organizations in the Implementation of ‘One Belt, One Road’ Initiative: Whence and Whither, 52 J. World Trade 815, 817 (2018); H. Wang, supra note 13, at 33. 51. Vision & Actions, supra note 2. 52. H. Wang, supra note 13, at 43. 53. Li, supra note 12, at 216. 54. Li, supra note 12, at 216. 55. See World Trade Report 2011: The WTO and Preferential Trade Agreements: From Co-existence to Coherence, (World Trade Organization (WTO), 2011), https://www. wto.org/english/res_e/booksp_e/ anrep_e/world_trade_report11_e. pdf. 56. Chaisse & Matsushita, supra note 16, at 167. 57. Chaisse & Matsushita, supra note 16, at 167. 58. Ilan Alon, Wenxian Zhang, & Christoph Lattemann, China’s Belt and Road Initiative: Changing the Rules of Globalization 2, (Wenxian Zhang, Ilan Alon & Christoph Lattemann eds., 2018). 59. State Council of the People’s Republic of China, Opinions on Speeding up the Implemen-

tation of Free Trade Zone Strategy (2015). 60. H. Wang, supra note 13, at 55. 61. Chaisse & Matsushita, supra note 16, at 168. 62. Chaisse & Matsushita, supra note 16, at 185. 63. Chaisse & Matsushita, supra note 16, at 168. 64. Chaisse & Matsushita, supra note 16, at 184. 65. H. Wang, supra note 13, at 55. 66. Chaisse & Matsushita, supra note 16, at 185. 67. Li, supra note 12, at 219 (“The strength of . . . bilateral or multilateral trade and investment cooperation agreements is an effective means of avoiding legal obstacles to the BRI.”); see Li, supra note 12, at 217. 68. Vision & Actions, supra note 2. 69. Vision & Actions, supra note 2. 70. Vision & Actions, supra note 2. 71. Joint Communiqué of the Leaders’ Roundtable of the Belt and Road Forum for Int’l Cooperation ¶ 15(g) (May 16, 2017). 72. Trade and Industry Department, The Government of the Hong Kong Special Administrative Region, [https://perma. cc/R2H6-7U2V] (providing that Hong Kong is an alienable part of the Belt and Road Initiative and is right to support it. Its most recent FTAs with Macau, ASEAN and Georgia are in close alignment with the Belt and Road Initiative as are its FTA negotiations with the Maldives and Australia, now happily concluded). 73. Tomas Casas i Klett & Omar Ramon Serrano Oswald, Free Trade Agreements as BRI’s Stepping-Stone to Multilateralism: Is the Sino– Swiss FTA the Gold Standard? in China’s Belt and Road Initiative: Changing the Rules of Globalization 75, 75–93 (Zhang et al. eds., 2018). 74. Liao Li, The Legal Challenges and Legal Safeguards for the Belt and Road Initiative, 14(5) Global Trade & Customs J. 211, 217 (2019); see generally, Ministry of Commerce, China FTA Network, http://fta.mofcom.gov.cn/english/ index.shtml. (last visited Jan. 22, 2020). 75. See Free Trade Agreement between the Gov’t of Austl. and the Gov’t of the People’s Republic of China, (entered into force on Dec. 20, 2015) https://dfat.gov.au/ trade/agreements/in-force/chafta/ official-documents/Documents/ chafta-agreement-text.pdf. 76. John Whalley & Chunding Li, China’s regional and bilateral trade agreements, VOX (Mar. 5, 2014),

77.

78.

79.

80.

81.

82.

83.

https://voxeu.org/article/chinas-regional-and-bilateral-tradeagreements. China-Australia FTA Officially Signed, China FTA Network (June 23, 2015), http://fta.mofcom.gov.cn/enarticle/enaustralia/ naustralianews/201506/22255_1. html. See China-Australia Free Trade Agreement (ChAFTA), ChinaAustl. Free Trade Agreement (Aug. 26, 2015), https://dfat.gov. au/trade/agreements/in-force/ chafta/fact-sheets/Documents/ chafta-summary-of-chaptersand-annexes.pdf; Outcomes at a Glance, China-Austl. Free Trade Agreement (Aug. 2018), https://dfat.gov.au/trade/agreements/in-force/chafta/fact-sheets/ Documents/chafta-outcomes-at-aglance.pdf; see generally, Collin B. Picker, Heng Wang & Weihuan Zhou, The China–Australia Free Trade Agreement: A 21st-Century Model, (Colin B. Picker et al. eds., 2018); see also Arnoud Willems & Nikolaos Theodorakis, The China-Australia Free Trade Agreement: FTAs as the New Way to Liberalise Trade, 21(3) Int’l Trade L. & Reg. 70, 70–73 (2015). Ministers of Commerce of China and Australia Officially Sign the Free Trade Agreement, China FTA Network (June 25, 2015), http://fta.mofcom.gov. cn/enarticle/enaustralia/enaustralianews/201506/22317_1.html. Protocol to Amend the Framework Agreement on Comprehensive Economic Co-operation and Certain Agreements thereunder between the Association of Southeast Asian Nations (ASEAN) and the People’s Republic of China, opened for signature on Nov. 21, 2015. Centre for International Law, 2012 Guiding Principles and Objectives for Negotiating the Regional Comprehensive Economic Partnership (adopted Nov. 20, 2012), https://cil.nus.edu.sg/wp-content/ uploads/2019/07/2012-GuidingPrinciples-and-Objectives-forNegotiating-the-RCEP-1.pdf. World Trade Organization Minutes, Trade Policy Review Body, Kingdom of Saudi Arabia Minutes of the Meeting, 16 (May 31, 2016), https://docs.wto.org/dol2fe/Pages/ SS/directdoc.aspx?filename=q:/ WT/TPR/M333.pdf [https:// perma.cc/F8Q8-NPK2]. China, GCC vow to reach comprehensive FTA within 2016, China FTA Network ( Jan. 28, 2016), http://fta.mof-

84.

85. 86.

87. 88.

89. 90.

91.

com.gov.cn/enarticle/engcc/ engccnews/201601/30498_1. html. See generally CHEN Mo, Exploring Economic Relations between China and the GCC States, 5(4) J. of Middle E. & Islamic Stud. (in Asia) 88 (2011) http:// mideast.shisu.edu.cn/_upload/ article/03/7f/c9570407495db f10c417dba3a23e/755852545154-437e-aa7d-f782b884cdd4. pdf; Matteo Legrenzi & Fred H. Lawson, China’s Gulf Policy: Existing Theories, New Perspectives, 22(2) Middle E. Pol’y 58 (2015); Sike WU, Constructing “One Belt and One Road” and Enhancing the China-GCC Cooperation, 9(2) J. of Middle E. & Islamic Stud. (In Asia) 1 (2015). World Trade Organization Minutes, supra note 82, ¶ 4.65. World Trade Organization Record, Trade Policy Review Body, The Kingdom of Saudi Arabia Record of the Meeting, ¶ 87 (Mar. 6, 2012), https://docs.wto.org/dol2fe/Pages/ FE_Search/FE_S_S009-DP.aspx?l anguage=E&CatalogueIdList=50 591,78559&CurrentCatalogueId Index=0&FullTextHash=371857 150&HasEnglishRecord=True& HasFrenchRecord=True&HasSpa nishRecord=True [https://perma. cc/9QRC-XRXU]. See id. ¶ 89. See World Trade Organization Minutes, Trade Policy Review Body, Kingdom of Saudi Arabia Record of the Meeting Addendum, 58 (Mar. 6, 2012) https://docs. wto.org/dol2fe/Pages/FE_Search/ FE_S_S009-DP.aspx?language= E&CatalogueIdList=50591,78 559&CurrentCatalogueIdIndex =1&FullTextHash=371857150 &HasEnglishRecord=True&H asFrenchRecord=True&HasSpa nishRecord=True; World Trade Organization Minutes, supra note 82, ¶ 4.67. See World Trade Organization Minutes, supra note 82, ¶ 4.67. World Trade Organization Minutes, Trade Policy Review Body, China Minutes of the Meeting, ¶ 4.479 (Nov. 21, 2018), https:// docs.wto.org/dol2fe/Pages/FE_ Search/FE_S_S009-DP.aspx?lang uage=E&CatalogueIdList=25124 8,249780,248437,248051,24677 8,246762,246761,246711,24671 5,246693&CurrentCatalogueIdIn dex=1&FullTextHash=&HasEngli shRecord=True&HasFrenchRecor d=True&HasSpanishRecord=True [https://perma.cc/7MS6-CVLE]. World Trade Organization Minutes, Trade Policy Review Body, China Minutes of the Meeting,

¶ 4.29–4.97 (Aug. 26, 2014), https://docs.wto.org/dol2fe/Pages/ FE_Search/FE_S_S009-DP.aspx ?language=E&CatalogueIdList=1 27544,126930,126734,126072, 125646,125642,125643,125644 ,125645,125623&CurrentCatal ogueIdIndex=2&FullTextHash= &HasEnglishRecord=True&Has FrenchRecord=True&HasSpanis hRecord=True [https://perma.cc/ V4XJ-QZJB]. 92. World Trade Organization Minutes, Trade Policy Review Body, Russian Federation Minutes of the Meeting, ¶ 4.70 (Nov. 25, 2016), https://docs.wto.org/dol2fe/Pages/ FE_Search/FE_S_S009-DP.aspx ?language=E&CatalogueIdList=2 34228,234222,233936,233937, 233659,233429,233208,233209 ,232952,232702&CurrentCatal ogueIdIndex=8&FullTextHash= &HasEnglishRecord=True&Has FrenchRecord=False&HasSpanis hRecord=False [https://perma.cc/ WVS7-4SDQ]. 93. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 90, ¶ 4.298. 94. See World Trade Organization Minutes, supra note 91, ¶ 5.49. 95. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 92, ¶ 4.69. 96. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 92, ¶ 4.70. 97. World Trade Organization Record, Trade Policy Review Body, Nigeria Record of the Meeting, ¶ 92 (July 27, 2011), https://docs. wto.org/dol2fe/Pages/FE_Search/ FE_S_S009-SSD.aspx?language =EF&CatalogueIdList=37129,7 6018&CurrentCatalogueIdInde x=1&FullTextHash=37185715 0&HasEnglishRecord=True&H asFrenchRecord=True&HasSpa nishRecord=True [https://perma. cc/BAJ3-WBJK]. 98. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, Trade Policy Review Body, Nigeria Minutes of the Meeting, ¶ 4.44, (Oct. 13, 2017), https://www.tralac.org/images/ docs/12276/nigeria-wto-tradepolicy-review-minutes-of-themeeting-13-october-2017.pdf [https://perma.cc/2GJ6-BTP5]. 99. Id. ¶ 4.42. 100. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, Trade Policy Review Body, China Minutes of the Meeting, ¶ 4.288 (Aug. 26, 2014), https://www.google.com/ url?sa=t&rct=j&q=&esrc=s&so urce=web&cd=1&ved=2ahUK Ewi8tpOa6YPlAhUOQ60KHc VKCuEQFjAAegQIABAC&ur l=https%3A%2F%2Fdocs.wto. org%2Fdol2fe%2FPages%2FFE_ Search%2FExportFile.aspx%3Fi d%3D126734%26filename%3D

Currents 24.1 2020

q%2FWT%2FTPR%2FM300. pdf&usg=AOvVaw3fykbfofxwPg PMSeFzEDfI [https://perma.cc/ JS9S-DWEZ]. 101. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 90, ¶ 4.49. 102. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 90, ¶ ¶ 4.50, 4.55. 103. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 90, ¶ 4.55. 104. See Abiodun S Bankole and Adeolu O Adewuyi, Have BITs driven FDI between ECOWAS countries and EU? 12 J. Int’l Trade L. and Pol’y 130 (2013)(showing that a bilateral investment treaty may be a more likely prospect) 105. D a v i d M O n g , T h e A s i a n Infrastructure Investment Bank: Bringing ‘Asian Values’ to Global Economic Governance?, 20(3) J. Int’l Econ. L. 535, 548 (2017). 106. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, Trade Policy Review Body, European Union Minutes of the Meeting, ¶ 4.119 (Oct. 12, 2015), https://docs.wto.org/ dol2fe/Pages/FE_Search/FE_S_ S009-DP.aspx?language=E&Cata logueIdList=135061&CurrentCa talogueIdIndex=0&FullTextHash =371857150&HasEnglishRecord =True&HasFrenchRecord=True& HasSpanishRecord=True [https:// perma.cc/4TD2-3TMD]. 107. European Commission Press Release IP/15/5723, Investment Plan for Europe goes global: China announces its contribution to #investEU (Sept. 28, 2015); see also Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, Trade for All: Towards a more responsible trade and investment policy, at 23, COM (2015) 497 final (Oct. 14, 2015). 108. C o m m u n i c a t i o n f r o m t h e Commission to the European Parliament, the Council, the European Central Bank, the European Economic and Social Committee, the Committee of the Regions and the European Investment Bank, An Investment Plan for Europe, at 4–5, COM (2014) 903 final (Nov. 26, 2014); See generally Communication from the Commission to the European Parliament and the Council, Working together for jobs and growth: The role of National Promotional Banks (NPBs) in supporting the Investment Plan for Europe, COM (2015) 361 final (July 22, 2015); European Parliament, ‘Political Guidelines of Jean-Claude Juncker, President

of the European Commission’ (July 15, 2014); Regulation (EU) No. 2015/1017 of the European Parliament and of the Council of 25 June 2015 on the European Fund for Strategic Investments, the European Investment Advisory Hub and the European Investment Project Portal and amending Regulations (EU) No 1291/2013 and (EU) No 1316/2013—the European Fund for Strategic Investments O.J. L 169/1. 109. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 106, ¶ 4.121. 110. WTO Secretariat, Trade Policy Review, The European Union, WTO. Doc. WT/TPR/S/317/ Rev.1, ¶ 3.72 (Oct. 21, 2015). 111. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, Trade Policy Review Body, European Union Minutes of the Meeting, ¶ 4.49-.50 (Oct. 13, 2017), https://www.google. com/url?sa=t&rct=j&q=&esrc= s&source=web&cd=1&ved=2ah UKEwjnpJW81ojlAhVQmK0K HYbjAbIQFjAAegQIABAB&u rl=https%3A%2F%2Fdocs.wto. org%2Fdol2fe%2FPages%2FFE_ Search%2FExportFile.aspx%3Fid %3D239408%26filename%3Dq %2FWT%2FTPR%2FM357.pd f&usg=AOvVaw1SHTdUEDoS VFBQEBwV0fNr [https://perma. cc/98EZ-RN9P]. 112. Id. ¶ 4.51. 113. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, Trade Policy Review Body, European Union Minutes of the Meeting, at 161 (Oct. 14, 2015), https://www.google.com/url?sa=t &rct=j&q=&esrc=s&source=web &cd=2&cad=rja&uact=8&ved= 2ahUKEwjv9d3V2IjlAhUIXKw KHSvgBLYQFjABegQIABAB& url=https%3A%2F%2Fdocs.wto. org%2Fdol2fe%2FPages%2FFE_ Search%2FFE_S_S009-DP.aspx% 3Flanguage%3DS%26CatalogueI dList%3D243210%2C239969% 2C239408%2C238327%2C2366 07%2C135148%2C135061%2C 133883%2C132369%2C121068 %26CurrentCatalog%5%26FullT extHash%3D%26HasEnglishRec ord%3DTrue%26HasFrenchReco rd%3DTrue%26HasSpanishReco rd%3DTrue&usg=AOvVaw1iiUU HyUpniRSEcMICbO1g [https:// perma.cc/KXM9-58B2]. 114. WTO Secretariat, Trade Policy Review, The European Union, WTO. Doc. WT/TPR/S/357, ¶ 6 (May 17, 2017). 115. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 111, ¶ 4.52. 116. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 111, ¶ 4.53. 117. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 90, ¶ 4.182.

118. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 91, ¶ 4.101. 119. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 90, ¶ 4.181. 120. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 90, ¶ ¶ 4.18485. 121. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 90, ¶ 4.179. 122. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 91, ¶ 4.102. 123. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 90, ¶ 4.80. 124. See Cecilia Malmström, European Commissioner for Trade, ChinaEU Trade: Mutual Support for Growth & Jobs, Presentation of the EUCCC Position Paper 1, 5 (Jan. 27, 2015), http://trade. ec.europa.eu/doclib/docs/2015/ january/tradoc_153066.pdf. 125. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 91, ¶ 4.102. 126. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 91, ¶ 4.102. 127. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 91, ¶ 4.103. 128. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 91, ¶ 4.104; Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 90, ¶ 4.183. 129. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 90, ¶ 4.183. 130. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 90, ¶ 4.186. 131. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 90, ¶ 4.188. 132. Wo r l d Tr a d e Or g a n i z a t i o n Minutes, supra note 90, ¶ 4.187.

Currents 24.1 2020

The following articles are from the Symposium on Compliance in International Corporate Legal Practices held at South TexasÂ College of Law Houston on April 5, 2019. In several instances, these articles are preceded by background pieces written by ourÂ editorial team to assist the readership in understanding the context of each article.

Currents 24.1 2020

Cross Border Trade Compliance: Background M A D I S O N

—————————————————

I. United States Tr a d e Statutes —————————————————

H A S T I N G S

https://crsreports.congress.gov/product/pdf/

product/pdf/IN/IN10943 and Section

IF/IF10156.

232 Auto Investigation, https://crsreports.

A. Section 232 of the Trade Expansion

congress.gov/product/pdf/IF/IF10971. B. Section 301 of the Trade Act of 1974

Act of 1962

Congress contributes to the formation of

This statute allows the President to

This statute allows the USTR to suspend

U.S. trade policy pursuant to its constitutional

adjust imports through tariffs or quantitative

trade agreement concessions or impose

authority over tariffs and foreign commerce.

restrictions (quotas) if the Department of

import restrictions if it determines a U.S.

Through the Trade Act of 1974 and the Trade

Commerce finds products are imported

trading partner is “violating trade agreement

Expansion Act of 1962, Congress delegated

in such quantities or circumstances as to

commitments or engaging in discriminatory

some aspects of its constitutional authority to

“threaten to impair U.S. national security.”

or unreasonable practices that burden

regulate foreign commerce to the President.

The Section 232 investigation on aluminum

or restrict U.S. commerce.” Section 301

Pursuant to these acts, the President, based

and steel products provided for 10% tariffs

investigations were launched against China.

on agency investigations, may impose import

on a specified list of aluminum imports,

On July 6, 2018, the United States imposed

restrictions to address specific concerns. See

effective indefinitely. The tariffs imposed

a Stage 1, 25% tariff on 818 Chinese

U.S. Trade Policy: Background and Current

on aluminum imports affect all countries

imports. On August 23, 2018, the United

Issues, https://crsreports.congress.gov/

except Australia, Canada, and Mexico. For

States imposed a Stage 2, 25% tariff on an

product/pdf/IF/IF10156 and Escalating U.S.

Argentina, quantitative import restrictions

additional 279 imports. On September 24,

Tariffs: Timeline, https://crsreports.congress.

were imposed in place of tariffs. Tariffs on

2018, in response to Chinese retaliatory

gov/product/pdf/IN/IN10943.

aluminum imports became effective March

tariffs, the United States imposed a Stage

The Trump administration differs from

23, 2018. This section provides for 25%

3, 10% tariff that was increased to 25% on

prior administrations on trade policy. One

tariffs on a specified list of steel imports.

5,733 more imports. On August 14, 2019,

way it proceeds differently is by placing

The tariffs imposed on steel imports affect

the USTR released a two-part plan to impose

emphasis on the trade deficit as an indicator

all countries except Australia, Canada, and

10% tariffs on approximately $300 billion of

of “unfair” foreign trade practices that

Mexico. For Argentina, Brazil, and South

imports. The first part of this plan, stage 4A,

impact U.S. industries. To address this

Korea, quantitative import restrictions are

will take effect on September 1, 2019. The

issue, the Trump administration proposed

imposed in place of tariffs. Tariffs on steel

second part of the plan, stage 4B, will take

and imposed tariffs and restrictions based

imports became effective March 23, 2018.

effect on December 15, 2019. See Economic

on investigations under U.S. trade laws,

The Trump administration also initiated

and Trade Agreement Between the United

including one—Section 232—that has been

a Section 232 examination on autos and

States of America and the People’s Republic

used infrequently by prior administrations.

auto parts but missed its 2019 deadline for

of China, https://ustr.gov/sites/default/

The trade laws used for most of the Trump

imposing such tariffs. Currently, no tariffs

files/files/agreements/phase%20one%20

administration trade actions are Sections

are in effect on autos and parts, pending

agreement/US_China_Agreement_Fact_

301, Section 201, and Section 232 of the

negotiations.

Sheet.pdf.

Trade Expansion Act of 1962. See U.S. Trade

Timeline, https://crsreports.congress.gov/

See Escalating U.S. Tariffs:

Policy: Background and Current Issues, 14

Currents 24.1 2020

—————————————————

more assertive behavior under President

to the national security, foreign policy or

II. United States R e l at i o n s w i t h C h i n a

Xi Jinping. On August 5, 2019, the U.S.

economy of the United States. There are at

Treasury Department labeled China a

least eleven countries covered by ongoing

currency manipulator for the first time in a

OFAC Sanctions programs as of February

quarter century. To pressure China to change

2020. See https://www.treasury.gov/resource-

its economic practices, the United States

center/sanctions/Programs/Pages/Programs.

also imposed tariffs on U.S. imports from

aspx. However, the list of countries and other

China under Section 301. Almost all imports

targets can and does change rapidly. This is

from China were scheduled to be subject to

because OFAC also has targeted sanctions

additional tariffs by the end of 2019. See

aimed at individuals and companies owned

U.S.-China Relations, https://crsreports.

or controlled by, or acting for or on behalf

congress.gov/product/pdf/R/R45898.

of, targeted countries, as well as individuals,

————————————————— The background to the Section 301 actions against China started with the March 2018 Section 301 report by USTR on China’s Acts, Policies, and Practices Related to Technology Transfer, Intellectual Property and Innovation. In 2017, the National Security Strategy described China and Russia as seeking to “challenge American power, influence, and interests, attempting to erode American security and prosperity.” This evaluation started the Trump administration Section 301 investigation and the now prolonged trade war. See https://ustr.gov/ sites/default/files/Section%20301%20 FINAL.PDF. This trade battle with China has large implications for both countries. In 2018, in terms of goods, China was the United States’ largest trading partner, third-largest export market and largest source of imports. China

U.S. tariff increases and China’s

groups, and entities engaged in the national

retaliatory tariffs have reordered global

security threats See https://www.treasury.

supply chains. These tariffs have heavily

gov/about/organizational-structure/offices/

impacted farmers and manufacturers. The

pages/office-of-foreign-assets-control.aspx.

trade war remains unresolved as of February

Collectively, these individuals and companies

2020, although there has been a Phase One

are called Specially Designated Nationals

Settlement with China as of January 15,

(SDNs). The assets of such companies and

2020. See https://ustr.gov/sites/default/

individuals are blocked and U.S. persons

files/files/agreements/phase%20one%20

are generally prohibited from dealing with

agreement/Phase_One_Agreement-Ag_

them. See https://www.treasury.gov/resource-

Summary_Long_Fact_Sheet.pdf. As a result

center/sanctions/SDN-List/Pages/default.

of the trade war, Mexico and Canada by the

aspx.

end of 2019 had passed China to become the

All U.S. persons must comply with

largest trade partners of the United States.

OFAC regulations. OFAC further encourages

See https://www.census.gov/foreign-trade/

all exporters to maintain a rigorous risk-based

crsreports.congress.gov/product/pdf/IF/

statistics/highlights/top/top1912yr.html.

compliance program. See https://www.

IF11284. U.S. exports of goods and services

—————————————————

treasury.gov/resource-center/sanctions/

to China totaled $178.0 billion (7.1% of

III. United States Sanctions

total exports) in 2018, while imports from

—————————————————

China amounted to $558.8 billion (17.9% of

The Office of Foreign Assets Control

total imports). As a result, the overall bilateral

(OFAC) of the U.S. Department of the

deficit was $380.8 billion, up $43.6 billion

Treasury administers and enforces economic

(12.9%) from 2017.

and trade sanctions based on U.S. foreign

is also the largest foreign holder of U.S. Treasury securities. See U.S.-China Trade and Economic Relations: Overview, https://

The recent trade relationship between

policy and national security goals against

the U.S. and China reveals an increase in

targeted foreign countries, regimes, end

competition and decrease in cooperation.

users, terrorists, international narcotics

The rising friction is attributed not only to

traffickers, those engaged in the proliferation

the more confrontational inclinations of the

of weapons of mass destruction, human

Trump administration, but also to China’s

rights abuses, corruption, and other threats

Documents/framework_ofac_cc.pdf. A. Selected Country Sanctions: the Venezuela Sanctions On December 18, 2014, President Obama signed the Venezuela Defense of Human Rights and Civil Society Act of 2014 into law. This Act required the Executive to impose targeted sanctions on certain persons determined to be responsible for significant acts of violence or serious human rights abuses against antigovernment protesters in Venezuela. On March 8, 2015, President

Currents 24.1 2020

Obama issued Executive Order 13692,

regardless of whether the entity itself is listed.

in maritime area claimed by the Russian

invoking the authority of the International

Sectoral sanctions are imposed on specified

Federation and extending from its territory,

Emergency Economic Powers Act and the

persons operating in the Russian economy

and that involve any person subject to

National Emergencies Act (IEEPA) and the

identified by the Secretary of the Treasury

Directive 4, its property, or its interests in

National Emergencies Act. OFAC issued the

through Directives. Directive 1, as amended,

property.

Venezuela Sanctions Regulations, 31 CFR

prohibits the following transactions by U.S.

OFAC may authorize categories

part 591, to implement the Act and Executive

persons and within the United States: (1) all

of activities and transactions otherwise

Order 13692 pursuant to authorities

transactions in, provisions of financing for,

prohibited by issuing a general license.

delegated to the Secretary of the Treasury.

and other dealings in new debt of longer than

On a case-by-case basis, OFAC considers

See https://www.treasury.gov/resource-

30 days maturity or new equity of persons

applications for specific licenses to authorize

center/sanctions/Programs/Documents/

determined to be subject to Directive 1,

transactions that are neither exempt nor

fr80_39676.pdf. Executive Order 13692

their property, or their interests in property;

covered by a general license. A request for a

prohibits dealings in “[a]ll property and

and (2) all activities related to debt or equity

specific license must be submitted to OFAC’s

interests in property that are in the United

issued before September 12, 2014, that

Licensing Division. See https://www.treasury.

States, that hereafter come within the United

would have been prohibited by the prior

gov/resource-center/sanctions/Programs/

States, or that are or hereafter come within

version of Directive 1 (which extended to

Documents/ukraine.pdf; see https://www.

the possession or control of any United

activities involving debt of longer than 90

treasury.gov/resource-center/sanctions/

States person” with any delineated persons.

days maturity or equity if that debt or equity

Programs/Pages/ukraine.aspx.

See https://www.treasury.gov/resource-

was issued on or after the date a person was

center/sanctions/Programs/Documents/

determined to be subject to Directive 1).

—————————————————

fr80_39676.pdf. Any violation that involves

Directive 2, as amended, prohibits

any property or interest in blocked property

transactions by U.S. persons and within the

is “null and void and shall not be the basis

United States involving the financing, or

for the assertion or recognition of any interest

otherwise dealing in new debt of longer than

in or right, remedy, power or privilege with

90 days maturity of the persons subject to

respect to such property or property interest.”

Directive 2, their property, or their interests

See https://www.treasury.gov/resource-

in property. Directive 3 prohibits transactions

center/sanctions/Programs/Documents/

by U.S. persons and within the United

fr80_39676.pdf.

States involving financing, or otherwise

B. Russia Sanctions.

dealing in new debt of longer than 30 days

Unless otherwise authorized or exempt,

maturity of the persons subject to Directive

transactions in the United States or by

3, their property, or their interests in

U.S. persons are prohibited if they deal in

property. Directive 4 prohibits the following

property or interests in property of an entity

transactions by U.S. persons and within

or individual listed on OFAC’s SDN List.

the United States: providing, exporting, or

An entity will also be blocked if it is fifty

re-exporting, directly or indirectly, goods,

percent (50%) or more owned, whether

services (except for financial services), or

individually or in the aggregate, directly or

technology in support of exploration or

indirectly, by one or more persons whose

production for deep-water, Arctic offshore,

property and interests in property are blocked

or shale projects that have the potential to

pursuant to any part of 31 C.F.R. Chapter V,

produce oil in the Russian Federation, or 16

Currents 24.1 2020

I V. E x p o r t C o n t r o l s ————————————————— A. Export Administration Regulations The Department of Commerce – Bureau of Industry and Security as well as the State Department oversee the Export Administration Regulations (EARs) program. The scope of the EARs is dual use products and export of goods that could compromise national security. To comply with the EARs, an exporter must check denied parties lists, determine ECCN if needed, and apply for a license, if required. See https://www.export. gov/article?id=Export-Control-Regulations; http://www.bis.doc.gov. B. International Traffic in Arms Regulation The Directorate of Defense Trade Controls of the State Department oversees the International Traffic in Arms Regulations (ITARs) program. ITARs control the sales of items used for military purposes. To comply with the ITARs, an exporter must check

whether its products for export are on the

Second, FIRRMA provides for an

is implemented pursuant to the Export

U.S. Munitions List, determine if a license

abbreviated filing process for the voluntary

Administration Act of 1979 (EAA), enforced

is required, and contact its local Export

disclosures through a new “declarations”

by the Bureau of Industry and Security

Assistance Center. See https://www.export.

procedure. This procedure could result in

of the U.S. Department of Commerce.

gov/article?id=Export-Control-Regulations;

shorter review timelines by CFIUS and allow

U.S. persons may not take certain actions

see www.pmddtc.state.gov; www.buyuse.gov.

some discretion to require parties to file

“with the intent to comply with, further,

—————————————————

before closing a transaction. Third, FIRRMA

or support an unsolicited foreign boycott.”

expands the CFIUS review period from thirty

Prohibitions include: refusing to do business

to forty-five days and allows an investigation

with a boycotted or blacklisted entity;

to be extended for an additional fifteen-day

discriminating against, or agreeing to

period under extraordinary circumstances.

discriminate against, any U.S. person on the

Fourth, FIRRMA strengthens requirements

basis of race, religion, sex, or national origin;

on the use of mitigation agreements,

and furnishing information about business

including the addition of compliance plans

relationships with a boycotted country or

to inform the use of such agreements. Fifth,

blacklisted entity. Any “U.S. person”, as

FIRRMA grants special hiring authority for

defined under the regulations, must notify

CFIUS and establishes a fund for collection

the U.S. Department of Commerce upon

of new CFIUS filing fees.

receipt of a request to comply with an

V. InvestmentRel ated Controls ————————————————— Oversight of investment into the U.S. takes place through the Committee on Foreign Investment in the United States (CFIUS). The Foreign Investment Risk Review Modernization Act of 2018 (FIRRMA) expanded jurisdiction of CFIUS to address certain growing national security concerns. FIRRMA also modernized CFIUS review processes to enable more timely and effective review of covered transactions in seven ways. First, FIRRMA broadens the purview of CFIUS by adding to the review of mergers and acquisitions of U.S. firms four new types of covered transactions. These include: (1) a purchase, lease, or concession by or to a foreign person of real estate located in proximity to sensitive government facilities; (2) “other investments” in certain U.S. businesses that afford a foreign person access to material nonpublic technical information in the possession of the U.S. business,

Sixth, FIRRMA delays “the applicability

unsanctioned foreign boycotted country or

of some of the bill’s most significant

blacklisted entity. See https://www.export.

provisions until [eighteen] months following

gov/article?id=Antiboycott-Regulations.

enactment of FIRRMA or [thirty] days after

—————————————————

the Secretary of the Treasury publishes in the Federal Register a determination that the necessary regulations, organizational structure, personnel, and other resources are in place to administer those provisions, whichever is sooner.” Finally, FIRRMA authorizes CFIUS to conduct pilot programs to implement any authority provided under the bill. See https://www.treasury.gov/ resource-center/international/Documents/

VII. Import Relief L aw s : A n t i - Du m pi n g & Countervailing Duty Laws ————————————————— Title VII of the Tariff Act of 1930 contains the U.S. version of Antidumping and Countervailing Duty laws. Antidumping (AD) and Countervailing Duties (CVD) address what is regarded as unfair trade practices. The laws provide relief to U.S.

membership on the board of directors, or

Summary-of-FIRRMA.pdf.

other decision-making rights, other than

—————————————————

injured” or threatened with injury due to the

through voting of shares; (3) any change

dumping of imports of like products sold in

in a foreign investor’s rights resulting in

VI. Anti-Boycott R e g u l a t i o n s

foreign control of a U.S. business or an

—————————————————

the cost of production or home market

“other investment” in certain U.S. businesses;

The United States opposes restrictive

prices) or subsidized by a foreign government

and (4) any other transaction, transfer,

trade practices and boycotts by foreign

and thus lower in price due to such subsidies.

agreement, or arrangement designed to

countries against what it considers to be

The AD and CVD laws are administered by

circumvent CFIUS jurisdiction.

friendly countries. This anti-boycott position

two agencies. The U.S. International Trade

industries and workers that are “materially

the U.S. market at less than fair value (below

Currents 24.1 2020

Commission, an independent, quasi-judicial

determines whether dumping or subsidies

the United States is authorized to designate

agency, determines whether U.S. industry

would likely continue or resume if the order

a country listed in section 107 of AGOA as

suffered material injury due to dumping or

is revoked. Review is also conducted to

a “beneficiary sub-Saharan African country

subsidies.

determine whether injury to the domestic

“if the President determines the country

The International Trade Administration

industry would likely continue or resume.

meets certain eligibility requirements.” See

of the Department of Commerce evaluates

See Trade Remedies: Antidumping and

https://obamawhitehouse.archives.gov/

the AD or CVD petition, decides whether to

Countervailing Duties, https://crsreports.

the-press-office/2011/10/25/presidential-

initiate an investigation, determines whether

congress.gov/product/pdf/IF/IF10018.

proclamation-african-growth-and-

dumping or subsidies exists, and calculates the

—————————————————

opportunity-act. The beneficiary sub-

amount of dumping or subsidy and the duty to be imposed in response. If an investigation results in affirmative determinations, an order is issued directing U.S. Customs and Border Protection to collect the duties imposed on imported merchandise that has been dumped and /or subsidized. In AD cases, the remedy for injury is an additional duty placed on imported merchandise to offset the difference between prices in foreign and U.S. markets. In CVD cases, a duty equivalent to the amount of subsidy is placed on imports. Supporters of these laws argue their necessity in shielding U.S. industry and workers from unfair competition. Supporters also argue that the laws increase public support for additional trade liberalization measures. Opponents suggest these laws create inefficiencies in the world trading system by “artificially” raising prices on imported merchandise. AD and CVD duty order—which are granted for five years—are subject to review. This review, including judicial review, can result in upward or downward adjustment of the dumping or subsidy margin. Review can also result in continuation or revocation of an order. During the anniversary month of the publication of an order each year, an interested party may request a review. At the end of the five years, AD and CVD orders must undergo a “sunset” review. This review

VIII. Preferential Trade Laws ————————————————— A. Generalized System of Preferences U.S. trade preference programs, including the Generalized System of Preferences (GSP), provide an opportunity for the world’s poorest countries to escape poverty by gaining duty free access to the U.S. market. Established by the Trade Act of 1974, the GSP promotes economic development by eliminating duties on thousands of products imported from one of 120 designated beneficiary countries and territories. See https://ustr.gov/issue-areas/ trade-development/preference-programs/ generalized-system-preference-gsp. Eligibility

Angola, Benin, Botswana, Burkina Faso, Burundi, Cameroon, Cabo Verde, Central African Republic, Chad, Comoros, Congo, Democratic Republic of Congo, Côte d’Ivoire, Djibouti, Equatorial Guinea, Eritrea, Ethiopia, Gabon, Gambia, Ghana, Guinea, Guinea-Bissau, Kenya, Lesotho, Liberia, Madagascar, Malawi, Mali, Mauritania, Mauritius, Mozambique, Namibia, Niger, Nigeria, Rwanda, São Tomé and Príncipe, Senegal, Seychelles, Sierra Leone, Somalia, South Africa, South Sudan, Sudan, Swaziland, Tanzania, Togo, Uganda, Zambia, and Zimbabwe. See https://www. trade.gov/agoa/pdf/2018%20US-SSA%20

for GSP access –at the country level and

Trade%20Summary.pdf.

the product level—is subject to review

—————————————————

annually by the Office of the United States Trade Representative. See https://ustr.

IX. United States Free Tr a d e A g r e e m e n t s

gov/sites/default/files/GSP-Guidebook-

—————————————————

September-16-2016.pdf#page=16.

The United States has fourteen free

B. The African Growth and Opportunity

trade agreements in force with twenty

Act

countries as of February 2020. See U.S. Trade

On May 18, 2000, the African Growth

Policy: Background and Current Issues,

and Opportunity Act (AGOA) was signed into

https://crsreports.congress.gov/product/

law in Title 1 of the Trade and Development

pdf/IF/IF10156. There are bilateral free

Act of 2000. https://www.trade.gov/agoa/

trade agreements with Australia, Bahrain,

index.asp. AGOA offers tangible incentive

Chile, Columbia, Israel, Jordan, South

for African countries to open their economies

Korea, Morocco, Oman, Panama, Peru,

and build free markets. See https://www.

and Singapore. See https://ustr.gov/trade-

trade.gov/agoa/index.asp. The President of

agreements/free-trade-agreements. There

Currents 24.1 2020

Saharan African countries presently include:

are two regional free trade agreements with countries in the central American

agreement/agreement-between.

establishes committees on goods, agriculture, sanitary and phytosanitary matters, and

A. NAFTA.

region (CAFTA-DR) (including Costa

The 1994 North American Free Trade

financial services. It also establishes

Rica, Dominican Republic, El Salvador,

Agreement initiated a new generation of

subcommittees on labor and environment.

Guatemala, Honduras, Nicaragua, and in

U.S. free trade agreements and provided the

See https://ustr.gov/trade-agreements/free-

North America (USMCA) with Canada

model for later U.S. FTAs and played a role

trade-agreements/australian-fta. Australia

and Mexico). See https://ustr.gov/trade-

in shaping multilateral trade negotiations.

was part of the TPP negotiations.

agreements/free-trade-agreements/united-

Under NAFTA, tariffs were completely

states-mexico-canada-agreement/agreement-

eliminated progressively. All duties and

This Agreement generates export

between.

quantitative restrictions, with the exception

opportunities for the United States and

Candidate and then President Trump

of those on a limited number of agricultural

creates jobs for U.S. farmers. The Agreement

expressed hostility towards U.S. free trade

products traded with Canada, were

supports Bahrain’s economic and political

agreements negotiated by other presidents.

eliminated by 2008. See https://ustr.gov/

reform and enhances commercial relations.

He argued that they contribute to U.S. trade

trade-agreements/free-trade-agreements/

See https://ustr.gov/trade-agreements/free-

deficits and hurt U.S. workers. For these

north-american-free-trade-agreement-nafta.

trade-agreements/bahrain-fta.

reasons, President Trump quickly took steps

B. USMCA

D. U.S.-Bahrain Free Trade Agreement

E. U.S.-Chile Free Trade Agreement.

with regard to U.S. free trade agreement

The USMCA—the renegotiated

This Agreement eliminates tariffs and

policy that completely altered the approach

NAFTA—kept large portions of NAFTA

open markets, reduces barriers for trade in

taken by the previous administration. First

in place while changing rules regarding

services, provides protection for intellectual

he withdrew the U.S. from the Trans-

intellectual property, the rules of origin,

property, ensures regulatory transparency,

Pacific Partnership (TPP) in January 2017.

investment dispute settlement, state to

guarantees nondiscrimination in the trade

The TPP would have put the U.S. at the

state dispute settlement, and labor rights

of digital products, commits the Parties to

center of a twelve-country megaregional

and dispute settlement connected to them.

maintain competition laws that prohibit

free trade agreement. The U.S. led the TPP

See https://ustr.gov/trade-agreements/free-

anticompetitive business conduct, and

negotiations for the five years it took to reach

trade-agreements/united-states-mexico-

requires effective labor and environmental

the agreement signed by President Obama in

canada-agreement/agreement-between. The

enforcement. See https://ustr.gov/trade-

2016. The eleven other TPP countries went

USMCA addresses digital trade and state-

agreements/free-trade-agreements/chile-fta.

on to ratify and put into force the renamed

owned enterprises. The agreement increases

Chile was part of the TPP negotiations.

Comprehensive and Progressive (CPTPP)

North American content requirements

F. U.S.-Colombia Trade Promotion

Agreement for Trans-Pacific Partnership in

for vehicles. It expands market access in

Agreement

2018.

agriculture. At the same time, the USMCA

This Agreement is a comprehensive free

Second, President Trump also negotiated

reduces U.S. obligations in areas such as

trade agreement that provides elimination

select modifications to KORUS, the free

investment and government procurement.

of tariffs and removes barriers to U.S.

trade agreement with South Korea. Finally,

See U.S. Trade Policy: Background and

services, including financial services. It

President Trump insisted on a renegotiation

Current Issues, https://crsreports.congress.

also includes important disciplines relating

of the 1994 North American Free Trade

gov/product/pdf/IF/IF10156.

to customs administration and trade

Agreement (NAFTA). The USMCA replaced

C. U.S.-Australia Free Trade Agreement

facilitation, technical barriers to trade,

NAFTA when it was passed by the House in

The Joint Committee under this free

government procurement, investment,

late 2019 and the Senate in early 2020. See

trade Agreement supervises implementation

telecommunications, electronics commerce,

https://ustr.gov/trade-agreements/free-trade-

of the Agreement and review of overall trade

intellectual property rights, and labor and

agreements/united-states-mexico-canada-

and investment relationship. The Agreement

environmental protection. See https://ustr.

Currents 24.1 2020

gov/trade-agreements/free-trade-agreements/

recently renegotiated in 2018. See https://fas.

colombia-tpa.

org/sgp/crs/row/IF10733.pdf.

G. CAFTA-DR (Dominican RepublicCentral America Free Trade Agreement)

K. Morocco Free Trade Agreement This Agreement supports significant

This Agreement is the first free trade

economic and political reform in Morocco

agreement between the Untied States

and provides for improved commercial

and Costa Rica, El Salvador, Guatemala,

opportunities for U.S. exports by reducing

Honduras, Nicaragua and the Dominican

and eliminating trade barriers. See https://

Republic. CAFTA-DR promotes stronger

ustr.gov/trade-agreements/free-trade-

trade, investment ties, prosperity, and

agreements/morocco-fta.

stability throughout Central America and

L. Oman Free Trade Agreement

the southern border of the United States. See

This Agreement promotes economic

https://ustr.gov/trade-agreements/free-trade-

reform, generates export opportunities for

agreements/cafta-dr-dominican-republic-

U.S. goods and service providers, solidifies

central-america-fta.

Omanâ&#x20AC;&#x2122;s trade liberalization and strengthens

H. Israel Free Trade Agreement

intellectual property rights protection and

This first U.S. free trade agreement

enforcement. See https://ustr.gov/trade-

provided the foundation for expanding

agreements/free-trade-agreements/oman-fta.

trade and investment between the U.S. and

M. U.S.-Panama Trade Promotion

Israel due to its reduction of barriers and

Agreement

promotion of regulatory transparency. See

This Agreement will support American

https://ustr.gov/trade-agreements/free-trade-

jobs, expand markets and enhance U.S.

agreements/israel-fta.

competitiveness. See https://ustr.gov/

I. Jordan Free Trade Agreement This first U.S. free trade agreement

uspanamatpa/facts. N. Peru Trade Promotion Agreement

with a Middle East country, other than

This Agreement eliminates tariffs and

Israel, continues to facilitate an extensive

removes barriers to U.S. services, provides

economic partnership between the United

a secure, predictable legal framework for

States and Jordan. See https://ustr.gov/

investors, and strengthens protection for

trade-agreements/free-trade-agreements/

intellectual property, workers and the

jordan-fta.

environment. See https://ustr.gov/trade-

J. KORUS, Korea-U.S. Free Trade

agreements/free-trade-agreements/peru-tpa.

Agreement

Peru was part of the TPP negotiations.

This Agreement reduces and, in most

O. Singapore Free Trade Agreement

cases, eliminates tariff and non-tariff barriers

This Agreement provides for a Joint

between South Korea and the U.S. on

Committee that reviews the overall trade and

manufactured goods, agricultural products,

investment relationship between the United

and services. It provides rules for investment

States and Singapore. See https://ustr.gov/

and intellectual property rights and commits

trade-agreements/free-trade-agreements/

both countries to maintaining certain worker

singapore-fta. Singapore was part of the TPP

and environmental standards. KORUS was

negotiations. 20

Currents 24.1 2020

Hypothetical The following hypothetical illustrates how trade compliance issues can arise for a firm: Woodlands International Inc. (Woodlands), a U.S.-based publicly traded multinational oilfield services company, manufactures tools and runs operations for National Oil Companies (NOCs) and Independent Oil Companies (IOCs) in eighty countries around the world. Customer XN, an IOC is starting a joint venture in Nigeria with RussiGas, a Russian NOC, and a Nigerian NOC. The name of the joint venture is Nigerian Offshore Development (NOD). NOD issues a tender for oilfield operations support. The work will take place on an offshore rig that operates under an Iranian flag in waters at least 1200 feet deep. Woodlands prepares its response for the bid. In order to make sure it won the bid, one of the Woodlands salesmen worked with one of the NOC executives. This included flying the official and his family to the U.S., covering a trip to Disney World, giving the official an office job and making a small payment for consulting services. The job requires Woodlands to make and buy tools to bring to Nigeria. One of the contractual requirements in the tender states that Woodlands cannot use any Israeli-produced goods or equipment on the job. Woodlands has a factory in Israel which makes Woodlands tools needed for the job. Woodlands decides to make and manufacture the tools in Israel, ship the tools to a distribution center in the Netherlands where they will remove or grind off the “Made in Israel” marking, and replace it with a country of origin of the Netherlands. Then, Woodlands will ship the tools to the jobsite in Nigeria. One of their U.S. competitors has a unique patented tool–designed for the military–that works well but is expensive. Woodlands buys the tool from its competitor and sends it to India to be reverse engineered. The Indian subcontractor gives the designs for the tool to Woodlands and the company in turn send the designs to non-related Factory Z in China that will manufacture the tool. Factory Z employs a skilled workforce in its manufacturing process, and twelve to fourteen year-olds in its packaging department. Factory Z will manufacture the tool and sell it to a Woodlands affiliate in Nigeria. Before shipping, Woodlands asks Factory Z to prepare a commercial invoice with a value of 50% less than the billing invoice, because Nigerian import duties and taxes are high. By reducing the value on its commercial invoice, Woodlands reduces the duties it must pay and protects its profit margin. Factory Z complies. Woodlands successfully completes the job and generates a profit of $200 million dollars. Five weeks later, the Department of Justice (DOJ) knocks on the door of Woodlands’ U.S-based office and Nigerian Customs knocks on the door of Woodlands’ Nigerian office. At the same time, a U.S. competitor serves Woodlands with a lawsuit. The Wall Street Journal publishes an article about child labor in Factory Z, which depicts tools with Woodlands’ logo.

Currents 24.1 2020

Cross Border Trade Compliance M O D E R AT O R / PA N E L I S T: PA N E L I S T S : D AV I D —————————————————

T I M

C O U R T N E Y

B R O W N ,

M O R T L O C K ,

M E L

E L L E N

C .

F L O R E S

C H AV E Z , S M I T H

Compliance teams should consider that every

Companies that have established

export corresponds with an import—each

trusting relations with trading partners are

—————————————————

is a two sided transaction. Fourth, who is

often inclined to certify that the product’s

[The Cross Border Trade Compliance

receiving the item? Companies must be sure

end use is in compliance. In commercial

panel began its descussion with the

to utilize screening processes to avoid dealings

dealings, corporate partners can safely assume

hypothetical on the previous page].

with those on sanctions lists. Fifth, to what

each partner will have prepared the relevant

According to the hypothetical, how will

use is the item being put? Discerning the

documentation. Prudent companies should

Woodlands determine if it is complying

item’s end use is of critical importance before

work closely with main customers and their

with all appropriate trade control and anti-

certifying it will not be used in violation of

quality assurance control programs. For

corruption laws? In any given transaction, it

sanctions.

example, it is sensible when working with

Introduction

is crucial to understand what is being sold

A final question is whether the firm

a buyer that has “textiles” in its name, to

and what is being shipped. The sale does not

is participating in any sort of non-U.S.

inquire further as to why they are interested

have to be of a particular thing, it can be for

sanctioned boycott? This issue is crucial for

in purchasing oil field tools. Such a purchase

design plans, drawings, products, or services–

companies dealing with Middle Eastern

should sound odd. It is, in fact, based on

all of which are subject to trade control

countries. Answers to the aforementioned

a real scenario. The corporate partner was

laws. After shipping the item or taking it

questions lead to the identification of risk

unwilling to sell the customer the tools

elsewhere, how can the transactional attorney

areas and, ultimately, to the assembly of a

without both information about where

ensure compliance with trade control laws?

well-structured trade compliance program.

the tools were going and provision of the

In the context of a given transaction, there are

—————————————————

requisite documentation.

four broad categories of questions: 1) what is

I I . Tr a d e C o m p l i a n c e and Red Flags

being shipped; 2) where it is being shipped; 3) who will receive the item; and 4) how will the item be used? Within those broader categories, there are a lot of detailed questions. Some of the more important sub-issues to highlight are as follows. First, what will the item being transferred through the supply chain ultimately become? Second, is the item subject to any applicable export control restrictions? Third, is a license necessary in order to transport the item? Conversely, wherever the item is being imported, is a license required? What needs to be done to comply with other import procedures?

————————————————— There is an obligation to know about these laws and to comply with them. If suspicious circumstances surround the transaction, a company cannot hide its head in the sand. That is true with trade compliance and anti-corruption compliance. Any transaction wherein a party appears to be in non-compliance with trade control laws raises a red flag. All red flags are significant, but the most striking is a buyer’s reluctance to offer information about the end use of the product or its ultimate destination. 22

Currents 24.1 2020

Alarm bells should ring when a product being bought does not appear to fit within the buyer’s line of business. If all is resolved and explanations received, perhaps the firm can become comfortable. However, many times this problem causes transactions to fall apart. Other examples of red flags include fake delivery dates, remote destinations, or circuitous shipping routes. All of these red flags may cause a firm to dive in further to avoid non-compliance. Many corporate programs have implemented screening processes called Know Your Customer (KYC) programs. The screening process entails running a company or individual’s name through a software tool

that cross-references them against sanctions

that allows further exploration of remote,

the joint venture between RussiGas and the

and politically exposed persons lists. This type

deepwater areas in the energy sector–ITAR

Nigerian NOC, seeks to use Woodlands’

of screening serves to address the concerns

compliance is a prerequisite.

tools for deepwater operations under an

one may have about a certain company.

The final government agency is the

Iranian flag. Nothing in the Woodlands

Notably, however, a screening process

Commerce Department, and through

hypothetical suggests that the project has

cannot capture everything. Although

the Bureau of Industry and Security

anything to do with the reason for the U.S.

screening is indeed a requirement, a firm

(BIS), which enforces, implements, and

sanctions—Russia’s attempted annexation

should consider asking common sense

promulgates regulations related to the export

of Crimea and its interference in eastern

questions. Sometimes, a deal simply does

of commercial items having a dual use.

Ukraine.13 In order to fully assess what drives

not make sense and evades capture by the

BIS looks at items that are not deserving

the relevant restrictions, background analysis

screening process. Thus, typical screening is

of ITAR restrictions, but do have some

of the relevant sanctions is required. U.S.

not a sensible replacement for undertaking

potential military components, such as

sanactions are often the key leverage utilized

a complete red flag analysis.

information technology (IT) and encryption.

in national security crises and must be strictly

—————————————————

The Department of Commerce implements

followed.

III. Administrative Oversight

and enforces regulations called the Export

General embargoes14 are in place to

—————————————————

Administration Regulations (EARs).8 EARs

block the export of goods and services from

Three main U.S. governmental agencies

are the regulations for classifying products

the U.S. or from U.S. persons to Cuba, Iran,

have a hand in overseeing cross border

and determining whether they are subject to

North Korea, Syria, and the Crimean region

trade compliance issues such as export

export limitations. Products that fall within

of Ukraine. Essentially, there is a general

and import controls, sanctions, and anti-

an EARs classification require a license to

prohibition on exports by U.S. persons of

boycott laws. The Office of Foreign Assets

export from the U.S.10

goods and services directly or indirectly to

Control (OFAC) is the entity within

There are anti-boycott rules separate from

these places, unless the transaction is subject

the Treasury Department that deals with

the Treasury regulations. The Department

to an exception or a license. Historically,

economic sanctions, for example, those

of Commerce also has similar regulations.

embargoes have operated with the subtlety

against Venezuela, North Korea, and Iran.3

These regulations are designed to ensure that

of a sledgehammer. Such embargoes mean

There is a great deal of government oversight

U.S. companies are not participating in non-

a company can conduct no business. Over

going on in that space.

U.S. sanctioned boycotts.

time, U.S. sanctions have become smarter

The Directorate of the Defense Trade

Evident in the alphabet soup here is

and more nuanced. In fact, in the wake

Controls (DDTC) of the U.S. State

that government agency oversight is fairly

of 9/11, a new policy tool emerged—

Department4 works in a focused area of

complicated. The U.S. is not doing this

targeted sanctions. Rather than fixating on

export controls. The DDTC is responsible

deliberately. All of the regulations are driven

jurisdictions or state actors, the U.S. focused

for implementing trade controls involving

by different types of governmental concerns

on individuals and entities with involvement

militarized goods under the International

and policies, particularly with respect to

in bad acts, for example, terrorists and their

Traffic in Arms Regulations (ITARs).5 ITARs

sanctions. Sanctions are a tool used to restrict

financial supporters, nuclear proliferators,

control military-type grade equipment

U.S. persons, goods, or services exports

and organized crime figures.15 Further, there

exported out of the U.S. The government’s

from the U.S. to the sanction’s target. The

are some sanctions16 that aim restrictions

concern in restricting those exports is for

government leverages sanctions in situations

not on the country itself but rather on

national security and defense reasons. If

implicating foreign policy and national

the individual entities undermining U.S.

companies wish to use and trade military-

security.

interests in that country. Examples of such

type technology converted for commercial use, for example–underwater equipment

A. The Backdrop of Policy According to the hypothetical, NOD,

programs are those against South Sudan, Yemen, Burundi, and North Korea, until

Currents 24.1 2020

2016.17

do business with them” or “it is off the list,

Even if there is not a U.S. nexus,

so no problem.” The situation is dicier than

companies must still worry about U.S.

If targeted sanctions are in place where

that. Who do these sanctions really affect?

sanctions. Beginning in the 1990s, the U.S.

a U.S. company does business, there is the

The bottom line is that sanctions programs

government began threatening sanctions

potential for that company’s engagement in

affect everyone. Any person who exports

against foreign companies dealing with Iran,

a transaction involving a specially designated

goods or services from the U.S., whether a

leading up to the sanctions on Iran prior to

national (SDN). There are possibly 15,000

U.S. company, a U.S. citizen, a green card

the nuclear deal.28 That is what has been re-

individuals on OFAC’s SDN list in locations

holder, or someone employed overseas,

imposed with the withdrawal of the nuclear

spread across the globe. The U.S. also has

qualifies as a “U.S. person” and is generally

deal, the threat of sanctions against foreign

a set of restrictions that apply to any entity

restricted by such sanctions.23

companies for doing on-site commercial

B. Sanctions

owned 50% or more by an SDN.19 Entities

There are special sanction rules for Cuba

owned 50% or more by an SDN, or multiple

and Iran. The Cuba rules apply to anyone

Now, there are sanctions with regard to

SDNs in the aggregate, are subject to the

or any entity owned or controlled by a U.S.

Russian SDNs and Hezbollah. There have

same restrictions regardless of whether the

person. That is also true for Iran, although

even been reports of the State Department

entity’s name appears on the SDN List. Thus,

the scope in those regulations has flip-

wandering around Europe threatening

looking at the SDN list is not enough.

flopped several times over the last few years.

companies with sanctions if they buy oil

In 2012, the Iran sanctions were extended

from Venezuela. Whether applying sanctions

to cover foreign subsidiaries.

However,

in this context is a legitimate application of

Russia was in some sense a “Catch-22” for

through the Joint Comprehensive Plan of

law is another question. The bottom line is

the U.S. The concern was that listing major

Action (JCPOA)–commonly known as the

that everybody needs to worry about OFAC

Russian financial institutions and energy

Iran nuclear deal–restrictions on foreign

sanctions.

companies as SDNs could cause cataclysmic

subsidiaries were effectively lifted with a

Further, indirect business transactions

events in the global oil market and financial

license. Now restrictions are back in place

are subject to sanctions. A company may say

sector because of the close integration of

because of President Trump’s decision to

“our business is not selling to Iran; we do not

those institutions with the European and

withdraw from the JPCOA.

have to worry.” However, OFAC administers

The most recent sanctions involve Russia

and Venezuela.

Sanctioning

activity with Iran.

U.S. systems. Thus, the U.S. government

Finally, even a non-U.S. person visiting

civil penalties with strict liability, which

crafted limited sanctions measures barring

the U.S working for non-U.S. companies

means it does not matter what the company

U.S. companies from engaging in certain

cannot ignore these rules. The largest

knows, or should have known, or the intent.29

transactions, such as dealing in the financial

sanctions enforcement action targets—BNP

What matters is where the product ends

sector or providing assistance to listed

Paribas and ZTE—all share something in

up and whether it was intended for that

Russian oil companies for non-conventional

common; they are non-U.S. companies. In

destination at the time it was exported from

oil projects.22 Targeted sanctions are much

addition to having less robust compliance

the United States. There could be many

more nuanced and beneficial because they

departments than their U.S. counterparts,

occasions where a company might think it

lend the government more flexibility in the

the way these non-U.S. firms often get in

is clean because the sales go to its distributor.

imposition of restrictions. These sanctions

to trouble is by exporting from the U.S. to

However, that would not actually shield the

aid U.S. business with their less cumbersome

sanctioned jurisdictions or targets. In the case

company.

nature.

of ZTE, the illegal conduct was exporting

C. Licensing

On the other hand, such sanctions

U.S. technology indirectly to North Korea

How sanctions are imposed by the

complicate the work of compliance

and Iran. Even foreign companies have to

government is getting more complicated.

professionals. A company cannot simply say

comply with sanctions when there is a U.S.

For example, the aggressive use of licensing

“well this entity is on the list, so we cannot

nexus.

makes sanctions more complex. In 2014, the 24

Currents 24.1 2020

U.S. government could not put Sberbank

then it will also be subject to sanctions. U.S.

venture partner, or facilitating the joint

and Rosneft on the SDN list without causing

companies are only able to extend credit

venture’s support in those areas to the Russian

a global meltdown. The U.S. government

to the joint venture over the allowable

parent? If so, the U.S. company could be

also thought there could be similar problems

maturity.34 All of these issues need to be built

engaged in a prohibited facilitation of an

in 2011 when it sanctioned PDVSA (the

in on the front end (screening) when a firm

activity covered by Directive 4.

Venezuelan state-owned oil company) but

puts such investment arrangements together.

did not put it on the SDN list. In early 30

D. Issues with Joint Operation

Another issue connected to the hypothetical is that the joint venture–

2019, however, OFAC placed PDVSA on the

Harking back to the above hypothetical:

NOD–is conducting its work on an offshore

SDN list.31 At the same time, OFAC issued

assume that NOD, the new entity, is a 60/40

rig under an Iranian flag. Everyone should

nine general licenses, several of which were

joint venture with a Russian company in

understand the blatant issue–the rig is flying

updated over the last few months.32 These

deepwater greater than 500 feet (the U.S.

an Iranian flag. U.S. companies will have a

sanctions prevent companies from doing

government definition of deepwater). The

problem working on that rig.

business with PDVSA, absent a license,

Russian company is subject to OFAC

There are two problems. First, if the

which allows doing business with PDVSA

Directives 235 and 4.36 The joint venture itself

rig was in Iranian commerce or the good

in certain ways. Essentially, what that means

is not subject to sanctions if it has less than

originates from Iran, U.S. persons are

is a firm exercising an abundance of caution

50% SSI ownership. Depending on whether

prohibited from engaging in the transaction.

may decide to do no business with Venezuela

or not the joint venture is subject to OFAC,

Depending on the arrangement with the rig,

at all. However, is it worth it to tell business

the transaction may be further complicated

there could be an export of services by a U.S.

teams to shut down a rig and pull out of

by: what the company can own as a “U.S.

person to Iran. If the joint venture is held

Venezuelan waters thus suffering losses of

person”; whether it can extend credit to the

fifty-fifty by Woodlands, a U.S. person, these

hundreds of millions? Or is it worth the

Russian parent; and if, as a U.S. person, the

restrictions on Iran extend to the subsidiary as

extra time and attention to the get the lawyers

company can facilitate the joint venture’s

well. With the joint venture, the restrictions

involved to drill down (pun intended) on

extension of credit to that Russian company.

on dealing with goods of Iranian origin do

what the company may be able to do?

What degree of oversight is a U.S. parent

not actually extend to foreign subsidiaries–

Sectoral sanctions are limited sanctions,

company charged with if engaging in a joint

because the regulations were not written

such as restrictions relating to debt equity.

venture entity? Are U.S. persons charged with

correctly.

The use of such sanctions simply means

approving transactions by that entity? Would

One might wonder, “the rig is not in Iran

U.S. companies must be very careful. Take

OFAC consider its role as merely supporting

anymore, how can the company be exporting

for example, the joint venture, NOD, in

operations with back-end office functions?

services to Iran?” This line of thinking fails

the hypothetical. In reality, the first thing

The key would be to determine at what point

to recognize that such transactions are an

a company would do is screen that joint

OFAC considers a U.S. parent company to

indirect export of services to Iran. Essentially,

venture. Is it on the Sectoral Sanctions

be “supporting” specific transactions with a

if one is engaging in a transaction outside

Identifications (SSI) list? Is it owned by any

Russian parent.

of Iran and the benefit—not necessarily the

entity on that list? Ownership by someone

With respect to the hypothetical,

primary benefit, but any at all—is received

on the SSI list presents a problem, and an

Directive 4

restricts U.S. persons from

in Iran, OFAC considers that an export of

even bigger one if that person is on the

providing support to deepwater projects at

services to Iran.38 Even more removed, the

SDN list. How will the debt and credit of

depths greater than 500 feet or those with

“facilitation” by a U.S. person of the export

the joint venture be structured? Is it going to

the potential to produce oil involving a

of services to Iran is also prohibited by the

be consistent with the restrictions on a U.S.

listed Russian entity or one of its 50% or

regulations.39

person providing credit to someone on the

more owned subsidiaries. Again, is the U.S.

To give some examples from a practical

SSI list? If the joint venture is divided 50/50,

company providing support to the joint

standpoint, it is not uncommon to have

Currents 24.1 2020

global virtual teams working together on

work was considered to no longer be covered

is when in-house counsel gets a call in the

projects. When acting as in-house counsel,

by licenses. The company had to take a close

middle of night asking, “Hey lawyers, what

part of the education process is telling the

look to assure certain licenses only covered

is the answer?”

project and commercial people to be mindful

certain activities for a certain amount of time

—————————————————

that the bulk of the team may be outside the

and that other licenses covered something

U.S., but they are pulling in people to the

else for different periods of time. The targeted

I V. E x p o r t C o n t r o l s

U.S. to provide support. That proposition

nature of these sanctions necessitates careful

must serve as a constant reminder to these

attention to exactly what each authorization

teams: be clear that there must be no U.S.

allows.

nexus. The employee cannot go back to the

No transaction is simple—a company

U.S. now. The company cannot pull them

is not just going to enter haphazardly into

in on certain aspects of the transaction.

a transaction with a company like PDVSA.

The lawyer must make clear to the team

While some larger corporations may be

the sensitivity of the issue and severity of

fortunate enough to be named on the general

potential consequences.

licenses, they will have to exercise caution or

Even worse, there have been numerous

altogether avoid assisting partners, who may

enforcement actions involving approval from

not be named, to prevent violating the law.

the U.S. for a foreign entity, whether or not

Lawyers viewing these issues from the

it is a subsidiary of another company for a

inside fly blind. OFAC writes the licenses.

transaction that would be prohibited for U.S.

There is no notice-and-comment period on

persons. OFAC also takes the position that a

these regulations, because they are intended

referral is prohibited facilitation.40 If a request

to, and many times do, surprise the target

comes into your company on the business

and are meant to be deployed swiftly. So,

side, involving a sanctioned Russian entity

OFAC writes these general licenses on the

or incorrect export to Iran or Cuba, you

assumption that they will mesh with the real

cannot say “I’m sitting here in my Houston

world. OFAC is hoping it has identified all

office, I cannot approve it, but I can help

the unintended consequences. OFAC takes

Fred in the Paris office, who can deal with

that goal seriously, particularly with regard to

these issues, because he’s not a U.S. person.”

the Russia sectoral sanctions. Those were only

In that situation, the U.S. lawyer has engaged

put in place following complex economic

in a prohibited facilitation as a U.S. person.

modeling on the possible impacts. At the

This highlights the importance of the U.S.

end of the day, however, a lot of guesswork

nexus in such questions.

went into how a set of sanctions may affect

Take PDVSA as an example of just how

the real world. Licenses for Venezuela,41 for

narrowly tapered targeted sanctions can be.

example, have been frequently updated after

The same day that OFAC placed PDVSA on

being issued. There is constant adjustment

the SDN list, internal licenses were issued.

and tinkering by the U.S. government to

Confusingly, the licenses authorized certain

try and get it right. In real time, companies

activities and certain entities, but with

deal with the consequences–such as when

different deadlines. There were questions

financial transactions are halted while

about at what date and time the company’s

employees sit stagnant on remote rigs. That 26

Currents 24.1 2020

————————————————— Referring back to the above hypothetical– Woodlands bought its tool from a competitor. The tool was highly technical, patented, and designed for military use. The company sent it to India to be reverse engineered, and then had the tool manufactured in China. What issues arise? Essentially, sanctions are restrictive on individuals and entities, usually, U.S. persons. Export controls are restrictions on the item, regardless of who is exporting. Where is the item going? Where is it being transported? What borders will it cross? The answers to these questions are controlled by ITARs (International Traffic and Arms Regulations)—administered by the State Department—which covers munitions list and military use items. Additionally, the EARs (Export Administration Regulations) cover everything else and generally restrict U.S. origin items exported or re-exported42 from the United States. The untrained eye may think an item in Europe that happens to be of U.S. origin being sent to a third country does not involve any U.S. person. But a U.S. company must still exercise caution as these regulations control items termed to originate in the U.S. If the item started in the U.S., export controls are going to be an issue regardless. There are certain percentages43 of U.S. origin equipment that, if sent to another country to be incorporated into a new product and then on to another country, may fall within the regulations. The question

becomes: does the item remain of U.S.

The Commerce Department and the

go to national security concerns and satisfy

origin? Generally, it comes down to whether

State Department are not alone. Other

or the item is made of 25% or more U.S.

departments within the government are

As a practical example of the debate

origin equipment. That is true for most

getting involved, such as the Department

within the agencies over control, consider

countries, except when the item is going to

of Defense. A vast number of regulations

the sanctions on Sudan. These sanctions

Iran or another sanctioned jurisdiction. In

are driven by turf wars and personalities

were recently lifted and from a sanctions

that case, the U.S. origin percentage decreases

within the U.S. government. In the context

perspective are no longer comprehensive.

to 10%, but the government often plays that

of export controls, there is an ongoing tug of

However, there is still state-sponsored

number up or down. A similar discussion

war between agencies as to who controls on a

terrorism. Particularly with equipment and

about categorization took place with respect

particular issue. The Department of Defense

services suppliers, there are many export

to sanctions on Russia.

is involved in the Committee on Foreign

controls to manage. When Sudan opened

Encryption is a pertinent issue when

Investment in the United States (CFIUS)

up, so too did the opportunities. However,

examining export controls. Encryption, it

process, which reviews incoming investments

the Department of Commerce requires

is worth noting, falls under the umbrella

in the United States. The Foreign Investment

submission of a written request to obtain

of “items” as that is defined, encompassing

Risk Review Modernization Act of 2018

a license, a process that can take some

both goods and technology. The technology

(FIRRMA)45 expands the jurisdiction of the

time. Most often, requests bounce around

could be almost any proprietary technology

Department of Defense to export controls,

several different agencies. A Department

developed here in the U.S. Software is

inasmuch as it concerns foreign investment

of Commerce license may be approved.

becoming an export control issue. Of course,

in U.S. companies manufacturing and

However, additional circumstances may

the reason software may fall within that

designing controlled technology.

necessitate another agency’s approval.

other policy objectives.

export control category—in which exports

A company planning to export needs

Delays may happen because everyone in

may be conditioned on procurement of a

to know the nature of its technology, not

the government wants to have a look at the

license—is the encryption component.

just to determine whether it can export it

license before it gets issued. A typical situation

The Commerce Department tends to follow

but also to determine who can invest in the

may involve several agencies inquiring about

behind the real-world in these areas, but has

company, whose money it can take, and

a written request—a document which may

been catching up with guidance.

whether that requires approval from the

begin as two or three pages that evolves into

When dealing with software, one

U.S. government. The type of product and

fourteen—before a license is actually issued.

question to ask is whether or not it operates

its export classification affects these issues

—————————————————

on a cloud or is downloadable? For a long

as well. On classification of the product for

time, the Commerce Department operated

export, a company could determine there is

V. U.S. Antiboycott Rules

on the assumption that all software would

no need to worry since the item is just going

move from Country A to Country B in the

down the road to Houston.

form of a hard floppy disk. The reality is

Companies planning to share

technology was developing far beyond that

information must also consider the concept

model. Now software may be shared either by

of “deemed exports.”46 If a company discloses

remote download or operation of the cloud.

or otherwise exposes an export controlled

In the latter case, no export occurs if the user

item to a foreign national, essentially a non-

has no access the underlying technology.

U.S. entity, the U.S. government treats that

Regulators need to understand how that

sharing of information as an export, even if

distribution of the technology works and

it occurs in the United States. This shows the

moves around the world.

different layers in this regulatory space that

————————————————— What is a boycott? A boycott, in essence, is a law or policy enacted by Country A prohibiting the import to or export of goods or services to Country B or the entry or employment of their nationals. The U.S. antiboycott regulations 47 are administered by two departments, the U.S. Department of Commerce and the U.S. Department of Treasury.48 The rules are designed to prevent the participation and the cooperation with international

Currents 24.1 2020

boycotts that the U.S. government does not

commercial team reviews the documents for

American Civil Liberties Union (ACLU) has

enforce. The antiboycott regulations apply

any potential boycott-related language. If

filed suit on behalf of government contractors

to U.S. companies, their foreign subsidiaries,

there is potential boycott-related language,

that have been affected by this legislation. In

branches, U.S. citizens, taxpayers, and

such as “Contractor shall comply with

two cases, in Kansas and Arizona, the federal

residents. This set of regulations is of great

all applicable laws of [insert Treasury List

courts have ruled in favor of the ACLU and

import to the trade compliances programs in

country],” then that language must be

their clients.53 However, there are twenty-six

multinational corporations and firms with

revised because it is too broad and arguably

states that currently have anti-BDS laws,

global reach.

would include the Treasury List country’s

including Texas. It will be interesting to see

There are different reporting requirements

boycott of Israel laws. Such language would

how this pans out and what cases will arise.

for each department. Companies are required

be submitted to the compliance team for

In the hypothetical, one of the

to report boycott-related requests on a

review and advice on how to negotiate

contractual requirements in the tender stated

quarterly basis to the U.S. Department of

with the customer. Compliance teams pay

that the contractor–Woodlands–could not

Commerce and on an annual basis to the

special attention to key words and red flags

use any Israeli goods or equipment on the

U.S. Department of Treasury.

including, but not limited to: mentions of

Nigerian joint venture job. While drafters

Boycott requests can be oral or written

Israel or Israeli companies; language targeting

may always provide origin information, in

and appear in a variety of commercial

other boycotted countries; port eligibility;

terms of the actual country of origin, they

documents such as an invitation to bid or

and requests for employee data, such as

should never certify that any particular

tender, contract, purchase order, request for

national origin, race, religion, ethnicity,

country or supplier was not involved.

quote, letter of credit, shipping instructions,

gender, or place of birth or the equivalent.

Certain boycotting countries, however, do

and so on. What is reportable is the request

Then, the compliance department can either

have laws that prohibit the importation of

itself, not simply whether “we agree” to the

advise on how to revise such language or

goods originating from boycotted countries.

request or not. The U.S. anti-boycott rules

strike a clause entirely because it is prohibited

The Department of Commerce excepts

and regulations are principally concerned

and penalized under U.S. antiboycott rules

primary boycotts from its prohibitions. Thus,

with the Department of Treasury’s list of

and regulations.

compliance with the import requirements

boycotting countries in the Arab League,

A boycott-related current event in

of a boycotting country is not prohibited.

which are as follows: Iraq, Kuwait, Lebanon,

trade compliance involves the Senate’s

However, such requests must be reported

Libya, Saudi Arabia, Syria, Qatar, United

recent passage of a bill on February 5, 2019,

to the Department of Commerce. Where

Arab Emirates, and Yemen. These countries

the Strengthening America’s Security in

the business would otherwise have done so

maintain boycott laws on their books,

the Middle East Act, which includes the

based on business merits, the business should

requiring careful attention when reviewing

Combating B.D.S. Act of 2019 (BDS).

continue to use Israeli goods and components

any commercial documents received from

The law—combatting boycott, divestment,

for items sent to countries that do not boycott

customers in these countries or authorizes

and sanctions activities—allows U.S. states to

Israeli goods. Merely removing the marks

services to be performed in these countries.

implement anti-BDS laws and further allows

from the tool is a potential compliance issue.

Note that boycott requests can come from a

them to divest from government contractors

—————————————————

variety of sources and are not limited to those

participating in the boycott of Israel.

in Treasury List countries, such as Pakistan,

Supporters say that the act is meant to oppose

VI.

India, Bangladesh, Malaysia, China, and

the global BDS movement and show U.S.

Taiwan.

support for Israel. However, opponents of

With respect to oversight, what are

the legislation say this is more of a restriction

some red flags to look for? When a company

on the First Amendment right to free

receives an opportunity for the business, its

speech, specifically the right to boycott. The 28

Currents 24.1 2020

Customs

Issues

————————————————— On the import side, there are three important questions an attorney must ask himself or herself. First, what is the item and how is it classified? Second, what is the value of the item? This is critical from an import

perspective, much more than it is on the

the country of origin. In the hypothetical,

Only time will tell if that is in fact the case.

export side. Third, where is the item coming

Israel is the tool’s true country of origin.

In the meantime, the administration has

from–what is the country of origin?

Woodlands later transshipped the tool to a

added additional tariffs on goods on top of

The term classification carries an entirely

different country, by getting another firm to

preexisting tariffs. Importers feel the brunt

different meaning depending on whether

hide the true country of origin. Woodlands’

of the impact, especially with respect to the

imports or exports are at issue. With respect

course of action had more to do with

Section 232 tariffs on aluminum and steel.59

to exports, classification refers to the Export

concealing Israel as the country of origin

The Trump administration found when

Control Classification Number (ECCN),

because of a boycott. However, this practice

initiating those tariffs that, as a matter of

which is determinative as to which controls

is not uncommon for those merely trying to

national security, domestic steel imports are

apply to a particular item. The number

give off the appearance that an item moved

very sensitive. Sensitivity of both the steel

changes depending on what the item is.

from a different country in order to take

and aluminum industries prompted the

However, import “classification” involves the

advantage of that country’s lower duty rate.

Trump administration’s determination that

harmonized tariff number, commodity code,

Different countries pay different duty rates.

both needed protection. Tariffs on raw steel

or import number. The U.S. tariff number

Customs issues are impacted by special

and aluminum, as well as products derived

is a ten-digit number and anything imported

programs, including bilateral and trilateral

from those materials, are subject to increases

into the U.S. is classified according to the ten-

free trade agreements, such as NAFTA or

of 25% or 10% additional duties, as the case

digit code in the tariff. Locating the relevant

now, the USMCA. Free trade agreements

may be.60 Additional duties as a general rule

number is critical to understanding which

may involve two or more countries

are applied across the board, with limited

import duties apply.

negotiating and looking for reciprocal export

exclusions.61 Those products excluded from

Secondly, what is the items valuation

benefits. Under these agreements all of the

additional duties however are subject to

according to its classification? The vast

participating countries benefit mutually from

quotas that cap the quantity of total imports

majority of duties for items subject to the

each others’ exports.

each year.62

tariff are imposed on an ad valorem basis–in

Unilateral preferential programs are

As a practical example, take Brazil–

proportion to the item’s value. As illustrated

another sort of specialty program, designed

where the steel pipe quotas operate to “open”

by the hypothetical, a company can try to

to encourage development between certain

up each quarter, closing within mere hours.

play around with the value, tweaking it to

countries and the U.S.56 The Generalized

As a result, importers and their brokers

get a lower duty payment.

System of Preferences (GSP) and the African

must be prepared to submit their import

One exception is found in Chapter 27

Growth and Opportunity Act (AGOA) are

documentation at the moment it opens–as

the most commonly known. The U.S. exports

complicated by the fact that the government

which primarily affects petroleum and

to GSP and AGOA member countries

does not advertise exactly when it will open–

petroleum products. Typically, duties are paid

that satisfy specified conditions, receiving

and cross their fingers. Evidently, such quotas

on a specific rate of duty based on the value or

no benefit in return.5758 Benefits are not

complicate trade compliance.

the weight of the cargo. However, application

necessarily provided duty-free, but often

of this exception involves basing the rate

do receive a lower duty rate than had the

Section 301 tariffs63 target China and

of duty on the specific quantity of barrels

products come from countries not within

are retaliatory in nature. The U.S. currently

imported. The tariff may not make sense for

these programs.

has four different retaliation lists. 64 The

the widget world—one that involves pieces

A. 232 Tariffs

U.S. has lists of Chinese practices they are

of the U.S. Harmonized Tariff Schedule,

B. 301 Tariffs

of equipment and parts. For companies that

Trade compliance programs are on the

seeking to see some improvement on. For

are importing hydrocarbons in bulk tankers,

front lines of the “trade war”. The Trump

example, companies seeking to do business

a barrel-based valuation is more sensible.

administration has initiated several trade

in China must form a joint venture with a

wars, viewing tariffs as the great equalizer.

Chinese partner. Upon formation, Chinese

Finally, the third question deals with

Currents 24.1 2020

law requires the non-China partner to

the import sector of trade compliance, but

captured by either a countervailing duty or

turn over its technology to its Chinese

in order to understand the way free trade

an anti-dumping duty order.

counterpart, which as a general matter are

agreements operate more generally.

at least nominally affiliated with the Chinese

—————————————————

the current political climate. Each year,

government itself. The U.S. fundamentally

VII. Anti-Dumping and Countervailing Duties

U.S. Customs Border Protection (CBP)

opposes forced technology transfers. List three includes 5,733 items, valued at a whopping 200 billion dollars’ worth of merchandise and went into effect May 10, 2019.65 Then, a fourth list went into effect on September 1, 2019, covering 3,796 items valued at 300 billion dollars. Later that 66

month, President Trump tweeted that the first three lists, scheduled to increase from 25% to 30% effective early October, were subject to a hold based on the outcome of the “Phase 1” interim U.S.-China Agreement reached in their recent negotiations.67 Another issue in the “trade war” is the trade imbalance–unsurprisingly, the U.S. imports far more than it exports to China. These are just two of the many issues the U.S. government is concerned with resolving in the ongoing U.S.-China negotiations. The eyes of the global business community are upon them as this takes place, and the outcome still remains to be seen. In the meantime–is it workable for multinational companies to simply just take Chinese goods, ship them to say–Singapore, and then import them from Singapore to get around the tariff increases? No, because the country of origin, not the country of export, is determinative. The import–however routed—goes back to the country of import. This may be confusing to those unfamiliar with this nuanced system, thus companies and their respective compliance programs must ensure that the supply chain is made aware. Classification, valuation, and country of origin are integral, not only for those in

————————————————— When a foreign manufacturer sells goods in the U.S. for less than fair value, causing injury to U.S. industry, antidumping occurs. 68 Both anti-dumping and countervailing duties69 are considered unfair trade practices.70 Foreign companies “dumping” are selling into the U.S. market, hoping to drive out U.S. competition, at which point the dumpers can drive prices back up. Affected U.S. industries can initiate an investigation, either through the International Trade Commission (ITC)71 and the International Trade Administration (ITA)72 within the Commerce Department. Both agencies investigate and ultimately determine whether: 1. dumping is taking place; and 2. if material injury has occurred as a result. Satisfaction of both elements will result in the U.S. government issuing “the delta”—the difference between the price the item is actually sold for in the U.S. and fair market value—as a duty.73 This is a trap for the unwary, capable of blindsiding importers ignorant of these processes with anti-dumping duties commonly in the 200%-300% range, on top of the actual price the importer paid for the good. Countervailing duty law works similarly. The usual case involves a foreign government assisting a foreign manufacturer by providing subsidies or tax incentives, giving the manufacturer a leg up on U.S. industry. Therefore, companies would be wise to exercise caution if a deal seems too good to be true and ensure the import is not 30

Currents 24.1 2020

The above holds particularly true in

announces its priority areas. In both 2018 and 2019, CBP’s announced priorities included anti-dumping, countervailing duties, and the “trade war.” Since his candidacy as well as throughout his presidency, President Trump made NAFTA a big target. Aside from the Iran Deal, he proclaimed NAFTA the “worst trade deal ever made.”74 He similarly targeted the Trans-Pacific Partnership (TPP), a multilateral free trade agreement. One of his first actions coming in the office was to withdraw from the TPP.75 Un i t e d St a t e s - Me x i c o - C a n a d a Agreement (USMCA)76 has gotten lot of attention, and many argue it to be a brandnew free trade agreement, while others insist it is merely NAFTA 2.0.77 There are tweaks on the edges, but for all practical purposes, not a lot has changed from under NAFTA. The Trump administration is stepping back in many ways from the U.S.’s traditional role as the global leader. Looking ahead, there are several other bilateral trade agreements potentially on the horizon, such as the U.S.-E.U. agreement. The Trump administration has indicated a preference for dealing bilaterally. For example negotiations are underway for a U.S.-U.K. free trade agreement in anticipation of Brexit.78 Further, similar one-to-one style negotiations took place between the U.S. and Japan–signing a new agreement this September,79 as well as the 2018 revisions to the U.S.-Korea (KORUS)80 deal.81 Similar to NAFTA, as opposed to USMCA, the revisions to KORUS resembled a tweaking

of the issues rather than a major overhaul of

are accurately represented, and not hidden

the agreement as a whole.

or purportedly coming from a different

Understanding classification, valuation,

country to take advantage of lower duty

and country of origin is important, not

rates or avoid boycott rules. Tariffs majorly

only for those in the import sector of trade

impact importers, and those dealing in

compliance but also for understanding the

Chinese markets must stay apprised of

way free trade agreements work.

the latest developments with ongoing

—————————————————

negotiations. Trade wars between the U.S.

VIII.

and other countries can lead to dumping in

Conclusion

————————————————— Firms must address issues on several fronts when conducting business or seeking out transactions at the multinational level. Compliance implications can arise in structuring the deal itself, seeking out business partners, establishing operations abroad, and transshipping goods. Federal administrative oversight is driven by both foreign policy and national security concerns, rather than industry regulation or worker safety, often yielding puzzling outcomes.

the American market in an attempt to drive American businesses out by undercutting the prices of goods. This leads to anti-dumping and countervailing duties being applied to both individual companies and specific countries. In efforts to control trade issues, the Trump administration is attempting to deal with other nations less on a multilateral bases and more on bilateral basis. In sum, lawyers should look at the big picture and, a point that cannot be overstated, exercise an abundance of caution when advising clients.

Export controls restrict an item from shipment without regard to the identity of the exporter, generally targeting certain sanctioned jurisdictions such as bad actors like Iran or Russia. Sanctions are often specific to certain types of items and sectors or limited in quantity, rather than operating as a blanket bar. Exporters, particularly those in the technology sector, will often encounter issues posed by cross-cultural differences— such as SOEs in China. Thus, professionals may be required to request and obtain licenses to fully comply with U.S. law. An inquiry as to a particular item’s classification, valuation, and country of origin is essential to properly complying with taxes levied on imports by customs, generally assessed on an ad valorem basis. Compliance professionals must be prudent in ensuring that countries of origin 31

Currents 24.1 2020

End Notes 1. 2.

See generally 15 C.F.R. § 30 (2019). U.S. Dep’t of the Treasury, Office of Foreign Assets Control (Apr. 5, 2019, 5:53 PM), https:// www.treasury.gov/about/organizational-structure/offices/pages/ office-of-foreign-assets-control. aspx [hereinafter OFAC] [https:// perma.cc/638V-RFV4]. 3. U.S. Dep’t of the Treasury, Venezuela-Related Sanctions, h t t p s : / / w w w. t r e a s u r y. g o v / resource-center/sanctions/ programs/pages/venezuela.aspx [https://perma.cc/3E2Q-SXGZ] [hereinafter Venezuela-Related Sanctions]; U.S. Department o f t h e Tr e a s u r y , I r a n Sanctions, https://www.treasury. gov/resource-center/sanctions/ Programs/Pages/iran.aspx [https:// perma.cc/4TKJ-DNEF]; U.S. Dep’t of the Treasury, North Korea Sanctions, https://www. treasury.gov/resource-center/ sanctions/Programs/pages/nkorea. aspx [https://perma.cc/NY2WQ3U8] [hereinafter North Korea Sanctions]. 4. U.S. Dep’t of State, Directorate of Defense Trade Controls, https://www.pmddtc.state.gov/ ddtc_public?id=ddtc_public_ portal_about_us_landing [https:// perma.cc/UVK6-H6TV]. 5. See 22 C.F.R. §§ 120–130 (2019) (implementing the Arms Export Control Act, 22 U.S.C. § 2778 (2019)). 6. U.S. Dep’t of Commerce, Bureau of Industry and Security, https://www.bis.doc.gov/ (last visited Jan. 22, 2020). 7. 15 C.F.R. § 730.3 (2019). 8. 15 C.F.R. §§ 730–774 (2019) ( i m p l e m e n t i n g t h e Ex p o r t Administration Act of 1979, 50 U.S.C. App. 2401–2420 (2012)). 9. Id. 10. Id. 11. Id. § 760. 12. Id. 13. See Statement by the President on Ukraine, The White House President Barack Obama ( Ma r. 1 7 , 2 0 1 4 ) , h t t p s : / / obamawhitehouse.archives.gov/ the-press-office/2014/03/17/ statement-president-ukraine [https://perma.cc/2QE4-8ME3]. 14. See U.S. Dep’t of the Treasury, Sanctions Programs and Country Information, https:// www.treasur y.gov/resourcecenter/sanctions/Programs/Pages/ Programs.aspx [https://perma.cc/ X875-QDLV].

15. U.S. Dep’t of the Treasury, Specially Designated Nationals and Blocked Persons List, https://www.treasury.gov/ resource-center/sanctions/SDNList/Pages/default.aspx [https:// perma.cc/QZW6-CQ4B]. 16. U.S. Dep’t of the Treasury, Balkans-related Sanctions, h t t p s : / / w w w. t r e a s u r y. g o v / resource-center/sanctions/ Programs/pages/balkans.aspx [https://perma.cc/C99T-MJT4]; U.S. Dep’t of the Treasury, Iraq-Related Sanctions, https:// www.treasury.gov/resource-center/ sanctions/Programs/pages/iraq. aspx [https://perma.cc/A4KC66AR]; U.S. Dep’t of the Treasury, Lebanon-Related Sanctions, https://www.treasury. gov/resource-center/sanctions/ Programs/pages/leb.aspx [https:// perma.cc/5QMR-PB2F]; U.S. Dep’t of the Treasury, Malirelated Sanctions, https:// www.treasury.gov/resource-center/ sanctions/Programs/pages/mali. aspx [https://perma.cc/76PA58H7]; U.S. Dep’t of the Treasury, Nicaragua-related Sanctions, https://www.treasury. gov/resource-center/sanctions/ Programs/pages/nicaragua.aspx [https://perma.cc/3SVD-EG9J]; U.S. Dep’t of the Treasury, S o u t h S u d a n - r e l at e d Sanctions, https://www.treasury. gov/resource-center/sanctions/ Programs/pages/south_sudan. aspx [https://perma.cc/562S5V59] [hereinafter South Sudanrelated Sanctions]; U.S. Dep’t of the Treasury, Syria-Related Sanctions, https://www.treasury. gov/resource-center/sanctions/ Programs/Pages/northeast_syria. aspx [https://perma.cc/PJ4ZSBNG]; U.S. Dep’t of the Treasury, Ukraine-/Russiarelated Sanctions, https:// www.treasur y.gov/resourcecenter/sanctions/Programs/Pages/ ukraine.aspx [https://perma. cc/FD7J-MDW7] [hereinafter U k r a i n e - / R u s s i a - r e l at e d Sanctions]; Venezuela-Related Sanctions, supra note 3. 17. S o u t h S u d a n - r e l a t e d Sanctions, supra note 16; U.S. Dep’t of the Treasury, YemenRelated Sanctions, https:// www.treasur y.gov/resourcecenter/sanctions/Programs/pages/ yemen.aspx [https://perma.cc/ X9AP-8YX7]; U.S. Dep’t of

t h e Tr e a s u r y , B u r u n d i Sanctions, https://www.treasury. gov/resource-center/sanctions/ Programs/pages/burundi.aspx [https://perma.cc/4PZC-66FC]; North Korea Sanctions, supra note 3. 18. U.S. Dep’t of the Treasury, OFAC Specially Designated N at i o n a l s a n d B l o c k e d Persons List (Oct. 23, 2019), https://www.treasury.gov/ofac/ downloads/sdnlist.pdf [https:// perma.cc/PJV2-42L6]. 19. Dep’t of the Treasury, Revised Guidance on Entities Owned by Persons Whose Property and Interests in Property are Blocked (Aug. 13, 2014), https:// www.treasury.gov/resource-center/ sanctions/Documents/licensing_ guidance.pdf [https://perma. cc/RC2T-QQHM] [hereinafter Revised Guidance]. 20. U k r a i n e - / R u s s i a - r e l at e d Sanctions, supra note 16. 21. Venezuela-Related Sanctions, supra note 3. 22. S e e U . S . D e p ’t o f t h e Treasury, Sectoral Sanctions Identifications (SSI) List, h t t p s : / / w w w. t r e a s u r y. g o v / resource-center/sanctions/ SDN-List/Pages/ssi_list.aspx [https://perma.cc/VCQ8EPWW] [hereinafter Sectoral Sanctions Identifications (SSI) List]; see also Exec. Order No. 13,662, 79 Fed. Reg. 56 (Mar. 24, 1994), https://www.treasury. gov/resource-center/sanctions/ Programs/Documents/ukraine_ eo3.pdf [https://perma.cc/4CQJ7ZA9]. 23. See, e.g., 31 C.F.R. § 560.314 (2018). 24. See 31 C.F.R. § 515.329 (2018). 25. 31 C.F.R. § 560.215 (2018). 26. 31 C.F.R. §560 (2018); See e.g., Dep’t of the Treasury, Iranian Transactions and Sanctions Regulations 31 C.F.R. Part 560 (2018), https://www.treasury. gov/resource-center/sanctions/ Programs/Documents/iran_glh. pdf [https://perma.cc/BPA4AC7Q]. 27. See U.S. Dep’t of the Treasury, Revocation of JCPOA-Related General Licenses; Amendment of the Iranian Transactions and Sanctions Regulations; P u b l i c at i o n o f U p d at e d FAQs, https://www.treasury.gov/ resource-center/sanctions/OFACEnforcement/Pages/20180627. 32

Currents 24.1 2020

aspx [https://perma.cc/WGF9XZDB]. 28. Se e A s h i s h Ku m a r Se n , A Brief History of Sanctions on Iran, Atlantic Council (May 8 , 2 0 1 8 ) , h t t p s : / / w w w. atlanticcouncil.org/blogs/newatlanticist/a-brief-history-ofsanctions-on-iran/ [https://perma. cc/J4K2-SQVW]. 29. See Dep’t of the Treasury, A Fr a m ewo r k f o r O FAC Compliance Commitments 11, https://www.treasury.gov/ resource-center/sanctions/ Documents/framework_ofac_ cc.pdf [https://perma.cc/5QCNP3UR]. 30. Seven Companies Sanctioned Under the Amended Iran Sanctions Act, U.S. Dep’t of the Treasury, https://2009-2017.state.gov/r/ pa/prs/ps/2011/05/164132. htm [https://perma.cc/C7UGUWRZ]. 31. See U.S. Dep’t of the Treasury, Treasury Sanctions Venezuela’s State-Owned Oil Company Petroleos de Venezuela, S.A., https://home.treasury.gov/news/ press-releases/sm594 [https:// perma.cc/342U-7E4A]. 32. Venezuela-Related Sanctions, supra note 3. 33. See generally Sectoral Sanctions Identifications (SSI) List, supra note 22 (listing for determining sanctions); see generally U.S. D e p’t o f t h e Tr e a s u r y , Office of Foreign Assets Control Sectoral Sanctions Identification List (2018), https://www.treasury.gov/ofac/ downloads/ssi/ssilist.pdf [https:// perma.cc/UK8V-UDM9]. 34. See Revised Guidance, supra note 19. 35. See U.S. Dep’t of the Treasury, Directive 2 (As Amended on Sept. 29, 2017) under Exec. Order 13662 (2017), https:// www.treasury.gov/resource-center/ sanctions/Programs/Documents/ eo13662_directive2_20170929. pdf [https://perma.cc/QY88D5YE]. 36. See U.S. Dep’t of the Treasury, Directive 4 (As Amended on Oct. 31, 2017) under Executive Order 13662 (2017), https:// www.treasury.gov/resource-center/ sanctions/Programs/Documents/ eo13662_directive4_20171031. pdf [https://perma.cc/3WXWCY4C]. 37. Id.

38. 39. 40. 41.

31 C.F.R. § 560.204 (2018). 31 C.F.R. § 560.208 (2018). 31 C.F.R. § 560.417 (2018). Venezuela-Related Sanctions, supra note 3. 42. U.S. Dep’t of Commerce, Bu re au o f I n d u s t ry a n d Securit y, https://www.bis. doc.gov/index.php/documents/ regulation-docs/410-part-730general-information/file [https:// perma.cc/KA32-G42H]. 43. See Bureau of Industry and Security, De Minimis Rules and Guidelines, https://www.bis. doc.gov/index.php/documents/ pdfs/1382-de-minimis-guidance/ file [https://perma.cc/43F4NA82]. 44. Bureau of Industry and Security, Encryption and Export Administration Reglations (EARs), https://www.bis.doc.gov/ index.php/policy-guidance/encryption [https://perma.cc/9T7E3MGF]. 45. Title XVII—Review of Foreign Investment and Export Controls, H.R. 5515—538, 115th Cong. § 1701 (2018), https:// home.treasury.gov/sites/default/ files/2018-08/The-ForeignInvestment-Risk-ReviewModernization-Act-of-2018FIRRMA_0.pdf [https://perma. cc/3PXA-M4G4]. 46. 15 C.F.R. § 734.13 (2016). 47. 15 C.F.R. § 760 (2019); see also 50 U.S.C. §1701 (2012). 48. Bureau of Industry & Security, Office of Antiboycot t Compliance (OAC), https:// www.bis.doc.gov/index.php/ enforcement/oac [https://perma. cc/XQN9-CPN2]. 49. Id. 50. Daniel B. Pickard, Lori Scheetz & Tessa Capeloto, Treasury Publishes List of Boycotting Countries, Wiley Rein LLP (Jan. 28, 2016), https:// www.wileyrein.com/newsroomarticles-Treasury-Publishes-Listof-Boycotting-Countries.html [https://perma.cc/YNC2-LCAN]. 51. S. 1, 116th Cong. § 402 (2019). 52. Id. 53. Brian Haus & Kate Ruane, In Congress, a Threat to Americans’ First Amendment Right to Boycott, ACLU Blog (Jan. 28, 2019, 3:00 PM), https://www.aclu.org/ blog/free-speech/congress-threatamericans-first-amendment-rightboycott. 54. About Harmonized Tariff Schedule, USITC, https://www. usitc.gov/harmonized_tariff_ information [https://perma. cc/FBE9-6P2W]; see also U.S. Customs & Border Protection, Tips for New Importers and

Trade Representative, $300 Billion Trade Action (List 4), https://ustr.gov/issue-areas/ enforcement/section-301investigations/section-301china/300-billion-trade-action (last visited Oct. 18, 2019); see also Int’l Trade Admin., Current Foreign Retaliatory Actions, https://www.trade.gov/mas/ ian/tradedisputes-enforcement/ retaliations/tg_ian_002094.asp (last visited Oct. 18, 2019). 65. Brock R. Williams & Keigh E. Hammond, Cong. Research Serv., IF1110943, Escalating U.S. Tariffs: Timeline (2019). 66. Id. 67. Ana Swanson, Trump Reaches ‘Phase 1’ Deal With China and Delays Planned Tariffs, N.Y. Times (Oct. 11, 2019), https://www.nytimes.com/2019/10/11/business/ economy/us-china-trade-deal. html. 68. 19 U.S.C. § 1673 (2012). 69. Id. § 1671. 70. 15 U.S.C. § 45 (2012). 71. 19 C.F.R. § 207.10 (2019). 72. Id. § 354.6. 73. Id. § 351.211. 74. President Donald Trump, Remarks by President Trump on the United States – Mexico – Canada Agreement (Oct. 1, 2018) [https:// perma.cc/3KUP-F268]. 75. See Office of the U.S. Trade R e p. , Th e U n i t e d S tat e s Officially Withdraws from the Trans-Pacific Partnership (2017), https://ustr.gov/aboutus/policy-offices/press-office/ press-releases/2017/january/USWithdraws-From-TPP [https:// perma.cc/C2XU-X5YU]. 76. Office of the U.S. Trade Rep., Agreement between the United States of America, the United Mexican States, and Canada 05/30/10 Text (2019), https://ustr.gov/trade-agreements/ free-trade-agreements/unitedstates-mexico-canada-agreement/ agreement-between [https:// perma.cc/J7VF-F3BR]. 77. John S. Baker & Lindsey Keiser, N A F TA / U S M C A D i s p u t e Settlement Mechanisms and the Constitution, 50 U. Miami InterAm L. Rev. 1, 7 (2019) (“The language of NAFTA’s Chapter 19 was carried over almost verbatim to the USMCA Chapter 10 with a few new additions for digitizing filing and decisions.”); see also Cherie O. Taylor, Twenty-First Century Trade Policy: What the U.S. has Done & What It Might Do, 23 Currents: J. Int’l Econ. L. 49, 56 (2019) (“The proposed USMCA contains chapters covering all of the original

Exporters (Feb. 27, 2019), https://www.cbp.gov/trade/basicimport-export/importer-exportertips [https://perma.cc/K2RS6C5B]. 55. Mineral Fuels, Mineral Oils, and Products of Their Distillation; Bituminous Substances; Mineral Waxes, 2019 Harmonized Tariff Schedule of the United States 27-5 (2019). 56. Office of the U.S. Trade Representative, Generalized System Preferences (GSP), https://ustr.gov/issue-areas/ trade-development/preferenceprograms/generalized-systempreference-gsp [https://perma. cc/5ZB3-G5JL]. 57. Office of the U.S. Trade Representative, Preference Programs, https://ustr.gov/ issue-areas/preference-programs [https://perma.cc/EA8N-KQLC]. 58. S e e , e . g . , U . S . T r a d e R e p re s e n tat i v e , U . S . Generalized System of Preferences: GUIDEBOOK 6 (2017), https://ustr.gov/ sites/default/files/gsp/GSP%20 Guidebook%20March%202017. pdf. 59. Rachel F. Fefer Et Al., Cong. R e s e a rc h S e rv. , R 4 5 2 4 9 , Section 232 Investigations: O verview and Issues for Congress 7 (2019) [https:// perma.cc/8WMQ-HFB2]. 60. Id. 61. Id. at 9-10. 62. Id. at 8. 63. Office of the U.S. Trade R e p r e s e n tat i v e , C h i n a Section 301–Tariff Actions and Exclusion Process, https:// ustr.gov/issue-areas/enforcement/ section-301-investigations/tariffactions [https://perma.cc/B2GHW4XD]. 64. Office of the U.S. Trade Representative, $34 Billion Trade Action (List 1), https:// ustr.gov/issue-areas/enforcement/ section-301-investigations/ section-301-china/34-billiontrade-action (last visited Oct. 18, 2019); Office of the U.S. Trade Representative, $16 Billion Trade Action (List 2), https:// ustr.gov/issue-areas/enforcement/ section-301-investigations/ section-301-china/16-billiontrade-action (last visited Oct. 18, 2019); Office of the U.S. Trade Representative, $200 Billion Trade Action (List 3), https:// ustr.gov/issue-areas/enforcement/ section-301-investigations/ section-301-china/200-billiontrade-action (last visited Oct. 18, 2019); Office of the U.S.

78.

79.

80.

81.

NAFTA topics as well as most of the newer topics.”). Office of the U.S. Trade Rep., U. S.-UK Trade Agreement Negotiations, https://ustr. gov/countries-regions/ europe-middle-east/europe/ united-kingdom/us-uk-tradea g r e e m e n t - n e g o t i at i o n s [https://perma.cc/8LTK-LR8Y]. Cathleen D. Cimino-Isaacs & Brock R. Williams, Cong. Research Serv., IF11120, U.S.-Japan Trade Agreement Negotiations (2019) [https:// perma.cc/8JH3-AQR2]. Office of the U.S. Trade Rep., Fact Sheet on U.S.-Korea Free Trade Agreement Outcomes (2018), https://ustr.gov/about-us/ policy-offices/press-office/factsheets/2018/september/fact-sheetus-korea-free-trade [https://perma. cc/N7ET-7R9Y]. Office of the U.S. Trade Representative, U.S.-Japan Trade Agreement Text (2019), https:// ustr.gov/countries-regions/japankorea-apec/japan/us-japan-tradeagreement-negotiations/us-japantrade-agreement-text.

Currents 24.1 2020

Anti-Bribery Laws and Investigation: Background J O R D A N

S L O A N E

—————————————————

have grown. There is the U.N. Convention

office; or to any other person knowing that

I. Impact of Corruption

Against Corruption (UNCAC) created in

something of value will be offered, given or

2003. UNCAC provides for mutual legal

promised directly or indirectly, to a foreign

assistance and cooperation on the recovery

government official for the purposes of

of assets. The Organisation for Economic Co-

influencing official action, inaction of the

Operation and Development (OECD) also

foreign government official; or inducing the

developed the Anti-Bribery Convention in

foreign government official to do or omit

1997 to establish “legally binding standards to

an action in violation of his lawful duty; or

criminalise bribery of foreign public officials

inducing the foreign government official to

in international business transactions” and

use his influence to affect an act or decision

to provide for a host of related measures

of the foreign government; or to secure an

that make this effective. The Anti-Bribery

improper advantage.

————————————————— Corruption affects governments, economics, and institutions. Corruption corrodes government and pushes out honest officials. Corruption also distorts economies. The empirical studies suggest there is a negative correlation between perceived levels of corruption and foreign direct investment. The main concern is how corruption impacts growth. Finally, corruption undermines support for democratic institutions. The impact of corruption has led to the U.S. Foreign Corrupt Practices Act (FCPA) and many other anti-corruption acts around the world that interact to help fight corruption. See https://www.sec.gov/spotlight/fcpa/ fcpa-resource-guide.pdf and https://www. justice.gov/criminal-fraud/foreign-corruptpractices-act. —————————————————

II. Multilateral Response ————————————————— The U.S. led the push for a multilateral response to anti-corruption. Previously, the U.S. was the only country with a statute forbidding the payment of bribes to foreign public officials. Since 1977, when the FCPA was passed, multilateral efforts

Convention is the first and only international

There are two affirmative defenses. The

anti-corruption instrument focused on the

FCPA does not apply to: (1) if the payment

supply side of the bribery transaction. In

was lawful under the written laws of the

response to OECD efforts, the U.K. created

country concerned; or (2) if the payment

its Bribery Act in 2010, regarded as stricter

or gift was a reasonable and bona fide

than the U.S. legislation. See https://www.

expenditure directly related to promotion/

oecd.org/corruption/ and https://www.sec.

demonstration of products or services or to

gov/spotlight/fcpa/fcpa-resource-guide.pdf.

the execution or performance of the contract.

—————————————————

Such payments need to be recorded under the

III. FCPA

books/records requirements discussed below.

————————————————— The FCPA applies to any unlawful act by any issuer, domestic concern or person acting within the U.S. corruptly, which requires intent to make any offer, payment, promise to pay or to authorize payment of anything of value to a foreign official, international organization official, political party, party official, or candidate for public 34

Currents 24.1 2020

See https://www.sec.gov/spotlight/fcpa/fcparesource-guide.pdf and https://www.sec.gov/ spotlight/fcpa/fcpa-anti-bribery.pdf. A. FCPA’s Two Main Sections and Two Main Enforcement Agencies The FCPA continues to be the most important anti-bribery act in the U.S. The FCPA continues to be enforced by two agencies. The Securities and Exchange

Commission (SEC), handles civil matters

structures are being used to reward self-

an issuer? “A company is an issuer under

in relation to FCPA. The Criminal Division

policing, self-reporting, remediation and

the FCPA if it has a class of securities

of the Department of Justice (DOJ)

cooperation. See https://www.sec.gov/

registered under Section 12 of the Exchange

implements the FCPA by providing guidance

spotlight/fcpa/fcpa-resource-guide.pdf.

Act or is required to file periodic and other

to companies that ask questions about the applicability of the FCPA to its dealings called the FCPA Opinion Procedure and coordinates prosecution with other countries. The DOJ announced that its top enforcement priority was the FCPA. See https://www.sec. gov/spotlight/fcpa/fcpa-resource-guide.pdf and https://www.justice.gov/criminal-fraud/ fcpa-guidance. The FCPA has two main sections: one is the disclosure rules (“books and records”), which is dealt with by the SEC, and second is the anti-bribery provisions prohibiting the payment of bribes, which is dealt with

As the introduction is a brief background of anti-bribery laws and investigation: the FCPA will be discussed in further detail below, starting with Part IV which will discuss and breakdown the elements of the FCPA. Part V will discuss the enforcement agencies of the FCPA. Lastly, Part VI will discuss the sanctions and penalties against violators of the FCPA. —————————————————

IV. Breakdown of the AntiBribery Elements of the FCPA —————————————————

by the Criminal Division of the DOJ. See

A. Any Issuer Acting Within the United

https://www.sec.gov/spotlight/fcpa/fcpa-

States

resource-guide.pdf and https://www.justice. gov/criminal-fraud/fcpa-guidance. B. Violation of the FPCA As to violators of the FPCA, they can receive criminal penalties, which can be imposed against companies, and officers, directors, stockholders, and employees

reports with SEC under Section 15(d) of the Exchange Act.” The National Securities Exchange can help as they provide a list on the website below. Another way to tell if your company is an issuer is if the company’s stock trades in the over-the-counter market in the U.S. and the company is required to file SEC reports. To see if your company has filed SEC reports go to this website listed. See http:// www.sec.gov/edgar/searchedgar/webuser. htm, https://www.sec.gov/spotlight/fcpa/ fcpa-anti-bribery.pdf, and https://www. justice.gov/sites/default/files/criminal-fraud/ legacy/2012/11/14/fcpa-english.pdf. What is a domestic concern? “A domestic concern is any individual who

The first element of the FCPA states

is a citizen, national, or resident of the

that it is unlawful for any issuer, domestic

U.S., or any corporation, partnership,

concern or person acting within the U.S.

association, joint-stock company, business

to make use of the mails or any means or

trust, unincorporated organization, or sole

instrumentality of interstate commerce

proprietorship that is organized under the

corruptly. See https://www.sec.gov/spotlight/

laws of the U.S.” An individual’s assignees

fcpa/fcpa-anti-bribery.pdf.

also are covered. See https://www.sec.gov/ spotlight/fcpa/fcpa-anti-bribery.pdf.

as well as imprisonment for individuals.

Who is covered by the anti-bribery

The SEC can also bring civil suits for

provisions? The FCPA provisions apply to

What are certain persons and entities

damages. In addition, there are many other

a broad spectrum of persons and entities,

acting while in the territory of the United

possible sanctions such as $250,000 and/

including: (1) issuers and their assignees, such

States? The FCPA applies to certain foreign

or 5 years imprisonment for individuals,

as, their officers, directors, employees, agents,

nationals or entities “that either directly

$200,000,000 for corporations, and $10,000

and shareholders; (2) domestic concerns and

or through an agent, engage in any act in

civil penalty (corporations and individuals).

their officers, directors, employees, agents,

furtherance of a corrupt payment while in the

In the alternative, there is an act called the

and shareholders; and (3) certain persons

territory of the U.S.” The FCPA also applies

Alternative Fine Act, which the fine could

and entities acting while in the territory of

to foreign nationals or entities’ assignees as

be up to twice the gross gain sought by the

the U.S., other than issuers and domestic

well. See https://www.sec.gov/spotlight/fcpa/

illicit payment. The SEC is increasingly using

concerns. See https://www.sec.gov/spotlight/

fcpa-anti-bribery.pdf.

the option of seeking disgorgement of all the

fcpa/fcpa-anti-bribery.pdf.

profits from the violations. The sentencing

How can you tell if your company is

B. Corruptly “[A]n offer, promise, or authorization

Currents 24.1 2020

of payment, or a payment, to a government

Gifts with an improper purpose entails

agency or, or instrumentality thereof, or

official must be made corruptly.” Congress

a larger or more extravagant gift. The “DOJ

of a public international organization, or

added that corruptly means an intent or

and SEC enforcement cases have involved

any person acting in an official capacity for

desire to wrongfully influence. Corruption

single instances of large, extravagant gift-

or on behalf of any such government or

first starts with “payments intended to induce

giving, such as a sports car, fur coats, and

department, agency, or instrumentality, or for

or influence a foreign official to use his or her

other luxury items, as well as, widespread

or on behalf of any such public international

position in order to assist…in obtaining or

gifts or smaller items as part of a pattern of

organization.” See https://www.sec.gov/

retaining business for or with, or directing

bribes.” See https://www.sec.gov/spotlight/

spotlight/fcpa/fcpa-anti-bribery.pdf.

business to, any person.” This is known as

fcpa/fcpa-anti-bribery.pdf.

the “business purpose test.” Examples of actions taken to obtain or retain business include, winning a contract, influencing the procurement process, circumventing the rules of importation of products, gaining access to non-public bid tender information, evading taxes or penalties, influencing the adjudication of lawsuits or enforcement actions, obtaining exceptions to regulations, and avoiding contract termination. See https://www.sec.gov/spotlight/fcpa/fcpaanti-bribery.pdf.

Department, agency or instrumentality

Payment of travel and entertainment

of a foreign government is also included

expenses with an improper purpose entails

in the definition of foreign official. The

“the conjunction with other conduct

DOJ and SEC continues to bring FCPA

reflecting systemic bribery or other clear

cases involving bribes paid to employees of

indicia of corrupt intent.” A DOJ and

agencies and instrumentalities of foreign

SEC case involving a California based

governments. See https://www.sec.gov/

telecommunications company is an

spotlight/fcpa/fcpa-anti-bribery.pdf.

example of improper payment of travel and entertainment expenses because the company spent nearly $7 million on approximately 225 trips for its customers in order to obtain systems contracts in China. See https://www.

Public international organizations are also included as an expansion of foreign official to include employees and representation of public international organizations. A public international organization includes any

C. To make any offer, payment, promise to

sec.gov/spotlight/fcpa/fcpa-anti-bribery.pdf.

pay or to authorize payment of anything

Other things of value include charitable

under the International Organizations

contributions. The FCPA does not prohibit

Immunities Act or any other organization

Anything of value includes large amount

charitable contributions unless used to funnel

that the President so designates. Examples

of cash, gifts, travel, entertainment, and

bribes to government officials. Charitable

of public international organizations are the

other things of value. Giving anything of

contributions cannot be used to conceal

World Bank, the International Monetary

value is not prohibited unless anything of

payment made to corruptly influence foreign

Fund, the World Intellectual Property

value is disguised as payments of bribes. See

officials. See https://www.sec.gov/spotlight/

Organization, the World Trade Organization,

https://www.sec.gov/spotlight/fcpa/fcpa-

fcpa/fcpa-anti-bribery.pdf.

and the OECD. See https://www.sec.gov/

of value.

anti-bribery.pdf. Cash with an improper purpose entails companies maintaining cash funds specifically for the use as bribes. An example includes, “one U.S. issuer headquartered in Germany disbursed corrupt payments from a corporate cash desk and used offshore bank accounts to bribe government officials to win contracts.” See https://www.sec.gov/ spotlight/fcpa/fcpa-anti-bribery.pdf.

D. Foreign Official “Foreign official” means any foreign

spotlight/fcpa/fcpa-anti-bribery.pdf. E. Payments to Third Parties/Knowing

political party, any candidate for foreign

The FCPA “prohibits corrupt payments

political office, or any person. Even though

made through third parties or intermediaries,”

they are split into categories, the term

which covers “any other person knowing that

“foreign official generally refers to an

something of value will be offered, given or

individual falling within any of these three

promised directly or indirectly, to a foreign

categories.” Therefore, the FCPA defines

government official.” According to the SEC,

foreign official as “any officer or employee

a bribe that is paid by a third party does

of a foreign government or any department,

not preclude potential liability for criminal

Currents 24.1 2020

organization designated by executive order

or civil under the FCPA. For example, a

take to fight corruption. See https://www.

remarks-34th-international-conference-

company used agents, a British lawyer, and a

sec.gov/spotlight/fcpa/fcpa-anti-bribery.pdf.

foreign.

Japanese trading company to bribe Nigerian

—————————————————

government officials in order to win a series of liquified natural gas construction projects. See https://www.sec.gov/spotlight/fcpa/fcpaanti-bribery.pdf.

Enforcement

—————————————————

In addition to the Attorney General’s remarks, the FCPA Corporate Enforcement Policy was revised. “The new policy enables the Department of Justice to efficiently

A. Domestic

identify and punish criminal conduct, and

Knowing entails awareness by the person

i. Criminal Division of the Department

it provides guidance and greater certainty

that he or she is engaging in such conduct and

of Justice & Enforcment Division of

for companies struggling with the question

such conduct is substantially certain to occur

the SEC

of whether to make voluntary disclosures of

or has a firm belief that such circumstances

In November 2012, A Resource Guide

wrongdoing.” Since 2016, the Fraud Section’s

will occur. Congress includes not only those

to the United States Foreign Corrupt Practices

FCPA Unit has secured criminal resolutions

individuals who have actual knowledge of

Act was released. This guide reflects the

in 17 FCPA-related corporate cases, resulting

wrongdoing but also who purposefully avoid

DOJ and SEC's detailed compilation of

in penalties and forfeiture to the Department

actual knowledge; deliberately ignoring

information about the FCPA, its provisions,

in excess of $1.6 billion. See https://www.

or consciously disregarding information

and enforcement. See https://www.justice.

justice.gov/opa/speech/deputy-attorney-

that should have alerted the company to

gov/criminal-fraud/fcpa-guidance .

general-rosenstein-delivers-remarks-34th-

a high probability of illicit payments. See https://www.sec.gov/spotlight/fcpa/fcpaanti-bribery.pdf . F. All for the Purpose

The DOJ has “both criminal and civil enforcement responsibility for the FCPA’s anti-bribery provisions over

international-conference-foreign and https:// www.justice.gov/criminal-fraud/file/838416/ download.

domestic concerns.” The Fraud Section

The DOJ also provides a Foreign

Conduct in violation of the FCPA

within the DOJ has primary responsibility

Corrupt Practice Act Opinion, which

must be “all for the purpose” of influencing

for all FCPA matters, regularly working

enables issuers and domestic concerns to

official action or inaction, inducing foreign

with U.S Attorney’s Offices around the

obtain an opinion of the Attorney General

government officials to act or omit to act in

country. The DOJ also works with the

as to whether certain specified conduct

violation of some lawful duty, inducing the

Federal Bureau of Investigation (FBI) to

conforms with the Department’s present

foreign government official to use influence

investigate FCPA violations. FBI Unit is

enforcement policy regarding the anti-

to affect an act or decision of the foreign

dedicated to international corruption and

bribery provisions of the FCPA. See https://

government, or securing an improper

fraud investigation. In 2017, the Attorney

www.justice.gov/sites/default/files/criminal-

advantage. Therefore, to help protect

General said that “the Criminal Division’s

fraud/legacy/2012/11/14/frgncrpt.pdf .

the economy and nation against foreign

Fraud Section within the DOJ, together

In 2 0 1 8 , t h e D O J a n n o u n c e d

corruption, the U.S. decided to enforce the

with Assistant U.S. Attorneys and law

many changes to policies and procedures

FCPA to combat corruption around the

enforcement partners, continue to secure

regarding enforcement of the anti-bribery

globe. To help with combating corruption

convictions in important FCPA-related

and corruption laws. First, in May 2018,

and enforcing the FCPA, two enforcement

cases” and “working together with the

the Deputy Attorney General at that

agencies were created to make enforcing the

international partners headway is being made

time announced the DOJ’s Policy on

FCPA their main priority. Discussed below

in combatting corruption.” See https://www.

Coordination of Corporate Resolution

in detail will be the extensive efforts by the

sec.gov/spotlight/fcpa/fcpa-anti-bribery.pdf

Penalties. Its purpose is aimed at avoiding

members of the DOJ and SEC to enforce the

and https://www.justice.gov/opa/speech/

the imposition of duplicative and punitive

FCPA and the approaches and priorities they

deputy-attorney-general-rosenstein-delivers-

penalties by multiple enforcement agencies

Currents 24.1 2020

and regulators in corporate enforcement

In addition to the anti-bribery provisions,

actions. “This policy has been incorporated

the FCPA contains accounting provisions

into the Justice Manual to encourage

applicable to public companies. The FCPA’s

prosecutors to coordinate with and consider

account provisions operate with the anti-

the amount of fines, and penalties in order

bribery provisions and do not allow off-the-

to avoid piling on penalties that could be

books accounting. “Companies and investors

cumulatively excessive. Second, in October

rely on financial statements and internal

2018, the Assistant Attorney General for the

accounting controls to ensure transparency

DOJ’s Criminal Divisions at that time issued

in the financial health of the business, the

a memorandum providing new guidance to

risks undertaken, and the transactions

Criminal Division staff on the standards,

between the company and its customers and

policy, and procedures for the selection

business partners.” Therefore, the accounting

and imposition of monitors in negotiated

provisions were created to “strengthen the

corporate settlements, including non-

accuracy of the corporate books and records

prosecution agreements, deferred prosecution

and the reliability of the audit process which

agreements, and plea agreements. Third,

constitute the foundations of our system of

the DOJ’s new China Initiative announced

corporate disclosure.”

Accounting Provisions Books and records of a company are a place where bribery can spark. Books and records are often mischaracterized in companies. There is a list of bribery mischaracterization as commissions or royalties, consulting fees, sales and marketing expenses, scientific incentives or studies, travel and entertainment expenses, rebates or discounts, after sales services fees, miscellaneous expenses, petty cash withdrawals, free goods, intercompany accounts, supplier/vendor payments, writeoffs, and customs intervention payments. See https://www.sec.gov/spotlight/fcpa/fcparesource-guide.pdf . e. Dealing with the Disclosure of “Books

by then-Attorney General Jeff Sessions,

c. Dealing with the Disclosure of “Books

in November 2018, includes as one of its

and Records”: Who is Covered by the

and Records”: Two Primary Components

ten priorities the identification of FCPA

Accounting Provisions

of the Accounting Provisions

cases that involve Chinese companies that compete with American business. See https://www.arnoldporter.com/en/ perspectives/publications/2019/01/globalanticorruption-insights. ii. Securities and Exchange Commission (SEC)

First is the books and records provision, which entail that issuers must make and keep books, records and accounts that, in reasonable detail, accurately and fairly resembles an issuer’s transactions and dispositions of an issuer’s assets. Second is the “internal controls provisions, which

a. Dealing with the Disclosure or “Books

entail that issuers must devise and maintain

and Records”: SEC Enforcement Actions

a system of internal accounting controls

“In 2010, the SEC’s Enforcement

sufficient to assure management’s control,

Division created a specialized unit to further enhance its enforcement of the FCPA, which prohibits companies issuing stock in the U.S. from bribing foreign officials for government contacts and other business.” See https:// www.sec.gov/spotlight/fcpa/fcpa-cases.shtml (includes SEC Enforcement Actions: FCPA Cases up to 2019).

authority, [and] responsibility over the firm’s assets.” The accounting provisions led the way in preventing bribery; in the past, “corporate bribery has been concealed by the falsification of corporate books and records and the accounting provisions removed this avenue of coverup.” See https://www.sec.gov/spotlight/ fcpa/fcpa-resource-guide.pdf.

b. Dealing with the Disclosure of “Books

d. Dealing with the Disclosure of “Books

and Records: Accounting Provisions

and Records”: What is Covered by the 38

Currents 24.1 2020

“The FCPA’s accounting provisions apply to every issuer that has a class of securities registered pursuant to Section 12 of the Exchange Act or that is required to file annual or other periodic reports pursuant to Section 15(d) of the Exchange Act.” Therefore “the provisions apply to any issuer whose securities trade on a national securities exchange in the U.S., including foreign issuers with exchange-traded American Depository Receipts” as well as “companies whose stock trades in the over-the-counter market in the U.S.” See https://www.sec. gov/spotlight/fcpa/fcpa-resource-guide.pdf and https://www.justice.gov/sites/default/ files/criminal-fraud/legacy/2012/11/14/ fcpa-english.pdf. f. Dealing with the disclosure of “books and records”: United States laws The U.S. laws, including the SEC rules, require issuers to partake in an annual

external audit of their financial statements,

to monitor other countries to ensure they are

individuals decide what needs to be done

which also must be available to the public

abiding by their international obligations

differently to comply with the bribery acts.

by filing them with the SEC. There is also

and vice versa. See https://www.sec.gov/

See https://www.justice.gov.uk/downloads/

the Public Company Accounting Oversight

spotlight/fcpa/fcpa-anti-bribery.pdf, http://

legislation/bribery-act-2010-quick-start-

Board (PCAOB) overseen by the SEC

www.oecd.org/corruption/anti-bribery/,

guide.pdf and https://www.sec.gov/spotlight/

regarding the accounting provisions. https://

and https://www.justice.gov/criminal-fraud/

fcpa/fcpa-resource-guide.pdf.

www.sec.gov/spotlight/fcpa/fcpa-resource-

international-agreements.

—————————————————

guide.pdf. B. International i. The OECD The OECD was created in 1961. Accordingly, the OECD is an organization that brings together anti-corruption experts and practitioners from all over the world to share experiences, learn the ins and outs from each other, and build stronger networks. http://www.oecd.org/corruption/ international-co-operation-in-combatingforeign-bribery.htm. In 1988 Congress “requested that the President negotiate an international treaty with members of the OECD to prohibit bribery in international business transactions by many of the U.S.’ major trading partners.” The OECD became a member of the AntiBribery Convention as of November 1, 2012, as well as the U.S., and the OECD also created the OECD Working Group on Bribery. This “Group is responsible for monitoring the implementation of the Anti-Bribery Convention.” It has been stated in recent years that there has been a growth in international corruption that must be combated. Therefore, the U.S. and other countries are members to different international anti-corruption conventions. These conventions have a main purpose to prevent and take measures on combatting corruption. Many of the conventions maintain a review process that allows the U.S.

ii. International Response: UK Bribery Act 2010 vs. United States’ FCPA

V I . Vi o l at i o n s o f t h e F C PA a n d S a n c t i o n s

The UK implemented its bribery act

—————————————————

in 2010 dealing with bribery just like the

The FCPA requires different criminal and

FCPA; however, the UK’s act does not cover and is not concerned with fraud, theft, and specifically books and record offences. This is different from the FCPA as this act does cover and is concerned with books and

civil sanctions and penalties for companies and individuals. See https://www.sec.gov/ spotlight/fcpa/fcpa-resource-guide.pdf. A. Criminal Penalties

record offences. On the other hand, the UK

For a violation of the anti-bribery

does provide a similar process as the U.S.

provisions, the FCPA requires that

of complying with the anti-bribery rules.

corporations and other entities are subject

The FCPA includes a Compliance Program

to a fine of up to $2 million. Also, individuals

which requires any U.S. firm that is a publicly

are subject to a fine up to $250,000 and

traded firm must have adequate internal

imprisonment for up to five years. For a

controls to meet the books and records

violation of the accounting provisions, the

requirement of the FCPA. The elements

FCPA provides that corporations and other

of the U.S.’ Compliance Program are: (1)

business entities are subject to a fine up to

commitment from the top; (2) policies

$25 million. Also, individuals are subject to

and proportionate procedures; (3) record-

a fine up to $5 million and imprisonment

keeping; (4) risk assessment; (5) compliance

for up to twenty years. Under the Alternative

function (responsibility for oversight); (6)

Fine Act, courts have discretion to provide

implementing policies and procedure; (7)

a higher fine than the FCPA provides. See

training; (8) seeking guidance and advice;

https://www.sec.gov/spotlight/fcpa/fcpa-

(9) monitory; (10) how to deal with third

resource-guide.pdf.

parties; and (11) merger and acquisitions (see the FCPA Resource Guide for further explanation of each of the elements, which the link is provided below). The UK Bribery Act provides a similar process (see the link below for a comparison to the U.S.). The Compliance Programs implemented by the U.S. and the UK help companies and

B. United States Sentencing Guidelines The United States Sentencing Guidelines are used by the DOJ to help with calculating penalties for violations of the FCPA. The Guidelines provide a detailed structure for calculating penalties for FCPA violators and federal crimes. The first step in calculating penalties is calculating the “offense level” by

Currents 24.1 2020

examining the severity of the crime and the

civil action for anti-bribery violations by

of criminal and civil resolutions of FCPA

facts of the crime. Reductions are allowed

domestic concerns, foreign nationals, and

matters. For example, in criminal and

if there is cooperation and acceptance of

companies for violations while in the U.S.

civil cases a company may be required to

responsibility, and for business entities

The SEC has authority to obtain civil actions

appoint an independent corporate monitor

there are additional factors for reduction

against issuers and their officers, directors,

who assesses and monitors a company’s

such as voluntary disclosure, cooperation,

employees, agents, or stockholders for

compliance with the requirements. The

pre-existing compliance programs, and

violations of the anti-bribery and accounting

factors the DOJ and SEC consider when

remediation. The Guidelines provide

provisions. Violations of the anti-bribery

determining if a compliance monitor is

different penalties for the initial offense level

provisions by corporations and business

appropriate include, seriousness of the

for violations of the anti-bribery provisions

entities as well as individuals are subject

offense, duration of the misconduct, and

and initial offense level for violations of

to a civil penalty of up to $16,000 per

pervasiveness of the misconduct, including

the accounting provision. The violation

violation. For violations of the accounting

whether the conduct cuts across geographic

procedures of the accounting provision are

provisions, the SEC has authority to obtain

and/or product lines, nature and size of

generally the same as the violation procedures

a “civil penalty not to exceed the greater of

the company, quality of the company’s

of the anti-bribery provisions, expect that

(a) the gross amount of the pecuniary gain

compliance program at the time of the

the specific offense characteristics differ.

to the defendant as a result of the violations

misconduct, and subsequent remediation

For example, for violations of the FCPA’s

or (b) a specified dollar limitation.” The

efforts. See https://www.sec.gov/spotlight/

accounting provisions, the offense level may

specified dollar limitation is based on the

fcpa/fcpa-resource-guide.pdf.

be increased if a substantial part of the scheme

“egregiousness of the violation, ranging from

occurred outside the U.S. “The United States

$7,500 to $150,000 for an individual and

—————————————————

Guidelines are promulgated by the United

$75,000 to $725,000 for a company.” See

States Sentencing Commission, which is an

https://www.sec.gov/spotlight/fcpa/fcpa-

independent agency in the judicial branch.

resource-guide.pdf.

Its principal purpose is to establish sentencing policies and practices for the federal criminal justice system that will assure the ends of justice by promulgating detailed guidelines prescribing the appropriate sentences for offenders convicted of federal crimes.” See https://www.sec.gov/spotlight/fcpa/ fcpa-resource-guide.pdf and https://www. ussc.gov/guidelines. See also https://www. ussc.gov/sites/default/files/pdf/guidelinesmanual/2018/GLMFull.pdf. C. Civil Penalties Even though the DOJ has authority to obtain criminal actions and the SEC does not, both the DOJ and the SEC have authority to obtain civil enforcement authority under the FCPA. The DOJ has authority to obtain

Conclusion

————————————————— According to many articles and experts

D. Collateral Consequences FCPA violators can also face collateral consequences, such as “suspension or debarment from contracting with the federal government, cross-debarment by multilateral development banks, and the suspension or revocation of certain export privileges.” See https://www.sec.gov/spotlight/fcpa/fcparesource-guide.pdf.

the best course of action for a U.S. company is to include an FCPA provision in all of its agreements regarding distribution, licensing, and joint-ventures. The company needs to do this in order to enable the company to act as expected given the breadth of the statute. When a U.S. party comes across any type of suspicion, an investigation needs to be conducted to avoid imputation of knowledge or authorization. If the investigation supports

E. Compliance Monitor or Independent

the suspicions of the U.S.’ company, it may

Consultant

be necessary to terminate the relationship.

A main goal of both the criminal prosecution and civil enforcement against

See https://www.sec.gov/spotlight/fcpa/fcparesource-guide.pdf.

companies that violate the FCPA is to make

The FCPA disincentivizes corrupt

sure that the conduct does not happen

practices, protects investors, and provides

again. Therefore, enhanced compliance

a fair playing field for companies seeking

and reporting requirements can be a part

business based on quality and price rather

Currents 24.1 2020

VII.

than bribes. “Following Congress’ leadership in enacting the FCPA [forty-three] years ago, and through determined international diplomatic and law enforcement efforts in the time since, laws like the FCPA prohibiting foreign bribery have been enacted by most of the U.S.’ major trading partners.” With its enactment of the FCPA, the U.S. has proceeded as a torch and the world follows.

Currents 24.1 2020

Changing Landscape of International Anti-Bribery and Corruption Compliance M O D E R AT O R / PA N E L I S T: PA N E L I S T S :

J O Y

D O W D L E ,

M A R G A R E T S E R G I O

M O U S O U D A K I S

L E A L ,

D AV I D

S E A R L E

—————————————————

for foreign state-owned companies here in

have seen a huge wave of other countries

the U.S.,9 such as Braskem or SinoPac. The

and jurisdictions implementing their own

law even extends to family members, and

enforcement laws.

there have been recent enforcement actions,

—————————————————

Introduction

————————————————— There are many ways to bribe, and corruption is prevalent everywhere. The World Bank estimates that 5% of the world economy–over one trillion dollars—is paid in bribes.1 Corruption issues arise in all areas of business. The history of global corruption law actually originated as a result of Watergate.2 When the Watergate investigation was ongoing, Congress was looking into the sources of the money going to the Nixon administration. The hearings revealed that a lot of American corporations had cash flush funds;3 of course, a company needed cash to bribe people. In response, Congress passed the Foreign Corrupt Practices Act (FCPA), which has two sections: the antibribery provisions and the books and records provisions.4 For a long time, the United States was the only nation with this law.

Scholars of corruption and corporate action find that the books and records provision often gets companies into the most trouble.6 The FCPA anti-bribery provisions prohibit directly or indirectly paying anything of value to a foreign government official7 and additionally require corrupt intent.8 What is difficult to navigate is the definition of “foreign official,” as it is broadly defined under U.S. law. “Foreign officials” may include individuals who work

specifically those against J.P. Morgan Chase, for employing the children of government officials.10 Further, FCPA’s “anything of value” language is not limited to cash and may include gifts or travel and expenses.11 Years ago, a rash of cases arose involving companies that paid the travel expenses of government officials, cloaked as “training trips.”12 Other examples include the provision of official consulting contracts, employment or business opportunities, household appliances, and cars.13 Bribes come in every form or fashion. The books and records provisions require that books and records be accurate with reasonable detail.14 The provisions also require good internal controls.15 Compliance programs are consistently working with control audits and other internal controls in the compliance group. There are of course possible penalties. Companies can be fined up to two million dollars for each violation.16 Individuals may also be sentenced and sent to prison in relation to corporate enforcement actions.17 The U.S. was alone for a long time in this area, and about twenty years later, the rest of the world started to promulgate their own anti-corruption laws.18 The last ten years 42

Currents 24.1 2020

I I . Th e R i s e o f Global Enforcement ————————————————— The FCPA was originally passed in 1977, but for twenty-plus years, there was very little enforcement.19 That is not to say that there were no enforcement actions brought but surely far fewer by today’s standards. The rest of the world has acquiesced in terms of enforcing anti-bribery laws. Even in countries that do not have robust anti-corruption enforcement, now far less refusal takes place with regard to recognizing the extraterritorial applications of anticorruption laws from countries like the U.S. and United Kingdom. The international landscape has changed, and there is more international participation and cooperation with enforcement. Enforcement efforts have increased. In 2007, a large Houston oil field services company, Baker Hughes, paid $44 million in fines and penalties to the U.S. Department of Justice (DOJ) and Securities and Exchange Commission (SEC), which at the time was the largest penalty ever paid for violations of the FCPA.20 Within one year, in 2008, Siemens AG paid twenty times that amount—$800 million just to DOJ. 21 Now, in 2019,

there have been several billion dollar plus

countries where they are required to conduct

bribery provisions to grant it jurisdiction

settlements. The fines paid by Siemens are

business with state-owned oil companies.

over an individual and the parent company,

no longer in the top three, although they

With all of the enforcement activity in

even if it involved a foreign executive in a

remain the fourth largest sum ever paid.

the energy sector, anti-bribery compliance

foreign country bribing a foreign national.28

Despite international conventions and

programs in this space have generally

That proposition was recently challenged in

organizations, such as the Organisation for

matured. There are less enforcement actions

court in line with DOJ’s enforcement trend

Economic Cooperation and Development

against such companies today.

toward bringing more and more cases against

(OECD), working against bribery, many

A further look at the type of companies

individuals.29 A case in the Second Circuit

Westernized countries have only just enacted

remaining on the top ten list is instructive.

last year placed limits on DOJ’s assertion of

anti-corruption laws within the last decade.

As mentioned, nine of the ten companies

jurisdiction against an individual, a foreign

are foreign. The jurisdictional nexus or

executive, who never entered the U.S. but,

For the last several years, DOJ and the

interest that the U.S. may have in bringing

as part of the bribery scheme, sent some

SEC have brought in combined penalties in

some of these actions is questionable. For

emails routed through U.S.-based servers.30

the billions of dollars. The U.S. is still the

example, in 2019 an enforcement action

The Second Circuit found that DOJ lacked

largest enforcer by far. At last count, the U.S.

was brought against the Russian telecom

jurisdiction to bring FCPA charges against

has brought over 75% of all foreign bribery

company Mobile TeleSystems (MTS),

that individual.31

cases. Cynics have said that this statute has

which paid about $850 million dollars in

become essentially a budget line item for

bribes to Uzbek government officials in an

Ten years ago the corruption case to

DOJ, thus motivating its enforcement.

attempt to make entry into the Uzbekistan

discuss was Panalpina, the now infamous

DOJ has dedicated more and more resources

telecommunications market. 23 Likewise,

customs broker that made improper payments

to these cases and grown the number of

VEON (formerly VimpelCom)–another

in order to assist clients with clearing oilfield

federal prosecutors solely dedicated to FCPA

company in the top ten list, number five–

equipment through West African nations.32

enforcement. With respect to investigations

paid hundreds of millions of dollars for the

The case against Panalpina spawned a series

against individuals, DOJ has been known

exact same type of misconduct.

of enforcement actions against its clients for

A. Trends in FCPA Enforcement

B. Targeted Industry Focus

to use a wide variety of prosecutorial tools,

Many of these foreign companies are

their role in authorizing or failing to stop the

namely subpoenas, search warrants, up to

publicly traded, which under the SEC books

and including wire taps or sting operations.

and records provision allows the agency to

Most of the enforcement actions in the

In terms of the trend towards larger

bring enforcement action against a parent

top ten list then were brought jointly by DOJ

fines and penalties, a brief glimpse at the top

company issuer, even if it was the foreign

and SEC. However, of late, there have been

ten cases reveals resolutions predominantly

subsidiary predominantly engaged in the

more settlements with just the SEC.34 The

occurring with foreign companies, KBR

relevant unlawful activities.25

SEC is limited to civil enforcement power.

improper payments.33

being the only U.S. company remaining on

Another factor is the lack of case law

Generally, it only brings charges under the

that list. Five years ago, that top ten list was

in this area. Consequently, DOJ has a

FCPA’s books and records provisions for

comprised of mostly U.S. companies. In fact,

reputation for taking aggressive positions

accounting or internal controls failures by

many Houston-based companies were on

when it comes to asserting jurisdiction under

companies. These cases, if brought by DOJ

that list. When FCPA enforcement picked

the FCPA.26 On the books and records side,

criminally against an individual or even

up during the 2007 to 2010 timeframe,

as long as the parent company is an issuer, it

a company, are generally hard to prove.

starting with the case against Baker Hughes,

is easy for either the SEC or DOJ to bring

DOJ must prove knowledge and intent.

a lot of energy companies in Houston were

the charges, regardless of any additional

Conversely, the SEC’s burden in bringing

faced with enforcement actions. Many energy

jurisdictional nexus with the U.S. In the

a civil action under books and records

companies operate in corruption-prone

past, DOJ has interpreted the FCPA’s anti-

provisions is less onerous, as they need

Currents 24.1 2020

not prove up subjective intent elements.

debarred. The company’s share price will

years began when Deputy Attorney General

Rather, the SEC may rely upon almost any

undoubtedly be negatively impacted. On the

Sally Yates issued a memo in 2015,45 in the

accounting discrepancy in an issuer’s books

other hand, individual wrongdoers may go

aftermath of the financial crisis that affirmed

and records and focuses on what it believes

unpunished. The Filip factors thus help guide

DOJ policy for seeking to hold individual

constitutes an internal controls violation.35

prosecutors in deciding not only whether

bad actors accountable. 46 Following the

Even if actual bribery did not take place, the

to bring criminal charges against a business

financial crisis, there was an abundance of

SEC can theoretically prove internal controls

entity but also where to begin settlement

public outcry focused on the fact that while

violations by alleging a failure to properly

discussions with these same entities. Almost

several large financial institutions settled

approve expense reports or a failure to follow

all of these cases are settled out-of-court and

for millions, or even billions, of dollars for

a process for approving payments to agents.36

utilize different tools to punish, in lieu of

their role in the crisis, few individuals were

In 2016, another trend in enforcement

non-prosecution, which may carry collateral

prosecuted. .There existed a similar trend with

began involving DOJ’s institution of a pilot

consequences. Many companies strongly

respect to FCPA enforcement. Companies

program, now a permanent part of FCPA

prefer to settle and avoid the consequences

were paying hundreds of millions of dollars

corporate charging policy. Essentially, the

of a trial, including the public airing of

in bribes and generally no individuals were

program allows a company to come forward

misconduct, the sting of a felony conviction,

criminally charged.

to DOJ and self-disclose misconduct, along

and severe fines.

Questions were raised as to whether

with a representation that it has or will fully

Filip factors numbers four, five, six,

DOJ should place a higher priority on the

remediate, cooperate, and disgorge any ill-

and seven, allow a company to significantly

prosecution of individuals, recognizing that

gotten gains as a result of its misconduct.

mitigate the possibility of a criminal

while companies can be prosecuted, they

If there are no other aggravating factors, then

charge, despite the severity of underlying

cannot serve time behind bars. On the other

a presumption of what is called a declination

misconduct. 44 A company cannot really

hand, a renewed focus on the prosecution

remains, such that the company itself will not

control the outcome once an offense has

of individuals presented challenges in that

be charged. The pilot program applies only

occurred. In other words, once the bribery

the required elements of scienter and intent

to business entities.

Individuals may still

offense is investigated, considerations of the

can be hard to prove, especially against

be prosecuted to the full extent of the law

seriousness of the violation, the pervasiveness

senior corporate executives who are often

consistent with DOJ policy, which seeks to

of the wrongdoing, and the history of

insulated from front-line decisions. As

hold individual wrongdoers accountable.41

the company’s conduct are factors out of

anyone who has worked on white collar

Under the pilot program, DOJ started to

its control. However, as reflected in the

cases knows, often within corporations that

publicly announce declinations for the first

other factors, what the company can do is

commit wrongdoing there is an unethical

time.

cooperate with the government, disclose the

environment created, not necessarily overtly

C. DOJ: The Decision to Bring a

offense, put in place an effective compliance

but perhaps by the leadership at the top,

Prosecution

program, and promptly remediate the effects

leading lower-level employees to engage

The Filip factors—named after former

of the alleged offense, such as terminating the

in the offending behavior. When the dust

U.S. Deputy Attorney General Mark Filip—

offending employee and implementing more

settles, those in the C-suite do not find

in the Justice Manual, guide DOJ prosecutors

effective standards and controls. If there is

themselves charged because prosecutors

in arriving at the prosecutorial determination

one takeaway from the Filip factor analysis,

realize they will have difficulty providing

to bring criminal charges against a business

it is that corporate wrongdoers have several

scienter and intent.

entity. The Filip factors recognize that when

options in order to avoid formal criminal

companies are criminally charged there may

charges.

be collateral effects to innocent shareholders and employees, such as when a company is

memo that decidedly emphasized the need

D. Focus on the Individual Another major trend over the last couple 44

Currents 24.1 2020

Deputy Attorney General Yates issued a to pursue charges against individuals when supported by the evidence. Now, in order

to obtain credit for cooperation under the

self-disclosing.

politically, it has broad appeal, especially

Filip factors, companies must identify all

DOJ may also, under a process called

to conservatives. On the campaign trail,

relevant facts regarding individuals who

“deconfliction”, require companies that self-

President Trump talked about how the FCPA

perpetrated the wrongdoing.47 Previously,

disclose and seek cooperation credit to delay

was the worst thing Congress could ever do

there was a lack of clarity concerning the

interviewing potential witnesses.50 In other

to American companies.51 Nevertheless, the

amount of disclosure required with respect

words, DOJ can dictate to the company how

Trump administration has turned up its

to individuals. Under the Yates Memo, when

to conduct its internal investigation, even to

efforts to prosecute foreign companies.52

resolving an enforcement action against the

the extent of prohibiting in-house lawyers

From a conservative perspective, the U.S. can

company, there cannot be any agreement

from conducting interviews of company

use this statute for various reasons: to protect

between the government and business entity

employees so that government agents can

its markets or bring violators, such as Nigeria,

that involves the government declining to

have the first opportunity. Needless to say, the

to heel, especially with respect to Houston

pursue charges against individuals.

possibility of a deconfliction order from DOJ

companies; to leverage U.S. steel demand in

Recently, the Yates Memo approach was

may deter many companies from considering

Vietnam’s construction industry and curb its

scaled back a bit under Deputy Attorney

self-disclosure. The recent guidance relaxing

producers’ bad behavior; or to leverage U.S.

General Rosenstein. Late in 2018, DOJ

the Yates Memo’s requirements now specifies

pharmaceuticals demand in Latin America so

announced that business entities seeking

that deconfliction is no longer a condition of

that they will start regulating their doctors.

to cooperate with the government must

obtaining cooperation credit.

now only disclose all relevant facts about

—————————————————

those individuals who are significantly involved in misconduct.49 In other words, the Yates Memo’s “all or nothing” approach appears to have softened. As a practical matter, a company can still obtain credit for cooperation if it provides the relevant facts about the significant wrongdoers, but it does not necessarily need to provide every investigation report and relevant fact about lower level players. The last point regarding the focus on individuals concerns the pilot program and how it became permanent. The verdict is still somewhat out on whether the availability of the pilot program incentivized companies to self-disclose in cases where they otherwise would not have. The government, by some accounts, is spending significantly more time processing self-disclosures, rather than pursuing original cases. Some argue that the increased number of self-disclosures are “easy pickings” for DOJ, and, by that logic, companies should think long and hard before

III. International Antibribery and Corruption P r o s e c u t i o n Tr e n d s ————————————————— Ever since DOJ began prosecuting under the FCPA in the late 1990s and early 2000s, enforcement actions have effectively printed money for the U.S. Treasury. Additionally, there is a growing need of both FBI agents and prosecutors at the SEC and DOJ. Professionals on this path usually serve in one of these government units and then are recruited by big law firms; this revolving door presents a challenge for attorneys dealing with these units. One consequence for compliance attorneys is the need to reeducate prosecutors with each new matter as it comes up. Be that as it may, this area of the practice is continuing to grow. It is interesting to think about the FCPA as one of the most politically neutral acts in the United States—neutral inasmuch as,

For pharmacies, or any other health field in jurisdictions where health care is highly regulated or involves a state-funded entity, doctors count as foreign government officials.53 Thus, an eighteen-year-old sales rep in China giving a doctor a ten-dollar Big Mac in violation of the pharma code and regulations in Shanghai can be found to violate FCPA. Many conservatives love the FCPA, taking the view that it levels the playing field. The more liberal community tends to treat it as an opportunity to eliminate global corruption and hold U.S. capitalism to a higher ethical standard. The FCPA has not aligned with the political bend and continues to be an area that grows and generates tremendous revenue. In the 1990s, there was no foreign component to compliance or prosecution practices. Practitioners were always dealing with the U.S. government. At the most, when working with foreign governments, DOJ would provide thanks to foreign governments for any contributions their

Currents 24.1 2020

officials had provided when negotiating

The amount of independent actions has

that regulators and enforcement authorities

increased, with some jurisdictions providing

can work hand-in-glove as one unit. DOJ

This practice has changed, and a lot of it

snide comments along the lines of giving

openly works with the MinistĂŠrio PĂşblico

came about with the Siemens AG case. The

thanks to the U.S. for its helpful information.

Federal (MPF), its criminal counterpart in

Munich prosecutor did some of the initial

There has definitely been a shift as more and

Brazil, on a daily basis. A dedicated DOJ-

raids, and the U.S. government adamantly

more global enforcement efforts transform

MPF task force works together to attack

insisted Siemens have an independent

from cooperation towards independent

corruption.58

monitor for many years after the resolution

stand-alone action.

settlement papers.

A breakdown of the corporate structures

of that case. Siemens is a traditional German

Korea took a stance on corruption

of the companies involved in courruption

company, so they would not engage a

in the pharmaceutical industry, arresting

cases is instructive. The Brazilian government

monitor. They were incensed already over

several physicians and barring Novartis

was the majority shareholder, by direct and

the jurisdiction and unwilling to submit to

from engaging in sales and marketing in

indirect ownership, of Petrobas. Together,

ongoing U.S. involvement. After some back

Korea, which has led to an industry sweep

Odebregt and Petrobas effectively controlled

and forth, the resolution was ultimately

in life sciences.

Novartis had allegedly

Braskrem.59 These companies were involved

structured with German native Theo Waigel,

paid doctors, who would count as foreign

in a rampant bribery scheme to obtain

former Finance Minister of Germany and the

officials in that country, to essentially talk

construction contracts around the world,

self-proclaimed father of the Euro. Siemens

to one another as physicians. The idea was

resulting in one of the largest resolutions

agreed to engage a U.S. practitioner, F. Joseph

that doctors promote to one another in

ever seen at $3.5 billion.60 Unsurprisingly,

Warin, who provided independent counsel to

violation of local health care code and receive

adequate ongoing monitoring continues to

Waigel as monitor.54

something of value for nothing other than the

pose challenges. Kinks on the back end of the

hope that Novartis would get more doctors

resolutions themselves present an additional

to prescribe its products.

problem. For instance, with Braskem,

Early on in the 2000s, U.S. prosecution resolutions saw a shift from language

providing for thanks to foreign governments

Brazil has continued to be a tremendous

the global resolution entailed separate

to language commemorating joint efforts

hotspot. From construction to pharma

resolution papers from the U.S., Brazil, and

in each resolution. Then, there were

to oil and gas, Brazil continues to be an

Switzerland, each containing different legal

resolutions, or stand-alone actions, brought

economically enticing market for a variety

requirements.61

by governments against foreign companies.

of industries. Its consolidated population,

For example, both the U.S. and Brazil

GlaxoSmithKline (GSK) is one of the most

ready availability of natural resources, and

resolutions each have their own monitors.

noted, and certainly one of the biggest

vast opportunities for economic investment

However, their respective mandates define

fines, ever solicited independently by the

present the perfect storm for potential

privilege quite differently; some of the work

U.S. against a foreign company.55 In China,

corruption. Petrobras has consistently

of the monitors are not privileged, but the

there were several British citizens who were

been at the heart of publicized corruption

companies do not have to waive privilege.

arrested. That case put the fear of the statute,

scandals, for example the Lava Jato scandalâ&#x20AC;&#x201C;

The problem is that there is not a common

not just our FCPA, but the fear of global

or Operation Car Wash. Petrobras, a giant

definition of privilege between Brazil and

enforcement in the heart of many multi-

in the construction as well as the oil and gas

the United States.62 There is interesting

nationals. There was a huge concern after

industries, is a state-owned entity (SOE),

development to come as the SEC handles

GSK about whether to send non-Chinese

that has been involved in a web of corruption

these global resolutions and determines how

executives to China, whether to send

schemes.

regulators will cooperate to reach agreement

employees with a separate laptop, how to

Continued globalization of industries,

or harmonize some of those discrepancies of

protect employees sent to jail, and how to

companies, economic forums, financial

international standards across the core areas.

get them out.

platforms, and technology is making it such

Many of these corruption issues can arise

Currents 24.1 2020

through third parties. This occurs particularly

and statements.

—————————————————

in the oil and gas industry as that industry

For example, Rolls-Royce had a similar

involves an enormous amount of risk. As

issue with commission payments going

compliance programs have developed, there

to individuals not authorized in the agent

has been a tremendous amount of change

transaction. The company did not know who

in the way that third-party relationships

the individuals were or what their role was.

are structured with their management and

It turned out that the company had bribed

the way third parties are paid. For instance,

a bunch of Kazakhstan officials.63

twenty years ago, an oil and gas company

The stakes in these corruption cases are

could easily enter and develop a field in

high, especially in oil and gas where there

Nigeria with a local agent. The agent would

is a rig sitting in a foreign jurisdiction, or

ensure that the six-hundred thousand dollar-

a warehouse that refuses to release the mud

a-day rate rig did not have any trouble in

and tubulars that a company owns, or there

customs, and the agent would also ensure

are crews sitting off the coast of Angola

that the rig would get set up, along with the

and the customs brokerage there will not

warehouse for the tubulars. The agent would

issue any visas for those workers.64 It is high

help facilitate transport of the supplies for

stakes. Companies have huge sums tied up,

the warehouse to avoid downtime during

having employees on a day rate, or another

development. For these services, the agent

service company may have contracts with

would be paid X thousands of dollars a

service penalties for late delivery. Meanwhile,

month and have a success fee based on the

there is a foreign official on the other side

ability to deliver on time without delays.

that only makes $3,000 a year. The risk is

Rates were inflated, as the law developed and

tremendous and the transactional cost of the

investigations began to happen.

bribe is extraordinarily small in most cases.

Since then, companies have improved

The challenge for pharmaceutical companies

and obtained services from these foreign

like Pfizer, Merck, or Johnson & Johnson,

agents with due diligence. Companies should

is that of facing five to fifteen thousand

ask the right questions about third parties:

opportunities to bribe in a day.

who are they, what are their qualifications,

For oil and gas, the company has so

who are they connected to, and does that

much at stake and it costs so little to get some

qualify them as a former government official?

job done. How do companies combat or stop

This approach provides more transparency to

employees from handing over a twenty dollar

contractual obligations, more detail in the

bill in order to get, for example, the necessary

contracts concerning duties and prohibited

visas? The law does not have any de minimis

conduct, and more requirements around

exception. Looking at most of the security

invoicing. Instead of just getting a for-

statutes, that is the case. A bribe is a bribe,

services-rendered invoice from a consultant,

whether it is 50 cents or five million dollars.

now there is a detailed breakdown of

IV. Consequences of AntiBribery Prosecutions ————————————————— The repercussions of corruption cases are not limited to fines and penalties. What happens next can be a monitorship, an extrajudicial program carrying reporting obligations, similar to a probation officer. The monitor is neither a friend nor a foe. The company negotiates a list of people to DOJ. DOJ may or may not select someone off the list, reserving the option to name an outsider, despite such list. Being under a monitorship is not a desirable position, particularly in consideration of the charges and associated costs, and in addition, the reputational damage. The company faces damage not just on developing business ventures but also in terms of recruiting and maintaining employees. Bilfinger SE represents a special case presently involving an extended, deferred prosecution agreement.65 Monitorships are scary–usually, the compliance professional’s role is to alleviate fear and educate the business leaders on what is important. Significant concerns include determination of a jurisdictional nexus test, which may be tenuous depending on the context of the business venture. For example, the Bilfinger-Willbros Group joint venture in Nigeria attempted to build a natural gas facility.66 Willbros was involved in a bribery scheme with Nigerian government officials. At the time the bribes were taking place in Nigeria, Bilfinger was in Germany with no real connection to the U.S. A Bilfinger

performance, time spent, meetings attended,

representative took a flight from Frankfurt

and expenses incurred. It is no longer just

to Houston and spent the day there for a

bills and expenses but actually all receipts

meeting with executives from Willbros. 47

Currents 24.1 2020

During the meeting, a conversation arose,

and including the highest levels in the C-suite

of the narrative. The process ended up more

not necessarily describing bribery but instead

and board of directors in order to effectuate

favorably to Layne Christensen than it would

describing the situation in Nigeria. The fact

needed cultural change.

have had that original SEC lawyer stayed on,

that the Bilfinger official was in the U.S. for

Compliance professionals work with and

which is representative of the consequences of

that reason, for one day, was sufficient for

educate company employees, teaching them

DOJ to claim a jurisdictional nexus.

right from wrong in terms of compliance

When dealing with a monitor at a

At first, a fair amount of conflict

norms. Often, they have challenging roles,

company undergoing a monitorship, there

accompanied DOJ’s Bilfinger monitorship

playing the diplomat tasked with convincing

will be cynicism from employees of the

as the Germans were incredulous. Much like

others to get on board with the organization’s

company because of how highly paid these

David Hasselhoff, Bilfinger was a prominent

renewed objectives. These are the stakes with

monitors are. Monitors charge legal fees, and

German fixture and relatively unknown in

respect to Bilfinger specifically and more

have their own teams of people. Traditionally,

the U.S. Perhaps a result of this stature,

generally for companies dealing with these

the monitorship team is run by a major

the company was the third ever certified in

consequences. Thus, the role of compliance

lawyer—Uber has Eric Holder, for example.73

Germany under a monitorship.

in organizations is, at its root, a leadership

Monitorships are in the mainstream

Siemens took its monitorship obligations

role for attorneys. To succeed, compliance

and the spotlight. But they are facing

seriously. Siemens represents the gold

counsel must possess an understanding of

pushback, finally, from DOJ which is

standard, for lack of a better term, for

both the business and, more importantly,

limiting monitorships because of complaints

corporate rehabilitation. The company was

the people.

from other lawyers working with the

shifting personalities in enforcement.

in a great deal of trouble. However, Siemens

Once a monitor has access, the process

monitors. These monitors have a lot of power

has since helped others through developing

involves pulling executives out from

without accountability. There is an issue

and selling their own third-party diligence

different business units or divisions and

with scope creep—monitors going outside

tools. Bilfinger, on the other hand, did not

conducting two hour, in some cases, seven

of their designated roles. The original focus

take its monitorship obligations seriously.

hour interviews. Bilfinger’s monitor was

by the monitor is supposed to be the bribery

The monitorship process does impact the

unique in this sense, understandably upset

issue in Nigeria, and all of a sudden, they

entire organization; any time the monitor

about the poor treatment he endured for

are going to find other things. The process

needs access, the board of directors, and

the initial three year period despite new

is arduous. Companies have to hold on and

everyone in between, must get involved to

approaches instituted by each successive

brace themselves during monitorships as a

further due diligence requirements. Bilfinger

board. Companies may find it useful to

lot can come up. Compliance lawyers like

brushed these obligations off and failed

understand a monitor’s philosophy early

to ask questions that they already know the

to grant access requested by the monitors.

on as this is who they will be required to

answer to but, with these sorts of reviews,

Consequently, the company appointed a

answer to.

that is not the case. When the Bilfinger

new board to take action against the previous

Another example—Layne Christensen’s

monitorship began, the focus was Nigeria,

board for one hundred and fifty million

investigation for bribes in Central Africa—is

but the process began to expand to address

euros, alleging failure to meet fiduciary

instructive. During those investigations,

findings in Vietnam and Brazil. This is a

obligations. Based on Bilfinger’s inability to

an aggressive SEC lawyer disagreed with the

reality for large companies doing business

certify compliance with the obligations in its

compliance team about the narrative. That

in challenging areas of the globe.

2013 agreement, DOJ decided the company

SEC lawyer was later recruited by a large

Companies must meet their reporting

warranted a two-year extension of the

firm, became a partner, and was succeeded

obligations;74 failure to satisfactorily report

monitorship.70 This sort of upheaval creates

in the investigation. The new SEC lawyer

constitutes the majority of enforcement

turbulence in organizations and results in an

had a completely different philosophy, more

actions. Essentially, compliance professionals

abundance of management turnover, up to

aligned with the compliance team’s version

must go to the SEC in Washington, D.C.,

Currents 24.1 2020

pitch the compliance program, and provide

little confidence that the company has dealt

—————————————————

support through lawyers and accountants for

with all of its obligations.

I V.

all claims. Additionally, company executives are recommended or compelled to attend.

For a while there were not as many selfmonitorships with self-reporting obligations,

Most entities that end up with a monitor

such as Pfizer or Johnson & Johnson,

have either a deferred prosecution agreement

but it was on the companies to go back

or a plea. With that document there are a

and report.76 More recently with global

number of attachments. Attachment A is

resolutions, companies such as Odebrecht,

usually facts, and Attachment B is usually

Panasonic, Embraer, and Braskem all have

a breakdown or calculation of the fines

independent monitors. There is more

and penalties levied against the company.

variation in the compliance and monitor

Attachment C includes the infamous

undertakings. This is credited to good defense

compliance undertakings. Before DOJ

lawyers who are happy to engage a monitor

guidance came out,75 Attachment C listed

but not allow them to run amok over a global

the obligations the company would have

organization. They have found a way to limit

to undertake. Before the greater guidance,

the scope of what the monitor is doing at the

Attachment C would go element by element

organization.

through corporate compliance obligations,

Stryker, for example, had a resolution

specific to the company. Each citation would

related to the books and records violations and

be granular and provide whether the company

instead of getting the standard Attachment

would have a hotline, an investigations

C - Attachment D three year monitorship,

process, expense reimbursement, etc.

it got an eighteen month monitorship

Finally, there is Attachment D, which

targeted to the particular controls that were

is the monitor’s undertaking, reciting the

at issue in the resolution.77 The wording

monitor’s obligations during the course of

in the negotiations is important. The

the monitorship. Attachment D is always

deferred prosecution or plea agreement

informed by the company’s circumstances

usually requires that the company create

with respect to the violation and any ensuing

a compliance program that “reasonably

conduct that may or may not run against the

detects” corruption.78 “Reasonably detects”

company. The monitor is theoretically there

is important as compared to other phrases,

because the government does not trust the

such as “ensures”, which creates a higher

company’s ability to make the attachment

standard. Wording of the resolution affects

state happen. Usually the monitor is

how a company goes about implementing a

mandated oversight of the company’s

compliance program.

rehabilitation, developing and maintaining

How monitorships play out depends

the core attachment elements, and reporting

on the negotiation process leading up to

back to the government. Usually, where there

the monitorship. A lot is at stake, and the

are extensions of monitorships or repeat

professional compliance counsel must

monitorships, the monitor refuses to certify,

facilitate a stronger position for the client in

gives limited certification, or states in the

these difficult situations.

Conclusion

————————————————— In sum, anti-bribery and corruption law continues to trend toward cooperative enforcement. FCPA, the first law of its kind, continues to be a useful and apolitical tool for U.S. law enforcement to curb nefarious influence and exhibits cognizance of the borderless nature of bribery and corruption. For bad actors subject to its provisions, the question is not “if ” but “when” and also perhaps, “where”. Prosecutors, domestic and abroad, are more inclined to compromise with corporations that boast compliance regimes with adequate internal controls. Counsel should advise corporate clients to institute such programs in advance. Clients resistant to implementing these initiatives could otherwise find themselves culpable and consequently forced to undertake this process, instead on terms stipulated by the U.S. government.

deferred prosecution agreement that there is 49

Currents 24.1 2020

End Notes 1.

OECD, CleanGovBiz: Integrity in Practice, 1 (2014). 2. See Lowell Bergman & Oriana Zill de Granados, Black Money, Frontline, (Apr. 7, 2009), https:// www.pbs.org/wgbh/pages/frontline/ blackmoney/etc/script.html. 3. Id. 4. 15 U.S.C. § 78dd-1, § 78m (2000). 5. Bergman & Zill de Granados, supra note 2. 6. See Press Release, Dow Jones, Dow Jones Survey: Confusion About Anti-Corruption Laws Leads Companies to Abandon Expansion Initiatives (Dec. 9, 2009), http://fis. dowjones.com/risk/09survey.html. 7. 15 U.S.C. § 78dd-1. 8. Id. 9. Id. 10. See Press Release, U.S. Sec. & Exchange Comm’n, JPMorgan Chase Paying $264 Million to Settle FCPA Charges (Nov. 17, 2016), https://www.sec.gov/news/ pressrelease/2016-241.html. 11. Id. 12. Press Release, Dept. Just., Lucent Technologies Inc. Agrees to Pay $1 Million Fine to Resolve FCPA Allegations (Dec. 21, 2007), https://www.justice.gov/archive/ opa/pr/2007/December/07_ crm_1028.html; Press Release, U.S. Sec. & Exchange Comm’n, IBM to Pay $10 Million in Settled FCPA Enforcement Action (Mar. 18, 2011), https://www.sec.gov/ litigation/litreleases/2011/lr21889. htm. 13. Plea Agreement, U.S. v. Avon Products (China) Co. Ltd., Cr. No. 00828 (GBD) (S.D.N.Y Dec. 14, 2014); Press Release, Dept. Just., Daimler AG and Three Subsidiaries Resolve Foreign Corrupt Practices Act Investigation and Agree to Pay $93.6 Million in Criminal Penalties (Apr. 1, 2010); Press Release, Dept. Just., JPMorgan’s Investment Bank in Hong Kong Agrees to Pay $72 Million Penalty for Corrupt Hiring Scheme in China (Nov. 17, 2016); Press Release, Dept. Just., Tyson Foods Inc. Agrees to Pay $4 Million Criminal Penalty to Resolve Foreign Bribery Allegations (Feb. 10, 2011). 14. 15 U.S.C. § 78m. 15. Id. 16. 15 U.S.C. § 78dd-2(g)(1)(A). 17. 15 U.S.C. § 78dd-2(g)(2)(A), 78dd3(e)(2)(A), 78ff(c)(2)(A); 18 U.S.C. § 3571(b)(3), (e) (fine provision that supersedes FCPA-specific fine provisions). 18. Bergman & Zill de Granados, supra note 2.

19. Rachel Brewster, Enforcing the FCPA: International Resonance and Domestic Strategy, 103 Va. L. Rev. 1611, 1611 (2017) (noting how the United States “only weakly enforced the FCPA” during the 1980s and 1990s). 20. Press Release, U.S. Sec. & Exchange Comm’n, SEC Charges Baker Hughes with Foreign Bribery and with Violating 2001 Comm’n Cease-and-Desist Order (Apr. 26, 2007), https://www.sec.gov/news/ press/2007/2007-77.htm. 21. Press Release, U.S. Dep’t. of Just., Former Siemens Executive Pleas Guilty to Role in $100 Million Foreign Bribery Scheme, (Mar. 15, 2018), https://www.justice.gov/opa/ pr/former-siemens-executive-pleadsguilty-role-100-million-foreignbribery-scheme. [hereinafter Siemens Bribery Press Release]. 22. Richard L. Cassin, Counsel to the FCPA Top Ten, The FCPA Blog (March 12, 2019 at 9:18 AM), http://www.fcpablog.com/ blog/2019/3/12/counsel-to-thefcpa-top-ten-march-2019.html [https://perma.cc/CER4-RLL6]. 23. Press Release, U.S. Dep’t. Just., Mobile Telesystems PSJC and Its Uzbek Subsidiary Enter into Resolutions of $850 Million with the Dep’t of Just. for Paying Bribes in Uzbekistan, (Mar. 7, 2019), https://www.justice.gov/opa/pr/ mobile-telesystems-pjsc-and-itsuzbek-subsidiary-enter-resolutions850-million-department. 24. OECD, Resolving Foreign Bribery Cases with Non-Trial Resolutions: Settlements and Non-Trial Agreements by Parties to the Anti-Bribery Convention, 219 (2019). 25. See § 13(b)(6) of the Exchange Act, 15 U.S.C. § 78m(b) (6) (providing that where an issuer “holds 50 per centum or less of the voting power with respect to a domestic or foreign firm,” the issuer must “proceed in good faith to use its influence, to the extent reasonable under the issuer’s circumstances, to cause such domestic or foreign firm to devise and maintain a system of internal accounting controls consistent with [Section 13(b)(2)] . . . . ”). 26. Amy Deen Westbrook, Enthusiastic Enforcement, Informal Legislation: The Unruly Expansion of the Foreign Corrupt Practices Act, 45 Ga. L. Rev. 489, 550–53 (2011). 27. See, e.g., P. Can Co. v. Hewes, 95 F.2d 42, 45–46 (9th Cir. 1938); United States v. Nynex Corp., 788 F. Supp. 16, 18 n.3 (D.D.C. 1992); 50

Currents 24.1 2020

see also U.S Dep’t. Just. & U.S. Sec. & Exchange Comm’n, A Resource Guide to the U.S. Foreign Corrupt Practices Act 20 (2012), https://www.sec.gov/spotlight/fcpa/ fcpa-resource-guide.pdf (“DOJ and SEC evaluate the parent’s control— including the parent’s knowledge and direction of the subsidiary’s actions, both generally and in the context of the specific transaction—when evaluating whether a subsidiary is an agent of the parent.”) [hereinafter Resource Guide]. 28. See United States v. Hoskins, 902 F.3d 69, 72 (2d Cir. 2018) (“The government alleges that several parts of the [bribery] scheme occurred within the United States . . . [a] consultant kept a bank account in Maryland . . . several executives held meetings within the United States regarding the bribery scheme and discussed the projects by phone and email while present on American soil.”); see also Chevron Corp. v. Donzinger, 974 F. Supp. 2d 362 (S.D.N.Y. 2014). 29. See United States v. Hoskins, 902 F.3d 69 (2d Cir. 2018). 30. Id. at 72. 31. Id. at 98. 32. Complaint, SEC v. Panalpina, Inc., Civ. Action No. 4:10-cv-4334 (S.D. Tex. Nov. 4, 2010), https://www. sec.gov/litigation/complaints/2010/ comp21727.pdf [https://perma. cc/6DFK-6E26]. 33. Press Release, U.S. Sec. & Exchange Comm’n, SEC Charges Seven Oil Services and Freight Forwarding Companies for Widespread Bribery of Customs Officials (Nov. 4, 2010), https://www.sec.gov/news/ press/2010/2010-214.htm. 34. Cassin, supra note 22. 35. See 17 C.F.R. § 240.13a–15; Auer v. Robbins, 519 U.S. 452 (1997) (holding that agencies are granted great deference in interpreting their own regulation). 36. See SEC v. Jackson, 908 F. Supp. 2d 834, 839–40 (S.D. Tex. 2012); SEC v. Goldstone, 952 F. Supp. 2d 1060, 1136, 1258 (D.N.M. 2013). 37. M e m o r a n d u m f r o m A n d r e w Weissman, Chief, Fraud Sec. Crim. Div., U.S Dep’t Just., Fraud Sec.’s Foreign Corrupt Practices Act Enforcement Plan & Guidance (Apr. 5, 2016), https://www.justice.gov/ archives/opa/blog-entry/file/838386/ download [https://perma.cc/VF95AZZS]. 38. Id. at 2. 39. See id. at 9. 40. See id. at 3. 41. M e m o r a n d u m f r o m S a l l y

Quillian Yates, Deputy Att’y G e n e r a l t o D e p’t o f Ju s t . Staff, Individual Accountability for Corporate Wrongdoing (Sept. 9, 2015), www.justice.gov/dag/ file/769036/download. 42. S e e U . S . D e p’t Ju s t . , J M 9-28.000, Principles of Federal P r o s e c u t i o n o f Bu s i n e s s Organizations, https://www. j u s t i c e . g ov / j m / j m - 9 - 2 8 0 0 0 principles-federal-prosecutionbusiness-organizations. 43. U.S. Dep’t Just., JM 9-28.1100, Collateral Consequences, h t t p s : / / w w w. j u s t i c e . g ov / j m / jm-9-28000-principles-federalprosecution-business-organizations. 44. See Principles of Federal P r o s e c u t i o n o f Bu s i n e s s Organizations, supra note 42. 45. See Memorandum from Sally Quillian Yates, supra note 41. 46. Testimony from Lanny A. Breuer, Assistant Attorney Gen., Crim. Div. at the U.S. Dep’t of Just. to the Financial Crisis Inquiry Division (Jan. 14, 2010), https:// www.justice.gov/sites/default/ files/testimonies/witnesses/ attachments/2010/01/14/201001-14-crm-breuer-financial-crisis. pdf. 47. U.S. Dep’t Just., JM 9-28.700, The Value of Cooperation (Nov. 2018), https://www.justice. gov/jm/jm-9-28000-principlesfederal-prosecution-businessorganizations#9-28.700. 48. Memorandum from Sally Quillian Yates, supra note 41. 49. Carlos R. Rainer, DOJ Policy Changes Regarding Cooperation of Business Entities and Pursuit of Individual Defendants, Norton Rose Fulbright (Feb. 2019), https://www.nortonrosefulbright. com/en-us/knowledge/ publications/6c8b3f6a/importantchanges-announced-to-doj-policyregarding-cooperation-of-businessentities [https://perma.cc/P79X98NX]. 50. Lanny A. Breuer & Mark T. Finucane, DOJ ‘Deconfliction’ Requests: Considerations and Concerns, Law360 (Mar. 1, 2017, 1:52 PM), https://www.cov.com/-/media/files/ corporate/publications/2017/03/ d o j _ d e c o n f l i c t i o n _ re q u e s t s _ considerations_and_concerns.pdf [https://perma.cc/ZC7X-KKWY]. 51. Shawn M. Wright, FCPA Enforcement under the Trump Administration: No “Piling On,” But Otherwise Business as Usual, Blank Rome (Sept. 2018), https://www.blankrome.com/

publications/fcpa-enforcementunder-trump-administration-nopiling-otherwise-business-usual [https://perma.cc/S2B4-MYRD]. 52. Id. 53. David W. Simon, FCPA FAQs, Foley (OCT. 4, 2019), https:// www.foley.com/files/uploads/ FCPA_FAQs-English.pdf [https:// perma.cc/B4PA-4MST]. 54. Letter from Steven A. Tyrrell et al., U.S. Dep’t Just., to Scott W. Muller & Angela T. Burgess, Davis Polk & Wardwell 10 (Dec. 15, 2008), https://www. justice.gov/sites/default/files/ opa/legacy/2008/12/15/siemens. pdf; see F. Joseph Warin et al., Somebody’s Watching me: FCPA Monitorships and How They Can Work Better, 13 U. Pa. J. Bus. L. 321 n.* (2011). 55. Press Release, Off. Pub. Aff., GlaxoSmithKline to Plead Guilty and Pay $3 Billion to Resolve Fraud Allegations and Failure to Report Safety Data (July 2, 2012) (on file with the United States Department of Justice). 56. News Alert, Ropes & Gray South Korea Fines Prominent Pharmaceutical Manufacturer in Latest Anti-Corruption Enforcement Efforts, (May 1, 2017) [https://perma.cc/VS3PF54U]. 57. Paulo Sotero, The Petrobras Scandal, Encyclopedia Britannica, https://www.britannica.com/ event/Petrobras-scandal (last visisted Jan. 22, 2020). 58. Press Release, E.D. of N.Y., U.S. Att’y’s Off., TechnipFMC PLC and U.S.-Based Subsidiary Agree to Pay Over $296 Million in Global Criminal Fines to Resolve Foreign Bribery Case (June 25, 2019) (on file with the United States Department of Justice). 59. See Plea Agreement, U.S. v. Odebrecht s.a., Cr. No. 16-643 (RJD) (E.D.N.Y. Dec. 21, 2016) [https://perma.cc/6PZL-MNJG] (“Odebrecht S.A. owned 50.11% of the voting shares and 38.1% of the total share capital of Braskem and effectively controlled the company . . . Petrobras . . . owned 36.1% of the shares of Braskem . . . [t]he Brazilian government directly owned approximately 50.3% of Petrobras’s common shares with voting rights, while an additional 10% of the corporation’s shares were controlled by the Brazilian Development Bank and Brazil’s Sovereign Wealth Fund.”). 60. Press Release, Off. of Pub. Aff., Odebrecht and Braskem Plead Guilty and Agree to Pay at Least $3.5 Billion in Global Penalties to

Resolve Largest Foreign Bribery Case in History (Dec. 21, 2016) (on file with the United States Department of Justice). 61. Id.; see also Plea Agreement, U.S. v. Braskem S.A., Cr. No. 16644 (RJD) (E.D.N.Y. Dec. 21, 2016) [https://perma.cc/KV6HLCKF]; see also Plea Agreement Odebrecht, supra note 59, at 19; see also Press Release, Off. Att’y Gen. of Switz., Petrobras – Odebrecht Affair: The Office of the Attorney General of Switzerland Convicts Brazilian Companies and Demands Payment of Over CHF 200 Million (Dec. 21, 2016) [https://perma.cc/Y8XYUBGT] (detailing the “summary penalty order” provided for by the Office of the Attorney General of Switzerland, assessing CHF 200 million); Press Release, Ministerio Publico Federal, Brazilian Federal Prosecution Service (MPF) Enters into Leniency Agreements with ODEBRECHT and BRASKEM (Dec. 1, 2016) [https://perma.cc/ E5VZ-8GXQ] (detailing the MPF leniency agreement and assessing BRL 8,512,000,000.00). 62. Compare USAM § 9-28.710 (2008), https://www.justice. gov/jm/jm-9-28000-principlesfederal-prosecution-businessorganizations#9-28.710, with WIPO, Confidentiality of Communications between Clients and their Patent Advisors (Date Unknown). See also Plea Agreement at 8-9, U.S. v. WMT Brasilia S.a.r.l. No. 1:19-cr00192-LO (E.D. Va. June 6, 2019) [https://perma.cc/97EZ-E9JM]. 63. See Press Release, Off. Pub. Aff., Rolls-Royce plc Agrees to Pay $170 Million Criminal Penalty to Resolve Foreign Corrupt Practices Act Case (Jan. 17, 2017) (on file with the United States Department of Justice). 64. See, e.g., Complaint, SEC v. Baker Hughes Inc., Civ. Action No. H-07-1408 (S.D. Tex. Apr. 26, 2007) [https://perma.cc/EEH6Z3P7]. 65. Deferred Prosecution Agreement, U.S. v. Bilfinger SE, No. 4:13-cr00745 (S.D. Tex. Dec 9, 2013) [https://perma.cc/TA8M-X38U] (original DPA). 66. Pleadings at 3, U.S. v. Bilfinger SE, No. 4:13-CR-745 (S.D. Tex. Dec 9, 2013) [https://perma.cc/83FA9EAD] (citing DOJ pleadings). 67. See Siemens Bribery Press Release, supra note 21. 68. See Compliance – Collective Action, Siemens, https://new. siemens.com/global/en/company/ sustainability/compliance/

collective-actionhtml#Siemen sIntegrityInitiative (last visited Oct. 17, 2019) [https://perma.cc/ E9FZ-QY7K]. 69. See Bilfinger SE, Annual Report 2018 at 20-21 (2019). 70. Extended Deferred Prosecution Agreement at 3-4, U.S. v. Bilfinger SE, No. 4:13-cr-745 (S.D. Tex. Sept. 23, 2016) [https://perma. cc/6NES-CUNE] (extended DPA). 71. See Five Years Later, Bilfinger Emerges from DPA – Transparency Nil, FCPA Professor (Dec. 12, 2018), http://fcpaprofessor.com/ five-years-later-bilfinger-emergesdpa-transparency-nil/ [https:// perma.cc/7SWC-SND9]. 72. Layne Christensen Co., Exchange Act Release No. 73437, 2014 WL 5423780, at *9 (Oct. 27, 2014) [https://perma.cc/M66C-44UK]. 73. Covington Recommendations Re: Uber, Stanford, https:// conferences.law.stanford.edu/ vcs2019/wp-content/uploads/ sites/63/2018/10/001-CovingtonRecommendations-re-Uber.pdf [https://perma.cc/Q7CY-RH2S]. 74. Resource Guide, supra note 27, at 41–2. 75. Resource Guide, supra note 27, at 52, 63, 71. 76. See generally Press Release, Dept. Just., Re: Walmart Inc. C-1 (June 20, 2019) (on file with the United States Department of Justice), https://www.justice.gov/opa/pressrelease/file/1175791/download [https://perma.cc/E5YK-DCYC]; see also Resource Guide, supra note 27, at 54–5. 77. Stryker Corp., Exchange Act Release No. 84308, 2018 WL 4678504, at *9 (Sept. 28, 2018) [https://perma.cc/XWV2-62ZA]. 78. See Resource Guide, supra note 27, at 56, 74.

Currents 24.1 2020

Managing Cross Border Internal Investigations M O D E R AT O R / PA N E L I S T: PA N E L I S T S :

E L E A N O R M I C H A E L

T H U Y

B E N M E N A S H E , M I N E R , M A R L A

T R A N

A S H L E Y

C O S E L L I ,

M O O R E

—————————————————

trained to do full-scale investigations.

conducts an exit interview. Someone leaving

Sometimes these departments count on us

the organization brings forward an allegation,

to help them, whether in training them to

which plays into ethics.

Introduction

—————————————————

conduct investigations or actually coming

Ethics is who are we, and maybe it is a

together hand-in-hand with them to handle

little bit more than what we do. Compliance

investigations. Consequently, there is not

and ethics drives the inner workings of an

just the core set of compliance lawyers or

organization. A company may receive the

investigators. Companies get a lot of work

traditional HR type of complaint at first

that burns up many resources and so the

by employees who are a little bit more

more resources, the better. Companies

willing to speak up. Then, it may require a

are fortunate if they have a pretty big

dedicated investigator to go and investigate

team and collaborative group to devote to

the traditional HR matter. When this

investigations.

occurs, it leads to the perception by those

since 2010. The number of substantiated

—————————————————

in the organization that the company does

cases by percentage have also gone up from

II. Investigations as a Practice

care—someone has spoken up, and other

Internal investigations have increased in frequency. Securities and Exchange Commission (SEC) whistleblower claims are up 76% since 2012.1 Equal Employment Oppor tunity Commission (EEOC) harassment cases just last year are up 50%, likely an unsurprising phenomenon given the #Metoo era.2 The NAVEX 2018 Annual Report,3 states there has been a 56% increase in the reporting rate for internal complaints

36% to 44% since 2012.4 What companies are asking is: 1)

————————————————— A. Docket Managment

do they need internal lawyers who know

When managing the help line or

investigations; 2) do they need external

compliance line, it is key to have partnerships

lawyers who know investigations; and

with other stakeholder groups within

3) do they need non-lawyers who know

the organization, such as the Labor and

investigations? The answers to these questions

Employment Counsel, HR group, or Internal

are: yes, yes, and yes. This trend is not going

Audit. From a traditional compliance

to slow down.

perspective, whether a Foreign Corrupt

The need for internal investigations

Practices Act (FCPA) investigation or fraud

extends beyond the legal field. In compliance

investigation, information from trusted

departments, the lawyers (and staff ) are

sources and background on personnel and

expected to do a little bit of everything,

personalities is critical; sometimes where there

including picking up purely Human

is smoke there is fire. Sometimes a request for

Resources (HR) matters, quality issues, or

an investigation will come in through the

health, safety, and environmental matters.

HR group, even when the original complaint

This is because the people working in

looks like it was a traditional HR matter. For

those particular disciplines are not always

example, an allegation may arise when HR 52

Currents 24.1 2020

individuals now feel empowered to speak up. Further, the organization now has people who are picking up the rocks in an effort to look into potential violations and scrutinize the compliance culture. Unless people are speaking up, compliance departments do not know the problems or where to start looking to fix those problems within an organization. A company should worry if it is not getting calls through a helpline, and someone needs to go to management and bring up the company’s branding issue. There should be complaints. A company with operations all over the world and tens of thousands of employees and contractors in numerous countries that is not getting complaints (at least through a helpline) either does not know what is going on in the organization

or its people do not know about its helpline.

are so important. Communication skills

interviews, the interviewee will shut down

Companies need to have a better hotline call

and relationship building is an art that is

and not participate. When it comes to

volume to build a “speak up culture” and

being lost; what matters is being adaptable

interviewing people who speak another

prevent future compliance issues.

and flexible. Investigators need soft skills,

language where a translator is required,

Any company knows that the lack

relationship building skills, and the ability to

something gets lost in translation. A question

of helpline calls is indicative of a culture

network. In some practices and investigations,

gets asked, such as “did he touch you

problem. The number one reason employees

it is crucial to be able to rely on IT, internal

inappropriately”, and the translator will

do not complain is that they are worried

audit, and other groups in the company,

ask the question. The following exchange

about retaliation. They do not trust the

as no lawyer handles everything or knows

between them will get complicated, with a

system. They do not trust their company. In

everything.

lot of back and forth. Finally, the translator

this era, social media fits into this picture.

Lawyers must practice humility when

will turn to say, “she said yes.” Valuable

Often, someone will call in and file a

travelling abroad. To build cultural awareness,

information gets lost in this way. Therefore,

complaint on the helpline, and if they fail

partner with HR and ask what one needs

if the lawyer speaks another language,

to receive an immediate response, they are

to know when going to other countries.

companies and law firms value that skill in

likely to take it to social media. That is what

Know who is who, in what group, who is

investigations.

firms are seeing, and it can be problematic

connected to whom, before putting boots

Recognize the cultural boundaries in

because something that might have been

on the ground or attempting to conduct

a particular country. Companies should

handled internally, without many public eyes

an interview. Lawyers need to understand

have internal protocols for each country. In

on it, all of a sudden is posted on Facebook,

what is going on all around them. Learning

places where it does not, the company should

Instagram, or Twitter.

the client, accompanying the client on risk

identify new protocols after a thorough

Lawyers who are just coming out of law

assessments, meeting the local office, going

examination of such countries cultural

school and are familiar with technology and

to trainings, partnering with HR, meeting

norms. Starting the interview off on the

social media have an advantage in the internal

with the internal audit team, going on an

wrong foot will make it more difficult to

investigations practice. Companies run into

audit beforehand, and learning the lay of

build rapport. Things that are very common

online issues all the time with employees.

the land all go to understanding who the

here in the U.S. may easily be restricted or

Employees are doing less via company email,

people are. Lawyers cannot be afraid to

offensive in other countries. For example, in

where there is visibility, and frequently turn

play to a perceived weakness. For example,

Saudi Arabia, a man and woman cannot be

to alternative communication mediums,

acting clueless to get an alleged violator to

alone in the same room. Also, showing the

for example, Whatsapp or other private

“teach” about his or her work or how the

sole of one’s shoe is considered offensive; so,

messaging applications. This is challenging

procedure works in the real world can be

crossing one’s legs becomes risky behavior,

for firms, who need to better understand

a valuable tactic. Such techniques allow

if not done correctly. Not only do these

how its employees are using this technology,

the investigator to obtain information in

cultural sensitivities impact the rapport with

how they are sending data from one person

a disarming way. Investigations are about

the interviewee, they may also amount to a

to another, where it is going, and how, if at

fact-finding. Examples of probative phrases

procedural flaw in the local labor court. This

all, it can be tracked. A lawyer working in

could be, “help me understand,” or “can

is meaningful when it increases the cost or

compliance having some insight into these

you help me understand?” People will pour

impacts the success of the local labor claim.

issues, a person who understands technology

out information which may result in a “got

When building rapport, it is best to

better, is a definite plus for a company.

you” moment.

approach the interviewee calmly, adopting

Avoid the hardcore, hard-hitting

an unassuming disposition—“talk to me and

Colloquially, the soft skills—being able to

litigator style. The investigative process is

let me help you with this situation and let us

relate with people and have a conversation—

not like taking depositions. In investigation

make it better”—rather than approaching the

B. Culture and Gender Sensitivity

Currents 24.1 2020

interviewee with presumptions or making

located in the area out of which the violation

in. They even take pictures of visitors.

him or her feel small. Showing respect and

occurred to make sure the information is

Consequently, interviewers can actually see

being calm is key. If the investigator goes in

correct and that the suspected individuals

what the interviewee looks like and stop them

with the wrong approach, it breaks down

are not accidentally tipped off prematurely.

around the office.

the communication. If the person walks

One reliable source when dealing with

out or shuts down, consider the probative

local team members are the administrative

value of attempting another interview later

assistants. When working on an investigation,

or disciplinary action, if company policy

get the names of the administrative assistants,

supports it.

even at remote locations. Later on, when in

At the end of the day, an investigator

the investigation, relationships previously

gets one good shot at the interview. Aim to

developed with the administrative assistants

do it properly the first time. The small details

will be of value in learning about the

really count, and success is based on the way

interpersonal relationships that go on in that

the interviewer positions himself or herself

office. Obtaining that information might stop

to talk to witnesses. Understand who the

the investigation right there, depending on

interviewee is and how that individual fits

whether it will substantiate or unsubstantiate

into the big picture of the organization and

the allegation. Administrative assistants

the investigation. For example, is this a good

provide a wealth of information and should

friend of the alleged perpetrator? Setting up

not be discounted. There is immense value in

the witness list and choosing who to speak to

speaking with the administrative assistants,

first is crucial. Talk to the local team, whether

sometimes as a starting point, and this may

that is the legal team, Health, Safety, Security

prove to be a better approach in planning

and Environmental (HSSE), or the HR team,

an interview schedule than going down the

because these teams are the primary resource

chain of command. Additionally, it may be

for knowledge about company individuals,

beneficial to discreetly inquire as to what has

other people involved, and the cultural

been happening in the coffee room. As with

norms. Local team members will have the

all previously developed relationships with

insights to inform the investigator of the

people in the office, often there is valuable

interpersonal relations of employees and the

background and interpersonal information

relational aspects of those individuals closely

available to those who allow themselves to

associated with employees.

be approachable; often these “water cooler”

Complaints can involve very salacious

conversations have all sorts of information

allegations mixed in with very problematic

that an investigator probably should know

company issues. The lawyer may need to

beforehand. The “gossip fix” of the day

break the issues apart. Sometimes there are

doubles as information necessary to attempt

different investigators for specific subject

to figure out what is going on.

matters, which creates parallel investigations

Receptionists are the other useful

within the organization. In such instances,

sources because they see everyone who

the lawyers need to coordinate internally

comes and goes. It is all about fact-finding.

between the different groups involved

Investigators need times, dates, and

and coordinate with company individuals

information. Receptionists log everything 54

Currents 24.1 2020

—————————————————

III.

Th e

Interview

————————————————— A. Building Rapport in Culturally Sensitive Areas or Areas with Cultural Barriers Investigators want to have as much information and education as they can going in. Some companies have luxuries by the way they are structured. For example, at large firms, there are a lot of ethics and investigations professionals from around the globe to reach out to, to help educate interviewers, to be involved in those interviews (if necessary, male and female) depending on the subject matter of the investigation. Sexual harassment is one thing that is frequently investigated. There are certain interview techniques utilized where gender comes into play that can help interviewers build rapport with the witness to extract the truth. If it is a sexual harassment claim raised by a female, interviewers would certainly want a female investigator present. Alternatively, if it is a male raising the claim, the preference is to have a male investigator present, probably one of each. Again, skill sets matter. Relationship building is one of the key elements of investigations that involves talking to people throughout the organization, in the business, and in different disciplines. Much of what investigators do is convey difficult messages to people, such as telling people what they are allowed to do. At the same time, it requires a lot of hard work to ensure that what they

are trying to do does not look bad. Being

answer, and building off that. Lawyers need

up in emails; it is always interesting when

firm but fair in communications, being able

to be careful of the uncomfortable silence,

interviewees talk about their investigators—

to say no without being a jerk, and having

when the interviewer is actually waiting for

the lawyer—in their emails. The investigator

a savviness in communications—all of these

the interviewee to say the next thing. That

can later ask “help me understand what you

characteristics are necessary in investigations

is one of the techniques – to just shut up

mean” by certain emails.

and compliance overall.

and listen. So much of what the interviewer

Partnering with HR and providing

Other top investigator skills are analytical

will get is the key stuff that comes after the

the recommended interview list allows the

thinking and planning. A lawyer has a lot of

uncomfortable silence, when the interviewee

investigator to inquire into where these

preparatory work to do before any site visit.

just feels like they have got to get it out.

people are located and their citizenship.

The investigator must be an organized person

Interviewees cannot handle the silence.

With data privacy concerns in Europe or

and good with data. Anyone with a specialty

Lawyers call it “showing them your part.”

other areas with changing privacy laws, this

in data analytics is prepared to handle the

Again, if there is a difficult witness who is not

is important information to know ahead

information load. Those from a litigation

giving up anything, the lawyer should start

of time. Data privacy rules combined with

background are probably good at analyzing

writing without saying a word. This creates

local labor laws are quite complex. There

data. However, a great deal of information

an uncomfortable silence. It is amazing what

may be times where the lawyers need to

can be pulled from the hotline. It is great to

witnesses will give up to fill in that space.

get consent from the interviewee to review

have a data specialist collate such data and

Do not be afraid of silence. Notice the body

their emails beforehand. In some countries,

produce patterns and information for the

language of the witness, if he or she begins to

where the server sits determines whether

investigation, which becomes much more

twitch or something. As the investigator, just

review of emails must be conducted within

efficient.

hang in there as this witness will soon crack.

the country. From an internal investigation

B. Interview Techniques

C. Issues with Data Privacy

standpoint, these requirements can balloon

Before walking into an interview, the

Professor Wheeler, who taught at South

the costs of the investigation, requiring the

lawyer must figure out the flavor of the case,

Texas College of Law Houston, used to say,

lawyer to go to Europe to review thousands

the elements of the claim, and know what

“the person who is more prepared will beat

and thousands of emails, as review in the

is going on with the interviewee. Success

the person who is more intelligent, all day

United States would be disallowed. Instead

in these efforts comes back to preparation.

long.” Being prepared and going through

the investigator could conduct a review in

Sometimes, preparing an outline before

emails and other background documents

a hotel room somewhere across the world

talking to any witness does the trick. If the

in cross-border investigations is necessary.

or hire local counsel to do the review. The

witness does not have a lot of information,

The investigator should also know where

planning part of an investigation is, therefore,

the interview is short. For extended duration

the firm’s IT systems are located, where

immense.

interviews, the lawyer should prepare a list

the servers are located, and which servers

Some internal cross-border investigations

covering all of the elements of the legal and

go to which location. These are important

may not implicate data privacy, but do not

factual issues in the situation. At the same

considerations to navigate evolving data

underestimate a disgruntled employee.

time, it is important to not be too wedded to

privacy regulations.

For example, after some kind of remedial

one’s outline. A lawyer should be willing to go

Lawyers need to know where data goes,

action, the interviewee or target is now

off on those rabbit trails, if that is where the

where it is housed, and which jurisdictions

attempting to take the company or lawyer

witness leads. The outline allows the lawyer

are going to be implicated. After partnering

to court in the local jurisdiction, alleging

to get back on track.

with IT, the lawyer partners with HR, who

that the company and investigators acted

Just to that point, another key element

provides the recommended interview list

improperly, implicating potential criminal

to the interviewing technique is the ability to

and the emails of the people who are on

statutes. Crossing the “t”s and dotting the “i”s

listen. It is asking a question, listening to the

that list. An investigator’s name will come

early in any investigation becomes extremely

Currents 24.1 2020

important. Preparation before the interview

employment side of things, it is important to

If the investigation has started, the lawyer

is critical; there is only one bite at the apple.

understand that companies use investigations

might have to go to India for example, where

Data is crucial—if there is going to be a

as a defense against labor claims brought

internal counsel has no privilege. In such

smoking gun in the investigation, it will be

against the company. With that in mind,

cases, the lawyer has to turn the investigation

in the data. A lawyer will likely not break a

consider if it is necessary to separate allegations

over to external counsel. It is difficult to give

witness down and get him or her to confess

and issues into different investigations or

those reins up, but the client comes first.

to the ultimate crime. Interviews typically

reports. Ideally, the lawyer will not know

are more complicated. The smoking gun

what kind of surprises will be found during

may be found if the investigator is following

an investigation; he or she should aim to

the money trail or digging in emails, getting

maintain the privilege.

screenshots of text messages, or mapping the accounting trying to look at the reporting. Again, investigations have more than one step, and examining the data is the first step. Also, the lawyer is likely using the data to build his or her questions, so it is imperative to obtain what information is possible before the interviews. Sometimes the lawyer has a lot of information and can ask questions based on that data. Sometimes it is better to ask the question first, let the interviewee answer, and then present the data, asking them to explain the discrepancy in what they just said. During the interview, the investigator is assessing the interviewee and trying to get a sense of how honest and credible the interviewee is; asking the easy questions first is a probative start to the interview. It is likely that a misbehaving employee will be opportunistic unless they realize they are caught. Those interviewees may start negotiating, or be willing to share who else was involved, or they may regret their mistakes, making admissions on the record. —————————————————

I V . P r i v i l e g e ————————————————— A lawyer could be investigating and uncovering something scary that the firm does not want to get out. Considerations of privilege now come into play. On the

think about on the front end—for domestic or international investigations—because the lawyer cannot just proceed without privilege

When trying to implement disciplinary

and then later try to put that genie back

actions stemming from an investigation,

in the bottle. Make sure that before any

everyone at the company wants to see the

investigation, if the investigator is not the

investigation report, and it can be easily over-

privilege expert, then he or she is talking to

circulated, breaking the privilege. Hence, not

someone who is.

everyone will receive the actual investigation report. At the same time, the business still needs to be informed, and managers need to support such disciplinary action. So, the investigator should pick up the phone and have these conversations, providing the relevant details and answering questions so that the managers will be on board, rather than just willing to cooperate. Having a manager’s buy-in is important to the company culture and relationship building. Jurisdiction matters when considering privilege. In-house counsel need to be cognizant of the jurisdictions that do not extend privilege to in-house counsel and about whether the scope of the investigation mandate needs to be expanded, as new allegations arise. For example, in Saudi Arabia, privilege is not necessarily extended to in-house counsel. The lawyer who is conducting the investigation needs to consider whether it is necessary to obtain outside counsel to ensure there is privilege for the local claims. Everything goes back to preparation. 56

Currents 24.1 2020

Privilege is something lawyers have to

Sometimes witness interviews are conducted by an attorney, and sometimes it is by an investigator working at the attorney’s direction, such as HR or a compliance officer. When that is the case, the attorney must make sure his or her investigators utilize a proper Upjohn warning5 as part of their introduction and have a way to memorialize it, such as a letter essentially stating the nonattorney is working at the direction of legal counsel to gather facts so they may render legal advice to the company, etc. For in-house counsel, there is a rule that the in-house lawyer should not actually do the investigations as the attorney due to the concern about privilege. It is hard to know whether the in-house lawyer could give legal advice on the same matter that is the potential investigation. Avoid the risk by making sure the investigator is separate from the person giving legal advice. The in-house attorney will become very valuable again at that point in time. To keep privilege, make sure that the investigation proceeds under privilege.

Privilege has to be documented. It is useful

that the interviewees understand that he

company is making me do this”—the better.

to have a process whereby the lawyer gets

or she does not represent them. One way

If somebody is already terrified, producing a

instruction from the client—usually a Vice

to handle this is to have a written version

written warning in front of them with a blank

President—asking the lawyer for help in

of the warning and have each interviewee

signature block will go over poorly.

an investigation requesting legal counsel

sign an acknowledgement. Where there is

on the issues and adding that the lawyer

a non-lawyer investigator and the company

should feel free to use any resources at their

objective is that the investigation itself

disposal. Next, a letter is sent from the in-

remain privileged, have the investigator

house attorney to the internal investigator or

acknowledge the warning as well. The

an external investigator, if hiring somebody

more documentation, the better. The more

outside at the time. A letter to the investigator

established the process, the better. As an

requesting help and giving notice that the

external investigator and as a lawyer, do not

investigation is under privilege is sufficient

give advice or represent the lawyers in-house.

documentation of privilege. Of course, if the

It is critical, after the mapped-out reading

investigation is heading overseas, the lawyer must make sure that this whole process works in the destination jurisdiction. It also helps to bring counsel from overseas to do the reports there.

of the warning, to have the interviewee’s acknowledgement. It is generally unfavorable to have the interviewee sign a formal acknowledgment. The interview is a formal process. However, if the circumstances

Assume that the investigation itself

warrant it, good investigators are able to

is not privileged. The investigation would

make it as informal as possible so to avoid

never get ordained privilege in an HR case.

the perception of an aggressive investigator

Take this view with a grain of salt and talk

persona. At the start of the interview, the

to FCPA (Foreign Corrupt Practices Act)

person experiences the terror of sharing a

or SEC (Securities Exchange Commission)

room with someone he or she perceives as

lawyers before going down this route. In

the “interrogator.” After the warning, make

employment cases, typically the company can

clear to the interviewee that this seemingly

use the investigation as a defense. So, in some

formalistic warning was not drafted just for

practices, it is best to take the position that

him or her. Generally, try to convey to the

the investigation typically was not privileged.

interviewee that this is how the investigation

Any legal advice from the lawyer coming

will be conducted internally. It is better that

out of the investigation would be privileged, which explains why the investigator was separate. As an attorney doing the investigation—and again, domestically, it is important to give the Upjohn warning6—go

interviewees be comfortable with the process as opposed to having them sign something that may freak them out even more, cause them to go into a shell, or walk out of the room.

in with the warning on a printed piece of

It depends on what the company wants

paper and read it. Providing the warning

to do. The more relaxed the interviewer

ensures best practices, depending on how

can make the situation—“it is not a big

serious the lawyer is about making sure

deal, we are doing this with everyone, the 57

Another good practice is to have a second investigator (in addition to the main investigator) or somebody else to come along who can document everything, take notes, deliver the Upjohn warning, and serve as a witness. The roles of each person should be clear. In some cases, both parties may need to ask questions. There is an appropriate way to transition the other investigator into the questioner’s role. It is helpful to explain the investigation process, as it relates to the interviewee. For example, “After this interview, if we don’t follow-up with you in the next month or so, it is fair to assume we don’t have any additional questions. The investigation is likely to be completed in the next month, and then the findings will be presented to a committee. At that point, disciplinary actions will be implemented, as needed, and those actions are kept confidential.” It is helpful to stop and ask the interviewee if they have any questions. The investigator is aiming to make the interviewee relaxed, so it is helpful to start off with basic questions, like: “how long have you worked for the company, could you explain your role in more detail, what do you do in your free time, did you watch the game last night, etc.” Hopefully, this subtle chit chat will help develop rapport. It is good practice to set a baseline for how an interviewee responds by having an opening conversation. Start off with easy questions, such as, “how long you have been at the company; what do you do; give me Currents 24.1 2020

some background about you.” Usually, even

global turnover for the inappropriate export

the greatest pieces of information in an

if nervous, interviewees are okay talking

of data.8 Google faced proportional fines

investigation can come from hidden cameras.

about themselves. Additionally, sometimes

in Europe recently for moving data around

There are security cameras in all types of

instead of answering the opening questions,

inappropriately. Lawyers need to avoid

places. Occasionally when conducting an

the interviewee will just launch into what he

negative consequences to company data, such

investigation, the attorney might partner

or she knows or thinks the investigator wants

as a purge or wipe by a third-party hacker,

with the firm’s internal security group. If

to talk about.

where data was not properly handled and the

they start humming “Bad Boys, Bad Boys,”

firm improperly exported emails.

pay attention. They will want to plant GPS

Opening can be a tactic, as for example

devices on people’s cars and put hidden

in interviewing the accused, ask “Did you

It is most often the case that lawyers

touch her inappropriately, cause that is what I

conducting investigations are terrified

have heard.” Often times, the lawyer is going

about data privacy. Some will go on record

for the shock value, but it is rarely necessary.

to say they don’t fully understand the topic

—————————————————

and that it is complicated. Up and coming

V. Jurisdictional Issues

young professionals need to get to know the

—————————————————

GDPR, which has widespread implications.

In addition, in the U.S., a firm cannot

The technical aspects of data privacy

Understanding this area of the law is

require an employee to turn over a password

advantageous.

to a privately held email or social media

create issues. Because certain jurisdictions have robust data privacy laws and enforcement

Many countries are mimicking some

policies, preparation, again, is key. In order to

form of data privacy. Because of rapid

efficiently and expeditiously obtain the best

changes in this area of law, lawyers must

advice pertaining to data privacy in different

stay updated. Although changes emanate

regions, the investigative lawyer must

from international governmental bodies,

learn who to rely on and where resources

data privacy remains a big issue. Different

are located. When there is a fast-moving

U.S. states have different laws, and an

investigation that will reach three countries,

investigating attorney in California will

the last thing the lawyer wants to learn is that

be facing privacy laws similar to Europe's

company servers are in a particular European

GDPR.10

country that has restrictive data protection regulations.

If a lawyer does not have a data privacy group at his or her company, he or she should

cameras in places where they should not. Spying on someone in a way where they have an expectation of privacy, even in the US, is a violation of the law with the potential to land the firm and the lawyer in a lot of trouble.

account. This issue is going to come up during investigations. Firms in the U.S. cannot put a hidden camera in the bathroom. For example, a client may have a situation going down in the bathroom without knowing exactly who is involved or what is happening. Consequently, the firm may want to put cameras in the bathrooms. This is not allowed because employees have an expectation of privacy.11 With regard to GPS devices, if it is a company vehicle, the firm must notify people that the vehicle is being tracked by GPS. If

The lawyer needs to find out what they

check in with the groups that are handling

can as fast as they can. However, he or she

data as a starting point. For instance, HR

should not hold out as an expert if not one,

should be able to identify the actual location

even when trying to learn at an accelerated

of confidential files, where they should be

With regard to recording, some states

pace. A lawyer should reach out to colleagues

located, and whether there are secondary

have a requirement of two party consent

and his or her network and get advice. Know

files being created. Having this conversation

while others require only the consent of one

that if there is a misstep on data privacy, it

early enables the attorney to move data to

party.12 If the company or the client has a

puts the company in a world of hurt. Under

its proper location and secure it with the

rule with regard to recording, the investigator

the new General Data Privacy Regulation

right access.

must know how he or she can effectively

(GDPR) of the EU, damages for a breach 7

can be up to 20 million euros or 4% of annual Currents 24.1 2020

Data privacy concerns do not arise solely with regard to data files. One of 58

a firm tries to secretly add GPS, that could be an issue.

conduct the recording and make certain no one violates company policy. If someone in

an interview puts a cell phone on the table,

criminally illegal to record without consent,

there are a lot of different cost considerations

they may be recording the interview and the

employees may complain and cite a recording

in play.

investigator’s demeanor and professionalism.

that is in their possession. The lawyer

Even if there isn’t a phone on the table,

receiving that complaint needs to stop and

assume the interviewee may be recording

consider what the recording is about.

Some firms only retain a data privacy officer and minimal staff. Firms should take data privacy issues seriously, especially if

the interview. There are cases where people’s

With regard to investigation protocol,

they have a European presence. Adding this

phones have many blurry pictures from

there are at least two steps. First, it is

component will affect the entire compliance

inside their pockets from the interview room.

important to make sure from a criminal

program because resources are reallocated

One of the things to tell interviewees is “I

standpoint what laws might be implicated.

and moved around. Luckily the response so

am NOT recording this conversation. The

Sometimes there is an issue with U.S. law, but

far has trended towards an increase in cross-

only way I record this is taking handwritten

there could also be criminality in a foreign

border enforcement cooperation.

notes. I promise you I am not recording you

context. So, the lawyer needs to check with

—————————————————

and I would hope that you would pay me

local counsel about what laws are involved,

the same courtesy. If you are recording, you

how many jurisdictions’ laws are relevant

VI. Global Responses to U.S. Enforcement Practices

should let me know.” With this approach, the

to an investigation, and whether the laws

—————————————————

interviewee might still record, but at least the

are criminal or civil. Second, the lawyer

interviewer’s approach is on the recording.

has to then examine the data privacy issue.

The success enjoyed by the U.S. pursuing

Another approach is to delicately ask the interviewee if they are recording. It leaves

Checking with local counsel here is also important.

large scale frauds is likely one, if not the main, driving force behind increased cross-border cooperation. Further, there is an abundance

the interviewee two options, lie on their own

The question of expense often arises,

of money to be collected by governments

recording or stop recording the interview. If

in conjunction with conducting the

successful in pursuing such prosecutions. For

they stop the recording, make sure to extend

investigation and receiving outside advice.

many years, the DOJ independently enforced

appreciation and say, “thank you.”

Large, sophisticated organizations typically

violations of this nature, hoping to sway the

have a lot of internal resources in many

global community to follow suit. Indeed,

locations, often with local counsel and

recently many other jurisdictions have

sometime in-house counsel, sometimes

recognized the value in pursuing corruption

external counsel, or both. Also, GDPR, in

and the importance of its effect–promoting

particular, has increased investigation costs

social justice. What remains to be seen is

compared to three years ago.

whether these drivers are as important to

If the interviewee shows his or her phone as if it were shut down and says, “Look I am not recording”, that is not definitive. There is a downloadable app that makes it look like a device is actually shut down. The app was developed by Safe Workplace, LLC.13 Before

governments as the money collected as a

going into the interview, there is a button that

When beginning an investigation

the app user can push and the phone goes

now, general counsel has to understand the

blank, so that it looks like it is not recording

day-to-day data privacy issues that must

Enforcement authorities around the

and not on. This type of app allows recording

be addressed. Having data privacy counsel

world continue to recognize and effectuate

secret conversations too, such as a meeting

is ideal. However, it does not mean other

such laws, in turn reinforcing their

with the boss.

members of the legal team do not need to

cooperation with U.S. enforcement and

know the basics. If a lawyer investigator

regulators. They stand to benefit most by

cannot look at materials over the network,

working cooperatively towards enforcement

what must be done to examine those

and avoiding quarrels with U.S. enforcement

materials? Whether there is an internal

authorities.

As a side note about recordings, sometimes an employee may utilize a recording to support a complaint they have lodged, which is now the basis of the investigation. Even in countries where it is

resource or external resources in the country,

result.

Finally, the global response is a function

Currents 24.1 2020

of the market’s demand for enforcement

boast a more international network utilizing

and, by extension, global cooperation in

three investigators covering tri-spheres, for

this arena. Social media has heightened the

example, agents in the western hemisphere

VIII.

public’s awareness of ethical issues and raised

in addition to others focused on covering

—————————————————

consumer expectations for companies they

the eastern hemisphere. These groups are

Compliance teams are crucial because,

choose to purchase from. Regulators respond

dedicated to internal investigations and

properly run, they are capable of building

to these concerns. The Organization for

all incidental work. Some companies have

organizational confidence that investigations

Economic Cooperation and Development

internal legal counsel around the globe,

and employee concerns alike are taken

(OECD) 14 out of Paris, coordinates an

consisting of Regional Compliance Counsel

seriously. When there are consequences

annual anti-corruption summit attended

(RCCs) and Regional Compliance Managers

to actions, human nature dictates better

by law enforcement agencies from all over

(RCMs) who sit in targeted areas around

behavior is likely to ensure, or at least, better

the world, 15 described by a former US

the world and consult with the company

empowers the relevant authorities to take

prosecutor on a podcast as a gathering of

regularly. These advisors and managers also

action before significant impacts in the state

global regulators to learn from one another

have a hand assisting with investigations.

of affairs are felt.

and share information. By all appearances,

Investigators rely on them for cultural

these meetings create opportunities to

sensitivity data. In that way, the company

build relationships, work together on cross-

feels it has better coverage than it might if

border prosecutions, and ultimately foster

instead utilizing purely U.S. investigators

cooperation.

who parachute in only when crisis strikes. As

—————————————————

such, internationally based teams represent a

VII. Minimizing the I m pac t o f C h a n g e s i n Enforcement Practices

thoughtful and efficient way of positioning

—————————————————

While companies cannot control fines

mistakes and to reinforce the company

imposed after the fact, they are able to take

culture and policies. These practices can be

With increased collaboration between

a preventative approach from within the

used in conjunction with disciplinary actions.

countries come larger fines. Continued

organization. In addition to the relationships

This sort of collaborative approach hopefully

intragovernmental commitments to

between counsel and compliance, working

will assist the business side of companies

cooperate, to the extent such cooperation

closely with HR is invaluable. By ensuring

understand that compliance groups are here

occurs, incentivizes further efforts by more

the smaller issues are being addressed and

to help the business work through these

governments, making it unlikely such

checking in with them to see what is landing

issues.

cooperation will end. Given this reality, it

on their table, larger problems can be

is unclear how companies can minimize the

sidestepped or avoided altogether. Employees

impact of fines and penalties.

reach out to HR often, unsure about what to

Historically, the approach to handling growing multinationalism, with respect to enforcement, has been the formation of international legal and compliance teams. Some investigative teams are primarily composed of former FBI agents and DOJ professionals based out of the U.S. Others still

people so as to address needs as they arise.

do in certain circumstances. These “smaller” complaints need to be addressed properly before they become a more serious issue. Additionally, proper handling of minor issues builds employee confidence in organizational ethical standards and legitimizes internal compliance programs. 60

Currents 24.1 2020

—————————————————

Conclusion

When employees are allowed to practice poor behavior and exercise bad judgment without repercussions, the fact that behavior persists, gets worse, or is adopted by others should not surprise. Although disciplinary actions are not shared, companies can implement training and lessons learned to help create more awareness of common

End Notes 1.

2018 Annual Report to Congress: Whistleblower Program, U.S. Sec. & Exchange Comm'n 1, 20 (Nov. 15, 2018), https://www. sec.gov/sec-2018-annual-reportwhistleblower-program.pdf. 2. U n i t e d S t a t e s E q u a l Opportunity Com., Dept. of Labor, What You Should Know: EEOC Leads the Way in Preventing Workplace Harassment, https://www. eeoc.gov/eeoc/newsroom/wysk/ preventing-workplace-harassment. cfm (last visited Jan. 22, 2020). 3. Carrie Penman, 2018 Ethics & Compliance Hotline and Incident Management Benchmark Report, Navex Global 1, 10, https://trust.navexglobal.com/ rs/852-MYR-807/images/navexglobal-2018-hotline-incidentmanagement-benchmarkreport.Pdf?_ga=2.2485 35815.1297925282.1571022941153615598.1571022941 (last visited Jan. 22, 2020). 4. Id. at 22. 5. See generally Upjohn Co. v. United States, 449 U.S. 383 (1981) (providing flexible framework identifying when employee communication with corporate counsel entitled to attorney-client protection). 6. The American Bar Association has stated that a proper Upjohn warning must advise the employee that “counsel represents the corporation and not the employee; communications between the employee and counsel will be privileged; however, this privilege belongs to the corporation and the corporation alone can decide to exercise it or waive it.” Ashish S. Joshi, Corporate Miranda: Clarifying Lawyers’ Loyalty During an Internal Investigation, A.B.A. (Oct. 31, 2009), https://www. americanbar.org/groups/business_ law/publications/blt/2009/09/07_ joshi/. 7. Regulation 2016/679, of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons With Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC, 2016 O.J. (L 119). 8. Id. at 82–3. 9. Adam Satarino, Google is Fined $57 Million Under Europe’s Data Privacy Law, N. Y. Times, Jan. 21,

10.

11. 12.

13.

14.

15.

16.

2019, nytimes.com/2019/01/21/ technology/google-europe-gdprfine.html. See 2018 Cal. Stat. 1807 (20172018 Regular Session) (to be codified at Cal. Civ. Proc. § 1798.100–1798.198, eff. Jan. 1, 2020). 18 U.S.C. § 2511 (2)(a) (2012). 18 U.S.C. § 2511(2)(d) (2012); Tex. Penal Code §16.02 (2019); Tex. Code Crim. Proc. § 18.20 (2015); Recording Phone Calls and Conversations, Digital Media L. Project, www.dmlp.org/legalguide/recording-phone-calls-andconversations (last visited Jan. 22, 2020). Ap p St o re Pre v i e w , A p p l e , https://apps.apple.com/us/app/ stopharassmentapp-corporate/ id1344409073 (last visited Jan. 22, 2020). The OECD is an annual forum in which the governments of thirtyfour democracies with market economies and more than seventy non-member economies meet to work with each other to “promote economic growth, prosperity, and sustainable development.” What is the OECD?, U.S. Mission to Org. for Econ. Cooperation & Dev., https://usoecd.usmission. gov/our-relationship/about-theoecd/what-is-the-oecd/ (last visited Jan. 22, 2020). OECD Global Anti-Corruption & Integrity Forum, OECD, http://www.oecd.org/corruption/ integrity-forum/ (last visited Jan. 22, 2020). How Companies Get Caught: Chuck Duross, Trace (Mar. 7, 2018), https://www.traceinternational. org/bribe_swindle_or_steal.

Currents 24.1 2020

General Data Protection Regulation and California Consumer Privacy Act: Background C U R R E N T

—————————————————

Introduction

————————————————— The Internet is certainly among the most

E V E N T S

This article was a collaborative effort of the following editorial members: Greta Carlson, Jonathan McKinney, Elizabeth Slezak, Esther-Sarah

significant technological advancements in

Wilmot.

modern times. Data and information can

https://edps.europa.eu/data-protection/

now be transferred almost instantly to anyone

data-protection/legislation/history-general-

across vast distances. The convenience and

data-protection-regulation_en. Part IV and

broad accessibility of the Internet has led

V, respectively, address impacts within the

to extensive economic development, new

EU and beyond it. Part VI breaks down

markets, and market entrants; its importance

California’s legislative response to GDPR.

cannot be understated. While the benefits of the Internet are readily apparent, beneath the surface lie legitimate concerns about individuals’ online data privacy. About a decade after the advent of the Internet, the Council of the European Union (EU) took an interest in the state of consumer protection in this sphere, adopting the European Data Protection Directive (Directive 95/46/EC) in 1995. Directive 95/46/EC’s stated purpose is to provide consumers with a sense of confidence that online data will be protected and kept private. On May 25, 2018, nearly 25 years later, the EU adopted the General Data Protection Regulation (GDPR) to further address such concerns. Part II provides a brief inquiry into the relevant legislative history, explaining the various proposals and compromises made amongst the EU, as well as the policy behind GDPR and the rights granted. Part III examines the elements of GDPR. See

opinions, and decisions.” One of the European Council’s final sweeping changes came April 27, 2016, when they officially repealed Directive 95/46/ EC—the first step in binding EU member countries to the GDPR. The purpose of repealing the early Directive 95/46/EC was to update data privacy protections. The GDPR notes how “rapid technological developments and globalization have brought new challenges for the protection of personal

—————————————————

data.” The GDPR went on to mention that

II. Legisl ative History

these new advancements “require strong and

————————————————— Directive 95/46/EC laid the groundwork for the GDPR, allowing the European Commission to “review the existing list of countries which offer an adequate level of protection of personal data.” At this time, Directive 95/46/EC was not a binding order; rather, simply a review of Member States. Data Protection Authorities granted “seals and marks to services–to reinforce consumer

more coherent data protection framework in the Union, backed by strong enforcement, given the importance of creating the trust that will allow the digital economy to develop across the internal market.” Finally, on May 25, 2018, the GDPR went into full force and effect, binding all EU member countries. See https://edps.europa.eu/data-protection/ data-protection/legislation/history-generaldata-protection-regulation_en. A. Intent and Purpose of the GDPR

confidence.” On March 12, 2014 the European

The purpose of the GDPR is threefold.

Parliament voted in favor of the GDPR

The policy purposes set forth throughout the

with an overwhelming number of votes

legislative history of the GDPR consists of

in favor. On June 15, 2015, the European

three separate but interrelated goals. First,

Council decided to replace the previous

the GDPR sought to provide a uniform

Article 29 Working Party with the European

series of regulations across all EU member

Data Protection Board (EDPB). From there

countries. One of the main concerns with

on out, EDPB’s role was “to ensure the

Directive 95/46/EC was that it appeared

consistency of the application of the GDPR

too disjointed and limited in its reach in

Currents 24.1 2020

throughout the Union, through guidelines,

order to achieve the goals of data protection

subject to its provisions to abide by certain

policy objectives by boosting consumer

and enforcement of law. Second, the GDPR

principles. Whereas citizens are explicitly

confidence in EU member countries and

seeks to instill confidence in citizens of EU

granted rights, principles are parameters set

growing the digital economy by allowing

member countries by ensuring their private

for organizations to follow that indirectly

for competition and the invention of new

data will be protected by those organizations

bolster the rights of citizens.

digital services. See https://edps.europa.eu/

that seek to use it. The GDPR explicitly grants new rights for EU citizens regarding their personal data. Third, the EU sought to boost Europe’s digital economy through these new protections—if people felt that their personal data was handled securely, they would be more willing to use digital services. The EU found these themes to be of particularly importance in recognition of the state of the modern world–that is, one pervaded by Internet integration in all economic aspects. Indeed, Recital 2 of the

Right of Data Portability

The right to data portability (RtPD) is easily defined. It is the right to receive one’s

data-protection/data-protection/legislation/ history-general-data-protection-regulation_ en.

own personal data from an organization

ii. The Accountability Principle

in a commonly used and easily shareable

The accountability principle is integral

form. Surprisingly, this was one of the more

to fulfilling the GDPR’s goals and expands

contentious rights to be introduced by the

protections and rights for EU Member States’

GDPR. Indeed, there was much debate over

citizens, placing the burden on organizations

whether RtDP truly belonged in the GDPR

collecting and transferring data to prove they

or whether it was a concept better suited for

are acting in accordance with the GDPR.

other areas of law.

Recital 85 gives a specific example of how

While some Member States favored

the accountability principle works. If there a

RtDP’s inclusion in the GDPR, others were

data breach occurs, the controller of the data

concerned with “risks of data portability for

has seventy-two hours to notify the persons

the competitive positions of companies and

affected by the data breach. However, if they

. . . the relationship between commercial

are able to show, in accordance with the

confidentiality and the IP of data controllers.”

accountability principle, that the breach will

Some Member States argued RtDP had

not put the rights and freedoms of the citizens

nothing to do with the protection of data

affected at risk, they are not required by the

Within the text of the GDPR, the

transfer and instead had more to do with

GDPR to notify those affected. The burden

EU Parliament and Council stated their

consumer and competition law. Ultimately,

of proof ultimately lies on the organization

thoughts and beliefs regarding data privacy

after critical review by the Council, the

or entity that controls the data. The GDPR

in no uncertain terms. Recital 1 states,

RtDP became part of the GDPR, included

does not assume organizations have citizens’

“[t]he protection of natural persons in

as Article 20. The Council ultimately felt that

best interests in mind and the accountability

relation to the processing of personal data

while the concerns respecting the RtDP are

principle is about forcing these organizations

is a fundamental right.” In the age of digital

arguably better addressed by other areas of

to prove they are responsible enough to

data processing, such language, regarding

law, the policy objectives of the RtDP are very

operate in the EU and in accordance with

the rights of individuals, is undoubtably

much in line with the GDPR as a whole. The

GDPR standards.

necessitated. Recital 3 of the GDPR further

RtDP was meant to “ensure that individuals

puts forth that the “processing of personal

are in control of their personal data and

—————————————————

data should be designed to serve mankind.”

trust the digital environment . . . the RtDP

Such strong language evidences the EU’s

could foster competition between controllers

newfound hardline stance on data privacy.

as a side-effect and thereby encourage the

The GDPR is now recognized law across

In addition to explicitly declaring

development of new data-related services.”

the EU, allowing EU citizens more control

citizens’ rights, GDPR compels organizations

The RtDP achieves the second and third

over their own personal data, improving

GDPR, the EU Parliament and Council makes these goals–to contribute to an area of freedom, security, justice, economic union, social progress, stronger economies within the internal market, and to the well-being of natural persons–abundantly clear. B. Rights and Protectionary Principles

III. Mechanics of the GDPR —————————————————

their security both online and offline. 63

Currents 24.1 2020

The regulation protects natural persons

right to be informed, the right of access, the

must be “processed lawfully, fairly, and in a

with regard to the processing of “personal

right to rectification, the right to erasure,

transparent manner in relation to the data

data” and creates rules relating to the free

the right to restrict processing, the right to

subject; collected for specified, explicit and

movement of that data.

data portability, the right to object, and the

legitimate purposes and not further processed

i. Consent

right of automated decision making and

in a manner that is incompatible with

profiling.” Within these rights, individuals

those purposes.” Further, processing must

have the power and control over what data

be “adequate” to properly fulfill the stated

marketers can collect, store, and use. Further,

purpose for collection, having a relational

individuals can rely upon rights granted–

link or relevance to that purpose, and must

such as the right to deletion, which allows

be limited, or “not excessive in relation to the

for deletion of all data collected about the

purposes for [processing].”

Individual consent “is one of the few circumstances under which an organization may lawfully process data.” It is ostensibly the responsibility and burden of any organization processing data to prove they are acting within GDPR guidelines given the broad and farreaching implications of the accountability principle. Specifically, Article 4 requires service providers to obtain consent from consumers before processing personal data. Consent has several elements. It must be free, specific, informed, and unambiguous. Consent must be given to each processing activity by statement or by clear and affirmative action as to signify agreement to the processing of personal data relating to him or her. When processing has multiple purposes, consent should be obtained for each purpose. Once consent is obtained, data controllers and processors can process the consumer’s personal data, but the consumer has the right to withdraw that consent at any time. The withdrawal of that consent does not affect the lawfulness of the processing based on consent before its withdrawal. Additionally, Article 4 defines personal data as “any information relating to an identified or identifiable natural person, directly or indirectly,” including data such as an “address, license plate number, Social Security number, blood type, bank account information, and so on.” The GDPR not only gives data subjects more control over their own personal information, but it grants data subjects eight key rights. These rights are: “the

consumer. However, this right is not absolute

Article 6 provides for six legal lawful

and only applies in certain circumstances for

bases for processing. Processing shall be

the individual. For example, individuals have

lawful only if, and to the extent that, at

the right to have their personal data erased if:

least one of the following bases applies:

“the personal data is no longer necessary for

the data subject provides consent to the

the purpose which you originally collected

processing of his or her personal data for one

or processed it for.”

or more specific purposes; performance of a

Compliance with the GDPR regulations

contract to which the data subject is a party

extends to both data controllers and data

necessitates processing; compliance with a

processors, contrary to the former legal

legal obligation to which the controller is

regime conditioning liability upon identity

subject necessitates processing; protection

of the processor–that is, who controlled the

of the vital interests of the data subject

data. Data controllers and data processors

or of another natural person necessitates

both determine the purpose and means of

processing; performance of a task carried

processing data, but data processors process

out in the public interest or in the exercise

data for the data controllers, who in turn

of official authority vested in the controller

retain such data. Controllers are “the main

necessitates processing; or where processing

decision-makers, who exercise overall control

is necessary for the purposes of the legitimate

over the purposes and means of the processing

interests pursued by the controller or by a

of personal data.” If two or more controllers

third party, except where such interests are

jointly “determine the purposes and means

overridden by the interests or fundamental

of the processing of the same personal

rights and freedoms of the data subject which

data,” they are joint controllers. However,

require protection of personal data.

they are not termed joint controllers if they

Lawful processing is one piece in a

process the same data for different purposes.

global trend encouraging greater corporate

Processors act “on behalf of, and only on the

accountability, with regard to protecting

instructions of, the relevant controller.”

consumer data. This trend has influenced

Article 5 deals with the principles

other countries to implement changes and

relating to the processing of personal data.

take a protective posture towards consumer

The regulation provides that personal data

data privacy rights. Data controllers and

Currents 24.1 2020

processors face new obligations with respect

the EU according to the DTRI Trade

amount necessary to establish protection

to personal data and shall be responsible for

Restrictiveness Index (Index). France

varies among Member States. In Germany,

and able to demonstrate accountability with

elected to adopt privacy regulations more

an investment as low as €4,000 may suffice

such data.

restrictive than those required. The Loi

to establish a sui generis right.

—————————————————

pour une République Numérique creates a

—————————————————

IV. Impact Within the EU —————————————————

data retrieval obligation for providers of online public communications services in the French market. Recently, French data

Beyond

the

—————————————————

Data privacy regulations are set by the

protection authorities issued a €50 million

National privacy policies and regulations

EU, supplemented by individual Member

(approximately $57 million) fine against

vary across the world. The approach of each

Countries which then set their own rules

Google for violating the GDPR. The fine,

regime reflects the country’s culture and the

and policies at the national level. Existing

issued in January 2019, is the largest penalty

government’s priorities. The EU, for example,

data privacy regulations and intellectual

imposed for a data privacy breach under the

is primarily driven by privacy concerns. The

property laws at both levels of governance

GDPR. Experts contend that the Google

protection of personal data and the privacy

must be reviewed and, as necessary, revised to

fine set a benchmark for future data privacy

of communications are statutory human

align with the GDPR goals. To that end, the

penalties. France’s hardline approach may

rights under EU law. However, security is

European Commission proposed revisions

influence the direction of data privacy law

the driving concern for other countries.

to the ePrivacy directive, which regulates

in Europe.

Security-focused countries typically adopt

the confidentiality of communications and

GDPR’s impact is not limited to

restrictive data policies that limit cross-border

the use of cookies, and Regulation 45/2001,

data privacy regulations. Rules regarding

data flows and provide limited personal

which applies to EU institutions when

intellectual property rights must be reviewed

privacy protections. China, Russia, and

processing personal data.

in light of the right to data portability created

Turkey rank the highest for restrictive data

In fact, the GDPR specifically requires

in the GDPR to avoid a conflict between

policies. All three countries include some

individual Member Countries to establish

the two regimes. The GDPR grants data

form of localization, retention, and transfer

their own rules, policies, and enforcement

subjects the right to transmit their personal

requirements.

authority schemes in accordance with

data from one data controller to another.

China is the overall most restrictive

particular parameters. However, Member

This right can conflict with the right of

digital trade country in the Index, followed

States are permitted some discretion in

data controllers to protect trade secrets,

by Russia, India, Indonesia, and Vietnam.

the construction of these rules. States

sui generis databases, and copyrighted

China’s trade and Internet restrictions inhibit

may provide for exceptions or limitations

content. Facebook, headquartered in Ireland,

the free flow of information. For example,

t o G D P R r u l e s w h e re f re e d o m o f

previously fought a request for disclosure

all data must be stored domestically and any

expression, employment law, and scientific

of personal information by invoking the

incoming cross-border Internet traffic must

or historical research is concerned. The

privilege of trade secret protection under the

pass through a national firewall. China’s

national regulations established by each

Irish Data Protection Acts. Vague language

robust security policies limit personal rights

country reflect its individual priorities,

in the GDPR and inconsistent application

by permitting the government to demand

cultures, and legal structures. The details

of EU intellectual property rules cause

proprietary information from organizations

of country’s implementation plan may

uncertainty in the future of intellectual

and personal data from telecommunications

impact the direction of future legislature and

property rights in personal data in the EU.

operators and Internet service providers.

enforcement actions.

A sui generis database right exists when a

Further, China’s proposed social credit

France, for instance, is the most

database was created as a result of substantial

system, which would monitor citizens’

restrictive digital trade country within

investment. However, the investment

behavior and collect personal data, does not

Currents 24.1 2020

require an individual’s consent nor does it

The principles regarding collection

based in countries with a mutual adequacy

provide an avenue for an individual to access

processes, data protection, and individual

decision from the EU may freely transfer data

or correct their own person data. Following

rights established in the Guidelines have

in and out of the EU without any further

in China’s footsteps, Vietnam has adopted its

become a foundation upon which other

safeguards necessary. To receive a mutual

own restrictive cybersecurity policies.

international economic forums and

adequacy decision, the EU must determine

The United States’ approach to data

organizations have built their own privacy

that the country offers an adequate level of

regulation attempts to find the middle

standards and guidelines. The 2018 G-20

data protection. Most recently, the EU and

ground. Its policies aim to find a balance

and the Asia-Pacific Economic Cooperation

Japan agreed to recognize each other’s laws

between trade interests, privacy protection,

(APEC) have both published principles and

as equivalent. Japan further committed to

and national security. The growth of digital

best practice guides related to data privacy

implement additional security measures for

trade has increased the focus on personal

and cross-border data flows. The 2018 G-20

the handling of personal data from the EU.

privacy and efficient data flow. However, the

Digital Economy Ministerial Declaration

The APEC Cross-Border Privacy Rules

distinctions between opposing fundamental

identified principles for data sharing

(CBPR) present a similar methodology

approaches to data regulation prevent

standards for privacy and cross-border data

respecting cross-border data flows of personal

interoperability between different data

flows. The 2005 APEC Privacy Framework

data. The CBPR balances data privacy rights

privacy regimes. The EU, US, and China

established principles and implementation

with commercial interests and identifies best

all have unique approaches to data policy.

guidelines to assist countries with establishing

practices for protecting personal data during

As other countries mirror the policies and

national data privacy policies. This year will

cross-border transfers. CBPR members agree

rules of their closest trading partners, three

see the revision of many of these international

to recognize each other’s data privacy systems

distinct economic spheres emerge based

privacy frameworks. OECD and APEC

as equivalent. Current members include the

on each approach. Some experts warn that

are scheduled to update and publish their

United States, Japan, Mexico, Canada, South

a system for global interoperability must

guidelines in 2019, and the 2019 G20 host

Korea, Singapore, Taiwan, and Australia.

be adopted to avoid fragmentation of the

has indicated the summit would focus on

Internet between the European, Chinese,

data governance.

The recently enacted Comprehensive and Progressive Agreement for Trans‐Pacific

and American spheres. However, there are

Despite the necessity of cross-border data

Partnership (CPTPP) created the strongest

no globally accepted standards nor binding

flows in international trade and commerce

commitments for binding digital trade

multilateral rules specifically concerning the

and growing public concern over personal

globally. The partnership is comprised of

cross-border flow of personal data.

data protection, there are currently no

eleven Asia-Pacific countries, including

Several international organizations

binding multilateral rules regulating privacy

Australia, Canada, Japan, Mexico, and

have developed non-binding principles

or cross-border data flows. Enforceable

Vietnam. CPTPP allows for the cross-border

and guidelines to assist governments in

trade rules are, however, gradually being

transfer of information between signatories,

developing or reshaping national data

established by means of trade agreements.

subject to restrictions for legitimate public

privacy policies. The Organization for

The GDPR allows non-EU organizations to

policy purposes. Discriminatory trade barriers

Economic Co-operation and Development

import and export personal data in several

and localization requirements are prohibited.

(OECD) established the pivotal 1980 Privacy

circumstances. Under the US-EU Privacy

The agreement further requires all signatories

Guidelines, the first set of international

Shield, transatlantic transfers of personal

to develop their own legal framework for the

data privacy principles. The Guidelines,

data by certified, US-based organizations

protection of personal information and to

last updated in 2013, are based on a risk

are permitted. Certification requires an

adopt consumer protection laws for online

management approach and emphasize the

organization to enroll in a voluntary program

commercial activities, but did not provide

importance of data protection in the context

and comply with its commitments and

any specific guidance in this regard.

of cross-border flows of personal data.

obligations. Alternatively, organizations 66

Currents 24.1 2020

The proposed United States-Mexico-

Canada Agreement (USMCA) similarly

Consumer Privacy Act (CCPA). Widely

best to accomplish protection. Specifically,

establishes trade rules and policies on

perceived to be America’s reply to the GDPR,

both aim at protecting personal information

privacy, cross-border data flows, and

major discrepancies between the bills do exist

related or associated with an identifiable

security. The USMCA, like the CPTPP,

and are sure to cause headaches in compliance

natural person, consumers and data subjects

promotes interoperability, prohibits arbitrary

departments in global firms with presences

respectively.

restriction of cross-border data flows, and

in each market.

requires member countries to establish

One work around to undertaking such

A. Definitional Distinctions

compliance contemplates the disassociation

national rules for personal privacy and online

CCPA protects “consumers,” natural

of data collected from identifiable individuals,

transactions. However, the USMCA goes

persons residing in the state and those

such that without other information the data

further than CPTPP, referring countries

domiciled there, but living elsewhere with

is not traceable back to that individual.

to the APEC Privacy Framework and

the intention of returning. As defined,

The degree of disassociation creates the

the OECD Guidelines for guidance in

“consumer” is a term broad enough to

distinction between “pseudonymous” and

developing their own privacy framework and

encompass even employee and business-

“anonymous” data. Often times, this sort of

consumer protection laws.

to-business transactions, in addition to

largely undiscernible data, with respect to

Expanding upon these agreements is an

household goods and services consumers.

the specific persons providing it, is clumped

important step toward establishing consistent

Take for comparison the broader “data

together into a big heap or “aggregated.” In

international standards for data privacy and

subject,” defined simply as an identifiable

both regimes, anonymizing, pseudonymizing,

data flows. The CBPR will continue to grow

person to whom personal data relates,

and aggregating functions must be performed

in strength and influence as more countries

contemplated by the GDPR.

with stringent technical controls to meet

and organizations join. Furthermore, the

Largely, CCPA takes aim at Big Tech

qualification of the respective regulatory

best practices delineated by the CBPR can

by targeting for-profit California entities

definitional bar. Companies that follow these

serve as the basis for further binding trade

that either: have gross revenue exceeding

guidelines are able to qualify the consumer

agreements. Because the CBPR includes

twenty five million dollars; derive above 50%

information collected as “deidentified”

economies at different stages of development,

of annual revenue from selling consumer

or “aggregated,” neither of which are

its initiatives can be scaled up to larger

information; or buy, sell, or share more than

restricted by the CCPA. Similarly, the EU’s

global efforts. Similarly, the language of the

fifty thousand consumers’ personal data

framework does not regulate data qualifying

USMCA is sufficiently broad, enabling its

each year. Service providers, third parties,

as “anonymous.” However, “pseudonymous”

adaptation for use in future agreements.

entities that share common branding, as

data is defined to include personal data and

Recent developments in data policy, privacy

well as controllers of covered businesses

is thus fair game under the general regulatory

principles, and digital trade agreements serve

are all required to abide by the regulation;

scheme. California has yet to make any clear

as templates, or least a starting place, on

likely a legislative tactic to close anticipated

rule or distinction as to pseudonymous data.

which to base future domestic regulations

loopholes in advance of their exploitation.

and binding multilateral agreements.

Note GDPR’s broader scope in this area–

Differences in each regime’s respective

—————————————————

even entities established outside the EU

foundational principles manifest in a variety

may be subject to abiding its regulations,

of forms, significantly in the distinction

specifically if the behavior of EU data

between their respective approaches: opt-in

VI.

CCPA

GDPR

—————————————————

B. Foundational Regime Differences

subjects is monitored or in connection

versus opt-out. Where European law finds

Close on the heels of the GDPR,

with some offer of goods or services. Both

an implicit right of personal dignity and a

progressive legislators in California similarly

schemes essentially approach the sort of

positive right to protection of personal data,

sought to enact data privacy protections

data—personal information, as respectively

an affirmative opt-in approach logically

for their constituents with the California

defined—similarly and contemplate how

follows. Conversely, American law, and

Currents 24.1 2020

by extension Californian law, traditionally

downstream recipients than is available to

balances competing principles and positive

California consumers.

The disturbing trend of increasingly common data breaches can, in the vast

and negative rights, predictably then,

Further, GDPR data subjects enjoy the

number of cases, be appropriately hedged

resulting in the opt-out approach taken by

right to rectify inaccurate and incomplete

with proper preemptive security measures.

the California legislature in enacting the

personal data, some right to restrict and

GDPR affirmatively requires particular

CCPA. In terms of practical effect, this

object to the processing of their data, as

security measures in accordance with

distinction has not presently resulted in any

well as the right to object to automated

respective risk levels. CCPA does not dictate

severe disparities, but instead simply lends

decision-making. The implications of the

particulars in this respect. However, it does

context to developmental differences. Positive

aforementioned, specifically with regard to

establish a cause of action for certain breaches

rights protected by GDPR include the right

the ability to object to algorithm and non-

where the party proves a failure to maintain

to a privacy notice, to information disclosure

human decision making, are sure to make a

reasonable security measures, with risk and

or access, to data portability, to deletion, to

significant impact on companies like Google,

reasonableness judged as they align with

rectification, to object in limited ways or even

no stranger to accusations respecting the

existing case law.

absolutely to data processing, and to object

lack of corporate transparency. CCPA, on

GDPR finds implicit in the law that

to automated decision making. Differences

the other hand, provides consumers with

discrimination for exercising rights granted

in the regimes largely relate to positive rights,

an affirmative opt-out right. Essentially,

is barred. CCPA on the other hand does not

many of which are not recognized in the

businesses subject to the law are required to

allow discrimination against a consumer

California bill.

include a clear and conspicuously located

that exercises their rights, but a consumer

Both regimes contemplate a right of

“Do Not Sell My Information” link on their

who exercises their rights can be charged

disclosure and access to the information

homepage. Businesses must also comply with

differently, to the extent the difference

collected and shared. CCPA consumers

consumer requests to opt-out of the sale

reasonably relates to the value their data

can opt for a written disclosure of this

of their personal information and cannot

provided. Businesses may offer financial

information. GDPR’s disclosure grant goes

request reauthorization for the same, for

incentives to consumers, but to do so must

further, granting access to some extent to

at least 12 months post-opt-out. While

disclose as much in their terms and policies

additional portable formats. Data portability

GDPR has some opt-out features, the law

plus obtain the consumer’s opt-in consent.

rights in both schemes largely mirror one

mainly relies on its opt-in approach to obtain

another, each requiring the provision of data

substantially similar results.

in a readily usable format. GDPR’s grant is,

Both bills require compliance with verifiable rights requests within substantially similar windows of time, generally no more

C. Similarities

again, broader, requiring data controllers to

Big distinctions between the CCPA

than three months. European data controllers

actually facilitate a requested transfer to a

and GDPR include potential disparities in

have the option to charge a fee for compliance

third party.

the gravity of effect on and scope of parties

with the law. In California, non-excessive

California consumers enjoy a fairly

regulated, severity of penalties imposed, in

requests must be free to consumers. Thus,

comprehensive right to require deletion of

addition to those relating to the application

the two regimes find effective similarity here

their personal information by a particular

of diverging approaches. However, both

except to the extent some consumers with

business, who must in turn instruct its

regimes find agreement in several areas.

strenuous requests are charged some fee to

service providers of the same, subject to

Both afford a similar privacy notice and

obtain the compliance sought.

certain refusal rights. In Europe the “right

information disclosure, as to the data

to be forgotten” only applies if one of

collected and the use intended for those

As cumbersome as compliance may

six conditions is present, however where

protected, with some procedural differences

be on companies subject to these rules,

available this right is coupled with a far

in terms of which information, how much,

violations of law in this respect correlate with

more stringent informing obligation to

and the method of its delivery.

even costlier fines and potential remedial

Currents 24.1 2020

D. Consequences

measures, as well as the manifestations of

around the bend, these issues are sure to

such action which can cost exponential sums

become less and less opaque in the public

to the individual whose data rights have

consciousness. The effect of compliance with

been violated. GDPR grants data subjects

both GDPR and CCPA may result in a high

a private right of action for both material

burden on smaller firms who cannot afford to

and non-material breaches to remedy rights

uphold two different systems. They may be

violated. CCPA conversely grants consumers

forced to adopt whatever is stricter or attempt

a narrow private right of action for breaches

duplicitous compliance. The pressure of dual

that implicate a sub-set of personal data.

systems may result in pressure for legislative

Consumers can seek the greater-of actual or

action from a federal level as well.

statutory damages, which range from $100

—————————————————

to $750 per consumer, per incident, as well as injunctive or declaratory relief, subject to 30 day cure period.

VII.

Conclusion

—————————————————

CCPA subjects violators to a fee schedule

How privacy online will be defined

beginning at $2,500 per violation or $7,500

on the Internet still remains to be seen.

per intentional violation, again subject to a

The Internet’s pioneering history has,

30 day cure period. GDPR employs a higher-

thus far, largely gone unpunctuated by

of rule with respect to either twenty million

regulation, a trend that analogizes its

Euros or four percent of annual global

nature–a modernized technological frontier.

revenue in addition to any fees imposed by

The GDPR represents a frontline of sorts in

individual member states.

the combat of such uncertainty, providing

E. Developing Trends

regulatory uniformity throughout the EU as

Trunomi founder, Stuart Lacey,

to instill consumer confidence, encourage the

encourages consumers to recognize the

use of the Internet, and boost Europe’s digital

reality: that is, your data is being sold. Why

economy. New rights protect individuals,

not willingly enter into the equation, profit

while new principles direct organizations to

on the sale of your own data, and take

act with the utmost care and responsibility in

some control back? As awareness grows this

handling the personal digital data of citizens.

approach may appeal to some. Others may

Recent developments, such as cross-border

push further for a more stringent system that

trade agreements and the enactment of

goes beyond CCPA, or even GDPR. At the

comparable legal protections, should serve

very least, this issue is top of mind for those

as a signal to nations and organizations alike,

informed purveyors of the common practices

that the time is now to take stock of and

corporate actors are currently undertaking

implement modern data privacy protections.

(or failing to undertake), particularly with respect to transparency practices. Still others accuse and suspect Big Tech and their algorithms of worse, ranging from rumors of shadow banning to more hysterical conspiracies. With artificial intelligence 69

Currents 24.1 2020

Present and Future Data Privacy Outlook M O D E R AT O R / PA N E L I S T: W E N D E L L

PA N E L I S T S :

S H E N N A

B R A D S H AW,

H A R V E Y,

M A RY

J .

B A R T N I C K ,

A L E X A N D R A

C H U G H TA I -

I S E N S E E

—————————————————

Insurance Portability and Accountability

inability of regulators and lawmakers to

Act (HIPAA), Gramm-Leach-Bliley Act

articulate what compliance should look

(GLBA), and various state laws. One of the

like, all contribute to the difficulty in both

most burdensome challenges is resolving how

understanding and complying with privacy

to go about building a privacy compliance

law.

Introduction

————————————————— The General Data Protection Regulation (GDPR) is now in effect and could apply to companies around the world. U.S. companies are just starting to recognize the issue—data privacy is not something that can be ignored or relegated to a low priority compliance issue because the risks are simply too great.

program when various, sometimes conflicting, standards apply. Understandably, companies struggle to navigate this legal quagmire.7 Information technology outpaces the myriad of changing laws, data uses change (and expand), and frequently, data volume increases tremendously. These

The GDPR became enforceable on

changes are the root cause of the compliance

May 25, 20181 and concerns the processing

confusion for companies because it is

of personal data.2 The GDPR has had a

difficult to manage risk with all this change

dramatic effect on privacy law and has caused

occurring. Understanding that the privacy

many international companies to expend

field is a complex, ever-changing behemoth

significant resources in their compliance

is fundamental to any approach taken in

departments. Subsequent laws in other

developing a privacy compliance program.

countries are very similar to the GDPR, for example, in South America and California's California Consumer Privacy Act (CCPA).3 Clearly, privacy law is headed towards some sort of comprehensive body of law, whether federal or state in the United States and across the globe. The landscape is changing, and businesses are faced with higher risk, requiring firms to address how their data is handled internally and externally.

Additionally, the ambiguity of the laws further complicates privacy law compliance. The GDPR, for example, has ninety-nine articles and two hundred plus recitals that try to describe how a comprehensive privacy legal regime should look.8 The CCPA, effective January 1, 2020,9 contains far less verbiage while attempting to cover almost all the same subject matter that the GDPR covers. Clearly, there is tremendous ambiguity as

Current data privacy rules constitute

to what companies are supposed to do to

a patchwork of laws, due to the influence

comply with the law. The combination of a

of the European Union (EU) law and to

patchwork of law, the ever-changing nature

the new changes to California law, Health

of technology and data, and the seeming 70

Currents 24.1 2020

One key aspect of privacy is connected to an understanding of the information in scope, the use of that information, and where it is going. Any company that has offices, employees, clients in Europe, or clients that may not be in Europe but market to customers in Europe will be subject to the GDPR.10 Even businesses not subject to the GDPR are pressured to comply because of its enhanced protection measures and the possibility they will fail to retain clients if the business is not GDPR compliant. Becoming GDPR compliant may require a year’s worth of work, depending on the company’s resources. Such may be the case, for example, where only one attorney is coordinating among the entire company rather than a legal team where the work of building a compliance program can be distributed. With a single attorney coordinating the HR department, the marketing department, the product team, essentially the whole company must get involved. With a single attorney coordinating the checklist, and every department throughout the company having at least one person responsible, GDPR compliance may take a year to complete. Mainly, this is due

to the data mapping process: understanding

perform a data inventory in order to make

with respect to security. Vendor management

whose data is involved; data’s categorization;

later efforts to comply with the law an easier

is becoming more and more important as

data’s use; and where it goes. This process is

task. A fundamental piece of any privacy

many of the data breaches occur through

fundamental in becoming GDPR compliant.

program, which any company could begin

vendors or at vendors.21 This creates a huge

to develop on their own without hands-on

area of risk with respect to personal data.

legal support, is gaining an understanding

Companies should improve their diligence

that these processes do take a long time to

processes, increase vendor monitoring, and

implement and find the necessary internal

have stronger contracts. It is not just a legal

resources.

requirement under the GDPR, it is good

If that foundational work is not done, compliance is challenging because the law requires answering specific questions. For example, when a company interviews a candidate for a job, often the candidate

practice. This manner of compliance is a fairly

brings a résumé. If hired, that candidate’s

The GDPR added a second

résumé and ID are photocopied and stored

requirement—granting rights to

into a file. If the photocopier is networked,

individuals.15 In the United States, there are

however, where do the ID and résumé go, and

certain opt-out rights, such as opting out of

where does that server sit? These questions

email marketing or telemarketing.16 Beyond

must be addressed, and the business team

that, individuals in the U.S. generally do

A fourth item that is important is

must know that these kinds of internal data

not have the legal right to ask companies to

something called privacy by design, or privacy

transactions are taking place.

amend the data collected or created about the

by default,22 now required under the law.23

individuals, to delete the data, or to provide

A business runs into privacy issues anytime

more information on data that a company

that it develops new products, changes

might have.

business processes, or does something new

—————————————————

II. Features of the General Data Protection Regulation ————————————————— The GDPR has requirements for notice and consent, which are similar to privacy 11

policies in the U.S. However, there are five 12

major aspects to the GDPR that differ from existing privacy law in the United States. The first is performing a data inventory, or data mapping. The GDPR requires companies 13

to document how all personal data is used, managed, processed, and shared.

The

first thing that a regulator will request in the event of a massive data breach are the processing records following the inventory process in order to prove the company is doing what it is supposed to do. Compiling this inventory involves a significant amount of work and can take months to complete. Outside of the law and irrespective of the privacy regime, whether in Mexico, Canada, or the EU, companies have to know how to

By contrast, the GDPR gave every individual the right to learn more about what data a company possesses.17 Companies must provide individuals with all information, not limited to name, address, and telephone number, but rather all information actually possessed and relating to that individual.18 One such purpose for this includes the individual's right to amend that data if it is wrong19 and the right to delete that data if

significant undertaking for many companies who had to change every single customer contract or every single vendor contract in order to comply.

or different with personal data. Companies must determine whether there are ways to minimize the personal data that it is using, whether it has secured its personal data properly, or whether it has transferred data to legitimate vendors. Even after the GDPR, many companies are not yet to that point. Building a culture of privacy in a company is a difficult task and is a future goal at many companies.

the individual does not want the company

Finally, under the GDPR, a company

to have it. This is another internal process

must identify specific individuals to be

change that companies need to implement in

responsible for privacy at that company.

order to comply with the GDPR and, soon,

In some respects, an effort to raise privacy

with California law. Companies now have

should really begin with the C-suite.

to figure out ways to handle these requests

The law requires a data protection officer

from individuals, whether it is consumers,

(DPO),24 a role filled internally to take on

employees, or whomever.

an independent functional role. Europe has

A third item that is important is thirdparty or vendor management, particularly

laws that make it difficult to terminate a DPO, who is an employee protected under

Currents 24.1 2020

the GDPR, 25 much like whistleblowing

a passport, which is regulated personal data.30

broad definition of personal information,

immunity. Essentially, the company needs

Furthermore, where the company stores its

including more than internet browsing

to treat the DPO guidance as an important

information, what uses are made of that

history, demographic information, and

consideration, not to be dismissed lightly,

information, and how long the information

biometric information.33 Companies struggle

requiring a good reason for non-compliance

is stored, are all reasonable questions to ask.

to get a handle on this and how far to take

with what the DPO says that the company is

For companies not heavily involved in

compliance efforts in the face of anticipated

supposed to do. The DPO is expected to have a lot of clout within a company that needs to comply with the GDPR. This adds another layer of difficulty that companies will have in grappling with the new law. These are the five major aspects of the GDPR that are foreign to the United States; however, other minor aspects of the GDPR, like required employee training, may come as familiar.

Europe, compliance requires determining how far the company goes towards GDPR compliance. Now that the California law is

law that is still being invented. The California Attorney General is still working on issuing regulations intended to interpret the law.34

in effect, new privacy laws will sweep across

For now, the companies should focus

the nation. These changes are also coming

on the basics, such as updating policies,

to Texas.

training employees, and satisfying certain

There is another aspect of being in the oil and gas industry, and for those companies in the retail gas station business, choices are made about whether to own and operate

definite requirements. For example, the CCPA requires a dedicated 1-800-number where consumers can make consumer rights requests.35

—————————————————

those stations or whether to find partners

The CCPA is similar to the GDPR but

III. Changes to California Law

to operate those stations. There is a lot of

it is not exactly the same. There is a lot of

credit card information that is passed through

gray area and compliance programs struggle.

those stations every day. It is just one of the

There is not a 100% perfect requirement for

considerations that goes into how businesses

a compliance program.

————————————————— Many of these aspects of the GDPR are influencing other privacy law regimes around the world. There are at least twelve U.S. states with bills pending on privacy laws that look like the GDPR.28 California passed the California Consumer Privacy Act (CCPA), which took effect January 1, 2020. There 29

are many aspects to the CCPA that follow the GDPR, and companies doing business in the U.S. must prepare for this change. A.

Preparing for the GDPR in the U.S.

Companies with a very light touch in Europe may perhaps have assumed that the GDPR was inapplicable. However, companies must still perform due diligence with foreign companies. Companies that ask for personal information are still at risk, whether that information typically stays with the company or whether that information is of such a nature, for example,

choose to operate and whether to choose to take on that liability with data security. Service Corporation International (SCI), for example, takes a lot of credit card information, social security number information, and other information that is highly sensitive that belongs to purchasers and decedents.32 SCI did not necessarily face compliance issues with the GDPR, but it does business in California and now faces the pressure of this new law.

Enforcement under the CCPA

Under the CCPA, there is an aspect of the regulation contemplating data privacy, specifically a consumer private right of action, permitting statutory damages if a data breach36 occurs involving “nonencrypted or nonredacted personal information.”37 Any data breach that happens in California now or affects people in California could result in class action litigation where they can get between $100 to $750 per person, without

There is a major effort for companies in

proving up any damages.38 This is pretty

positions like SCI to try to map and inventory

atypical. In Illinois, a similar private right of

all of the collected personal information

action under its biometric law39 has actually

and the specific data elements, primarily,

created a cottage industry of private class

determining what the data elements are and

actions for this reason: any technical breach

with whom are those elements shared. The

of biometric data collection practices results

law is still in the process of being amended,

in statutory damages. 40 By comparison,

has ambiguous language, and features a

the CCPA goes further, contemplating the

Currents 24.1 2020

breadth of personal information, not limited

Both houses of Congress, the House and

One of the key aspects to achieving

to biometric information, thus carrying

Senate, have had committee meetings to

CCPA compliance is determining the

potentially drastic consequences.

talk about a federal privacy law. If all states

character of data transmissions to others: who

have their own privacy laws on par with the

is the data going to and for what purpose?

GDPR and the CPPA, then the question is

Second, is this transaction a “sale” under

one of a conflict of laws. This may very well

California law, and if it is, how can the

be a field of law that is preempted by future

company present itself in such a way or notify

federal regulation by virtue of the Commerce

others that it takes privacy seriously? Future

Clause,

as is patent and copyright law.

practices will be informed by subsequent

However, supporters of the California law

clarifications by the California Attorney

want any federal privacy law implemented

General in addition to future amendments.

to be as strict as California law.

Finally, as with doing business in the

The California Attorney General pushed for an amendment to make the private right of action, plus the statutory damages, also apply to any sort of violation of the privacy aspect of the CCPA.41 The amendment allows consumers a cause of action to sue for $500 for any technical violations, including the failure to respond to a consumer’s access request within thirty or forty-five days, again without separately provable damages.42 C.

CCPA v. GDPR

At present, not much enforcement of the GDPR is taking place within the EU. Stricter enforcement is likely around the bend. The EU may intentionally be a little slow in their enforcement practices, knowing that companies are still trying to comply. Additionally, the EU does not grant a private right of action like the CCPA.43 So, there will be a different manner of enforcement of the law once the California changes are implemented. It is possible to raise this issue internally as to the resources a company needs for compliance when dealing with either the EU or California. These changes also mean encrypting personal information. The easiest way to prevent any damages from a big class action, is to just encrypt the personal information.

One unique aspect of the California law (different from the GDPR) is the concept known as “sale” of personal information. Prevailing thought might suggest that selling

EU, companies cannot meet compliance obligations without doing a data inventory, as previously described, a now-fundamental function to operating the business.

data only relates to marketing and advertising

Consumer rights requests54 are waxing

companies, those reputed for buying data.

a territory rife with phishing-esque attempts

However, the CCPA has defined “sale” to

to improperly acquire others’ data through

seemingly include almost any transmission

access requests.55 Additionally, consumers

of personal information to a third-party

may begin asking companies to delete their

other than to a service provider that will only

personal information.56 However, it is still

use the data for the purpose of providing

uncertain whether the law requires a hard

the service. This construction is slightly

delete versus a soft delete—a technical

convoluted, but essentially, if a business gives

question. One concept worth contemplating

out personal information to anyone except

is termed referential integrity 57 in which

a service provider, that transaction could be

companies take a certain database down

characterized as the sale of data.

while still allowing another company

Companies that “sell” data, as defined, should contemplate several actions they will be required to undertake to be in compliance. First, a company’s home page must have a clickable link for individuals to opt-out of any data sales. The company’s privacy policy 51

One potential issue the CCPA presents

needs to inform readers that the company

is its application to California residents who

sells personal information and provide

browse out of state companies' websites, if

instructions as to how individuals can stop

such state lacks similar data privacy laws.

their personal information from being sold.52

What do these companies do with their

The new law has several notice requirements

data? It is difficult to say and has sparked a

that must be met before data can be sold.53

national debate about federal privacy law.44

database reliant on residual data58 to continue running. Such illustrate the lack of clarity companies face in determining how far to go in deletion of data. D.

Vendor Contracts

Another key aspect of the CCPA involves vendors, vendor management, and data transfers that provide access to another party. Managing transfers of data boils down to the terms of the contract entered with the third-party, specifically those that concern personal information. The CCPA

Currents 24.1 2020

involves personal information in a broad

the vendor objects to any of the terms, then

vendor’s security policies are and how

sense of the word–data related to people–

a data privacy attorney may be brought into

data will be protected beforehand allows

not merely sensitive personally identifiable

the mix to further negotiate. It is imperative

companies to more smoothly come to an

information.59

to ensure that companies utilize effective

agreement. It is important to note that

screening procedures for vendor contracts

the risk will usually be shared; no one

and to determine if those vendors have access

party should assume all the risk. Thorough

to personally identifiable information, per

security addendums with lists of performance

the broader definition under California law.

expectations help in this regard.

Third-party due diligence is required when negotiating these types of contracts. Parties must consider the types of information to be shared and how the data will be handled, stored, and processed. Next, parties should consider what law governs such data. Transferring data to third parties involves a certain degree of risk and many greenlit decisions are based on the size of the deal threshold; certain contracts are reviewed based on the dollar threshold. However, a deal’s value does not necessarily correlate with the risk associated with the data involved. Unsurprisingly, companies struggle to operationalize attorney inclusion in every sort of contract. Companies either do not retain a sufficient number of attorneys or do not know with whom to talk before signing a particular deal. One solution is the incorporation of strict requirements into all contracts. Good practice entails putting the requirements and procurement departments on notice that, regardless of the dollar amount, the contract must get legal approval if it involves anything IT-related. Further, it is not uncommon for a corporation to reply by developing a set of screening questions that the business team or sponsor of the contract answer. The questions screen for personally identifiable information and systems or network access. If any of the answers indicate the third-party will have access to data or systems, the business team will understand to move further in the protocol, perhaps providing the vendor with a data privacy or cybersecurity addendum. If

Moreover, companies should ensure that vendors protect data according to the terms of any provided addendums. Such is a key piece of any privacy compliance program. It is company data at the end of the day. The company is ultimately responsible, regardless of the fact that perhaps an HR vendor houses all of the company’s employee information, and that information still belongs to the company. Therefore, while vendors will seek to limit risk in any negotiation, for this reason sharing risk is vital.

with the other party’s security policies are not possible if the business is built to be a global business and perform work for many customers. Customization detracts from such business model. Sometimes getting to “yes” in a negotiation just takes a conversation; it may be as simple as getting both parties’ security teams on the phone to review security policies and find common ground. Inevitably though, other contractual provisions, such as indemnification, limitation of liability, the

Similarly, vendors utilize checklists and

obligation to respond in case of a breach, and

train employees to carry them out. Vendor

the extent of measures taken in response to

contracts vary considerably, dependent

breach, may be more heavily negotiated over.

on who the customer is, where they are

Vendors frequently push back on the

located, and so on. Thus, it follows that a freight company may be less attuned to data protection and privacy than say, an airline company–typically handling massive volumes of personal data in its day-today operations—may be in handling that data responsibly. Handling data poses a serious risk and vendors cannot be expected to be poised as insurance providers or accept exposure to uncapped liability. Any company that accepts uncapped liability, an operationally unfeasible undertaking, is one soon going out of business. With that in mind, it follows that vendors generally are open to negotiating liability caps. Understanding what the 74

Currents 24.1 2020

However, requests to a vendor to comply

term “audit rights”—that is, the ability to go on-site to perform an audit on the vendor. Limitations on consequential damages are similarly negotiated heavily, as well as termination provisions, specifically those allowing one party to terminate a contract without a penalty. If there is a questionable report or there has been a security event and a vendor has given notice, it is difficult to make the case that another party’s resulting insecurity justifies a clean break absent any penalty. A party that anticipates such may desire to include insecurity as grounds for unilateral termination, but likely invites quarrel in doing so. Technology companies typically desire

to employ customer data in improving

requests and, to the extent such data was

with approximately fifteen of such laws

and developing new products and services.

previously shared with a service provider, to

updated in the past year alone.67 In order to

Increasingly, permitting companies to

instruct the service provider to also comply

appropriately respond in the event of a data

use this data in this way must be limited.

with the deletion request.62 Companies

breach, companies should be apprised of

Companies may decide to compromise,

to which this rule applies may consider

the patchwork of governing law in advance.

authorizing to the extent data is used

amending vendor agreements to contractually

Resources that summarize jurisdictional

internally, for the improvement of products

obligate vendors to comply with received

differences are a useful starting place.

and the like, but beyond that restricting usage

deletion requests.

as to limit risk. Additionally, the CCPA may

—————————————————

program includes signing up for listservs

I V. C o n f i d e n t i a l Data S e c u r i t y

and bulletins, as well as maintaining an

demand this approach if companies wish to avoid the transaction’s classification as a “sale” of personal information. Companies may undertake solutions such as the

Best practice for any compliance

—————————————————

anonymization of data60—that is, unlinking

Beyond personal data security concerns,

the data from the identity of any particular

other sorts of data—such as confidential or

individual— deemed a sufficient restriction

proprietary—command a level of significant

under the law. Technology companies

concern for many companies, often utilizing

utilizing anonymized data may desire to share

confidentiality agreements to achieve the

the same with sister companies in taking

security desired. Such companies should focus

products to market. Sharing in this manner

on the specific data security requirements set

is acceptable to consumers, but only to the

forth to protect confidential or non-personal

extent the best benefit from the product is

information. For example, the North

obtained or the best pricing for that product

American Electric Reliability Corporation

is allowed.

(NERC) Critical Infrastructure Protection

Owing to the private right of action61 granted by the CCPA—a new legal cure for harm caused by the occurrence of a data breach—vendor agreements concerning data exchanges are being reevaluated. Contracts are now reviewed to ensure adequate privacy protections are present in preparation for the event of a potential breach implicating

(CIP) standard 63 applies specifically to companies in the electrical sector. NERC CIP expects organizations in that industry to comply with a host of data security requirements64 and, further, to push such requirements down to their respective suppliers.65 Vendors must comply with this comprehensive scheme of obligations in

incident response team plan with a team in place. Further, teams may find it helpful to know: who receives the information in the event of an incident; whether or not the recipient is a certain department, such as IT, legal, or cyber; who will disseminate that initial information; how discreet the group of specified recipients are; and lastly, each individuals’ roles in the event of an incident. One document to develop at the outset is a template notice for consumers. Additionally, practical steps, such as pre-arranging for breach counsel, a credit monitoring vendor, or a mailing vendor and maintaining cyber insurance with preapproved vendors, are advantageous to take in advance. Quarterly table talks, a chance to run through a mock incident response scenario, are a helpful exercise for companies to undertake, particularly if well attended by all the key stakeholders.

order to safeguard data that otherwise would

Much like the first day back at the gym,

not have commanded such a robust level of

commencing a table talk may prove arduous,

security.

yet worthwhile; continuous practice improves

them or draft new versions consistent with

—————————————————

performance and serves to familiarize teams

current law.

V. Data Breach Response

a California resident’s data. Similarly, companies that utilize addendums to supplement contracts are obliged to update

of their respective roles. Instructive in this respect is the annual Pew Report which sets

Another discrete piece of protection

—————————————————

the CCPA contemplates requires companies

There are fifty data breach notice laws

to abide by California consumers’ deletion

year.68 Their research has shown that written

in the United States,66 updated regularly

incident response plans are the most potent

forth the costs of data breaches over the past

Currents 24.1 2020

method to reducing the cost of a given data breach. Further, incident response plans are required under the GDPR.69 Thus, for multiple reasons, it is a helpful tool to be equipped with and there are even companies that specialize in assisting with preparing such a plan.70 Diagnosing the problem in a particular scenario is the key: be prepared to know which phone number to call, whether to reach out to the FBI and forensic teams, and when to contact the cyber insurance professionals.

VI.

Conclusion

————————————————— Both the GDPR and the CCPA diagnose data privacy concerns as a serious problem, particularly for consumers. Each law seeks to address these concerns, utilizing alternative approaches. In the near future, new laws to further address such concerns will be introduced and given effect, as lawmakers strive to continuously update existing law. Although implementation of data privacy laws is currently less than exacting, prudent

In terms of policy coverage, cyber

companies should begin efforts to develop

insurance is all over the board. As a new

compliance regimes before, rather than after,

industry, insurers may utilize various coverage

the eventual uptick in enforcement is set

limits and exclusions. Consequently, it is

into motion. Such a regime should account

crucial to carefully understand insurance

for the ways in which different sorts of data

policies as often times the coverage actually

require different sorts of protection, a variety

provided is non-intuitive to conventional

of practical measures to appropriately protect

expectations. On one hand, policies typically

such data, and as ways to mitigate risk in the

include carve-outs for violations of law–

event of a breach.

notable since nearly all data breaches, for instance a HIPAA data breach, can be characterized as violations of law. Alternatively, policies are not apt to insure other sorts of losses, such as those where an existing contract already covers such losses, including subcontractor agreements. In sum, navigating these policies requires caution, an awareness of the risk inherent in the business, and an understanding of the particular concerns of the business, such as maintenance of a comprehensive cyber policy inclusive of subcontracting, a practicality for those businesses whose data is kept by subcontractors.

————————————————— 76

Currents 24.1 2020

End Notes 1.

Regulation 2016/679, of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons With Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC, 2016 O.J. (L 119) 87 [hereinafter Regulation 2016/679]. 2. Id. at 32. 3. 2018 Cal. Stat. 1807 (2017-2018 Regular Session) § 1798.120 (to be codified at Cal. Civ. Proc. § 1798.100–1798.198, eff. Jan. 1, 2020) [hereinafter CCPA]. 4. Health Insurance Portability and Accountability Act of 1996, Pub. L. No. 104–191, § 221, 110 Stat. 1936 (1996); see also Health Information Technology for Economic and Clinical Health Act (HITECH Act), Pub. L. No. 111-5, § 123 Stat. 226 (amending and expanding certain HIPAA privacy protections). 5. Gramm-Leach-Bliley Financial Modernization Act, Pub. L. No. 106-102, § 132, 113 Stat. 1338 (1999). 6. See Mitchell Noordyke, U.S. State Comprehensive Privacy Law Comparison, IAPP.org (last visited January 21, 2020), https://iapp.org/news/a/us-statecomprehensive-privacy-lawcomparison/ [https://perma.cc/ Z2LN-E45Q]. 7. See, e.g., FTC, Equifax to Pay $575 Million as Part of Settlement with FTC, CFPB, and States Related to 2017 Data Breach, https:// www.ftc.gov/news-events/pressreleases/2019/07/equifax-pay575-million-part-settlement-ftccfpb-states-related. 8. See generally Regulation 2016/679, supra note 1. 9. CCPA, supra note 3, § 1798.198(a). 10. Regulation 2016/679, supra note 1, at 32–33. 11. Regulation 2016/679, supra note 1, at 37–38, 52. 12. Compare Regulation 2016/679, supra note 1, at 50–52 (where notification of personal data breach must be made within seventy-two hours after learning of it), with Rachel Fefer, Cong. Research Serv., R45584, Data Flows, Online Privacy, and Trade Policy 18 (2019) (discussing the stakeholder perspectives where common themes of emphasis are present in privacy legislation for Congress such as data breach notifications which are similar to

13. 14. 15. 16. 17. 18. 19. 20. 21.

22.

23. 24. 25.

GDPR provisions), and Steven Chabinsky & F. Paul Pittman, USA: Data Protection 2019, ICLG (Mar. 7, 2019), https:// iclg.com/practice-areas/dataprotection-laws-and-regulations/ usa (explaining where breach notification requirements are required under HIPPA at the federal level, and at the state level, notifications are required for data breaches within thirty to sixty days after learning of it in accordance with the specific statute). Regulation 2016/679, supra note 1, at 50–1. Regulation 2016/679, supra note 1, at 50–1. Regulation 2016/679, supra note 1, at 39–46. 15 U.S.C. § 7704 (2018). Regulation 2016/679, supra note 1, at 50–1. Regulation 2016/679, supra note 1, at 50–1. Regulation 2016/679, supra note 1, at 43. Regulation 2016/679, supra note 1, at 43–4. See Adeola Adele et al., More Ve n d o r s , M o r e P r o b l e m s , Wi l l s To w e r s Wa t s o n (Winter 2016), at 6, https:// www.willis.com/documents/ publications/Industries/ Financial_istitutions/16527%20 BROCHURE_Cyber%20 Claims%20Winter%202016. pdf (“The reliance on thirdparty vendors, whether directly or indirectly, has increased dramatically . . . several studies have repor ted that loss or compromise of data in the hands of such third-party vendors accounts for a significant percentage of all data breaches or cyberattacks.”) [https://perma.cc/FPX9-GDHJ]. Privacy by Design Pertains to Protecting Data by Designing Technological Measures for Ensuring Privacy. European Data Protection Supervisor, P re l i m i n a ry O pi n i o n o n Privacy by Design 5 (2018), https://edps.europa.eu/sites/ edp/files/ublication/18-05-31_ preliminary_opinion_on_privacy_ by_design_en_0.pdf [https:// perma.cc/BVC4-6247]. Regulation 2016/679, supra note 1, at 48. Regulation 2016/679, supra note 1, at 55–56. Regulation 2016/679, supra note 1, at 55–56; See also Press Release, European Parliament,

Protecting whistle-blowers: new EU-Wide rules approved (Apr. 16, 2019), https://www. europarl.europa.eu/news/en/press20190410IPR37529/protectingwhistle-blowers-new-eu-widerules-approved [https://perma. cc/7QPV-C5LQ][herinafter Press Release]. 26. Compare Press Release, supra note 25 (providing for DPO immunity in this regard), with 5 U.S.C. § 2302(b)(8)-(9) (2019) (allowing identical protection for employees against retaliation and also provides safe reporting channels). 27. Regulation 2016/679, supra note 1, at 56–78. 28. Noordyke, supra note 6. 29. CCPA, supra note 3, § 1798.198(a). 30. GDPR, supra note 1. 31. Act of June 14, 2019, 86th Leg., R.S., ch. 1326 (to be codified at Tex. Bus. & Com. Code § 521.053, eff. Jan. 1, 2020). 32. About SCI, Service Corporation International, (Oct. 17, 2019, 5:50 PM), http://www.sci-corp. com/en-us/about-sci/index.page. 33. See CCPA, supra note 3, §§ 1798.105, 1798.140 (o)(1). 34. CCPA Regulations: Coming Soon from the California Attorney General, CLARIP, https://www. clarip.com/data-privacy/ccparegulations/ (last visited January 23, 2020); see also State of California Department of Justice, California Consumer Privacy Act (CCPA), https://www.oag. ca.gov/privacy/ccpa. 35. CCPA, supra note 3, § 1798.130. 36. CCPA, supra note 3, § 1798.150(b) (1). 37. CCPA, supra note 3, § 1798.150 (a)(1). 38. CCPA, supra note 3, § 1798.150(a) (1). 39. 740 Ill. Comp. Stat. 14/20 (2008). 40. Id. 41. CCPA, supra note 3, §1798.150. 42. CCPA, supra note 3, §1798.150. 43. Regulation 2016/679, supra note 1, at 37, 80–83. 44. Rachel Fefer, Cong. Research Serv., R45584, Data Flows, Online Privacy, and Trade Policy 18 (2019); see Jill Cowan, The Fight Over a Landmark Digital Privacy Law, N.Y. Times, May 22, 2019, https://www. nytimes.com/2019/05/22/us/ digital-privacy-hannah-bethjackson-ccpa.html; see Daisuke Wakabayashi, California Passes Sweeping Law to Protect Online

Privacy, N.Y. Times, June 28, 2019, https://www.nytimes. com/2018/06/28/technology/ california-online-privacy-law. html. 45. Rachel Fefer, supra note 4, at 18; see Stephen P. Mulligan, Wilson C. Freeman & Chris D. Linebaugh, Cong. Research Serv., R45631, Data Protection law: An Overview 7 (2019). 46. Erie R.R. v. Tompkins, 304 U.S. 64 (1938); Donald Earl Childress III, International Conflict of Laws and New Conflicts Restatement, 27 Duke L. J. 361 (2017); William L. Reynolds and William M. Richman, American Bar Association, Multi-Jurisdiction Practice and the Conflict of Laws (2000), https:// www.americanbar.org/groups/ professional_responsibility/committees_commissions/commission_on_multijurisditional_practice/mjp_wreynolds/. 47. U.S. Const. art. 1, § 8; see Paul M. Schwartz, Preemption and Privacy, 118 Yale L.J. 902, 928–29 (2009) (explaining that under a federal privacy law, several regulated entities would bear the cost of compliance as it applies to their activities; FTC privacy principles are not going to be enough to help regulate a future privacy law; federal privacy law might be difficult to amend; further, “[w]ithout strong preemptive language built around regulatory ceilings, an omnibus privacy bill would face considerable hurdles to enactment . . . . Legislation without preemption would make the current situation possibly worse, not better, by creating additional uncertainty and compliance burdens . . .”); but see Patricia L. Bellia, Federalization in Information Privacy Law, 118 Yale L.J. 868, 879–80 (2009) (providing that “the Commerce Clause permits Congress to reinforce a judicial decision that . . . adequately protects privacy or to overcome a decision that . . . does not . . . .” For example, Katz v. United States, rendered the government’s use of wiretapping and eavesdropping techniques illegal unless Fourth Amendment requirements were satisfied. Congress then set out a statute to help authorize these judicial hurdles. For possible future privacy statutes, there are going to be some judicial rulings to help set out permissible official conduct. It will be up to the federal government to impose those standards

Currents 24.1 2020

properly for American business. The need for federal leadership in information privacy problems with the adoption of the CCPA coming into play, creating an opportunity for state regulation. Because the Commerce Clause allows Congress to step into a rulemaking role with respect to interstate trade of personal data within states, state privacy regulation is going to need guidance. CCPA has some holes in its provisions, and it will be up to the federal government to intervene in state regulation for federal privacy regulation); see also Cynthia J. Cole and Neil Coulson, Patchwork of U.S. Data Privacy Laws: A Complicated and Preemptive Local Landscape, Baker Botts LLP (2018), https://www. bakerbotts.com/insights/publications/2018/09/patchwork-of-usdata-privacy-laws (explaining that leaving data privacy regulation up to state and local legislation is problematic; first, by “creating a patchwork of [rules] across the U.S. makes compliance both confusing and burdensome for U.S. companies.” If the U.S. continues to allow state laws to regulate personal data laws, many technology companies would have to tailor their interest presence differently for each state; second, “the risk of preemption: strict local laws may conflict with federal principles.” Under the Commerce Clause, there are limits on state action in order to prevent the states from interfering with interstate commerce. This principal is known as the Dormant Commerce Clause, and the CCPA is suspect depending on the extent to which it interferes with interstate trade and commerce); see Cameron F. Kerry, A Federal Privacy Law Could Do Better Than California’s, Brookings Institute (2019), https://www.brookings.edu/blog/ techtank/2019/04/29/a-federal-privacy-law-could-do-betterthan-californias/ (providing that the right federal law could just what is needed to provide broader and stronger protection than the CCPA regulation. “Central to the CCPA are a “right to know” what information businesses collect about you and whether it is shared or sold, and a “right to opt out” from the sale of personal information.” These elements do increase individual control over personal data; however, the exclusive right of control is focused mostly on legacy laws and regulations that rest on faith in the consumer to want to protect their individual

privacy interests. This is a good concept to focus on the individual, but many private experts are looking for a law to shift the burden away from individuals to a more business focus mindset. With a federal privacy law, it would do a much better job than the CCPA “by requiring that businesses collect, use, and share personal information in ways that protect the interests of the individuals affected.” Several amendments would help fill the gaps left out of the CCPA with its individual focused mindset, but federal law could improve on the CCPA. “Only Congress has the power to regulate interstate commerce and apply these protections, as well as those in the CCPA, to people and businesses across the country.” Ultimately, a federal privacy law could give “Americans a basis to trust all personal information will be handled in ways consistent with their interests . . .”). 48. Lauren Jehl and Alan Friel, CCPA and GDPR Comparison Chart, Bakerholstetler LLP (2018), https://www.bakerlaw.com/ webfiles/Privacy/2018/Articles/ CCPA-GDPR-Chart.pdf. 49. CCPA, supra, note 3, § 1798.140(t) (1). 50. C C PA , s u p r a , n o t e 3 , § 1798.120(b-d). 51. C C PA , s u p r a , n o t e 3 , § 1798.120(b). 52. C C PA , s u p r a , n o t e 3 , § 1798.120(b). 53. C C PA , s u p ra , n o t e 3 , § § 1798.100(b), 1798.115(d), 1798.120(b), 1798.130(a)(2), 1798.150(b). 54. Regulation 2016/679, of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons With Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/EC, 2016 O.J. (L 119) 43; see CCPA, supra, note 3, § 1798.145(g). 55. Ron Hurtibise, Citrix Hack Exposed Employees to ID Theft & Fraud, Sun Sentinel, (June 4, 2019), https://www.sun-sentinel. com/business/fl-bz-citrix-databreach-lawsuit-20190604-umb365n6ordchhpqbghejvvzyi-story. html; see Stephen Singer, Patient Sues UConn Health In Federal Court Over February Data Breach, Hartford Courant, (Mar. 26, 2019), https://www. courant.com/business/hc-bizuconn-health-data-breach-lawsuit20190326-mbab6zl755fe7f2mvkczsibcfu-story.html.

56. Regulation 2016/679, supra note 1, at 49; CCPA, supra note 3 §§ 1798.105(b), (d)(6), 1798.125(b) (1). 57. Jed Liu & Andrew C. Myers, Defining and Enforcing Referential Security, Cornell Univ., Jan. 17, 2014, at 1–2. 58. Zubulake v. UBS Warburg LLC, 217 F.R.D. 309, 324 n. 19 (2003). 59. See CCPA, supra note 3, §§ 1798.140(o)(1), 1798.100. 60. See Regulation 2016/679, supra note 1, at 33, 48. 61. See CCPA, supra note 3, § 1798.150(a)-(b). 62. CCPA, supra note 3, § 1798.105(c). 63. See generally Joseph Abrenio et al, Cyber Security and the Grid: We’ll Leave the Lights on for You (If We Can), 33 Syracuse J. Sci. & Tech. L. 3, 19–24 (2017) (discussing the general framework of the NERC CIP standards). 64. See id. at 20–22. 65. See id. at 15; Mauricio Paez, Kerianne Tobitsch, The Industrial Internet of Things: Risks, Liabilities, and Emerging Legal Issues, 62 N.Y.L. Sch. L. Rev. 217, 225–26 (2018). 66. See, e.g., Jennifer J. Hennessy et al, State Data Breach Notification Laws Chart, Foley & Lardner LLP (2019), https://www.foley.com/ en/insights/publications/2019/01/ state-data-breach-notificationlaws; State Data Breach Notification Statute Summaries, Davis Wright Tremaine LLP (last updated July 29, 2019) https://www.dwt.com/-/ media/files/dwt-data-breach-notice-summaries-20191007.pdf?la =en&hash=25142B1473042997 9365422D90D82938. 67. See Caleb Skeath & Brooke Kahn, State Data Breach Notification laws: 2018 in Review, Covington & Burling LLP (2018), https:// www.insideprivacy.com/datasecurity/data-breaches/state-databreach-notification-laws-2018-inreview/; New Data Breach Notification Laws Spring 2018: What You Need to Know, Perkins Coie (2018), https://www.perkinscoie. com/en/news-insights/new-databreach-notification-laws-spring2018-what-you-need-to.html. 68. Kenneth Olmstead & Aaron Smith, Pew Research Ctr., Americans and Cybersecurity (2017), https://www.pewinternet.org/wp-content/uploads/ sites/9/2017/01/Americans-andCyber-Security-final.pdf; Jacob Poushter & Janell Fetterolf, Pew Research Ctr., International Publics Brace for Cyberattacks on Elections, Infrastructure, National Se78

Currents 24.1 2020

curity (2019), https://www. pewresearch.org/global/wp-content/uploads/sites/2/2019/01/ Pew-Research-Center_Cybersecurity-Report_2019-01-09_Updated-2019.04.30.pdf. 69. See Regulation 2016/679, supra note 1, at 9, 51–52. 70. See, e.g., Kamil Janton, Incident Response and General Data Protection Regulation, Cisco: Cisco Blog (Apr. 26, 2018), https://blogs.cisco.com/security/ incident-response-and-generaldata-protection-regulation; IBM, https://www.ibm.com/us-en/ (follow “Marketplace: Security: Stop Threats” hyperlink; then follow “Orchestrate incident response” hyperlink).

Chief Compliance Officer Rountable M O D E R AT O R / PA N E L I S T: PA N E L I S T S :

S T E V E N

G Y E S Z LY, J O H N

—————————————————

MS. SHEHADEH ————————————————— In preparing for our chat today, I did a little bit of news review. In regard to ethics cases, allegations, and challenges, 2018 was a pretty stunning year. For example, recent cases include the university admissions scandal, Facebook Cambridge Analytica disclosures, very high profile individuals being ousted from jobs in the wake of the #MeToo movement, and Goldman Sachs getting wrapped up in the 1MDB massive scandal in Malaysia with respect to the former regime. Also, the allegations, with respect to Ghosn (Renault/Nissan) for alleged selfdealing and the Deutsche Bank anti-moneylaundering case—the list goes on and on. That is a survey of just the last twelve months. What do you think is the global state of corporate ethics from your perspective? —————————————————

MR. GYESZLY ————————————————— One thing that I find interesting is that it is somewhat easy to get involved with some of the glamourous topics, like anti-corruption or cybersecurity, but some of the cases you mentioned are a return to some of the basic components of our code of business conduct. These cases lead us to refresh and re-examine what our compliance risks may be. One focus

N ATA L I A

J AY

S H E H A D E H

M A R T I N ,

RYA N

R A B A L A I S ,

S A R D A R

Natalia Shehadeh - Senior Vice President and Chief Compliance Offlcer for TechnipFMC Steven Gyeszly - Chief Compliance Counsel for Marathon Oil

Certainly, if it does not sit well with Human Resources or through the legal group, or whomever, the executives will probably look to the compliance department, which needs

Jay Martin - Senior Counsel for Wilkie, Farr & Gallagher

to have some answer. Whether compliance

Ryan Rabalais - VP & Chief Compliance Officer of Rowan Companies

not, we are tasked to deal with all those issues

John Sardar - Chief Compliance Officer for Noble Energy, Inc.

professionals want to deal with the issue or and having to anticipate what those may be by staying up with the headlines. If for no other reason, some shareholders

this year is the “back to the basics,” focus

are demanding things of their companies that

within our code of business conduct.

they did not in the past or were silent on in

—————————————————

the past; you better believe that gets board

MR. RABALAIS

members attention. So, board members in

—————————————————

turn on their last day are asking about X

I think the state of corporate ethics is

or Y, and again, you have got to have some

better than it has ever been in one sense.

form of an answer. If for no other reason

However, there is still a ton of work to do—

than shareholders are raising these issues,

plenty of work to do for a career for anyone

they are going to come to light within the

entering the field. The issues that compliance

organization. God forbid you get an activist

departments and compliance officers face are

shareholder really targeting the company or

broader in comparison to issues that arose

put on your board in some instances. While

even a few years ago. For example, if company

these are things that might have happened in

executives are looking at the compliance

the past, they just did not happen in that way.

department and asking how the corporation

This puts a lot of demand on the compliance

is dealing with #MeToo, financial scandals,

department.

data privacy, things well beyond FCPA or

—————————————————

export regulations and the problem does not

MR. MARTIN

fit anywhere else, the executives will ask the

—————————————————

chief compliance officer about it. Honestly

There are a lot of companies across the

there is an ethical angle to just about any

world that now have compliance officers and

issue, if you look at it in a certain light.

compliance roots where they did not a few

Currents 24.1 2020

—————————————————

anymore because the risk is getting too big.

a positive impact and lead to less compliance

MR. SARDAR

The litany of cases from 2018 alone shows

issues, particularly the more serious ones. I

—————————————————

think there has been a positive impact, but

Licensed offering and social license

other factors have pushed everything in the

offering have given us the function to have

MR. MARTIN

other direction. Part of that is globalization.

a bit more say within our organizations.

—————————————————

Part of it is that competition is intense

Historically, compliance officers have been

I think there’s some truth there, but the

across the world. Our business community

the custodians of the company’s ethical

reason we are all in business and under more

colleagues are under unprecedented amounts

practices. The business leaders ask the

pressure than we have ever been is because we

of pressure. The business models have been

compliance department for advice when

live in the gray areas. If you talk to any general

changing at warp speed. Acquisitions are

they feel they are being challenged on their

counsel, the things that reach the general

frequent. There is a tremendous amount of

social license offering. For each one of us, our

counsel’s desk are usually the most difficult,

outsourcing functions and a tremendous use

mandates have changed. The way companies

the grayest area issue, because otherwise they

of third parties.

are looking at their risks has broadened,

would have been resolved before they ever

providing chief compliance lawyers with

got to the General Counsel or to the Chief

countries, so we used to think of American

opportunities.

Compliance Officer (CCO).

companies as an American company with

—————————————————

years ago. You would think that would have

We were in one-hundred and twenty

this. —————————————————

There are a lot of times where you are

some international operations. Now, there

MS. SHEHADEH

here in the twilight zone, this gray zone,

are a lot of American companies that are truly

—————————————————

where you cannot say to the business client

international if you examine the makeup of

Over the last five years, it has been

that there is zero risk. There is also a risk

their board and their senior management

a conversation associated with culture.

in losing the deal. Attorneys are always

group. Compliance for the U.S. firms is still

Suddenly, in the last few years, we started

trying to balance the mission of what is the

a challenge. I think how simple that would

to see a pivot towards culture and the

legal compliance role, which is to enable

be to not worry about one-hundred and

convergence of ethics and the impact that

operations to do their deals, but to do it in

twenty countries. Each of those countries

strong enterprise cultures can have as a

a legally compliant way. You have to know

has its own challenges, culture, day-to-day

deterrent to non-compliant behavior, or

when you say no. However, if every other

working environment, and business model.

as an encouragement or reinforcement, to

deal you kill because you cannot find a

If the business continues to change at warp

reduce risk. With that, comes some budding

compliance solution, as one CEO said, “we

speed, compliance must change to keep up

recognition that “gone is the day that you

can be the most compliant company in the

with business. That means if you are not

don’t need to teach right from wrong.”

world, and we also should be going out of

worried about compliance every minute of every day you are not doing your job.

Most of our compliance programs evolve with the focus on triaging a legal risk area, for

business because we can never do a deal in one of these countries.”

You cannot get to a steady state

example, whether an act violates the law as it

That is the challenge. Because of the fast

on compliance. If you are standing still,

is written in the anti-bribery and corruption

moving environment, the best protection

you are falling behind. There needs to be

(ABC) space. Now, the convergence of this

is creating a culture. CCOs cannot be

consistency in the processes, but you want

opportunity is not just teaching employees

everywhere, you cannot be your brother’s

to continuously evolve those to deal with the

about the law to mitigate legal risk, but it is

keeper or micromanage people. The pace

risks that are changing every day.

about getting away from the assumption that

of the business is so rapid and at a global

everyone grew up in the same household and

scale that you have to trust people. The vast

learned from the same lens what right from

majority, hopefully ninety-nine percent of

wrong is. We cannot make that assumption

the people want to do the right thing. If you

Currents 24.1 2020

are one of those people that want to do the

investigation. Some of those people deposed

them about whether to participate or not in

right thing but the issue is in an ambiguous

were West African operations-personnel

bribery on personal bases. Such employees

area, bring it up the ladder and get other sets

that do not usually put on a suit and go

will say “I understand working for this

of eyes to look at it. What we worry about is

to D.C. for any reason. At the other end,

company I cannot do that.” You must have

not the things we know about but the things

there would be a company that did not

an appreciation for the world they are living

that we do not know about. That is what

have as severe of an investigation experience

in day-to-day and what you are asking of

terrifies a CCO. Most companies have a lot

or that has never been investigated. The

them. Frankly, it is a lot simpler living in

of smart people and a lot of assets. If you

operations team wanted to do the right

Houston, Texas and saying that I am not

determine the issue you can get the right set

thing and they were good people, but they

bribing anyone at all in my life. It is not

of eyes on it and come up with a solution.

had not been through the ringer, and there

nearly as simple for some of the people with

—————————————————

is a big difference. Literally, at some of the

whom we do a lot of business.

MR. RABALAIS

companies with serious cases, people in

—————————————————

these high-risk jurisdictions would call me

MR. GYESZLY

Each company has a different culture.

to say, “when are you coming over to do

—————————————————

As you go to a new company, I think it is

the training? When are you coming over to

We have colleagues that have worked

very important, even in the interview stage,

do this year’s risk assessment?” The things

for Marathon for twenty or thirty years.

to get to know that company’s culture. It is a

that shape the culture are multifaceted. The

It is easy for them in a given situation to

big deal. Within that, there is the nationality

bigger the company, the more countries

distinguish what is the Marathon way. As

of people. A lot of the companies we are

the business operates in, the more lines of

the company has new colleagues coming in,

talking about employ people from many

business undertaken, the more varied it gets,

we do not know what these employees have

different countries. You encounter not just

the more comfortable the attorney is in acting

learned from other places, so we have to be

different nationalities but different cultures

in that type of world. If compliance personnel

clear about explaining Marathon’s values

of business; whether there is an aggressive

have any cultural background or experience,

and delineating what is acceptable for us

business mindset where they conduct

that helps, because the attorney is going to

and what is not.

business at a rapid pace or something more

deal with this working in compliance for a

moderate than that. What the business

multinational company.

However, it is not just, “what do we want the culture to be.” The other aspect of

puts its employees through and how they

The culture of the company matters. I

culture that I think is critical for a compliance

experience working at that company shapes

cannot understate it. Yes, the board has ideas

program is determining your company’s

a lot of that culture.

about it and do help shape it, but it goes

culture as it currently stands, because you

Every company that I worked for has

down to the people on the front line that are

have to sell your program within that

had an FCPA investigation or settlement,

working in these countries day to day. It is

context. When you are trying to persuade

except one, where I work right now, Rowan.

kind of a comment on the countries. People

someone to buy into a compliance initiative,

It is a stark difference to me, the companies

do want to do the right things. However,

for example, ensuring training completion,

that I worked for that had those experiences,

I have had it explained to me; some of

do you highlight to a manager that his or

those employees were put through the ringer,

the people that grow up in some of these

her equivalent in another asset currently

particularly if there was a monitor.

countries say they want to do the right thing,

has a better completion rate? If it is not

When I worked at Noble, some

but they have to deal with bribery, corruption

competition, is the driver of your message

individuals had been charged personally

in all of the facets of their lives, from trying

wanting to do the right thing, or that a board

in addition to the company being charged.

to get their children’s grades back

member has asked about the issue? You have

There were people who were deposed in

from the school to daily transportation

to figure out what resonates. You must figure

Washington, D.C. as part of the FCPA

needs within the country. It is a tough call for

out what is culturally relevant to them and

Currents 24.1 2020

how to build out and deploy a program to

stop listening. At the end of the day, I need

we receive reports through our reporting

make sure it fits within the culture even while

to be able to, pragmatically, make something

helpline along the lines of “your gas station

you are trying in some cases to change the

work. The way I tell my people—stuff which

prices are too high”. While the easiest

corporate culture.

is risk-free or risk that can be effectively

response would be to ignore the report, it’s

—————————————————

managed, that is the “low-hanging fruit.”

still important to respond quickly and be

MS. SHEHADEH

Knock it out as soon as possible. There, you

clear that we appreciate them reaching out to

—————————————————

show that you are being effective. At the end

us, but that their report needs to be directed

We are not here preaching. I do not

of the day, we are business facilitators. You

to a different company. Even in responding

say this from a position of judgment. But

look at risk perhaps through a different lens,

to reports that have nothing to do with our

I have been with organizations that have a

but don’t ever think that we sit outside the

company, maybe the reporter appreciates that

“company way” and companies that were

organization, that we are the prophets, that

someone responded quickly and will see value

still in a certain maturity infancy and trying

we just issue judgment without consequences

in raising a question or concern through the

to figure out their value proposition. In

for us.

right reporting helpline.

organizations such as this, the compliance

These are the skills for young lawyers—

In addition to the initial touchpoint, we

journey is difficult. It takes more time, but

particularly in the ethics space—that are so

are also focusing on refining our program to

it is still achievable. You are really winning

important. You can have the right personality.

distinguish between “must haves” and “nice

hearts and minds at a more local level, triaging

You are going to use your soft skills. Those

to haves.” I think this is where compliance

as it were. For example, say that I cannot get

who are good at debates will succeed in

programs bring a lot of value and frankly can

to the base for the company without paying

ethics. What are you doing selling your ideas,

build credibility. My experience is that when

three policemen along the roadway. Well,

selling yourself?

you build a track record of being pragmatic

now, there is going to be a company bus

The way I look at my function, to be

and streamlining compliance requirements

that is going to pick up everybody from the

effective, I need to operate at the speed of

where feasible, your non-negotiables carry

community to get everyone to the base. To

business. Not do everything that they ask us

more resonance because you have the

use the phrase, we started playing “whack-a-

to do, but to support them at their speed.

business people saying “you have shown on

mole” at solving the problem at a local level.

That is what is most effective.

ten other occasions that you could figure out

If we are excited about the convergence now

—————————————————

another way. Here, when you say no, that

and the recognition that culture plays and

MR. GYESZLY

culture pays for greater leverage, what are

—————————————————

things that are working for you? Or if not,

One small but effective step, in that we

your personal organizations? What are things

regularly receive positive feedback on this, is

—————————————————

that you think work?

focusing on how we are perceived at the first

There have been great writings over the

—————————————————

point of contact. When someone reaches out

years by a fellow named Ben Heineman, who

MR. SARDAR

to us, regardless of the matter, we work to

used to be the General Counsel at General

—————————————————

respond to them quickly and give them the

Electric (GE). The general theme of what

The reality is, that even as the Chief

information they need, even if that means

he writes is that companies nowadays are

Ethics Officer, we are looked upon as a

pointing them in the right direction or

extremely complex and intertwined. In

business facilitator. We become less effective

resource if it’s not within our remit.

order for anyone to get anything done, they

really means no.” —————————————————

MR. MARTIN

if we forget that. We are lawyers and bring

At an extreme example, we are Marathon

have to build coalitions and relationships.

that technical background to be able to

Oil, a company that explores for and

In the compliance area, we have a lot of

facilitate. If I lose my focus and I just become

produces oil. We are not the similarly named

dealings with internal audit, dealings with

a preacher, my function will lose. People will

gas station or the refining company. However,

HR, dealings with security, and dealings

Currents 24.1 2020

with health, safety, and environment. There

something, period. That is kind of the worst

people wanted to do something and I had

are a lot of sister organizations that are very

end of the spectrum. What would be better,

a slightly different view. They convened the

important to the compliance officer who

is somebody that can fit in. The social skill

meeting, scheduled for an hour, which lasted

can get support and can learn from those

of fitting in is something you are not taught

about five minutes, because the business guy

functions, as well as leverage off all those

in law school. It is an important social skill,

just looked at me, asked me, “what do you

resources to make maximum use of them.

fitting into the team, being part of the team,

think?” Before I finished my sentence, he

Particularly in the oil and gas industry,

and being able to tell the business people

look at his team and said, “God has spoken.”

we put an enormous emphasis on safety.

“no you cannot do this” because you have

I chased him down after the meeting and told

Firstly, at virtually every meeting at GE-Baker

built enough respect over time with them.

him that we could find a way to make the

Hughes, we have a safety moment. In order

They will understand if you really tell them,

deal work. He said, “I don’t think so, I am

to build a culture, you cannot just give once

“we, not just you, we cannot do this. But I

not going to waste your time.”

a year training for a thirty-five (35) minute

am going to help find an alternative way to

—————————————————

electronic module. Compliance should

do the job.” That approach is on the other

MS. SHEHADEH

be something that people think about in

end of the spectrum. At the same time, we

—————————————————

their daily lives as they go about their own

hopefully strive to get the same results with

If we do not act as partners, we will

business. One way to do that is to have it be

the company being compliant.

achieve nothing. That goes for anyone in any

a reoccurring event that is in their normal

How the business people view that,

discipline of law or business-credibility. For

activities, and where possible, down to the

perceive that, and ultimately work with you,

the value proposition, there is the growing

desk level, so they can see the relevance of

is what will make or break you. It goes for

recognition in some enterprises that it is

what you are trying to communicate to

almost anybody in the company, but for us,

not “business at all cost,” but a business

them. People can then see that this is critical

it is an acquired skill that you have to work

alignment between what is the culture value

and not just preaching. It is integral to the

on over time. The foundation is knowing

proposition of the organization so as not to

success of the business. Like anything else, if

the right legal answer. However, there are

end up in catastrophic ethical dilemmas.

you go out on a job in the field and the job

probably ten different ways to deliver that

—————————————————

fails technically, is the client, the customer,

message, which is very important to the

MR. MARTIN

willing to come back? The same thing

recipient of the message and the company.

—————————————————

goes in the compliance area. If you have a

That goes a long way in trying to do your

The tension point does not come in so

breach, the compliance department can lose

job. You can make your own job ten times

long as the business is not being interrupted.

the confidence of that customer and the

harder if you are not careful about how you

The tension comes when they say, “if we don’t

confidence of your own employees. It is this

do it. Building those relationships over time

do something in three hours, we are going to

idea of principle, reliable performance and

is just invaluable.

lose this deal, or we cannot submit this bid.”

compliance that is important. Once you help

—————————————————

That is where the wheels hit the road, and

the business people understand that, it makes

MR. SARDAR

CCOs get that more often than we probably

a huge difference. —————————————————

—————————————————

would like.

Steven said something about building

The challenge obviously in those

MR. RABALAIS

credibility with the business side, such as

situations is to give the best possible advice

—————————————————

in transactions where you can help the

within the time period that you have for

A comment for the law students. What

businesses see what they are doing. That

that situation. At the same time, do not lose

the business team does not want is some

credibility is so critical on the occasion when

sight. We do want to be business partners,

lawyer sitting in an office emailing in a legal

you have to deliver the bad news.

but we also want to protect shareholders. We

opinion, explaining why they cannot do

For example, some of my business

have fiduciary duties. I can assure you that

Currents 24.1 2020

the business person that is pressuring you,

there were not many lawyers in these roles.

most of this. On the one hand there is great

“I need to do this, I need to do this,” if you

Look at the profiles of companies now.

synergy. It makes a lot of sense, especially

sign off on it and the deal goes bad, it is on

They are requiring that these roles be filled

with the challenge through the economic

the compliance department. The business

with lawyers. Companies are recruiting

downturn. Coming out of the downturn,

people will come back and say, “I ran it by

from some of the best firms for these roles.

there are a panoply of things to manage

compliance and they said it was okay.” That is

They are relying more and more on the

today which far exceed just trade compliance,

the tension that you are always dealing with.

compliance function. That is a double-edged

antibribery, and anticorruption compliance.

It helps enormously if there is trust,

sword. Some companies want to the use AI-

—————————————————

credibility, and a relationship there. That is

facilitated compliance, creating a false sense

MR. MARTIN

as true for outside counsel as it is for in-house

of security, because the business folks do not

—————————————————

counsel. Some outside counsel have twenty-

feel the need to exercise any judgment. There

The workload is such that if anybody

or thirty-year relationships with companies.

you have to be careful.

comes in at any level, even if you are one

This is because the company has learned to

The challenge I would say, for my sector

week out of law school, and you don’t find

trust them over the years by providing reliable

that I am in, in the oil and gas space, is the

yourself very busy very quickly, you should

solutions. When the business gets into a

shrunken budget. Compliance continues to

be concerned. There is a tremendous amount

tough deal, it wants the best advice available

excel and to do so much. The business folks

of work out there. Good work. There is

and will go back to people that have produced

are continuously looking to compliance to

always something that can be done in trade

results in the past every time. Every time they

do more. Our responsibilities and what is

compliance, antibribery, and competition

produce, the credibility and the trust grows

being asked of us has not gone down one

law.

even more.

bit and continues to escalate. Every time a

When Courtney Flores came to GE-

—————————————————

peer company gets in trouble, the first thing

Baker Hughes, she had the right attitude.

MS. SHEHADEH

the executive wants to know is whether the

She would always raise her hand and within a

—————————————————

company is covered for a certain risk. “What

very short period of time as a rookie, she was

We would not all be here with interest

policies, processes, and controls do we have

totally immersed, probably more than she

and gainfully employed in this space without

to avoid running into this issue? Are we

wanted to be because the word got out, “call

working long hours. Let us dispel an idea

exposed, essentially?” That is certainly one

Courtney.” We started sending stuff to her

for the student community. If you thought

of the best ways to learn, from other people’s

and she showed she had interest, enthusiasm,

we had cushy, in-house jobs, where we were

mistakes. We are working with budgetary

and confidence. That feeds upon itself. People

punching the clock. No—it is quite a slog.

constraints.

start sending you stuff. I honestly cannot

Let us talk a little bit about the challenges.

—————————————————

remember a situation as a compliance officer

There is a lot to be grateful for, and there is a

MS. SHEHADEH

where someone working for me said, “you

lot of progress, but there are still challenges.

—————————————————

know, I am kind of slow right now.” Usually,

What are we still struggling to tackle in this

It is not just more, but more in multiple

they are hiding under their desk.

space?

ways. The initiation of our compliance

—————————————————

programs, a decade or more ago, could not

MR. SARDAR

MR. GYESZLY

have been precipitated by a technical issue.

—————————————————

However, then there was the advent of Dodd-

As much as you have to build

Companies are relying more and more

Frank, conflict minerals, and now human

relationships throughout the company, you

on the compliance function, which is a great

rights. Oftentimes, organizations are looking

can never forget what your role is. There

thing. It has created opportunities. Years

to the compliance function to navigate all

are times you have to say no and be willing

ago, when looking at compliance officers,

these spaces. There is an ethical nexus to

to accept the ramification. You may even

Currents 24.1 2020

face a situation where you have to back up

—————————————————

the behavior management space. It is what

your decision with a willingness to walk. In

MR. GYESZLY

they are doing every day. We are trying to

the compliance world, your inability to say

—————————————————

find innovative ways in which to touch an

“no” can have serious ramifications both for

There is a lot of great technology out

employee base in this value proposition in

yourself and the company.

there, but not necessarily within the budget.

minding ethics and culture.

That may be extreme and rare example,

However, there are innovations that we can

Is there a leverage opportunity for us?

but it is important to keep in mind that

build in to existing processes and technology.

What we find challenging is ultimately for

your duty is not to an individual business

For example, can we deploy automated

the employee, it is getting incredibly noisy.

partner but rather to the larger entity. If

approvals by utilizing logic from existing

One day it is this, the next day it is that.

you are working with that one manager all

requirements? For lower risk areas, do we

One day, you are telling me what I can do

of the time, you may have developed a great

still need approvals? Be mindful of whether

regarding the customers and competitors

working relationship, but there may come a

you are forcing folks to do things that they

from a competition perspective. The next

situation where you have to escalate things to

do not need to do. For example, if a manual

day you are telling me what personal data I

a higher level. You have to be prepared and go

process has twelve steps, but you manage to

cannot be sharing from a privacy perspective.

beyond that, and, again, be prepared to say

cut out four steps in the course of developing

“Do not forget, do not bribe and do not

no regardless of the impact to the individual

the corresponding online tool, the innovation

export anything without knowing what its

business relationship.

can be in process efficiency, not just the move

license treatment is,” etc. There is a lot of

—————————————————

to a new technology. We are really forcing

noise in the line.

MS. SHEHADEH

ourselves to think about why the process is

Are you all thinking there is value in

—————————————————

the way that it is. If there is no justification

exploring cross-enterprise, cross-functional

What are your creative thoughts on how

that makes sense for requiring X, Y, or Z, you

partnerships?

to innovate? Are there new technologies and

have to be willing to move on and shift those

—————————————————

new ways of thinking about how to bring the

resources to other risk areas, and accept the

MR. MARTIN

culture piece into our ever-expanding role to

risk of no longer requiring X, Y, or Z.

raise the bar, cover greater swaths of territory,

—————————————————

————————————————— There are new types of disciplines in

MS. SHEHADEH

the compliance group. For example, in

—————————————————

communications, there is a tremendous

Do you all see a leverage opportunity?

amount of communication that should go in

—————————————————

My organization has a strong core value and

a compliance group. Having communication

New technologies? No. I do not know

foundational belief proposition. We have

well-thought through, orchestrated, and in

any that are a silver bullet. They keep coming

multiple players in the culture and ethics

the proper form is crucial. I have found many

up with the “new” or “better” thing. Business

space. It is not limited to the compliance

times in my career, something I thought was

can consolidate five systems into three

function. Earlier this week, we unofficially

absolutely clear was not so clear to someone

systems, or something efficient like that, but

inaugurated a culture value working group

on the business team.

you are still more or less in the same area.

for health, safety, security, and environment.

You can never have enough IT support.

One thing that would be innovative and

They are advocating for behavior management

Some compliance groups are adding their

efficient is for the industry to lobby and get

and behavior change. We keep that goal

own IT person or professional trainers to the

together on certain things. Meanwhile, we are

zero—not physically affecting any lives—

compliance group. As the needs arise, you

doing things with due diligence forms in the

delivering our people that go home the same

need people with those skill sets.

most inefficient manner one can dream up.

way in which they arrive that morning. HR,

One last area is project management.

we call them the “people culture,” they are in

Somebody has to manage the initiative

and win more hearts and minds? —————————————————

MR. RABALAIS

Currents 24.1 2020

and quantity of communications. What

whether it is investigations or trade or

—————————————————

form is it? In person, is it worldwide, will

whatever subject matter is, but you also

MR. SARDAR

communications be sent out in the same

need the technical skills so that you do not

—————————————————

week? There are all of these decisions

need to rely on others to do part of your

As for external regulators, how good

that have to be made. Having somebody

job. Then, of course, there are the soft skills.

is a company at real time monitoring? Are

that understands project management is

Can someone go out into the field to provide

we using technologies? That is where the

important.

training and go out to dinner with the folks

technology piece is coming in as there is

One thing we did at Baker Hughes, the

after work, have breakfast, and build those

more access to the financial information

brainchild of the CEO, was that the company

relationships? If necessary, I can always go

for the risk in third party relationships.

would rotate high potential business people

to outside counsel for pure subject matter

Because of the demand of needing to know

through the compliance group for a year or

expertise. I look for someone who also has

the information now, versus what it used

two. It was invaluable. When these people

the soft skills to demonstrate what we are

to be, this relationship has evolved. Now,

went through compliance and then back

trying to achieve and convey the message we

it is all machine learning. That is where the

to the business, they became disciples of

are trying to convey.

technology is going to come in. Bringing in

compliance. These business group would

—————————————————

people who can look at our processes, not just

also bring a certain perspective. They could

MS. SHEHADEH

from a technical perspective, but to solve our

explain to the compliance group how insane,

—————————————————

legalistic, and incomprehensible things could

There is the criticality of supply chain

be. The business group would keep the

experience. Echo that one-hundred times

compliance group honest. It was great having

over. Also, the criticality of being more

that kind of input.

open-minded to cross-technical skills. For

—————————————————

example, somebody coming from supply

MS. SHEHADEH

chain and then coming into this field, or

—————————————————

somebody coming from forensics coming

Have any of your company’s hiring style

into this field. The next frontier for me

or hiring requirements changed to navigate

from a hiring perspective--and I never in a

the changing world of technocrat to culture

million years thought I would say this--is a

steward?

computer engineer. We really want to explore

—————————————————

with machine learning and AI. I know there

MR. RABALAIS

is a ton of noise in our circles right now.

—————————————————

I have seen the light on this issue with a

In one sense, I would say “no.” Attention

spectacular program that a beer company

to detail is still very important. Now, it is

has shown us. With lots of Budweiser going

being exposed to slightly different things.

around the room about two weeks ago,

However, being able to listen to someone

in a benchmarking session, my company

remains the same.

got socialized with sophisticated machine

—————————————————

learning. Believe it or not, this includes AI

MR. GYESZLY

tools on monitoring, system identification

—————————————————

of vendors with third parties, diligence,

Certainly, the need for technical skills

and transaction monitoring. We must work

has increased. You can be the go-to expert,

smarter. We cannot work any harder. 86

Currents 24.1 2020

technology issues.

Are Changes to the U.S. Patent System Objectively Killing Innovation? N I C K

C O R N O R

—————————————————

poses the question: does an objective analysis

countries seeking to become true knowledge-

I. Introduction

of the evidence show that the U.S. patent

based economies through an effective

system is killing innovation?

intellectual property (IP) architecture.”6

—————————————————

The Index benchmarks economies using

Mankind often uses significant events

This Comment will analyze global

in history to divide time. In the late sixth

economic and patent statistics to answer this

century, a monk named Dionysius Exiguus

question. Part I will present the justification

developed the concept of separating time

the Chamber used to downgrade the U.S.

before and after the birth of Jesus of

patent protection rankings, focusing on the

Nazareth which has been incorporated into

Chamber’s scoring methodology. Part II will

both the Julian and Gregorian calendars.1

look at the history of the U.S. patent system,

Additionally, scholars have divided eras by

its economic justification, and the step-by-

using great wars to show the significant

step process an inventor uses to apply and

economic and cultural shifts various societies

obtain a U.S. patent. Part III will present

experienced afterwards. 2 Most recently,

the criticisms of the post-2012 changes in

actress Reese Witherspoon called for dividing

the U.S. patent system, focusing on those

time before and after Oprah Winfrey’s 2018

specific changes that the Chamber highlights

speech at the Golden Globes.3 If one were to

as their justification for downgrading

use the same approach for U.S. patent law,

the U.S. patent protection rankings. Part

they would likely pick the year 2012, as it was

IV will analyze statistics from the World

the year that both the Leahy-Smith America

Intellectual Property Organization (WIPO)

Invents Act (AIA) went into effect and the

and the International Monetary Fund

U.S. Supreme Court began to severely restrict

(IMF) to determine whether the Chamber’s

the scope of patentable subject matter.4 As

downgrade can be justified objectively.

a result of these changes, the U.S. patent

—————————————————

system has seen a precipitous drop in the

does not take into account possible nuances

protection ranking.5 The Chamber suggests

II. U.S. Chamber of C o m m e r c e ’s G l o b a l Innovation Policy Center’s Index

that these changes to the U.S. patent system

—————————————————

Numerical scores measure terms of

are causing inventors to view the U.S. as a less

Each year, the Global Innovation

exclusivity or are based on a quantitative

U.S. Chamber of Commerce’s (Chamber) annual Intellectual Property Index’s patent

favorable forum to seek patent protection, but a closer look at the Index shows a largely subjective methodology was used which

Policy Center’s (GIPC) Index publishes an International Intellectual Property Index (Index) which it describes as “a blueprint for

forty indicators in eitght categories which include: (i) Patents, Related Rights, and Limitations; (ii) Copyrights, Related Rights, and Limitations; (iii) Trademarks, Related Rights, and Limitations; (iv) Trade Secrets and Related Rights; (v) Commercialization of Intellectual Property Assets; (vi) Enforcement; (vii) Systematic Efficiency; and (viii) Membership in and Ratification of International Treaties.7 Each category is then subdivided into anywhere from two to eight indicators.8 Each indicator is scored between "0" and "1" with cumulative scores ranging from a minimum of 0 to a maximum of "40."9 The indicators can be scored using one of three distinct methods: binary, numerical, or mixed.10 The binary measurement is very simple, either a particular IP component exists or it does not and will receive a corresponding 0 or 1 score.11 While this scoring method and complexities of the individual indicators, as it is applied uniformly, this scoring method is relatively objective.

score.12 For example, indicator 9, measures the term of protection for a copyright and has historically used the U.S. term of ninety-

Currents 24.1 2020

five years as its baseline.13 So, the numerical

inventive step, and industrial applicability.”22

opposition proceedings. An objective

formula for this indicator is “n years of basic

This definition is based on Article 27 of the

measurement would look at the number

Agreement on Trade-Related Aspects of

of patent applications filed before and after

a 95 year term for copyright protection, it

Intellectual Property Rights (TRIPS).23 The

the implementation of fair and transparent

receives a value of 1 while countries with

Index further explains that this indicator

opposition proceedings, according tot he

is “[m]easured by (1) existing de jure

Index, and then determines any changes to

five years will receive a value of less than

patentability guidelines and regulations and

the number of applications.

Countries with copyright protection

(2) de facto standards established through

exceeding ninety-five years will also receive

the application of these guidelines and

a 1 as the methodology only allows for scores

regulations through the examination process

ranging from 0 to 1 in each indicator.16 Aside

and judicial review.”24 While measuring a

from arguments about whether or not the

country’s patentability requirements against

ninety-five year term is the gold standard for

international guidelines, regulations, and

patentability standards can be a useful

uniformity, this scoring method is relatively

measurement in determining where a

objective.

country ranks amongst other countries and

Mixed indicators account for the majority of indicators used in the Index with thirty-one of the forty indicators being mixed.17 This method is used when there is no adequate baseline and the legislative or regulatory existence of an indicator is not sufficient to determine its actual use or application. Here, a final score will be 18

based on an even split between the following: (i) primary and/or secondary legislation (regulation) in place; and (ii) the actual application and enforcement of that primary and/or secondary legislation.19 Only five possible scores are available within a mixed indicator: 0, 0.25, 0.5, 0.75, and 1.20 The U.S. received a score of "1" in all indicators within category 1: Patents, Related Rights, and Limitations, with the exception of indicator 2, Patentability Requirements, where it scored 0.75, and indicator 8, Patent Opposition, where it received a score of 0.5.21 Indicator 2 is defined as “[t]he extent to which patentability requirements are in line with international standards of novelty,

how the country abides by these international norms. It cannot be said that this is a dispositive method for measuring whether or not the patentability requirements of a given country’s patent system either stifles or encourages innovation. In other words, this method is largely subjective because it presumes that patentability requirements in Article 27 of TRIPS is the ideal standard for patent protection. A more objective standard would be to see whether a deviation from this standard—, which the U.S. arguably has done since 2012—, has led to less inventors seeking patent protection in the U.S. For indicator 8, the Index explains that this indicator is “[m]easured by the availability of mechanisms for opposing patents in a manner that does not delay the granting of a patent (in contrast to a right of opposition before the patent is granted) and ensures fair and transparent opposition proceedings.”25 This is a subjective measurement, without a definition based on TRIPS or other international norms on what would be considered fair and transparent 88

Currents 24.1 2020

While many commentators have criticized decisions by the U.S. Supreme Court restricting patentable subject matter and the AIA’s patent opposition proceedings as stifling innovation in the U.S., as Part II of this Comment will show, the debate on the degree to which the patent system encourages or stifles innovation is far from dispositive. As such, these criticisms are subjective speculation. As will be explored in Part IV of this Comment, analysis of global patent statistics will show that while the U.S. has seen a decrease in patent filings post-2012, the Index’s ranking may not be entirely justified. —————————————————

III. Background of the U.S. Patent System ————————————————— A.

History of the U.S. Patent System

Patent law in the U.S. has a long history, going back to the period in which the States lived under the Articles of Confederation.26 Eventually, patent law was federalized with what is widely known as the Copyright and Patent Clause which states that “Congress shall have power . . . To promote the Progress of Science and useful Arts, by securing for limited Times to Authors and Inventors the exclusive Right to their respective Writings and Discoveries.”27 The terms in the clause are archaic and often cause confusion among modern readers.28 For example, “useful Arts”

refers to the work of artisans or people skilled

price and produce less of the product than

that ensure inventors will be able to profit

in a manufacturing craft, while “Sciences”

the firms in a competitive market, even

from their inventions, they believe that the

refers to all forms of knowledge not restricted

though the product charged in both market

current patent system creates many social

solely to the fields of modern science.29 As a

structures is the same.38 A classic example

costs that outweigh the benefits.42 Proponents

result, “useful Arts” actually applies to the

of monopoly pricing is a gas station. If you

of patents, however, argue that the purpose

patent powers of Congress, while “Sciences”

live in a big city, the next time you take a

of a patent is to encourage inventors to

actually applies to the copyright powers of

road trip, take note of the price difference

produce socially valuable goods that would

Congress.

for gas in the city as compared to the prices

not otherwise be produced.43 The argument

in more rural areas. The gas stations in rural

goes that if the cost of copying someone else’s

areas effectively act as monopolies because

invention is less than the cost of inventing,

there is not as much competition from other

inventors are not incentivized to invent,

gas stations as there is in a more heavily

because they are unable to recover the costs

populated city. As such, the rural gas stations

of inventing.44

A patent is an exclusive right, given either to the inventor or to an assignee,31 that allows the patent owner the “the right to exclude others from making, using, offering for sale, or selling the invention throughout the United States or importing the invention into the United States . . . .”32 Allowing the patent owners to exclude others

will charge a higher price, and most likely will hold less gasoline in their tanks than the gas stations in the more densely populated areas.

from making, selling, or importing their

Economic Justification of the U.S.

inventions effectively allows the patent owner

Patent System

In response to the debate, Congress commissioned economist Fritz Machlup to study the U.S. patent system and determine if the social costs associated with patents outweighed their benefits. 45 Machlup concluded that

to have a monopoly for their invention. A

This of course would seem to run afoul

basic underlying economic principle is that

of federal antitrust law, namely the Sherman

No economists, on the basis of

rational decision makers seek to maximize

Act, which expressly states that “[e]very

present knowledge, could possibly

utility.33 For those involved in a product for

person who shall monopolize, or attempt

state with certainty that the patent

profit (firms) enterprise, the firm’s utility will

to monopolize, or combine or conspire any

system, as it now operates, confers

be maximized by selling their products in a

other person or persons, to monopolize any

a net benefit or a net loss upon

way that will maximize their profits. This

part of the trade or commerce . . . shall be

society. The best he can do is to

is accomplished by charging a particular

deemed guilty of a felony . . . .” However,

state assumptions and make guesses

price for the product and producing a

§ 1 of the Sherman Act gives Congress the

about the extent to which reality

particular quantity of the good, along the

power to regulate anticompetitive behavior

corresponds to the assumptions.46

market demand curve, that corresponds to

that results in a “restraint of trade.”40 Courts

where the firm’s marginal cost and marginal

have long held that public policy determines

While Machlup argued that “[i]f we

revenue intersect.35 For competitive markets,

the common law usage of that term, and,

characterized as many firms producing the

because patents are created by federal

same product, the price will be close to or

statute, it follows that the exclusive property

equal to the firm’s marginal cost.36 However,

right given to patents is not diminished or

a monopolist, as the sole producer of the

restricted by the Sherman Act.41[

product, faces the entire market demand curve for the product.37 By also charging a price that maximizes profits at the price and output point where the monopolist’s marginal cost is equal to their marginal revenue, a monopolist will charge a higher

did not have a patent system, it would be irresponsible, on the basis of our present knowledge of its economic consequences, to recommend instituting one[,]” he also stated that “since we have had a patent system for a long time, it would be irresponsible,

The tension between protecting

on the basis of our present knowledge, to

inventors and protecting the public against

recommend abolishing it.”47 In other words,

high prices has a long history of debate

to borrow an old proverb, “if it ain’t broke,

among economists. While opponents of

don’t fix it.” Whether or not the justification

patents favor clearly defined property rights

of the U.S. patent system is warranted, it is

Currents 24.1 2020

unlikely that Congress will abolish it anytime

does not account for the patent attorney

scope of protection only so slightly as to

soon, if ever. As such, inventors must contend

fees associated with preparing the patent

obtain a patent with the broadest amount of

with this reality when determining whether

application which average $252.00 per

protection. If the examiner is satisfied with

or not to protect their inventions with a

hour nationwide.54 While it is possible to

the patent attorney’s amendments, the patent

patent.

obtain a patent pro se, the chances of a pro

will issue.63 However, if the examiner is not

se applicant obtaining a patent are incredibly

satisfied, they will typically issue a second,

low. These costs also do not include the

or final office action, usually finalizing the

likely possibility that the United States

examiner’s position and limiting any reply

Patent and Trademark Office (USPTO)

by the patent applicant to an appeal.64 The

will reject a patent application based on

process then repeats.65 While a third office

the invention not being patentable subject

action is possible, it is rare, and often, a

matter, for not being novel, for the patent

rejection from a second office action will

being obvious, or for the application being

result in a final rejection.66 However, this

improperly written.59 While some believe

term is somewhat of a misnomer as the

that the USPTO grants nearly 100% of

applicant still has six months to continue to

patent applications, a recent study showed

amend their application and try to convince

that the probability that a patent will issue

the examiner to grant the application.67

Cost of Obtaining a U.S. Patent

When facing the question of whether or not to obtain a patent, an inventor must consider where they intend to sell their product. If a foreign inventor only intends to sell their product in their own country, then they will only have to consider obtaining patent protection in that country. However, if the foreign inventor intends or has aspirations to sell their product abroad, because patents are territorial, they must consider whether or not to obtain a U.S. patent.48

has actually declined from 70% in 1996 to

Once six months have expired, the

As previously discussed, a patent grants

40% in 2005.60 However, an initial rejection

the patent holder a monopoly for the sale

by the USPTO does not necessarily mean

and production of their invention. Again,

that the patent application is dead in the

assuming that rational decision makers seek

water. Once the patent examiner has rejected

to maximize their utility, it is unquestionable

the patent application, the examiner will issue

that an inventor who holds a patent for

what is commonly referred to as an office

their invention has the opportunity to

action. At this point, a patent applicant

maximize their profits over an inventor

has up to six months to argue that the

that does not.50 Still, with only 2 to 3%

examiner has erroneously rejected the claims,

of all patented products ever making it to

or more often, amend the patent claims to

market, the gamble that an inventor takes

the examiner’s satisfaction.62 It should be

when determining whether or not to obtain

noted that a first office action is expected

a patent should not be underscored.51 This

and actually desired. If the USPTO does

would not be true if obtaining a patent had

not issue an office action, that could either

no transaction costs associated with it, but

mean that the application was written in a

as will be explained, the transaction costs

way that conferred the maximum amount

and risks associated with obtaining a patent

of protection possible for the invention, or

can be high.

more likely, that the claims were written

Assuming the examiner eventually

too narrowly and that the inventors could

issues a patent, the inventor now has

have obtained greater protection for their

an opportunity to enforce their patent

invention. As such, inventors should hope

rights. Here, the inventors have a variety

for an office action so that they may work

of options, such as the assignment or sale

with their patent attorney to narrow the

of the patent rights. The inventor does not

1. Patent Prosecution Costs Patent prosecution refers to the process applying for a patent.52 While filing, search, and examination fees can be as low as $430.00 for a micro entity,53 that number

Currents 24.1 2020

inventor has few options available.68 First, the inventor may have his attorney file a Request for Continued Examination (RCE), which resets the examiner’s previous office actions and, essentially allows the applicant to start over.69 The downside is that an RCE is not free, costing anywhere from $325.00 for a micro-entity to $1300.00 for a regular filer.70 If the RCE is not successful, the inventor may request an appeal to the Patent Trial and Appeals Board (PTAB), which, incurs fees anywhere from $600.00 to $1200.00,71 including the cost of attorney's fees on appeal, unless the inventor has a flat fee arrangement with their attorney. 2. Post-Grant Review Proceedings

have the capital required for the production

method patents, the USPTO has created

more efficient and streamlined patent system

of their invention, or the inventor only

the transitional program for covered business

that [would] improve patent quality and

wants to create the invention and not handle

method patents (TPCBM) which employs

limit unnecessary and counterproductive

the business side. Oftentimes as well, an

the standards and procedures of the PGR,

litigation costs.”90

assignment of patent rights may be part of

with certain exceptions tailored to business

—————————————————

an inventor’s employment contract, especially

method patents.

IV. Criticisms of the U.S. Patent System Post-2012

with larger companies that frequently have

Like the PGR, the IPR is also a trial

their employees developing inventions.72

proceeding conducted by the PTAB to review

the inventor may also desire to license their

the patentability of one or more claims in a

invention to those already engaged in selling

patent, but only on the grounds of novelty

Proceedings

similar products. Licenses may be exclusive

and nonobviousness. Also, third parties are

or non-exclusive and are accompanied by a

able to file IPRs and often are competitors

variety of legal implications.73 Engaging in

that have been sued or anticipate being sued

license negotiations can be very complicated

by the patent holder for infringement. 82

as it may expose the patent holder to

Unlike the PGR, an IPR may be filed nine

litigation.74

months after the patent has been issued,

Patent owners also must contend with

or in the case where a PGR has been

the possibility that their patent’s validity will

instituted, after the post-grant review has

be challenged at the USPTO via a variety

been terminated.83 “The IPR was designed

of post-grant proceedings. These risks are

as a more efficient and cost-effective way for

especially high with the AIA’s new post-grant

potential infringers to challenge a patent’s

proceedings: post-grant review (PGR) and

validity” as opposed to costly litigation in

inter partes review (IPR).

federal district courts. Upon a third party

PGR is a trial proceeding conducted by the USPTO’s PTAB, which reviews the patentability of one or more claims that could have been raised during the prosecution phase.76 The process begins with a third party filing a petition, on or within nine months after the grant of the patent.77 Often, these third-party filers are competitors in the market that have either been sued or anticipate being sued by the patent owner.78 The PGR proceeding offers these competitors a quick (lasting no longer than twelve to eighteen months) and cost-effective tool for invalidating a patent and thereby negating further litigation.79 Also, in response to the decisions by the U.S. Supreme Court on what is colloquially termed business

————————————————— The AIA’s Post-Grant Opposition

Despite the AIA’s best intentions, many have criticized IPR proceedings as having led to a high volume of trials with a disproportionate rate of rejections, due to patent owners having reduced opportunities to amend claims in the IPR and the lower burden of proof (preponderance of the evidence) for opposing parties than in district court proceedings (clear and convincing evidence).91 It is one of the main reasons that the Chamber decided to downgrade the U.S. patent ranking in indictor 8.92

filing an IPR85 and the patent owner filing a preliminary response, the Director of the

1. U.S. Supreme Court Cases on PostGrant Proceedings

USPTO, sitting on the PTAB, will make a

It was for these reasons that many

determination if the petitioner has shown a

commentators hoped that the U.S. Supreme

“reasonable likelihood [of prevailing] with

Court would take action to restrict the

respect to one of the claims challenged.”86

power of these post-grant proceedings in

If so, the Director, through the PTAB, then

2016 when it heard Cuozzo Speed Techs.,

institutes the IPR and proceeds to trial.87

LLC v. Lee. In Cuozzo, the Court addressed

Unless the parties settle in the interim, three

the disparate approach that the PTAB and

members of the PTAB, designated by the

federal district courts took in construing

Director, will issue a final determination

patent claim language. 93 In that case,

regarding patentability of the challenged

Garmin International, Inc. filed an IPR

claim within one year.88 Often times, an IPR

against Cuozzo Speed Technologies, LLC

is initiated once a defendant is sued for patent

for their patent that covered a speedometer

infringement in a federal district court.89 This

that would show a driver when he is driving

usually results in a stay in the district court,

above the speed limit, asserting that it was

pending the outcome of the IPR which

obvious in light of three prior patents.94

fulfills Congress’ purpose of establishing “a

After the PTAB invalidated the patent,

Currents 24.1 2020

concluding that the claims were obvious,

and cause added confusion” as a district court

heart of the issue was whether patent rights

Cuozzo appealed to the United States Federal

could find a claim valid while the IPR could

were the private property of the patentee

Circuit Court of Appeals (Federal Circuit),

102

later cancel that claim in its own review.

or a public right.109 The Court determined

the appeals court having exclusive appellate

The Court rejected this argument, stating

that a patent right was a public right and as

jurisdiction for appeals from decisions by the

that the different evidentiary burdens were

such, the IPR did not violate Article III.110

PTAB.95 Cuozzo argued that the PTAB had

“inherent to Congress’ regulatory design.”103

In dissent, Justice Gorsuch, joined by Chief

improperly used the “broadest reasonable

In short, the PTAB’s claim interpretation

Justice Roberts seemed to echo the concerns

construction” standard to interpret the

standard was a reasonable exercise of the

of many commentators:

patent claims as opposed to the “ordinary

USPTO’s rulemaking authority, which

meaning . . . as understood by a person of

Congress properly left to the particular

skill in the art” standard used by federal

expertise of the USPTO to make.104

district courts.96 After a divided panel of the Federal Circuit rejected Cuozzo’s argument, Cuozzo appealed to the U.S. Supreme Court.97 Cuozzo argued first that there was a “critical difference between the Patent Office’s initial examination of an application, to determine if a patent should issue, and [the IPR] proceeding . . . .”98 Because the USPTO had a broad construction system, with a chance to amend claims during the prosecution process, the public was protected from overly broad claims and the applicant had a fair chance to draft a precise claim that would qualify for patent protection.99 The Court rejected this argument stating that it was not unfair as Cuozzo could have made a motion during the IPR to amend or narrow the claim.100 While Cuozzo pointed out that only five out of eighty-six motions to amend had been granted by the PTAB since the AIA’s post-grant opposition proceedings had been created, the Court refused to address the issue; that question was not at issue, but, in dicta, the court said the “numbers may reflect the fact that no amendment could save the inventions at issue, i.e., that the patent should have never issued at all.”101 Second, Cuozzo argued that the disparate construction standards used by the IPR and federal district courts could “produce inconsistent results

investment you devise something you think truly novel. Then you

While patent practitioners were

endure the further cost and effort

disappointed with the Cuozzo decision,

of applying for a patent, devoting

there was hope that the Court would

maybe $30,000 and two years

reverse course in 2017 when it heard Oil

to that process alone. At the end

States Energy Services, LLC v. Greene’s Energy

of it all, the Patent Office agrees

Group, LLC.

In that case, Oil States

your invention is novel and issues

Energy Services, LLC had obtained a patent

a patent. The patent affords you

relating to an apparatus and method for

exclusive rights to the fruits of your

protecting wellhead equipment used in

labor for two decades. But what

hydraulic fracturing.106 In 2012, Oil States

happens if someone later emerges

sued Greene’s Energy in federal district court

from the woodwork, arguing that

for patent infringement which prompted

it was all a mistake and your patent

Greene’s Energy to petition the PTAB to

should be canceled? Can a political

institute an IPR, stating that Oil State’s

appointee and his administrative

patent was invalid because it was anticipated

agents, instead of an independent

by prior art (similar inventions existed at

judge, resolve the dispute? The

the time Oil States had applied for their

Court says yes. Respectfully, I

patent). As the petitioner in Cuozzo warned,

disagree.111

the district court and the IPR proceeded in

2. Post-Grant Review Proceeding Used

parallel, resulting in the district court issuing

as Leverage in Settlement Negotiations

105

a claim-construction order that “construed the challenged claims in a way that foreclosed Greene’s Energy’s arguments about the prior art,” while the PTAB, a few months later, issued a final written decision concluding that the claims were unpatentable.107 Oil States appealed to the Federal Circuit challenging the constitutionality of the IPR, arguing that “actions to revoke a patent must be tried in an Article III court before a jury.”108 At the 92

Currents 24.1 2020

After much hard work and no little

Aside from the fairness arguments, IPRs are often used by defendants to increase the chances of earlier and less costly settlements, as part of their overall litigation strategy.112 In 2015, for intellectual property litigation where the amount at risk was less than $1 million, the average litigation costs were $400,000.00 after discovery and $600,000.00 for all costs.113 For amounts at risk over $25

million, average litigation costs were $3

to the Federal Circuit which, sitting en

Narrowing Patentable Subject Matter

banc, affirmed the USPTO’s decision but

million at the end of discovery and $5 million

In addition to changes to the post-

for all costs.114 The median costs for IPRs

grant proceedings set forth in the AIA,

were dramatically lower: $80,000.00 through

since 2012, the U.S. Supreme Court has

filing a petition, $200,000.00 through end

decided a number of cases that have severely

of motion practice, $275,000.00 through

narrowed what is considered patentable

the PTAB hearing the IPR, and $350,000.00

subject matter.125 According to the Patent

through an appeal.

In addition to the pure

Act, an invention must consist of a “process,

dollar figures, time is also an important

machine, manufacture, or composition of

consideration.116 The average time it takes

matter” in order to be patented.126 Courts

for a patent infringement case to go to trial

have consistently held that laws of nature,

can be two and a half years.117 Even with a

natural phenomena, and abstract ideas

Bilski again appealed, this time to

twenty-year patent term, there have been

fall outside the area of patentable subject

the U.S. Supreme Court, which issued

cases that have taken almost twenty years to

matter127 and the AIA explicitly states that

three opinions, consisting of a plurality

adjudicate with multiple trips to multiple

“no patent may issue on a claim directed

opinion for the Court and two concurring

appellate courts.118 Conversely, the average

128

to or encompassing a human organism.”

opinions.136 While refusing to state that so-

time for an IPR is thirty-six months.

With

However, even with these restrictions,

called business methods patents were entirely

a relatively low bar to instituting an IPR120

the courts and the USPTO had generally

outside the scope of § 101, the Court did say

and the lower burden of proof required

interpreted § 101 of the Patent Act broadly,

that “business method patents raise special

to invalidate the patent than needed in

rarely using it to invalidate a patent.129 Since

problems in terms of vagueness and suspect

federal district courts,

it is no accident

2010, the U.S. Supreme Court began to do

validity.”137

that defendants are willing to fork over, on

just for (i) business methods, (ii) software,

average, $100,000.00, for a patent attorney,

and (iii) biomedical technology.

imposing any radical new requirements

1. Business Methods

on patentability under § 101, some

who wish to enforce their patent rights will

Broadly speaking, a business method

commentators criticized the decision for

enter into a contingency fee arrangement

is defined as “a method of operating any

with a patent attorney.123 Because the IPR

aspect of an economic enterprise.”130 In

has the possibility of lengthening litigation,

2010, the U.S. Supreme Court addressed the

as the district court will often stay litigation

question of whether or not business methods

pending the outcome of the IPR process,

could be patented in Bilski v Kappos.131

patent attorneys operating on a contingent

In that case, the USPTO had rejected

fee have an incentive to push harder on their

Bilski’s application, stating that Bilski was

clients to settle earlier and oftentimes for less

claiming subject matter that was ineligible

money than they otherwise would if they had

for patenting under 35 U.S.C. § 101, as it

remained in the litigation longer.124 As such,

was not “implemented on a specific apparatus

patent owners must consider this risk when

and merely manipulate[d] an abstract

calculating whether or not protecting their

idea and solved a purely mathematical

2. Software

inventions with a patent will be economically

problem without any limitation to a practical

In Alice, the Court was tasked with

advantageous.

application” and was therefore “not directed

115

119

121

expert witnesses, and the USPTO filing fee.122 Increasingly more common, patent owners

U.S. Supreme Court Decisions

to the technological arts.”132 Bilski appealed

produced five different opinions on why.133 The majority held that “a claimed process is surely patent-eligible under § 101 if: (1) it is tied to a particular machine or apparatus, or (2) it transforms a particular article into a different state or thing.”134 Applying this standard, the Federal Circuit agreed that Bilski’s application did not claim patentable subject matter.135

While this decision was not seen as

its lack of clarity on the question of what constitutes an “abstract idea” and is therefore not patentable. 138 The real concern was that because many business methods were implemented via computer software, the court would find that an abstract idea was otherwise made patentable by being tied to a computer. This issue would be addressed three years later in the much more controversial decision of Alice Corp. Pty. Ltd. v. CLS Bank Int’l.139

determining whether a patent, designed to mitigate settlement risk by using a third-party

Currents 24.1 2020

intermediary, implemented by a computer,

per se unpatentable. 146 The Electronic

their own patent law. Some of

was patentable under 35 U.S.C. § 101.

140

Frontier Foundation argued that limits on

those countries may not be pre-

In that case, CLS Bank International sought

patentability of software innovations would

disposed to supporting patent

a declaratory judgment that claims in the

more likely help than harm the U.S. software

rights, especially patent rights

patent held by Alice were invalid, arguing that

industry.147 IBM argued that while “[t]here

held by foreign patentees. Those

pursuant to Bilski, the claims were directed

should be no serious question that computer-

countries might be quite willing

to the abstract idea of “employing a neutral

implemented inventions such as software

to embrace, vigorously, a judge-

intermediary to facilitate simultaneous

constitute patent-eligible subject matter

made exclusionary principle that

exchange of obligations in order to minimize

under § 101[,]” obviousness under § 103

has the acknowledged capability to

risk.”141 The Court determined that the

was the more appropriate way to find that

“swallow all of patent law” if judges

patents were invalid because the claims

the present patents were invalid.148

and other decision-makers do not

were drawn to an abstract idea and that implementing those ideas via a computer

While experts in the patent industry

“tread carefully” in applying it.153

agreed that the patents in Alice were

It seems that Professor Duffy’s concern

improvidently granted and needed to be

was warranted. Less than one year after

invalidated, many criticized the Court’s

Alice, the case had been cited 109 times by

decision as not giving much guidance on

lower courts in cases involving the validity of

what kinds of patent software should be

software patents.154 The district court found

patentable. 149 Many also criticized the

that twenty-eight of the software patents

decision for not providing clear guidance on

were invalid at the pleadings stage without

when a patent transforms an abstract idea

first holding a Markman hearing where the

into a patent-eligible invention.150 To this

claim language is construed. Twenty-two

question, the Court stated that “the mere

district courts had invalidated patents on

recitation of a generic computer cannot

summary judgment, and only eighteen

transform a patent-ineligible abstract idea

district courts had rejected Alice challenges

into a patent-eligible invention. Stating an

on the merits or for procedural reasons, such

abstract idea while adding the words ‘apply

as the prematurity of the Alice motion.155

The case prompted fifty-two amicus

it’ is not enough for patent eligibility.”151

Additionally, in that time period, the Federal

curiae briefs by leaders in the software

Professor John Duffy of the University of

Circuit only upheld one software-related

industry and patent professionals, generating

Virginia School of Law lamented having

patent.156

consensus that the patents in Alice should be

to teach the Alice decision to his students,

[

invalidated, but difered as to why.

The tech

stating that he was not convinced that “the

giants Google, Amazon, Facebook, and other

enough test [would] give much guidance

tech companies argued that patents which

to [his] students, or to the lawyers, judges,

merely recite “abstract ideas implemented

and Patent Office officials who will have to

on computers or over the Internet” should

apply it to numerous other situations.”

be held invalid as “the significant work comes

Professor Duffy also expressed concerns for

later, when others undertake the innovative

international prosecution, stating:

was not enough to transform the abstract ideas into patentable subject matter.142 Justice Sotomayor filed a concurring opinion, with whom Justices Ginsburg and Breyer joined, that simply stated, “I adhere to the view that any claim that merely describes a method of doing business does not qualify as a process under § 101 . . . . I further believe that the method claims at issue are drawn to an abstract idea . . . . I therefore join the opinion of the Court.”143 This seemed to suggest that these three Justices would favor a bright line rule against business methods altogether.

144

task of developing specific applications.”145 Microsoft and Hewlett-Packard agreed with the bright line rule held by Sotomayor’s concurrence that business methods are

a large drop off in the issuance of business method patents, issuing fewer than half the number that they had issued in the months prior to Alice.157 This is in line with Judge Newman’s concurrence in part and dissent in part when the Alice decision came before the Federal Circuit where she stated that “[t]

While these cases involve only

he uncertainty of administrative and judicial

U.S. law, other countries often

outcome and the high cost of resolution

look to U.S. doctrine in fashioning

are a disincentive to both innovators and

Currents 24.1 2020

152

Finally, statistics from the USPTO show

competitors.”158 Articles with titles such as

thus satisfied the Federal Circuit’s “machine

troublesome problems in pharmaceutical

“Business Methods (and Software) Are Still

or transformation test.”

The Supreme

and biopharmaceutical companies, Professor

Patentable!”159 do not encourage inventors to

Court reversed, holding that “Prometheus’

Richard H. Stern at George Washington

invest in patent protection for their business

patents set forth laws of nature—namely,

University Law School praised the decision

methods and software patents. The fear is

relationships between concentrations of

for “masterfully harmoniz[ing] difficult-to-

that their applications will be rejected by

certain metabolites in the blood and the

reconcile precedents.”173

the USPTO.

likelihood that a dosage of a thiopurine drug

3. Biomedical Technology Business methods and software are not the only technology areas that the U.S. Supreme Court has scrutinized under 35 U.S.C. § 101. In Mayo Collaborative Services v. Prometheus Laboratories, Inc., the Supreme Court invalidated patents for “[a] method of optimizing therapeutic efficacy for treatment of an immune-mediated gastrointestinal disorder . . . .”160 Because people metabolized the drug 6-thioguanine differently, the patents set out thresholds for administering the drug based on a patient’s red blood cell count.161 Prometheus, the patent owner, sold diagnostic tests that embodied the processes that the patents described.162 When Mayo, a buyer of the diagnostic tests, announced that they intended to begin using and selling their own test, Prometheus sued Mayo in a federal district court for patent infringement.163 While finding that Mayo’s test infringed Prometheus’ patent, the federal district court nevertheless granted a motion for summary judgement in Mayo’s favor reasoning that “the patents effectively claim natural laws or natural phenomena— namely the correlations between thiopurine metabolite levels and the toxicity and efficacy of thiopurine drug dosages—and so are not patentable.”164 On appeal, the Federal Circuit found that the steps in the patents “involve[d] the transformation of the human body or of blood taken from the body” and

165

will prove ineffective or cause harm.”166 The Court went on to say that if Prometheus’ patents claims did significantly more than simply describe these natural correlations, it might be enough for the patents to qualify as patent eligible.167 In explaining the test, the Court analogized Einstein patenting his General Theory of Relativity “by claiming a process consisting of simply telling linear accelerator operators to refer to the law to determine how much energy an amount of mass has produced (or vice versa).”

168

Based

on this analogy, the Court determined that the process simply told doctors interested in these correlations to perform a series of steps that, while not being natural laws themselves, were not “sufficient to transform the nature of the claim.”169

A year later, the Court again took up the issue of biotechnology patents in Association for Molecular Pathology v. Myriad Genetics, Inc.174 In that case, Myriad, a molecular diagnostic company, had discovered the precise location and sequence of gene mutations that dramatically increased the risk of breast and ovarian cancer.175 With this knowledge, Myriad developed medical tests that could detect these mutations in the genes in order to assess the patient’s risk for cancer.176 Years later, medical patients, advocacy groups, and other doctors filed a lawsuit seeking a declaration that Myriad’s patents were invalid under 35 U.S.C. § 101.177 The district court granted summary judgement against Myriad, which the Federal Circuit reversed, holding that the method was patent eligible under § 101. 178 The

Critics of the decision did not hold

Supreme Court then reversed the Federal

back, stating that “[t]hose in the biotech,

Circuit, stating that because Myriad had

medical diagnostics and pharmaceutical

sought to patent a naturally occurring

industries have . . . been taken behind the

DNA segment, as opposed to a method for

woodshed and summarily executed by the

manipulating genes, it had sought to patent

Supreme Court . . . .”170 The big concern was

a product of nature which was not patent

that the Court’s decision would invalidate

eligible merely because it had been isolated.179

thousands of diagnostic patents and would

However, the Court did find that where the

cause investors in personalized medicine to

patent concerned complementary DNA

reevaluate their current investments and

(cDNA), which is synthetic, the cDNA was

possibly redirect future investments to other

not a product of nature and therefore patent

projects, thereby resulting in less research

eligible under § 101.180

and development in the area of untreated diseases.171 Amidst the criticism, there were those who agreed with the decision.172 While conceding that the decision could create

Many commentators supported the Supreme Court’s decision stating that “for many people, it is impossible to understand

Currents 24.1 2020

how genes—the traits we inherit from our parents and pass along to our children—could become a company’s intellectual property.”

181

Still, many argued “that without the revenue streaming from their intellectual property protection, biotechnology companies will not be able to create the medical biotechnology products that have so much positive potential for public health.”182 The U.S. Supreme Court decisions discussed above, as well as the AIA’s

protection in the U.S. For this analysis, only the top thirteen countries from Figure 1 were analyzed. and patent data that would challenge their

correlation between a country’s GDP and the

rankings by the Index, the goal of this

number of patent applications, with the two

Comment is to test the accuracy of the

outliers being Japan and South Korea, which

GIPC’s ranking of the U.S. In addition,

is most likely attributable to the fact that

because WIPO only has patent statistics from

both countries have a large high-technology

2008 to 2017, all GDP data from the IMF

industry, with 25% of all manufactured

also is constrained to those years.

exports from those countries being classified

proceedings were used by the GIPC to justify

Gross Domestic Product

Part II of this Comment, the GIPC utilized a largely subjective methodology to make this determination. A better way to assess the effects of these changes to the U.S. patent system would be to develop an objective methodology, which looks at how inventors have responded to these changes in the patent system. —————————————————

V. Analysis ————————————————— The GIPC’s Index lists the U.S. as first in overall IP rankings, but a breakdown of the countries rankings in category 1: Patents, Related Rights, and Limitations, shows that the U.S. ranks 13th as shown in Figure 1 (page 99).

184

Economic Strength as Measured by

Gross Domestic Product (GDP) is defined as a monetary measurement of all final goods and services produced in a given period of time, usually annually.186 A country’s GDP is composed of all goods and services produced for sale in the market as well as nonmarket production such as defense and education spending provided by government.187 While other productive activity, such as unpaid work by volunteers and black-market activities, are not included in GDP measurements, economists routinely use GDP as a way to measure the health of a country’s economy.188 With regards to an inventor deciding where to sell their inventions and thereby seek patent protection, countries with higher GDPs usually have greater capital available to the inventor as opposed to countries with lower

As previously explained, these rankings

GDPs. If GDP was the sole measurement

are based primarily on the subjective mixed

that determined an inventor’s desirability

scoring method.185 The following analysis will

to seek patent protection, the U.S., which

seek to determine, using statistics from both

boasts the highest nominal GDP of any

the IMF and WIPO, whether the GIPC’s

other country in the world,189 would be far

Index ranking shows that the changes to the

and away the top choice of inventors. This

U.S. patent system have objectively caused

can be shown in Figure 2 (page 100) which

inventors to be less inclined to seek patent

compares each countries’ relative average 96

Currents 24.1 2020

to 2017.190 As Figure 2 shows, there is a strong

rankings.183 However, as previously stated in

patent applications between the years 2008

While other countries might have economic

implementation of the post-grant opposition the U.S. downgrade in the patent protection

nominal GDP to the average number of all

as high-technology.191 While there may be a strong correlation between a country’s GDP and the number of patent applications, the correlation has more to do with an inventors desire to tap into a wealthy market than it does about the ease of navigating the country’s patent system due to increased costs in obtaining and defending a patent. In other words, as long as these countries continue to maintain higher GDPs (as all thirteen countries GDPs rank in the top quintile of all countries in the world), it is safe to say that they will also receive the largest number of patent applications.192 Another way to measure a country’s economic vitality is to measure its economic growth rate, 193 which is obtained by calculating the percentage change in GDP from one year to the next.194 While a country such as the U.S. may continually have the highest GDP, during a recession, GDP will decrease, and unemployment will increase. Increased unemployment equates to a smaller market for inventors to sell their inventions, which will cause inventors to be less likely to seek patent protection for their inventions. If this theory holds, countries experiencing negative GDP growth should also experience a corresponding decrease in the percentage

change of patent applications, and vice versa.

good is one where demand decreases when

grant rate actually increased from 42.54%

Figure 3 (page 100) shows the average growth

a consumer’s income rises.

Conversely,

to 51.40% after the year 2012. 203 This

rate as compared to the average percentage

when a consumer’s income decreases (as a

would seem to contradict the GIPC Index’s

change in patent applications in each country

collective country’s income decreases during

predictions. Furthermore, by ranking each

between the years of 2008 to 2017.195

a recession), demand increases.201 Therefore,

country based upon their average patent

inventors of products that can be classified

grant rate, the U.S. ranking actually increased

as inferior goods may seek countries with

from 10th, before the year 2012, to 8th after

lower GDPs or even seek out countries

the year 2012.204 However, all countries, with

experiencing recessions.

the exception of Italy, also saw an increase

Unlike Figure 3, there is much less correlation between a country’s growth rate and the change in patent applications, if any at all. In fact, while Japan experienced

200

in their average patent grant rate after the

a small average growth rate during this time

As these economic statistics show, their

period of 0.24%, it also saw a significant

effect on an inventor’s decision to choose one

decrease, 0.99%, in the percentage change of

country over another based upon the costs

A note of caution should be exercised

patent applications.196 Conversely, while Italy

associated with obtaining and enforcing a

when analyzing this measurement as it does

experienced a negative growth rate of 0.67%

patent will be negligible. As such, these

not take into account whether inventors, after

(one of the lowest growth rates in the entire

economic variables can be excluded from

seeing the changes to the U.S. patent system

world, ranking 186 out of 196 countries), it

the analysis in an attempt to isolate other

post-2012, may have been discouraged

saw an increase of 1.41% in the percentage

variables that may shed light on whether

entirely from applying for a U.S. patent.

change of patent applications.

Therefore,

inventors are swayed by the changes to the

In other words, the increased patent grant

it is reasonable to conclude that there is very

U.S. patent system when deciding which

rate may largely be attributed to less patent

little if any connection between a country’s

country to seek patent protection.

applications that contained patentable

197

growth rate and an inventor’s decision to seek

patent protection.

Granted

Percent of Patent Applications

subject matter than was likely to be rejected by the USPTO in light of the Supreme

The likely reason is that the duration of

Another way to gauge how favorable

the patent term is twenty years in the U.S. and

inventors view a particular country’s patent

Europe.198 With the average business cycle’s

system is to look at the percentage of patent

contractionary period being eleven months

applications that eventually result in the grant

for the past seventy-five years, inventors can

of a patent (patent grant rate). In theory,

safely assume that any country experiencing

inventors should be less likely to seek patent

a recession will most likely reach recovery

protection in a country with a lower patent

within a year or two.199 Therefore, inventors

grant rate than a country with a higher grant

will most likely view a country experiencing

rate. Additionally, historic analysis of the

negative GDP growth as only temporary,

patent grant rate in the U.S. should show

which will not significantly discourage

a decrease after the year 2012 according to

them from seeking patent protection,

the GIPC Index as decisions by the U.S.

if other factors in that country show a

Supreme Court restricting patentability

possible market for selling their invention.

should mean that the USPTO rejects more

In addition, for those inventors seeking to

patent applications. Figure 4 (page 101)

invent products that might be classified as

shows the historic patent grant rate for all

inferior goods, negative GDP growth may

thirteen countries.

actually be a positive factor. An inferior

year 2012.205

202

Surprisingly, the average U.S. patent

Court’s decisions. Therefore, a large portion of the patents being granted were subject matter not likely to be rejected by the USPTO. In addition, these numbers do not take into account how many applications were pro se, which account for the bulk of rejections by the USPTO,206 and there is no readily available data to show how pro se applications are treated in other countries. Still, the ranking of the U.S. among these thirteen countries, with respect to patent grant rate, seems at odds with the GIPC Index’s ranking.207 C.

Pe r c e n t C h a n g e i n Pa t e n t

Applications Finally, the most dispositive statistic to look at is the percentage change in patent applications in each country. If the GIPC

Currents 24.1 2020

Index’s findings are correct, inventors

of 1.06%.214 The only other countries that

seeking patent protection in the U.S.

experienced a greater average decrease than

should be discouraged after the changes to

the U.S. were Switzerland, France, and

the U.S. patent system were implemented

Spain, with decreases of 26.85%, 4.01%,

in 2012 (and should look to countries that

and 3.96%, respectively.215 Therefore, it is

have a better patent system). As such, the

reasonable to conclude that the changes to

percentage change in patent applications in

the U.S. patent system in 2012 have resulted

the U.S. should decrease after 2012, while

in at least some inventors being discouraged

the percentage change in patent applications

from seeking patent protection in the U.S.

in other countries should increase. WIPO

—————————————————

classifies patent applications as being filed

VI. Conclusion

either by a resident, non-resident, or abroad

—————————————————

filer.

208

A resident filing is one made by

applicants at their home office, which may be a national or regional office.209 The terms “non-resident” and “abroad” are used for filings in a foreign office, but a non-resident filing occurs when an office receives an application by a foreigner, while an abroad filing occurs when an applicant files an application from a foreign office.

210

While WIPO has reasons for differentiating between the two terms, for this analysis, the terms can be used interchangeably. Figures 5 (page 101) and 6 (page 102) show the average rate of change of patent applications across all thirteen countries.211 From the outset, it should be noted that Switzerland, Sweden, and Ireland seem

The analysis presented supports the GIPC Index’s conclusion that changes made to the U.S. patent system since 2012 have led some inventors to be discouraged from seeking patent protection in the U.S., but it is unclear whether the analysis supports the Index’s ranking of the U.S. or any of the other top fourteen countries. In order to more definitively determine the answer to these questions, further econometric analysis will need to be done. In addition, the dataset from the years 2008 to 2017 is probably too small. As time goes on, an expanded dataset should be able to yield better results and paint a more adequate picture of the damage that the changes to the U.S. patent system since 2012 has had on U.S. innovation.

to have outliers that may be attributable to factors specific to those countries which are unknown. Those three countries have been removed from Figure 6 for readability purposes.212 The U.S. experienced a decrease of 2.05% among resident filings and a decrease of 2.40% among non-resident filings but experienced a 1.26% increase among abroad filings.213 By averaging all three categories of filers, the U.S. saw an overall decrease 98

Currents 24.1 2020

Figure 1

Currents 24.1 2020

Figure 2

Figure 3

100

Currents 24.1 2020

Figure 4

Figure 5

101

Currents 24.1 2020

Figure 6

102

Currents 24.1 2020

End Notes 1.

6. 7. 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. 23.

See Dick Teresi, Zero, The Atlantic, July 1997, https:// www.theatlantic.com/magazine/ archive/1997/07/zero/376900. Robert A. Margo & Georgia C. Villaflor, The Growth of Wages in Antebellum America: New Evidence, 47 The Journal of Economic History 873, 888 (1987) (comparing growth pre and post-civil war); Magali Cornier Michael, Feminism and the Postmodern Impulse: Post-World War II Fiction (1996) (analyzing the intersections between feminist politics and postmodern aesthetics as demonstrated in recent AngloAmerican fiction). Reese Witherspoon (@ReeseW), Twitter (Jan. 7, 2018, 11:04 p.m.), https://twitter.com/reesew/ status/950262030409261056?lan g=en. United States Patent and Trademark Office, LeahySmith America Invents Ac t ( 2 0 1 1 ) , h t t p s : / / w w w. uspto.gov/sites/default/files/ aia_implementation/20110916pub-l112-29.pdf. Global Intellectual Policy Center (GIPC), U.S. Chamber International IP Index 6 (2018), https://www. t h e g l o b a l i p c e n t e r. c o m / w p content/uploads/2018/02/GIPC_ IP_Index_2018.pdf [hereinafter GIPC Index]; see Gene Quinn, U.S. Patent System Falls to 12th Place in Chamber Global IP Index for 2018, IPWatchdog (Feb. 8, 2018), https://www.ipwatchdog. com/2018/02/08/u-s-patentsystem-falls-12th-place-chamberglobal-ip-index-2018/id=93494/ (showing the U.S. has dropped from 10th in 2017 to being tied for 12th place with Italy in 2018). GIPC Index, note 5, at v. Id. at 163. Id. at 164–65. Id. at 165. Id. Id. Id. Id. Id. Id. Id. Id. at 166. Id. at 165. Id. at 165–66. Id. at 166. Id. at 156. Id. at 169. Id. at 177 n.xxi.

24. Id. at 169–70. 25. Id. at 171. 26. Jeanne C. Fromer, The Intellectual Pr o p e r t y C l a u s e’s E x t e r n a l Limitations, 61 Duke L.J. 1329, 1345 (2012). 27. U.S. Const. art. I, § 8, cl. 8. 28. 11 Donald S. Chisum, Chisum on Patents § 1111.30 (2018). 29. Id. 30. Id. 31. World Intellectual Property Organization [WIPO], Frequently Asked Questions: Patents, (2019), http://www.wipo.int/patents/en/ faq_patents.html (last visited Jan. 22, 2020). 32. 35 U.S.C. § 154 (2012). 33. See Anthony T. Kronman & R i c h a rd A . Po s n e r, Th e Economics of Contract Law 1–2 (1979). 34. Id. 35. See Richard G. Lipsey et. al., Microeconomics, 232–36 (12th ed., 1999). 36. Id. 37. Id. 38. Id. 39. 15 U.S.C. § 2 (2012). 40. Edwin H. Abbot, Jr., Patents and the Sherman Act, 12 Colum. L. Rev. 709, 710 (1912). 41. Id. 42. Michele Boldrin & David K. Levine, Property Rights and Intellectual Monopoly, David Levine’s Economic and Game Theory Page, http://www. dklevine.com/general/intellectual/ coffee.htm (last visited Jan. 22, 2020). 43. David S. Olson, Taking the Utilitarian Basis for Patent Law Seriously: The Case for Restricting Patentable Subject Matter, 82 Temp. L. Rev. 181, 192 (2009). 44. Id. 45. Fritz Machlup, Subcomm. on Patents, Trademarks, and Copyrights of the Comm. on the Judiciary, 85th Cong., An Economic Review of the Patent System 79 (Comm. Print 1958). 46. Id. at 79. 47. Id. at 80. 48. Protecting Intellectual Property Rights (IPR) Overseas, U.S. Pat. and Trademark Office, https:// www.uspto.gov/patents-gettingstarted/international-protection/ protecting-intellectual-propertyrights-ipr (last visited Jan. 22, 2020). 49. 35 U.S.C.§ 154 (2012). 50. Kronman, supra note 33.

51. Tamara Monosoff, To Patent or Not to Patent?, Entrepreneur (Sept. 26, 2005), https://www. entrepreneur.com/article/80088. 52. Gene Quinn, Patent Prosecution 1 0 1 : Un d e r s t a n d i n g Pa t e n t Examiner Rejections, IPWatchdog (Feb. 11, 2017), https://www. ipwatchdog.com/2017/02/11/ p a t e n t - p ro s e c u t i o n - p a t e n t examiner-rejections. 53. USPTO Fee Schedule, USPTO, https://www.uspto.gov/learningand-resources/fees-and-payment/ uspto-fee-schedule (last revised Sept. 1, 2019). 54. Patent Attorneys Fees Explained, IPWatchdog, http://www. ipwatchdog.com/patent/patentattorney-fees-explained (last visited Jan. 22, 2020). 55. Extended Year Set – All Technologies (Utility Patents) Report, USPTO, http://www.uspto.gov/web/ offices/ac/ido/oeip/taf/h_ at.htm#PartA1_1b (last visited Jan. 22, 2020) (showing that in 2015, out of 298,407 granted utility patents, only 6.3% were granted to individuals as opposed to U.S. and foreign corporations or governments). 56. 35 U.S.C. § 101 (2012) (“Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or any new and useful improvement thereof, may obtain a patent therefor . . . .”). 57. Id. § 102(a) (“A person shall be entitled to a patent unless . . . the claimed invention was patented, described in a printed publication, or in public use, on sale, or otherwise available to the public . . . .”). 58. Id. § 103 (“A patent for a claimed invention may not be obtained . . . if the differences between the claimed invention and the prior art are such that the claimed invention as a whole would have been obvious before the effective filing date of the claimed invention to a person having ordinary skill in the art to which the claimed invention pertains.”). 59. Id. § 112(a) (“In general. The specification shall contain a written description of the invention, and the manner and process of making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the art . . . to make and use the same . . . .”). 60. Michael Carley et al., What is the

Probability of Receiving a U.S. Patent?, 17 Yale J.L. & Tech. 203, 215 (2015). 61. 37 C.F.R. § 1.134 (2019) (“An Office action will notify the applicant of any non-statutory or shortened statutory time period set for reply to an Office action.”). 62. Id; see also 37 C.F.R. § 1.111 (2019) (“If the Office actions after first examination . . . [are] adverse in any respect, the applicant or patent owner, if he or she persists in his or her application for a patent . . . must reply and request reconsideration or further examination, with or without amendment.”). 63. 37 C.F.R. § 1.314 (2019) (“If applicant timely pays the issue fee . . . .”). 64. 37 C.F.R. § 1.113 (2019). 65. Id. 66. Id. 67. Id. 68. Id. 69. Id. 70. USPTO, supra note 53. 71. USPTO, supra note 53. 72. See generally 8 Donald S. Chisum, Chisum on Patents § 22.03 (2019). 73. Id. 74. S e e S a n D i s k C o r p . v . STMicroelectronics, Inc., 480 F.3d 1372, 1381 (Fed. Cir. 2007) (“[W]here a patentee asserts rights under a patent based on certain identified ongoing or planned activity of another party, and where the party contends that it has the right to engage in the accused activity without license, an Article III case or controversy will arise and the party need not risk a suit for infringement by engaging in the identified activity before seeking a declaration of its legal rights.”). 75. 4 Donald S. Chisum, Chisum on Patents § 11.07(4)(b)(i) (2019). 76. 27 C.F.R. §§ 42.200–42.207 (2019). 77. Id. 78. Brian C. Kwok & Nicholas V. Martini, Post-Grant Review is Becoming Increasingly Popular, Law360 (June 1, 2016, 10:32 AM), http://www.haynesboone. com/-/media/files/attorneypublications/2016/postgrantreview-is-becoming-increasinglypopular.ashx?la=en&hash=3747 CF515B1F482CA9D4F535A51 912A2B5A58877. 79. Id. 80. Transitional Program for Covered

103

Currents 24.1 2020

B u s i n e s s M e t h o d Pa t e n t s , USPTO, https://www.uspto. gov/patents-application-process/ appealing-patent-decisions/trials/ transitional-program-coveredbusiness (last updated May 9, 2017). 81. Inter Partes Review, USPTO, https://www.uspto.gov/patentsapplication-process/appealingpatent-decisions/trials/interpartes-review (last updated May 9, 2017). 82. Kwok & Martini, supra note 77. 83. Kwok & Martini, supra note 77. 84. Nate Dilger & John Lord, Evaluating the Effectiveness of the Inter Partes Review Process, Los Angeles Lawyer 16 (July/ Aug. 2016), http://onellp.com/ wp-content/uploads/2016/07/714-16-LA-Lawyer.pdf. 85. 35 U.S.C. § 311 (2012) (detailing who may file and when petition should be filed). 86. 35 U.S.C. § 314 (2012); see also 35 U.S.C. §§ 6(c), 18 (2012). 87. 35 U.S.C. § 6 (2012). 88. Id.; 35 U.S.C. § 316 (2012). 89. Jason E. Stach & Benjamin A. Saidman, Maximizing the Likelihood of a Litigation Stay Pending Inter Partes Review, IP Litigator (Sept./Oct. 2016), https://www.finnegan.com/ en/insights/maximizing-thelikelihood-of-a-litigation-staypending-inter.html. 90. 77 Fed. Reg. 48680 (Aug. 14, 2012). 91. GIPC Index, supra note 5, at 8. 92. GIPC Index, supra note 5, at 8. 93. Cuozzo Speed Techs., LLC v. Lee, 136 S. Ct. 2131, 2137–39 (2016). 94. Id. at 2138. 95. Id. at 2138–39. 96. Id. at 2134. 97. Id. at 2139. 98. Id. at 2145. 99. Id. 100. Id. 101. Id. at 2145–46. 102. Id. at 2146. 103. Id. 104. Id. 105. 138 S. Ct. 1365 (2018). 106. Id. at 1372. 107. Id. 108. Id. 109. Id. 110. Id. at 1373. 111. Id. at 1380. 112. See William Hannah, Comment, Major Change, New Chapter: How Inter Partes Review and Post Grant Review Proceedings Created by the America Invents Act will Shape Litigation Strategies, 17 Intell. Prop. L. Bull. 27, 27 (2012). 113. Am. Intell. Prop. Law Ass’n, 2015 Report of the Economic

Survey 37 (2015). 114. Id. 115. Samson Vermont, AIPLA Survey of Costs of Patent Litigation and Inter Partes Review, PatentAttorney. com (Jan. 30, 2017), https://www. patentattorney.com/aipla-surveyof-costs-of-patent-litigation-andinter-partes-review/. 116. Hannah, supra note 110, at 29. 117. Hannah, supra note 110, at 29. 118. Festo Corp. v. Shoketsu Kinzoku Kogyo Kabushiki Co., 493 F.3d 1368, 1370–71 (Fed. Cir. 2007) (“The case has been pending for almost twenty years and has been before the Supreme Court twice and before us twice en banc.”). 119. Hannah, supra note 110, at 29–30. 120. Hannah, supra note 110, at 34. 121. GIPC Index, supra note 5, at 8. 122. Josh Landau, Inter Partes Review: Five Years, Over $2 Billion Saved, Pat. Progress (Sept. 14, 2017), http://www.patentprogress. org/2017/09/14/inter-partesreview-saves-over-2-billion/. 123. Lawrence K. Kolodney, Contingent Fee Litigation–A Low Risk Way to Enforce and Monetize Your Patents, Corp. Couns. (Oct. 23, 2017), https://www.fr.com/ wp-content/uploads/2017/10/ Kolodney_CorporateCounsel_ ContingentFeeLitigation_reprint. pdf. 124. See Lindsay V. Cutié, Inter Partes Review: An Avenue for Early Settlement of Co-Pending Patent Infringement Lawsuits, Baker Botts (Oct. 18, 2016), http:// www.bakerbotts.com/ideas/ publications/2016/10/interpartes-review-an-avenue-for-early. 125. J o h n R . Th o m a s , C o n g . R e s e a rc h S e rv. , R 4 4 9 4 3 , Patentable Subject Matter Reform 4 (1987). 126. 35 U.S.C. § 101 (2017). 127. Diamond v. Diehr, 450 U.S. 175, 185 (1981). 128. Leahy‑Smith America Invents Act (AIA), Pub. L. No. 112‑29, § 33, 125 Stat. 284 (2011). 129. See Timothy R. Holbrook & Mark D. Janis, Patent-Eligible Processes: An Audience Perspective, 17 Vand. J. Ent. & Tech. L. 349, 351 (2015). 130. Ausl. advisory council on intellectual Property, Report on a Review of the Patenting of Business Systems 1 (Sept. 2003), https:// www.ipaustralia.gov.au/sites/ default/files/final_report_review_ of_patenting_of_business_ systems.pdf. 131. See Bilski v. Kappos, 561 U.S. 593, 597–98 (2010). 132. Id. at 599–600.

133. Id. at 600. 134. Id. 135. Id. 136. Thomas, supra note 123, at 5. 137. Bilski, 562 U.S. at 608. 138. See Dennis Crouch, Bilski v. Kappos, Patentlyo (Jun. 28, 2010), https://patentlyo.com/ patent/2010/06/bilski-v-kapposbusiness-methods-out-softwarestill-patentable.html. 139. Id. 140. Alice Corp. Pty. v. CLS Bank Int’l, 573 U.S. 208, 212 (2014). 141. Id. at 214. 142. Id. at 221. 143. Id. at 227. 144. Paul J. Sutton, Patent Eligibility After Alice, World Intell. Prop. Rev. (Feb. 27, 2017), https://www. worldipreview.com/contributedarticle/patent-eligibility-afteralice. 145. Brief of Google, Inc. et al. as Amici Curiae Supporting Respondents at 8-9, Alice Corp. Pty. Ltd. v. CLS Bank Int’l, 573 U.S. 208 (2014) (No. 13-298), 2014 U.S. S. Ct. Briefs LEXIS 786. 146. Brief of Microsoft Corp. et al. as Amici Curiae in Support of Affirmance at 10-11, Alice Corp. Pty. Ltd. v. CLS Bank Int’l, 573 U.S. 208 (2014) (No. 13-298), 2014 U.S. S. Ct. Briefs LEXIS 780. 147. Brief of Amicus Curiae Elec. Frontier Found. in Support of Respondents at 12, Alice Corp. Pty. Ltd. v. CLS Bank Int’l, 573 U.S. 208 (2014) (No. 13-298), 2014 U.S. S. Ct. Briefs LEXIS 783. 148. Brief of Amicus Curiae Int’l Bus. Mach. Corp. in Support of Neither Party at 8-14, Alice Corp. Pty. Ltd. v. CLS Bank Int’l, 573 U.S. 208 (2014) (No. 13-298), 2014 U.S. S. Ct. Briefs LEXIS 404. 149. Brian Fung, The Supreme Court’s Decision on Software Patents Still Doesn’t Settle Bigger Question, Wash. Post (June 20, 2014), https:// www.washingtonpost.com/news/ the-switch/wp/2014/06/20/ the-supreme-courts-decisionon-software-patents-stilldoesnt-settle-the-biggerquestion/?noredirect=on&utm_ term=.86b7bf9ddeac. 150. John Duffy, Opinion Analysis: The Uncertain Expansion of JudgeMade Exceptions to Patentability, S C OT U S b lo g ( Ju n . 2 4 , 2014), http://www.scotusblog. com/2014/06/opinion-analysisthe-uncertain-expansion-of-judgemade-exceptions-to-patentability. 151. Alice Corp. Pty. v. CLS Bank Int’l, 573 U.S. 208, 223 (2014) (emphasis added). 104

Currents 24.1 2020

152. Duffy, supra note 148. 153. Duffy, supra note 148. 154. Steven Callahan, Alice: Death of Software-Related Patents? Northern District of Tex. Blog (May 1, 2015), http://www. ndtexblog.com/?p=3550. 155. Id. 156. Id. 157. James Bessen, What the Courts Did to Curb Patent Trolling—for Now, The Atlantic, Dec. 1, 2014, https://www.theatlantic.com/ business/archive/2014/12/whatthe-courts-did-to-curb-patenttrollingfor-now/383138/?single_ page=true. 158. CLS Bank Int’l v. Alice Corp. Pty, 717 F.3d 1269, 1321 (Fed. Cir. 2013) (Newman, J., concurring in part and dissenting in part). 159. Raymond Millien, Business Methods (and Software) Are Still Patentable!, IPWatchdog (Aug. 28, 2012), https://www. ipwatchdog.com/2012/08/28/ business-methods-and-softwareare-still-patentable/id=27658. 160. Mayo Collaborative Servs. v. Prometheus Labs., Inc., 566 U.S. 66, 74 (2012). 161. Id. at 75. 162. Id. 163. Id. 164. Id. at 75–76. 165. Id. at 76. 166. Id. at 77. 167. Id. 168. Id. at 77–78. 169. Id. at 78. 170. Gene Quinn, Killing Industry: The Supreme Court Blows Mayo v. Prometheus, IPWatchdog (Mar. 20, 2012), http://www. ipwatchdog.com/2012/03/20/ supreme-court-mayo-vprometheus/id=22920. 171. Glenn Hess, Patent Ruling Dismays Biotech, C&EN, (Apr. 2, 2012) https://cen.acs.org/articles/90/ i14/Patent-Ruling-DismaysBiotech.html?h=-1802238606; Hans Sauer, Mayo v. Prometheus: BIO Statement on Supreme Court Decision, BIOtechNOW (Mar. 20, 2012), https://www. biotech-now.org/public-policy/ patently-biotech/2012/03/mayov-prometheus-bio-statement-onsupreme-court-decision. 172. R i c h a r d H . S t e r n , M a y o v. Prometheus: No Patents on Conventional Implementations of Natural Principles and Fundamental Truths, 34 Eur. Intell. Prop. Rev. 502, 502 (2012). 173. Id. 174. Ass’n for Molecular Pathology v. Myriad Genetics, Inc., 569 U.S. 576 (2013). 175. Id. at 576.

176. Id. 177. Id. at 586. 178. Id. 179. Id. at 576–82. 180. Id. at 576–7. 181. Jim Dwyer, In Patent Fight, Nature 1; Company, 0, N.Y. Times, Mar. 30, 2010, https:// www.nytimes.com/2010/03/31/ nyregion/31about. html?ref=myriadgeneticsinc&_ r=0. 182. L i b b y D e s h a i e s , R e c e n t Developments in Patenting Medical Biotechnology: Myriad Genetics and the Affordable Care Act as Steps Towards Greater Patient Access, 14 U. Ill. J. L. Tech. & Pol’y, 307, 311 (2014). 183. GIPC Index, supra note 5, at 8. 184. GIPC Index, supra note 5, at 35. 185. GIPC Index, supra note 5, at 165–66. 186. Tim Callen, Gross Domestic Product: An Economy’s All. Finance & Development, IMF (Dec. 18, 2018), https://www.imf.org/ external/pubs/ft/fandd/basics/ gdp.htm. 187. Id. 188. Id. 189. Wo r l d E c o n o m i c O u t l o o k Database, IMF [hereinafter WEO Data], https://www.imf.org/ external/pubs/ft/weo/2018/02/ weodata/index.aspx (last visited Jan. 22, 2020). 190. Id.; IP Statistics Data Center, WIPO [hereinafter WIPO Data], https://www3.wipo.int/ipstats/ index.htm?tab=patent (last updated Dec. 2018). 191. World Development Indicators Database, World Bank, https:// databank.worldbank.org/data/ views/reports/reportwidget. aspx?Report_Name=CountryPro file&Id=b450fd57&tbar=y&dd =y&inf=n&zm= (last visited Jan. 22, 2020). 192. WEO Data, supra note 189. 193. Callen, supra note 184. 194. Callen, supra note 184. 195. WEO Data, supra note 189; WIPO Data, supra note 190. 196. WIPO Data, supra note 190. 197. WIPO Data, supra note 190. 198. 35 U.S.C. § 154(a)(2); European Patent Convention, art. 63, Oct. 5, 1973, 1065 U.N.T.S. 199. https:// www.epo.org/law-practice/legaltexts/html/epc/2016/e/ar63.html (last visited Jan. 22, 2020). 199. US Business Cycle Expansion and Contractions, The Nat’l Bureau of Econ. Res. (April 23, 2012, 4:26 PM), https://www.nber.org/cycles/ US_Business_Cycle_Expansions_ and_Contractions_20120423.pdf. 200. Gregory N. Mankiw, Principles of Economics 70 (6th ed. 2012).

201. Id. 202. WIPO Data, supra note 190. 203. WIPO Data, supra note 190. 204. WIPO Data, supra note 190. 205. WIPO Data, supra note 190. 206. USPTO, supra note 55. 207. GIPC Index, supra note 5, at 35. 208. WIPO Data, supra note 188. 209. WIPO Data, supra note 190. 210. WIPO Data, supra note 190. 211. WIPO Data, supra note 190. 212. WIPO Data, supra note 190. 213. WIPO Data, supra note 190. 214. WIPO Data, supra note 190. 215. WIPO Data, supra note 190.

105

Currents 24.1 2020

F R E E L A N D

—————————————————

interest in promoting availability of content

Rightholders’ online content is derived from

I. Introduction

in digital form. To illustrate, Hollywood

a portion of Service Providers’ advertisement

—————————————————

Rightholders seek to expand protections,

revenue and from purchased or compulsory

Silicon Valley Service Providers seek to avoid

licenses. 6 Service Providers are keen on

the encroachment of copyright laws into

the evolution of technology, adapting

their business models,3 while academic and

business models to anticipate new uses of

scientific institutions advocate for Internet

the Internet as a delivery vehicle for content

freedom.

and improving content portability through

What value, contemplated by law, is owed to copyright owners (Rightholders) for the production of content in the digital age? One answer to that question is seemingly apparent. The European Parliament and

the Council of the European Union

What will happen to content creation

agreed to update protections for European

if either party gets their way? Online

Rightholders and journalists under new rules

accessibility of media and information is

to reinforce the interests of Internet users.1

a vital component of the Internet, and if

These changes impose affirmative obligations

the Service Provider wins out, there will

for online content-sharing service providers

be more content because of the continued

(Service Providers) having the net effect of

cost efficiency of their superior negotiating

transferring value from the Service Provider

position. If the Rightholder wins out, the

to the Rightholder, a clear indication that

Service Provider must license less content or

the European Union is expanding copyright

suffer a hit to the bottom line.

protections.

This Comment will examine the

The Service Provider invests heavily

European Union’s5 motives in addressing

into its online infrastructure, hiring skilled

the “value gap” between Service Providers

labor, acquiring the assets necessary to

and Rightholders in Part II; whether or not

create the digital market, and providing

the transparency solution to the “value gap”

the services and goods demanded by

is congruent with trade secret, copyright,

consumers—Service Providers deserve the

and data exchange regimes of law in Part III.

return produced by their efforts. On the

Finally, in Part IV, this Comment will assess

other hand, the Rightholder produced the

whether the new bargain mandated by the

work subject to copyright and introduced

Directive is palatable for global economies.

it to the proper channels for distribution,

—————————————————

with the expectation that only the approved

II. The “Value Gap”

channels distribute their work. Inevitably

—————————————————

what results is a competition between the

Most of the value generated by

interest in preventing infringement and the

106

Currents 24.1 2020

the creation of innovative devices to achieve sustainable growth in network size and value.7 Service Providers incentivize Rightholders to enter into licensing agreements by tailoring platforms to reproduce their content and providing essential infrastructure for user traffic, information accessibility, stability, and security. 8 Rightholders' uploaded works individually generate data that can be monetized from user traffic, but only the Service Providers posses or control such data as a result of website ownership. Therefore, Rightholders may only retrieve value from licenses and any secondary transaction arising out of monetized interactions with each website hosting its content. The EU has attributed the superior negotiating positions of Service Providers to the disparity in the respective values each party to each license receives.9 This bargaining disparity is what the EU seeks to rectify with its Directive on Copyright10 (Directive) by restraining Service Provider negotiating stature with affirmative and costly obligations. Under the Directive,

Rightholders will be able to claim additional

obligations arising out of the EU General

remuneration from Service Providers lawfully

Data Protection Regulations (GDPR),

exploiting Rightholders works when the

discussed below, must provide “adequate

remuneration originally agreed upon is

information” on how personal data is

“disproportionately low” compared to the

processed,

benefits derived by the Service Provider.

information on remuneration.18 The Directive

Exceptions to the “online content-sharing

qualifies the transparency requirement as “[s]

Service Provider” designation are entities

uch information . . . sufficiently specific

that are “not-for-profit online encyclopedias,

to provide enough transparency to [R]

not-for-profit educational and scientific

ightholders, without affecting business

repositories, open source software-developing

secrets,”19 but this is problematic for Service

and sharing platforms, providers of electronic

Providers that are unaware of their own

communication services,” such as Internet

business secrets, further discussed below.

access services, interpersonal communications

Member States are directed to several factors

services, and services which consist wholly of

to determine whether a Service Provider is

conveying signals for transmission “online

subject to transparency obligations, such as:

marketplaces, business-to-business cloud

the specificities of the content sectors; the

services[,] and cloud services that allow users

contribution of the authors or performers to

to upload content for their own use.”12

the overall work; and collective bargaining,

Transparency Obligations

T h e p r o p o s a l f u r t h e r re q u i re s “transparency,” that Service Providers are to share with entitled Rightholders “information on the licensing and the distribution of

such as contact details and

to the extent it may be relevant in particular circumstances. Member States also have 20

discretion, “the option,” to provide for “further measures” to ensure transparency.21 B.

Monitoring Obligations

succeed, try, try again.” Under the Digital Millennium Copyright Act23 (DMCA) and its European counterpart, 24 Ser vice Providers are minimally incentivized, if at all, to sign fair licensing agreements with Rightholders. It follows then, that Service Providers further are uninterested in adherence to costly obligations to supply data—whether confidential in nature or perhaps even part of a larger trade secret information regime. DMCA and its equivalents only obligate Service Providers to remove infringing content when Rightholders ask them to do so.25 Therefore, the Directive should not be construed as granting any new rights to Rightholders, but as softening safe harbor immunities for Service Providers. 26 The problem presented by altering prevailing practice is that vast amounts of content originally generated through the current scheme now will be significantly restricted as the Service Providers must renegotiate all of their licenses with Rightholders.27 One potential consequence of restructuring?

remuneration” to other Rightholders.13

Further, Member States must consider

Under Article 19, such Rightholders also

several factors in determining whether the

have the right to receive such information

Service Provider generally prevented the

at least once a year14 and may insist on the

availability of unauthorized works (the

sufficiency of the information either directly

monitoring obligation), such as the size of

themselves or indirectly through Collective

the Internet company and the evolving state

Management Organizations or Member State

of the art as regards “suitable and effective

Union law.15 Sufficiency depends on the

means and their cost,” or similar technologies,

Rightholders’ ability to “assess the continued

including potential future technologies.22

economic value of [the] rights” in question,

Interestingly, the Directive does not seek to

and the information shared should be “recent

lead Member States to impose a “monitoring

data, relevant to the exploitation of the work

obligation” per se, as the negotiation of a

. . . and comprehensive in a way that it covers

license for all Service Provider hosted content

. . . all modes of exploitation and . . . all

is simply not economically feasible. Instead,

relevant revenues worldwide.”16

the approach the “monitoring obligation”

Due to these changes in the licensing

subscribes to seems to be “if at first you don’t

system, Service Providers, in an effort to

Service Providers with transparency

Service Providers—effectively in control of generally available content—may now change their default stance to restriction, unintentionally resulting in censorship of content that it would have otherwise made available had favorable licenses been negotiated.28 Service Providers may choose to start filtering all content to which “relevant and necessary”29 requests are directed without any effort directed at determining the scope of the rights and protections of the offensive material or the reach of the filtering processes implemented.30

107

Currents 24.1 2020

protect their business model, may opt to

This rule allows for the Rightholder to

specific measures utilized. Not all Service

make unlicensed content available, which

enjoin the Service Provider who “carries a

Providers are alike and will opt for measures

ordinarily would open them up to liability

third party’s infringement of a protected

proportionate to the resources allocable to

for unauthorized acts of communication to

work . . . in a network,” and block access of

its obligations.

the public.31 However, a Service Provider can

Service Provider’s customers to its website,

mitigate liability if it:

inasmuch as the site makes the unauthorized

1) makes best efforts to obtain an 32

authorization; 2) is in accordance with high industry standards of professional diligence, makes best efforts to ensure the unavailability of specific works for which the Rightholders have provided… relevant and necessary information; 3) acts expeditiously, upon receiving a sufficiently substantiated notice from the Rightholders to disable access to, or remove from their websites, the notified works; and

work available to the public.35 Thus, clearly the Directive’s goal is to maintain that the monitoring obligation is a creature of the judiciary.36

amount of value is now gushing out from the Service Provider and heading toward Rightholders. Add to this figure the costs

The inevitable result of monitoring

Rightholder-favored licenses, maintaining

high volume usage of a Service Provider’s

transparency obligations, and, potentially,

website–such that the unauthorized use of a

compliance with an injunction to implement

Rightholder’s content is both detected and

monitoring technology. In this light, Service

in fact taken down in every case—is the

Provider profit margins begin to shrink

implementation of filtering or surveillance

exponentially.

technology.

An affirmative monitoring

obligation would impose high development, maintenance, and reporting costs on Service

4) makes best efforts to prevent future

to large U.S.-based providers, strengthening

uploads.33

these firms’ market position and giving them

Privacy concerns abound with respect to

access to the behavior of EU users of Internet platforms.38

specifically, those unable to feasibly obtain

Critics of Article 17 posit that the Internet

authorizations for all uploaded content—

is subject to unprecedented transformation

now tasked with preventing access to and

from an open platform, for sharing and

future uploads of such content. The EU

innovation, into a tool for the automated

Court of Justice has addressed just this,

surveillance and control of its users, even

providing that Service Providers are to take

where no infringing material is uploaded.40

“all reasonable measures” and provided clear

Such filtering technologies have the potential

guidance for this standard: (i) the measures

to deprive users of First Amendment rights

should not unnecessarily deprive Internet

and enforcement exceptions to copyright

users “of the possibility of lawfully accessing

protection, such as the quotation right

the information available”; and (ii) the

and the right to parody.41 The monitoring

measures used “have the effect of preventing

obligation is not necessarily an affirmative

unauthorised access to the protected subject-

one, that is, courts must first make a case-

matter or, at least, of making it difficult to

by-case determination as to what a particular

achieve and of seriously discouraging Internet

Service Provider’s monitoring obligation is,

users who are using the services . . . from

without impermissibly intruding into the

accessing [unauthorized] subject-matter.”

108

Currents 24.1 2020

economics in this context. Seemingly, a vast

associated with higher remuneration through

Providers who will likely end up outsourcing

the efforts necessitated by Service Providers—

However, still looming is question of

“Value Gap” in the U.S.

In the U.S., the “value gap” is directly addressed by DMCA, Congress’ response to the WIPO Copyright Treaty.42 As the WIPO Copyright Treaty is not self-executing, any additional obligations proposed by legislation enacted in Europe must be further promulgated by Congressional action.43 However, new legal regimes implemented by Congress could be characterized as a provocative signal directed at the EU.44 The Music Modernization Act45 (MMA), signed into law by President Trump on October 11, 2018, represents a win for Hollywoodrelated stakeholders. MMA seeks to benefit “songwriters, publishers, artists, record labels, digital services, libraries, and the public at large”46 by establishing “a new blanket license for digital music providers to engage in specific covered activities (namely, permanent downloads, limited downloads, and interactive streaming)” (or on-demand streaming).47 Significantly, MMA changed the manner for collecting and disbursing

mechanical royalties for musical works.

wide dissemination of their works.57 Thus,

ease with which data can be retrieved over

Specifically, the law contemplates use of the

in the “value gap” debate, the U.S. takes

the Internet, an unprecedented number

nonprofit “Music Licensing Collective”48 to

the view that the consequential value lost is

of individuals are appropriating data and

direct royalties from Service Providers to the

adequately compensated when exchanged

copyrighted works.61 Studies indicate that

proper owners, shifting the “reasonable costs”

for wide dissemination of the copyrighted

in the EU alone, there are over 460 million

of maintaining the collective to licensees.

work. On the contrary, the European view

Internet users, with nearly 4.075 billion

MMA changes rate-setting considerations

characterizes Rightholders as entitled to—

worldwide.62 Perhaps one explanation for

for the Copyright Royalty Board, requiring

in addition to the wide dissemination of

widespread usage of the Internet owes to

them to consider a “‘willing buyer, willing

the copyrighted works—higher royalties,

the nature of digital information technology

seller’ rate standard and is applicable to all

access to unique datasets, as well as Service

which allows for the easy replication and

licensees of musical works . . . .”50 The law

Providers’ affirmative obligation to monitor

transmittal of copyrighted works and other

also changes judicial oversight mechanisms.

and eliminate dissemination of unauthorized

information for multiple uses; provides for

These changes echo the Directive’s “value

works, to be undertaken as an expenditure of

the plasticity of digital media; yields both

gap” disparity concerns, offering in reply a

that particular Service Provider.

compactness and equivalence of works

number of creative solutions.

—————————————————

in digital form; and accommodates new

III. Obstacles Facing the Transparency Obligation

searching and linking functionality.63

—————————————————

streamlined both the reproduction

U.S. judicial rules of decision and § 512(a)

The “value gap” has proven to result

and distribution of copyrighted works.

would be eliminated as a form of safe harbor

in no more than a restructuring of the deal

Historically, copyrighted works were

protection, as discussed above.52 Importantly,

making process between Service Providers

mechanically reproduced and distributed,

a recent study of both the DMCA and

and Rightholders. The Service Provider

particularly after 1476 when, owing largely

developments in electronic commerce,

delivers infrastructure; collects, organizes, and

to William Caxton’s printing press, the

jointly conducted by the Copyright Office

evaluates dispersed information; facilitates

first large scale reproduction of written

and National Telecommunications &

social communication and information

materials was sent into motion.64 Subsequent

Information Administration, specifically

exchange; aggregates supply and demand

innovations streamlined the mechanical

contemplates whether the first sale

facilitates market processes; provides trust; and

printing process, such as Willis Carrier’s

doctrine retains applicability to the digital

accounts for the needs of both buyers or users

indoor cooling invention, reduced to practice

environment.53 The first sale doctrine urges

and sellers or advertisers. The Rightholder

on July 17, 1902.65 In essence, the Internet

consideration as to whether copyright

produces copyrightable expression, neither

has dramatically reduced reproduction and

holders have obtained the full value of their

insignificant nor inexpensive, otherwise

distribution costs, while simultaneously

works, as contemplated in the Copyright

presumably lawmakers would not create

enabling Service Providers to step into the

Clause of the Constitution. The Copyright

economic incentives.

role traditionally played by publishers.66

Clause memorializes the notion of a quid

Economic Theory dominates the modern

pro quo, or bargain, between society and

conception of the copyright regime in the

the creator, or writer.55 However, DMCA’s

digital information sphere, in that copyright

notice and takedown regime recognizes that

is a necessary system of incentives to prevent

Fair use presents the biggest challenge

free riders from undermining the market

to Service Providers’ compliance with

deal with Service Providers,56 choosing to

in creative expression, notwithstanding

legislation seeking to address the “value gap”,

forego a portion of the value that they would

concerns for social costs. 60 Internet use

requiring the implementation of surveillance

normally be entitled to in exchange for the

is currently “ubiquitous” and, given the

technology. Fair use is a protection not

Clearly, DMCA is at odds with its newly minted European counterpart. In fact, the mere conduit ISP category articulated under

The Neoclassical

The Internet has simultaneously

i. Fair Use

109

Currents 24.1 2020

necessarily to the benefit of the Rightholder,

trusted to adjudicate human life, liberty,

or an equivalent international body,77 who,

extending to include third party usage of

and property interests? Service Providers

ideally, in turn charge the largest Service

copyrighted works, absent a license. The

are not in the position to administrate

Providers with the most market power with

protection operates to subject unlicensed

such outcomes without infringing on

the task of developing the standard-essential

use of copyrighted materials to a fair use

powers Article III specifically granted to the

patent (“SEP”) and the corresponding best

carve out, absolving such reuse for the

judiciary. A more appropriately designed

practices of such technology. For Service

purpose of parody, criticism, comment,

regime may entail company attorneys filing

Providers required to license an SEP to

educational purposes, scholarship, research,

A.I. determinations in court together with

comply with monitoring obligations or even

news reporting, or, depending on the subject

traditional pleadings; perhaps courts may

a court injunction, this ultimately presents

matter, adaptation.68

defer to such A.I. determination, provided

yet another added cost to be discussed in

the report is thorough and detailed in its

future negotiations.

Presently, upload filtering software is insufficiently sophisticated, in that it lacks the functionality to make fair use determinations. Moreover, the jury is still out as to whether non-human automation is capable of exercising human judgment.69 Invariably, a technological gap at this scale results

modus operandi. However, on appeal how will such deference be reviewed? By what means will parameters constraining the A.I. decision-making process be evaluated by judges at both the trial and appeals court level, particularly by those in possession of

in mass filtration of otherwise infringing

little or no understanding of A.I. processes?

content, deemed non-infringing by virtue

Clearly, the result—as Dick puts it—

of the application of fair use doctrine.70

may be the arbitrary retirement of an

“Implementation of that filtering system

essential carve out in copyright law, expressly

would require . . . active observation of files

provided for by both the Constitution

stored by users with the hosting [S]ervice

and Congress. Not only is A.I. technology

[P]rovider and would involve almost all of

not Voight-Kampff -ready, it is presently

the information thus stored . . . requiring

incapable of making fair use or status of

[the hosting Service Provider] to install the

work determinations (though the latter

contested filtering system would oblige it to

is a more feasible task with an automated

actively monitor almost all the data relating to

system). With large technological gaps

all of its service users in order to prevent any

come proportionately sizable price tags, a

future infringement of intellectual-property

pre-requisite in bridging the divide. While

rights.”

some companies are able to invest fully

Indeed, it is a frightening notion that, beyond constructs of Phillip K. Dick’s imagination, a real A.I. program could accurately mimic human judgment with a level of fidelity that does not deviate from human faculties.72 The Fourteenth Amendment73 requires that no state “deprive any person of life, liberty, or property without due process of law.” Can A.I. be

in such technology, others simply can or will not, consequently leading to increased disparities and differences between potential filtering technologies. Such non-uniformity in the determination of user rights under federal law is undesirable, if not outright intolerable. Therefore, any technological race to produce a viable A.I. filter inevitably falls under the purview of a standard determining organization76 (“SDO”), such as the FCC 110

Currents 24.1 2020

ii. Renegotiating Licenses Another obstacle to U.S. “value gap” legislation is the creation of a revocation right that goes beyond the rights contemplated in the Copyright Act. Section 203 of the 1976 Copyright Act78 provides authors the right to terminate copyright grants after a fixed number of years. If the author is deceased, the right extends to persons entitled to exercise more than 50% of the author’s termination interest, according to the order of priority set out in the statute.79 The termination right applies to grants executed by the author of the work after January 1, 1978.80 Termination may occur during a five-year window, beginning thirty-five years after execution of the grant, or, for publication, opening at the earlier of thirty-five years after publication or forty years after execution of the grant.81 The Directive entitles Rightholders to “revoke in whole or in part the license or the transfer of rights where there is a lack of exploitation of that work . . . .”82 The right of revocation by extension, grants a further right to renegotiate the preexisting license, in the sense that should negotiations fail the Rightholder is free to terminate.83 The Directive proposes a “mechanism for the revocation of rights that authors and

performers have transferred on an exclusive

author’s copyright is not surprising . . . and

in situations where the information does

basis.” Article 22 of the Directive provides

may seem unfair.”

not generally become known or readily

a guideline for Member States to craft

If the information is copyright protected,

specific provisions of revocation that take

it is unclear whether the Rightholder

into account “the specificities of the different

would have to pay a licensing fee to the

sectors and the different types of works and

Service Provider for use of the material for

performances . . . ,” and for joint works

economic exploitation, or whether outright

“the relative importance of the individual

sale of the information would suffice. This

contributions, and the legitimate interests

is a cost that would cut into Rightholders’

of all authors and performers affected by the

value proposition. One way around this is

application of the revocation mechanism by

for the Service Provider to limit the data

an individual author or performer.” Further,

in such a way that the data, as expressed

Article 22 provides that “revocation . . . can

to the Rightholder, does not amount to

only apply within a specific time frame,

a reproduction or derivative work of the

where such restriction is duly justified by the

protected data set. As discussed below, the

specificities of the sector or the type of work

Service Provider may insist on the transfer

or other subject matter concerned.”

of a data set that has been anonymized or

There has yet to be a threshold finding

altered in such a way as not to affect the

by any court clarifying which works are

Service Providers’ protected works and at the

deemed not adequately exploited, thus

same time comply with transfer obligations.

triggering the revocation right on preexisting licenses because the law does not go into effect until June 7, 2021, giving Members States two years to promulgate national law compliant with the Directive.87

Trade Secret Law

ascertainable.93 Recital 68 of the Directive mandates that, when a company shares protected information with its Rightholders, the information be “sufficiently specific to provide enough transparency to [R] ightholders, without affecting business secrets.” 94 The Directive qualifies this statement about business secrets, asserting, “Service [P]roviders should, however, not be required to provide [R]ightholders with detailed and individualised information for each work or other subject matter identified.”95 By qualifying the statement about business secrets in this way, the Directive skirts the issue—Service Providers may inevitably disclose business secrets, merely replying “We told you not to.” Most businesses may not know what their business secrets are, and by the time they figure it out, the secrets will be in the hands of potential

Internet companies are successful in part

competitors, either as Rightholders or

because of the organization and specificity of

through Rightholders. Service Providers

data that their platforms produce. “Indeed,

must then have the capability beforehand to

rapid technological progress is likely to

iii. Data as an Original Work of

decide what expectation of confidentiality

permit economic use,” by allowing for

Authorship

to attaches to which sorts of information, a

monetization of both the data and creative

useful exercise, notwithstanding.

Under the Feist rule, a compilation of

content.91 EU Service Providers are entitled

data meets the requirements for an original

to trade secret protection for information

work of authorship and, thus, qualifies

that has commercial value because it is

for copyright protection if it features

secret, provided its owner takes reasonable

an original selection or arrangement of

steps to keep it secret.92 Such information

facts.88 However, the copyright is limited

has economic value, and may thus garner

to the particular selection or arrangement

trade secret protection, particularly where

of facts and not the facts themselves. 89

the information at issue is user preference

The facts can be copied at will. “Given

data, confidential information, or even

that copyright protection of a factual

copyrightable expression. When a Service

compilation is so thin, a competitor’s taking

Provider voluntarily shares such protected

the bulk of factual material from a preexisting

information, it risks waiving whatever trade

compilation without infringement of the

secrecy exists in such information, even

If Service Providers are to limit the data transferred to Rightholders under the protection of trade secrecy, Service Providers must perform a risk analysis, then address those risks with courts. Further, they must avoid ex post facto justifications and explanations for trade secret protections by showing affirmative measures generated from a conscious recognition and assessment of its data protection policies. They must be prepared to show what information specifically should be excludable from any transparency obligation.96 This reasonableness

111

Currents 24.1 2020

analysis should assess the costs and benefits of

and evaluate dispersed information; how

a pathway to avoid liability for infringement,

the security measures, from the perspective of

users are responding to the copyright and

to the extent they are equipped with robust

the Service Provider, as well as the nature of

other facilitations of social communication

data processing and transfer agreements.

the risks, such as the nature of the industry,

and information exchange; what market

The Directive provides that the “processing

the nature of the putative trade, the nature

processes the Service Provider is engaged

of personal data carried out within the

of the protective measures, and the known

in; and how the Rightholder can engage in

framework of this Directive shall be carried

risks associated with the chosen storage and

similar market processes with the exact same

out in compliance with Directive 2002/58/

protection methods.

data sets.

EC and Regulation (EU) 2016/679.” 104

Allocating such consumer information to Rightholders on the basis of compliance with transparency obligations is not only an errant attribution of the value sought by the Rightholder98 but may amount to a breach of confidence that each third party user has with the Service Provider absent any transfer agreement or consent requests that said consumer has with the Service Provider. Although end user agreements may be modified to contemplate this data exchange, the technology companies themselves face the problem of access that QSRSoft, Inc. faced with McDonald’s. McDonald’s attempted to eschew reliance on QSRSoft’s proprietary software by gaining access to QSRSoft’s system through a franchisee and used information obtained therein to develop its own similar service.99 By comparison, if the Rightholder develops its own service based on confidential information gleaned from the Service Provider, the proprietor of that information, then the Rightholder may ultimately supplant the Service Provider.100 While not all data will amount to a complete extrapolation of any given Service Provider’s business model, the data, as handed over, would lend tremendous value to Rightholders. The information would enable the Rightholder to capture details about the manipulation of its works on digital media; how other entities collect, organize,

101

Data Privacy Law

As proposed, the Directive supports the notion that third-party personal data should be shared as a part of the value attributed to Rightholders and content producers, strengthening Rightholders’ negotiating position.102 Moreover, the General Data Protection Regulation is directly implicated in this query. In addressing the “value gap” problem, the extent to which Rightholders are entitled requested data sets in the Service Provider’s possession remains unclear. Any proposition of a law comparable to the Directive would be unsuccessful in the U.S., as such a grant to creators would be in excess of that which is contemplated by the Constitution—a power specifically delineated to Congress. Congressional deliberations reveal two questions relevant to ask in addressing that value:

data shall be processed “lawfully, fairly and in a transparent manner . . . collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes . . . ” sufficient or “adequate” to properly fulfill the stated purpose for collection, having a relational link or relevance to that purpose, and limited or not excessive “in relation to the purposes for which they are processed.”105 Further, Article 5 requires that personal data be accurate, up to date, and every reasonable step taken in furtherance of ensuring “erasure” of inaccurate data.106 Agreements for consumers’ personal data must reflect these requirements in the Service Provider’s performance provisions. Further, data transactions flowing out of the performance of transparency obligations owed to Rightholders must not be inconsistent with

First, how much will the legislation

contractual provisions concerning consumer

stimulate the producer and so

data subjects.

benefit the public; and, second, how much will the monopoly granted be detrimental to the public? The granting of such exclusive rights, under the proper terms and conditions, confers a benefit upon the public that outweighs the evils of the temporary monopoly.103

Where appropriate, GDPR instructs Service Providers to obtain consent from the consumer data subject before processing107 or collecting any personal data, instituting an “opt-in” regime.108 Recital 32 provides that consent is obtained by a “clear affirmative act establishing freely given, specific, informed and unambiguous indication of the data

Presently, contract law provides data

subject’s agreement to the processing of

controllers, processors, and Service Providers

personal data relating to him or her, such as

112

Currents 24.1 2020

Article 5 of the GDPR provides that personal

a written statement, including by electronic

hinder withdrawal of consent. More, consent

the Service Provider’s disclosure of such

means, or an oral statement.”

There are six

is not regarded as freely given if there is no

data subject’s information to a Rightholder,

legal bases that justify processing personal

“genuine or free choice” or the data subject

providing for, in turn, the Rightholder’s

data.110 Article 6 provides that processing

is “unable to refuse or withdraw consent

personal information.

shall be lawful only and to the extent at least

without detriment.”115 Consequently, this

one of the following applies:

paradox imposes a unique risk on Service

109

a) the data subject has given consent to the processing; b) p ro c e s s i n g i s n e c e s s a r y f o r performing a contract to which the data subject is a party . . . ;

Providers with business models reliant on consent alone as the legal basis for processing, as all downstream exchanges of the consumer data subject’s data will be at risk, subject to consumer whim, of losing the only basis that the exchange was predicated on. Further, a

c) p ro c e s s i n g i s n e c e s s a r y f o r

company cannot change the legal basis relied

compliance with a legal obligation to

upon once it represents to the consumer data

which the data controller is subject;

subject another such basis.116

The scope of the GDPR is limited to the processing of personal data; anonymous data is excluded, as data controllers are not required to “maintain, acquire, or process additional information in order to identify the data subject . . . .” 120 Heightened data exchanges as a result of statutory transparency obligations in turn contributes to the increased possibility that data from these transactions will be misallocated. Misallocation is one consequence, creating

d) processing is necessary in order to

Extrapolation of Service Providers’ use of

complications merely due to sheer volume.

protect vital interests of the data subject

consumer data for the purposes of fulfilling

Therefore, Service Providers may desire

or another natural person;

transparency obligations to Rightholders

a method of controlling data exchanges,

e) processing is necessary for the

or content producers multiplies the risk of

such as by reclassifying data according to its

performance of a task carried out in

potential misuse of sensitive personal data,

business needs.121

public interest or in the exercise of official

injects unpredictability into transactions, and

authority vested in the data controller;

disorients consumers’ privacy expectations

[or]

as well as any expectation of remedy.117 If

f ) processing is necessary for the purpose of the legitimate interest . . . .111 The six legal bases for processing personal data nearly mirror the legal bases for transfer of that data. 112 The Service Provider must determine its lawful basis before processing personal data and represent to the consumer data subject this reason in its notice. Furthermore, where processing is justified based on consent, the exchange of one’s personal information is further limited by specific requirements of notice and the manner of obtaining consent.113 Consent requests that do not conform to the Regulation are non-binding.114 Consent may also be withdrawn just as freely as it had been given and Service Providers may not

a Rightholder supplies copyrighted works with which the Service Provider then promulgates en masse, Service Providers are responsible to the Rightholder for the data relating to the subsequent access information by data subjects viewing the copyrighted work on Service Provider provided media. Regardless of the data’s form, Service Providers must give the data subject notice of the legal basis for collecting their personal information—an exercise of particular importance where the Service Provider’s website is free and accessible.118 Whether or not Service Providers are required by GDPR to reciprocate data accountability remains an open question. Specifically, this issue arises when providing a data subject, exercising the right of access,119 with information about

Moreover, Service Providers may find reclassification a desirable strategy in light of the fact that, for the purposes of liability, the distinction between data controller and data processor has been eliminated from the GDPR.122 As a result, Service Providers can no longer avoid liability by arguing that it was not the data controller. Because the risk a potential data breach carries is increased exponentially with the addition of every Rightholder entering the data queue under the Directive’s transparency obligations, Service Providers should contract for pseudonymized data sets as the data set contemplated in any transparency obligation with Rightholders.123 Furthermore, it is unclear what obligations attach to Rightholders receiving data in this capacity and how U.S. jurisdictions will interpret those obligations.124 Similarly,

113

Currents 24.1 2020

it remains unclear what obligations attach to

Rightholders. In that case, an opt-in, consent

data outright (as part of bridging the value

disclosees of Rightholders in connection with

dependent regime inevitably becomes a

gap) or perhaps grant data to the Service

the disposal—appropriately or otherwise—

thorny issue with respect to those data

Provider by nonexclusive license. There are

of such personal data. Both Rightholders

transfers explicitly provided for under the

many ways data can be chopped up and the

and Service Providers should enter into

Directive. Because of the EU’s opt-in,

contract controls. However, courts must be

negotiations with a heightened awareness of

consent-based regime, any data transfer

able to enforce the rights of the data subjects

the importance possessed by each data set

mandated by the Directive’s transparency

irrespective of how contracts handles such

involved in licensing obligations as well as

obligation creates opportunities for the

data. Data subjects who have previously given

voluntary transactions.

ownership of the data so transferred,

131

consent to Service Providers (who are in turn

in turn creating a dilemma in terms of

obligated by Article 19 to transfer over user

obligations owed to data subjects. That

data) that later revoke such consent must

is, what happens if a data subject revokes

have a pathway to prevent Service Providers

consent after a Rightholder, via a valid

and Rightholders from making productive

contract with the Service Provider, now

use of their data in the future. Withdrawn

owns the data? The Service Provider is

consent is, sensibly, then an issue that should

obligated to halt all productive use of the

be provided for in the agreement between

data based on their withdrawn consent.

the Service Provider and the Rightholder.

However, the Rightholder is under no

Further, counsel drafting such agreements

such obligation to halt productive use; the

may consider contemplating how disputes

Directive does not mention any obligations

over data that remains in use after consent

or duties owed to data subjects that would

is withdrawn on the front end. Counsel

attach to a Rightholder upon the transfer

should also try to clarify what the appropriate

of such data from a Service Provider.

indemnity obligations will be should GDPR

When a consumer data subject initially consents to their data’s usage, the result is the Service Provider is deemed to own that data, subject to the particular data subject’s control.125 A data subject then, ideally, will receive personal data given to a Service Provider in a “structured, commonly used, machine-readable and interoperable format,” and may dispose of his or her personal data however it pleases, perhaps to transmit the data to another controller.126 Where applicable, data subjects’ rights extend such that Service Providers should maintain their data in “interoperable formats that enable data portability.”127 Data portability, as the GDPR contemplates it, consists of the right to obtain a copy of a data subject’s data and the right to transmit data to another data controller.

128

However, some argue that

the “propertization” of data results in social harm.129 In this light, commodification of personal data may be viewed as akin with trading, exchanging, or even—depending on your viewpoint—as selling your soul to the

132

Data subjects further are entitled to the right to be forgotten, but the obligation to erase the data subject’s data is limited to Service Providers,133 as applied to data sets subject to control by the data subject, in an “interoperable format.” Subsequent control by the Rightholder thus does not amount to a personal data breach134 where the data set does not correspond to the data set within the control of a particular data subject.

noncompliance arise. One solution may be to employ protections for nonconsensual data processing which are capable of avoiding the consent issue altogether. A Service Provider may be protected where it needs to process data in accordance with its legal obligations.135 Thus, the Service Provider’s transparency obligation to the Rightholder licensing a particular protected work could operate as

proverbial devil, rather than propertization

Though the outcome depends on the

a work around to the intent of the consent-

as it is commonly understood, which grants

licensee-licensor character of the transaction

based regime.136 However, the data subject

rightful owners of personal data some flavor

between the Service Provider and the

remains free to object to the use of his or

of a property right, accompanied by the

Rightholder, nevertheless, such data is

her personal data and the Service Provider

characteristic power of exclusion.

in fact duplicated between two separate

will then need to establish a “legitimate

entities. The data could be licensed and,

interest [that] overrides the interests or the

perhaps, the license agreement may require

fundamental rights and freedoms of the data

that the Service Provider provide title to the

subject.”137 Seemingly then, so long as data

130

Service Providers may not always willingly provide pseudonymized data to

114

Currents 24.1 2020

has been put to productive use or made the

numbers beyond the allowable retention

directing a business engaging in the sale of

subject of a legal obligation, a data subject is

limit for such data.

Taxa also did not

information to third parties to halt such sale,

unprotected on the front end and forced to

properly anonymize its data, and, despite

with respect to personal information specific

seek remedy against use of his or her personal

deletion of customer names, information on

to that consumer.147 As defined, a “business”

data, with successful recovery hinging on

its systems could still be connected to data

subject to the regulation is a “legal entity that

their engagement in a quasi-philosophical

subjects through the undeleted telephone

is organized or operated for profit . . .”;- with

debate to determine whose interest is deemed

numbers. Thus, Taxa failed to prudently

annual gross revenues in excess of twenty-five

to be ordained.

operate within, and simultaneously breached,

million dollars; receives for its commercial

its performance provisions.

purposes, sells, or shares, for commercial

Where Service Providers’ practices do

145

146

not respect the rights of users, provisions

Clearly, Service Providers may use or sell

in Member States’ individual national laws

data outside the scope of the agreement with

must fill in the gaps and set forth judicial

the consumer data subject, notwithstanding

remedies and penalties.138 Otherwise, users

the applicable law in the Directive. Therefore,

may consent and revoke, or even give no

it is incumbent on Service Providers to

consent to the collection of their personal

establish the scope of the usage of the

information, much less read an online license

consumer’s data to include data transfers

agreement, privacy policy, or terms of use

in accordance with the Directive through

and still be bound to such terms.139 Website

conspicuous language in the terms and

proprietors, as well as Service Providers,

conditions of the agreement and narrowly

whose business traffics through their websites

tailor the grant of the Service Provider’s

utilize so-called browsewrap agreements to

rights to only the services performed. The

justify data collection of the user’s browsing

agreement should require an access control

activity on the website, with user consent

policy that restricts access to data on a

imputed merely by their use of the website.140

need-to-know basis and further provides

Several companies’ website data collection

that subsequent transfers of data, such as

practices are increasingly disputed, 141

to Rightsholders, will comply with such

with French courts willing to hold certain

access control. Further, consumer friendly

provisions of both Google and Twitter’s terms

agreements should include warranties

and conditions null and void.142 Additionally,

regarding GDPR compliance. Expedient

France imposed a 50 million euro fine on

fulfillment of transparency obligations also

Google for processing personal user data as to

necessitates contractual provisions which

use it to personalize advertisements based on

contemplate the location of company

a lack of transparency, inadequate provision

processors, data portability, subcontractors,

of information, and objections to the validity

and assignability.

of consent given.143

Beyond the European continent, GDPR

Service Provider performance failures

has also changed the landscape of privacy law

may similarly result in such hefty fines.144

in the U.S. Language utilized in the California

Denmark found that the company Taxa did

Consumer Privacy Act (CCPA) is similar to

not adhere to the GDPR’s data minimization

that in the GDPR, stating that California

principle, retaining personal telephone

residents may “opt out” of the status quo by

purposes, the personal information of 50,000 or more consumers, households, or devices; or- derives 50% or more in annual revenues from selling consumers’ personal information.148 The law grants residents certain rights against businesses that satisfy the statutory thresholds, similar to a “data processor” or “data controller,” as defined by GDPR, or “online content-sharing [S]ervice [P]rovider,” as defined by the Directive.149 Exploration or analysis of the operation of the opt-out regime, as it relates to the subject matter of this Comment, is not currently possible as the law does not go into effect until January 1, 2020. However, the inherent nature of an opt-out regime has resulted in Service Providers’ enjoyment of a head start in the processing of consumer data and, consequently, in converting such data sets into interoperable formats, anonymizing data, and otherwise producing unique datasets subject to copyright or trade secret protections, such that consumers will be unable to effectively claw much data back by the time individuals can effectively make opt-out declarations. The impact of GDPR is not limited to the confines of Californian borders. Aiming to prompt Congressional response, the U.S. Chamber of Commerce has published model privacy legislation.150 The proposal lays out several solutions emphasizing transparency

115

Currents 24.1 2020

in data collection and usage practices,

minted transparency, monitoring, and data

less than three years and which have an

data subject control achieved by an opt-

protection obligations that increase the cost

annual turnover below EUR 10 million .

out regime bearing similarity to CCPA, in

of doing business in the online-content

. . are limited to compliance with” making

addition to data security measures and FTC

market, may leverage such obligations and

best efforts to obtain authorization and to

enforcement.151 If adopted, the proposal

accompanying increased costs. This may be

“expeditiously” disable access to or remove

“will assist the privacy market by ensuring

sufficient to stop the wall of Rightholders

infringing websites “upon receiving a

that processes exist for the exchange of

advancing with open palms, as Service

sufficiently substantiated notice.”158 Service

data and for the detection of violations of

Providers may happily fill those palms with

Providers within the exceptions may have

privacy promises,”

utilizing a decentralized

“value gap” based solutions, while imposing

to demonstrate that they have made their

approach (or multiple smaller markets) that

certain contractual obligations of its own on

best efforts to prevent further uploads to the

enable individual enforcement by private

Rightholders.

notified works if unique viewers “exceed five

152

rights of action, as supplemented by the FTC’s ongoing role in policing privacy

The Service Provider is at an immediate

million.”159

disadvantage at the negotiating table as

A negotiating, for-profit Service Provider

both the transparency obligation and

should first determine if it falls within one

Under both the European and

Rightholder entitlement to additional,

of the exceptions of Article 3, 5, or 6. If it

Californian regimes, Service Providers cannot

appropriate, and fair remuneration may

does not, it should next take stock of its size

be liable to Rightholders for off-limits,

not be avoided by contract.

Article 23

and market share within certain sectors, as

uncollected personal data, such as where a

provides that “any contractual provision that

well as its user traffic data. A small Service

resident or data subject has respectively opted

prevents compliance with Articles 19, 20

Provider may be in a stronger negotiating

out of or failed to opt-in to the respective

and 21 shall be unenforceable.” Respectively,

position as against Rightholders, unable

regime of law by affirmative consent.

these Articles provide for the transparency

to browbeat such Service Providers with

The obligations of the GDPR and now

obligation, contract adjustment mechanisms

monitoring obligation concerns. A larger

promulgated CCPA should carry forward

for claiming additional remuneration from

Service Provider that wields fewer resources

when Rightholders receive transfers of data

Service Providers, and alternative dispute

than its competitors and cannot avoid

from Service Providers. Failure in this regard

resolution procedures. 155 There is only

monitoring obligations for unlicensed

must be regarded as a data breach. While

one other Article that restricts contractual

content will have to either adjust its bottom

the Directive provides all data processing is

exercises.

line or incur expenses in monitoring its

guarantees.153

to comply with GDPR, the extent to which this approach is useful in finding solutions to the “value gap” problem remains to be seen. —————————————————

IV. Summary and Remark —————————————————

154

156

Additionally, negotiation over the monitoring obligation favors the Rightholder, only because failure to come to a licensing agreement triggers the “monitoring obligation,” which amounts to a burden of proof that the Service Provider must

website for unauthorized content in order to meet the new safe-harbor standard. This may not provide leverage in a negotiation, as the Rightholder will insist that any monitoring obligation that the Member State has imposed which cannot be avoided due to its size is clearly a Service Provider obligation,

Importantly, observers should note that

satisfy should unauthorized content be

“value gap” legislation is less a mechanical

communicated to the public on its web

reconstruction of copyright law in Europe,

service. Depending on the Service Provider,

and more a rearrangement of the negotiation

however, the monitoring obligation may

stage as to content either party can prepare

not apply or may not apply for certain

to monetize upon. In one corner, the

elements.

New Service Providers with

of a bad deal for the Service Provider. The

Service Provider, armed with newly

services available to the Union public “for

Service Provider may require a warranty from

157

116

Currents 24.1 2020

and passing on the costs of the obligation in exchange for an increased royalty would defeat the spirit of the “value gap.” There are some points of egress out

the Rightholder that it will comply with

data. This kind of information falls within

the Service Provider imposes obligations on

GDPR by securing data, giving notification

the definition of trade secret,

and the

the Rightholder to create complementary

upon data breach, and maintaining an

Service Provider is well within its right to

software for surveillance of the web services

information security policy. Such security

either bind the Rightholder to confidentiality

in order to establish that the duty to police

policy may include a provision that binds

in the license. In exchange the Rightholder

infringement rests with the Rightholder,

the Rightholder to default rules about data-

would agree to a reduced value for its content

not the Service Provider. In exchange, the

processing practices that permit transfers

or limit the disclosure of this information

Rightholder may be permitted to compile

for an initial category of use of personal

so that its business model may not be

data that would otherwise be supplied by

data, but only if the data subject is granted

inadvertently misappropriated.

the Service Provider under the transparency

164

165

obligation or the Service Provider may

an opportunity to block the Rightholder’s

Recital 4 explains that “[i]nnovative

further transfer or use by unaffiliated

businesses are increasingly exposed to

entities.

The Service Provider should

dishonest practices aimed at misappropriating

negotiate a provision where the Rightholder

trade secrets, such as theft, unauthori[z]

agrees to indemnify it for all actionable injury

ed copying, economic espionage or the

relating to data breaches arising out of the

breach of confidentiality . . . globalization,

Rightholder sharing data received under a

increased outsourcing, longer supply chains,

transparency obligation to a bad actor. The

and the increased use of information and

parties should agree to liquidated damages

communication technology contribute to

because the higher damages implicated

increasing the risk of those practices.”166 It is

One potential positive is that Service

under this approach encourage companies

within the realm of possibility that a so-called

Providers will readdress their business models,

to keep their privacy promises and overcome

Rightholder would provide a Service Provider

leading to further innovation. Another

collective action problems from data subjects

with a content license, and the content

benefit is that many Service Providers will

whose individual costs for privacy violations

provided has the content smell to it, but

probe the niche content market for revenue

may be too low to follow through on any

when all is said and done, the Rightholder

streams169 and become specialists in this way,

claim. 161 The Service Provider may also

just wanted the Service Provider’s raw data

opening up opportunities for previously

impose limitations on the its right to alienate

for building out its own similar online

untapped content producers to enter the

such information by negotiating a combined

content service. This is similar to the case in

market. The downside is that only the biggest

use-transfer restriction that follows the

QSRSoft. Any unlawful acquisition in this

firms that can afford to license generally will

personal information through downstream

way “compromises legitimate trade secret

continue to dominate the market.

transfers.162

holders’ ability to obtain first-mover returns

—————————————————

160

Data exchanges under transparency

from their innovation-related efforts.”167

part with data it has compiled in this way. So long as the license does not allow the Service Provider to avoid the obligation of transparency,168 contract law allows for this kind of flexibility in performance. The EU legislation may provide for the conditions that put the two sides at the negotiating table with provisions to talk about.

V. Conclusion

The Directive does not mandate

—————————————————

particularly given the fact that

disclosure of a Service Provider’s trade secret

Several legal regimes must weigh in

Rightholders expect certain information

or confidential information to Rightholders.

as to comprehensively address the “value

from Service Providers, which amounts to

However, it seems that the purpose is to create

gap” proposal. Copyright protection for

an extrapolation of the Service Provider’s

a legal framework that incentivizes Service

compilations, trade secrets, and confidential

business model. Even just a peek at any

Providers to part with valuable consumer data

information will limit the data that a

of the accumulated data derived from the

by layering costs on Service Providers that are

Rightholder should expect to receive under

exploitation of the Rightholder’s content

only alleviated at the negotiating table with

transparency obligations. In addition,

provides greater context as to how Service

Rightholders. It may be under a contract that

obligations will surely be challenging to negotiate,

163

Providers collect, process, and reorganize 117

Currents 24.1 2020

necessarily restrict the measures that Service Providers may pursue when complying with monitoring obligations. Data protection laws will necessarily limit the availability of consumer data that the Service Provider may legally transfer to the Rightholder, and at the same time, limit what consumers can claw back. Further, considerable cost-shifting onto Service Providers will take place in light of the fact that license renegotiations will come at a tremendous price. Transparency and monitoring obligations will surely cut into the Service Provider business models and limit what content they are able to provide. How Service Providers will mitigate against these costs and compel other parties to share in them still remains to be seen. It is incumbent on all parties involved– whether the Service Provider, the Rightholder, or the data subject–to clearly delineate their proposed obligations, specify to which data sets those obligations attach, and firmly establish at the outset of negotiations what each parties’ purpose is. No party should fear setting the agenda. As with all negotiations, preparation is key. Thus, each party should enter into the bargain with a clear understanding both of their own objectives as well as their opponent’s, as to avoid negotiating from the other side’s agenda.

118

Currents 24.1 2020

End Notes 1. P r e s s R e l e a s e , E u r o p e a n Commission, Digital Single Mark: EU Negotiators Reach a Breakthrough to Mondernise Copyright Rules (Feb. 13, 2019), http://europa.eu/rapid/ press-release_IP-19-528_ en.htm [hereinafter European Commission Press Release]. 2. Bill D. Herman, The Fight over Digital Rights: The Politics of Copyright and Technology, 7–10 (2013) (“[The] debate boils down to . . . how best to balance the interests of a diverse set of constituencies. . . . By the late 1990s, policymakers and media industry advocates were expressing particular concern about the possibility that the Internet would enable infringement. Yet the laws they passed in response to this concern failed to stop widespread online infringement . . . .”). 3. Id. at 211–2 (emphasizing the “bottom line” motivations behind all business decisions). 4. Id. at 8. 5. Se e R a i n e r Ba u b ö c k , W h y European Citizenship? Normative Approaches to Supranational Union, 8 Theoretical Inquiries in Law 453, 455–7 (2007) (explaining that the European Union is known as a “supranational organization,” a decisional body not entirely dependent on the cooperation of its Member States, and has the power to make decisions binding on Member States and its members, with the power to enforce such decisions). 6. Comcast Corp., Economic Analysis of the Effect of the Comcast-TWC Transaction on Broadband: Reply to Commenters (Form S-4), at 8–10, 19 (Sept. 22, 2014) (citing companies with a fundamental part of their business in multibillion dollar ad revenue as well as citing licensing expenses); see also OECD, Copyright in the Digital Era: Country Studies, in Enquiries Into Intellectual Property’s Economic Impact 209 (2015) [hereinafter OECD, Copyright in the Digital Era]. 7. OECD, Copyright in the Digital Era, supra note 6, at 212; see also OECD, The Economic and Social Role of Internet Intermediaries 18 (2010), https://www.oecd.org/internet/ ieconomy/44949023.pdf [hereinafter OECD Internet Intermediaries]. 8. O E C D I n t e r n e t

Intermediaries, supra note 7, at 5. 9. See European Parliament Press Release, Agreement Reached on Digital Copyright Rules (Feb. 13, 2019), http://www. europarl.europa.eu/news/en/ press-room/20190212IPR26152/ agreement-reached-on-digitalcopyright-rules [hereinafter European Parliament Press Release] (“[I]nternet companies have little incentive to sign fair licensing agreements with rights holders, because they are not considered liable for the content that their users upload. They are only obliged to remove infringing content when a rights holder asks them to do so. However, this is cumbersome for rights holders and does not guarantee them a fair revenue.”). 10. Directive 2019/790, of the European Parliament and of the Council of 17 April 2019 on Copyright and Related Rights in the Digital Single Market and Amending Directives 96/9/ EC and 2001/29/EC, 2019 O.J. (L 130) 92, 99, 107, 125 (published in the Official Journal of the European Union on May 17, 2019)[hereinafter Directive 2019/790] (Article 31 provides the “Directive shall enter into force on the twentieth day following that of its publication in the Official Journal,” which means the Directive will enter into force June 7, 2019. Article 29 provides that Member States have two years from June 7, 2019 to “bring into force the laws . . . necessary to comply with [the] Directive.”). 11. Id. at 122. 12. Id. at 113. 13. Id. at 102. 14. Id. at 121. 15. Id. at 105, 121–2. 16. Id. at 109-110. 17. Id. at 108 (“[S]ervice Providers should be transparent with rightholders with regard to the steps taken in the context of cooperation.”). 18. Id. at 110. 19. Id. at 108. 20. Id. at 110. 21. Id. 22. Id. at 107; see also id. at 120 (providing a metric for whether or not the Service Provider has complied with its monitoring obligations). 23. See 17 U.S.C. § 512 (2018) (naming one of the sections that

the Act added or amended). 24. See Directive 2000/31/EC, of the European Parliament and of the Council of 8 June 2000 on Certain Legal Aspects of Information Society Services, in Particular Electronic Commerce, in the Internal Market, 2000 O.J. (L 178) 1 [hereinafter Directive 2000/31]. 25. 17 U.S.C. § 512(b)(2)(E). 26. European Parliament Press Release, supra note 9. 27. Dirk Visser, Trying to Understand Article 13, at 10 (SSRN, Working Paper, 2019), https://papers.ssrn. com/sol3/papers.cfm?abstract_ id=3354494. 28. EU Copyright Reform/Expansion - Article 13 Upload Filters, Julia Reda (Feb. 6, 2019), https:// juliareda.eu/eu-copyright-reform/ censorship-machines/ [hereinafter Julia Reda]; Article 13 is now Article 17. Sophie Goossens, Article 13 (now Article 17) of the new EU Copyright Directive: what you need to know, Reed Smith (Apr. 5, 2019) https://www.reedsmith. com/en/perspectives/2019/04/ article-13-now-article-17-of-thenew-eu-copyright-directive. 29. Directive 2019/790, supra note 10, at 120 (demonstrating that it has “made . . . best efforts to ensure the unavailability of specific works... for which the rightholders have provided the service providers with the relevant and necessary information . . .”). 30. Visser, supra note 27, at 10. 31. See Directive 2019/790, supra note 10, at 106. 32. See Eleonora Rosati, DSM Directive Series #5: Does the DSM Directive Mean the Same Thing in All Language Versions? The Case of ‘Best Efforts’ in Article 17(4)(a), The IPKat (May 22, 2019), http:// ipkitten.blogspot.com/2019/05/ dsm-directive-series-5-does-dsm. html (detailing how the “best efforts” obligation is mistranslated into different language versions that will result in challenges for judiciary and the application of resulting national provisions). 33. Directive 2019/790, supra note 10, at 120 (emphasis added). 34. Case C-314/12, UPC Telekabel Wien GmbH v. Constantin Film Verleih GmbH, 2014 E.C.L.I. 192 (holding that an injunction may impose an obligation to measures that come at significant expense, have considerable impact on the organization of activities,

or require difficult and complex technical solutions, so long as the injunction leaves the Service Provider free to determine the specific measures, provided those measures are reasonable). 35. Directive 2001/29/EC, of the European Parliament and of the Council of 22 May 2001 on the Harmonisation of Certain Aspects of Copyright and Related Rights in the Information Society, 2001 O.J. (L 167) 10, 15 [hereinafter Directive 2001/29]. 36. See Directive 2019/790, supra note 10, at 107, 120 (Article 17 and Recital 66 provides that there is not a general monitoring obligation, leaving the determination up to Member States). 37. LibertiesEU, Article 13 Open Letter – Monitoring and Filtering of Internet Content is Unacceptable, Liberties (Oct. 16, 2017), https://www.liberties.eu/en/ news/delete-article-thirteen-openletter/13194; see also Julia Reda, supra note 28. 38. Julia Reda, supra note 28. 39. Julia Reda, supra note 28. 40. Martin Senftleben, Christina Angelopoulos, Giancarlo Frosio, Valentina Moscon, Miquel Peguera & Ole-Andreas Rognstad, The Recommendation on Measures to Safeguard Fundamental Rights and the Open Internet in the Framework of the EU Copyright Reform, 40 Eur. Intell. Prop. Rev. 149, 149 (2017), https://papers.ssrn. com/sol3/papers.cfm?abstract_ id=3054967. 41. Id.; see also Directive 2001/29, supra note 35, at 17 (Article 5(3) (d) & (k)). 42. For the U.S., see U.S. Copyright Office, DMCA Section 104 Report: A Report on the Register of Copyrights Pursuant to § 104 of the Digital Millennium Copyright Act 8–9 (2001) https://www. copyright.gov/reports/studies/ dmca/sec-104-report-vol-1.pdf [hereinafter DMCA Section 104 Report]; for EU, see Directive 2001/29, supra note 35 at 10–11. 43. Berne Convention Implementation Act of 1988, Pub. L. 100-568, 102 Stat. 2853 (1988). 44. S. Rep. No. 115-339, at 2 (2018) (“Music copyright and licensing laws are too difficult to comply with and do not adequately reward the artists and professionals . . . .”). The use of this language mirrors the language used to justify Directive

119

Currents 24.1 2020

45.

46.

47.

48.

49.

50. 51.

52.

53.

2019/790. Compare Directive 2019/790, supra note 10, at 122 (“Member states shall ensure that . . . authors and performers or their representatives are entitled to claim additional, appropriate and fair remuneration from the party with whom they entered into a contract for the exploitation of their rights . . . when the remuneration originally agreed turns out to be disproportionately low compared to all the subsequent relevant revenues derived from the exploitation of the works or performances.”). Orrin G. Hatch—Bob Goodlatte Music Modernization Act, Pub. L. No. 115-264, § 132 Stat. 3676 (2018) (replacing 17 U.S.C. § 301(c) and codifying law at 17 U.S.C. § 1401(e)). U.S. Copyright Office, The Orrin G. Hatch—Bob Goodlatte Music Modernization Act, https:// w w w. c o p y r i g h t . g ov / m u s i c modernization/mma-pamphlet. pdf (last visited Oct. 24, 2019). Marsha Ajhar, Music to Our Ears: The Music Modernization Act of 2018 Smith, Gambrell, & Russel, LLP, https://www.sgrlaw. com/music-to-our-ears-the-musicmodernization-act-of-2018/ (last visited Oct. 24, 2019) [hereinafter Music to Our Ears]. Allen Bargfrede, The MMA and EU Copyright Reform Are Charging Ahead. What Will Be Their Impact? Medium (Oct. 5, 2018), https:// medium.com/verifimedia/themma-and-eu-copyright-reformare-charging-ahead-what-will-betheir-impact-407e79f70da4. S. Rep. No. 115-339, at 6 (2018) (reasoning “licensees benefit most from the reduction in transaction costs” and thus should bear the “reasonable costs”). Music to Our Ears, supra note, 47. Music to Our Ears, supra note, 47. (“The legislation also modifies the process for selecting federal district court judges to adjudicate rate-setting disputes regarding performance rights organizations that are subject to consent decrees with the Department of Justice.”). Directive 2019/790, supra note 10, at 95 (explaining Rightholders are entitled to “proportionate” measures “necessary to pursue the objective of ensuring the security and integrity of the system” based on information provided by Rightholders). U.S. Copyright Office, Joint Study of Section 1201(g) of the Digital Millennium Copyright Act, https://www.copyright.gov/ reports/studies/dmca_report.html

(last visited Dec. 8, 2019). 54. Kirtsaeng v. John Wiley & Sons, Inc., 568 U.S. 519, 535 (1984). 55. Kewanee v. Bicron, 416 U.S. 470, 484–87 (1974). 56. Dep’t Com. Internet Pol’y Task Force, Department of Commerce: Copyright Policy, Creativity, and Innovation in the Digital Economy, 29 (2013), https://www.uspto. gov/sites/default/files/news/ publications/copyrightgreenpaper. pdf (“[L]icensing mechanisms have been developed as a less risky alternative to relying on fair use.”). 57. See OECD, Copyright in the Digital Era, supra note 6, at 214 (“[D] igital technology greatly reduces the cost of copying, distributing, and transforming content, which has led to the availability of more copyrighted content and much wider usage of it than ever before . . . .”). 58. O E C D , Internet Intermediaries, supra note 7, at 6. 59. Craig Joyce et al., Copyright Law 49 (10th ed. 2016); see also Twentieth Century Music Corp. v. Aiken, 422 U.S. 151, 156 (1975) (“The immediate effect of our copyright law is to secure a fair return for an author’s creative labor. But the ultimate aim is, by this incentive, to stimulate artistic creativity for the general public good.”). 60. Trotter Hardy, Property (and Copyright) in Cyberspace, 1996 U. Chi. Leg. F. 217, 217 (1996), https://chicagounbound. uchicago.edu/cgi/viewcontent. cgi?article=1205&context=uclf (“If a new idea is freely appropriable by all, if there exist communal rights to new ideas, incentives for developing such ideas will be lacking.”). 61. Joyce et al., supra note 59, at 40. 62. Internet Usage in the European Union, Internet World Stats, https://www.internetworldstats. com/stats9.htm (last visited Nov. 8, 2019). 63. Pamela Samuelson, Digital Media and the Changing Face of Intellectual Property Law, 16 Rutgers Computer & Tech. L. J. 323 (1990). 64. Joyce et al., supra note 59, at 15. 65. The Invention that Changed the World, Carrier, http://www. williscarrier.com/1876-1902.php (last visited Nov. 20, 2019). 66. Amazon (company), Wikipedia, https://en.wikipedia.org/wiki/ Amazon_(company) (last updated Nov. 18, 2019). 67. Sony Corp. of Am. v. Universal

City Studios, Inc., 464 U.S. 417, 443 (1984) (“[A]nyone who . . . makes a fair use of the work is not an infringer of the copyright with respect to such use.”); Lenz v. Universal Music Corp., 801 F.3d 1126, 1133 (9th Cir. 2015) (stating that fair use is not merely a defense to infringement, but is an expressly authorized right, and an exception to the exclusive rights granted to the author of a creative work.). 68. 17 U.S.C. § 107 (2018). 69. Giancarlo Frosio, To Filter or Not to Filter? That is the Question in the EU Copyright Reform, 36 Cardozo Arts & Entm’t L. J. 331, 357 (2018), https://papers.ssrn. com/sol3/papers.cfm?abstract_ id=3058680 (“Automated systems cannot replace human judgment that should flag a certain use as fair or falling within the scope of an exception or limitation.”). See also, Updates to our manual Content ID claiming policies, Yo u Tu b e h t t p s : / / y o u t u b e creators.googleblog.com/2019/08/ updates-to-manual-claimingpolicies.html [https://perma.cc/ W2DN-S5KM] (last visited Oct. 18, 2019) (describing YouTube’s change to their manual claiming policies “to improve fairness in the creator ecosystem, while still respecting copyright owners’ rights to prevent unlicensed use of their content . . .”). 70. Frosio, supra note 69, at 348. 71. C a s e C - 3 6 0 / 1 0 , B e l g i s c h e Ve r e n i g i n g v a n A u t e u r s , Componisten en Uitgevers CVBA (SABAM) v. Netlog NV, 2012 E.C.R. 85, at §§ 36–38 (emphasis added). 72. Indeed, it is axiomatic to say that initial determinations could be made by A.I., but the ultimate fair use question must be decided by a human. See generally Jonathan P. Osha, et al., 2019 – Study Question – Copyright/Data Copyright in Artificially Generated Works, AIPPI (2019), https://aippi.org/ wp-content/uploads/2019/08/ SummaryReport_COPYRIGHTD ATA _ L o n d o n 2 0 1 9 _ final_160719.pdf (discussing how human intervention is still necessary for A.I.-generated works to be eligible for copyright protection). 73. U.S. Const. amend. XIV, § 1. 74. The most appropriate regime is through Congress, which must delegate “intelligible principles” of administration of these claims to the Copyright Office, creating a new agency department within that Office that may adjudicate 120

Currents 24.1 2020

75.

76.

77.

78. 79. 80.

81. 82. 83. 84. 85. 86. 87. 88.

such claims. See U.S. Const. art. I, § 1 (providing the Constitutional basis for non-delegation); see also 35 U.S.C. § 134(a) (2012) (providing the procedure for adjudicating claims to rights in patents); see also 35 U.S.C. § 144 (2012) (providing the appropriate procedural safeguards such that delegation of adjudication of patent rights to the USPTO does not violate the non-delegation doctrine). The Voight-Kampff test, in Phillip K. Dick’s novel Do Androids Dream of Electric Sheep, was used by LAPD’s “Blade Runners” to test whether an individual was an android “replicant” or human. Victor Gomes, The Science Behind “Blade Runner”’s Voight-Kampff Test, Nautilus (Oct. 6, 2017), http://nautil.us/blog/the-sciencebehind-blade-runners-voight_ kampff-test [https://perma.cc/ J62R-3J43]. Broadcom Corp. v. Qualcomm Inc., 501 F.3d 297, 303 (3rd Cir. 2007) (discussing what role a standard determining organization plays in the development of industry standard technology), Ericsson, Inc. v. D-Link Sys. Inc., 773 F.3d 1201, 1209 (Fed. Cir. 2014) (discussing standard essential patents are patents used by the general public because the collaborative efforts to create standards requires devices utilize specific technology). Se e Br o a d c o m C o r p. , 5 0 1 F.3d at 304 (“[T]he European Telecommunications Standards Institute . . . and its SDO counterparts in the United States . . . requires a commitment from vendors whose technologies are included in standards to license their technologies on fair, reasonable, and nondiscriminator y (“FRAND”) terms.”). 17 U.S.C. § 203(a)(3) (2018). Id. at § 203(a)(1)-(2). 17 U.S.C. § 304(c) (2018) (providing for termination rights for author grants made before January 1, 1978). 17 U.S.C. § 203(a)(3) (2018). Directive 2019/790, supra note 10, at 122. See 17. U.S.C. § 203 (2012). Directive 2019/790, supra note 10, at 93. Directive 2019/790, supra note 10, at 122. Directive 2019/790, supra note 10, at 122. Directive 2019/790, supra note 10, at 125. Feist Publ’ns, Inc. v. Rural Tel.

89. 90. 91.

92.

93.

94. 95. 96.

97. 98.

Serv. Co., 499 U.S. 340, 349–50 (1991). Id. BellSouth Adver. & Publ. Corp. v. Donnelley Info. Publ., Inc., 999 F.2d 1436, 1445 (11th Cir. 1993). OECD, Copyright in the Digital Era, supra note 6, at 213-14 (“[S]ome analysed economies (the European Union, and consequently the United Kingdom, Italy, and Poland) have also introduced additional legislation to cover noncreative databases that is intended to strengthen the rights of database creators.”). Directive 2016/943, of the European Parliament and of the Council of 8 June 2016 on the Protection of Undisclosed Knowhow and Business Information (Trade Secrets) Against Their Unlawful Acquisition, Use and Disclosure, 2016 O.J. (L 157) 1, 9 [hereinafter Directive 2016/943]. See Daniels Health Scis., LLC v. Vascular Health Scis., LLC, 710 F.3d 579, 583–84 (5th Cir. 2013) (determining compilation of research data used to produce drug met the standard for trade secret protection); see generally Rohm & Haas Co. v. ADCO Chem. Co., 689 F.2d 424, 433 (3rd Cir. 1982); see also Brocade Commc’ns. Sys. v. A10 Networks, Inc., 873 F. Supp. 2d 1192, 1215 (N.D. Cal. 2012) (determining combination of customer names together with information such as the customer’s buying patterns and product needs met standard for trade secret protection); see Edgenet, Inc. v. GS1, AISBL, 742 F. Supp. 2d 997, 1026–27 (E.D. Wis. 2010) (determining compilation of publicly available product data protectable as trade secret where categories used to organize the data were not publicly available and could not be recreated without extensive effort and investment). Directive 2019/790, supra note 10, at 108. Directive 2019/790, supra note 10, at 108. Elizabeth A. Rowe, Contributory Negligence, Technology and Trade Secrets, 17 Geo. Mason L. Rev. 1, 12–13, 27–29 (2009). Id. at 29. See Amazon.com LLC v. Lay, 758 F. Supp. 2d 1154, 1170–72 (W.D. Wash. 2010) (agreeing that complying with the North Carolina Department of Revenue’s request to disclose one data set containing names, addresses, and detailed descriptions of the products ordered by each Amazon

customer, in addition to disclosure of another data set containing product code numbers, order ID numbers, seller, ship-to-city, county, postal code, non-taxable amount of purchase, and tax audit record ID info, would violate the VPPA, legislation aimed to protect intellectual privacy); id. at 1163 (concluding that the disclosure of the “reading, watching, and listening habits poses an imminent threat of harm and chill to the exercise of First Amendment rights.”). 99. QSRSoft, Inc. v. Rest. Tech., Inc., No. 06 C 2734, 2006 U.S. Dist. LEXIS 76120, at *4–5 (N.D. Ill. Oct. 19, 2006). 100. See Amazon (company), supra note 66 (explaining how publishing companies could recapture market share). 101. O E C D I n t e r n e t Intermediaries, supra note 7, at 6 (discussing how Service Providers capitalize on hosted content). 102. See European Parliament Press Release, supra note 9. 103. H.R. Rep. No. 60-2222, at 7 (1909). 104. Directive 2019/790, supra note 10, at 124. 105. Regulation 2016/679, of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95/46/ EC, 2016 O.J. (L 119) 1, 35 [hereinafter Regulation 2016/679] (GDPR went into effect on May 25, 2018). 106. Id. 107. Id. at 31–33 (providing for Article 4(2) which defines “processing” as “any operation or set of operations which is performed on personal data or on sets of personal data whether or not by automated means such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or other wise making available, alignment, or combination, restriction, erasure or destruction . . . .”). 108. Sarah Hospelhorn, California Consumer Privacy Act (CCPA) vs. GDPR, Varonis (Nov. 5, 2018), https://www.varonis.com/ blog/ccpa-vs-gdpr/#; see also Regulation 2016/679, supra note 104, at 6 (Recital 32 provides that consent is obtained by a “clear affirmative act establishing freely given, specific, informed

and unambiguous indication of the data subject’s agreement to processing of personal data relating to him or her, such as a written statement . . . by electronic means, or an oral statement.”). 109. Regulation 2016/679, supra note 104, at 6. 110. Regulation 2016/679, supra note 104, at 36. 111. Regulation 2016/679, supra note 104, at 36; see Regulation 2016/679, supra note 104, at 9 (Recitals 47 and 48 explain the “overriding legitimate interest.”). 112. Regulation 2016/679, supra note 104, at 64 (providing for Article 49 which addresses specific situations in which a data transfer is legally justified where conditions giving rise to an adequacy decision pursuant to Article 45(3) or appropriate safeguards pursuant to Article 46 are not met). 113. Regulation 2016/679, supra note 104, at 8 (providing for Recital 42 which conditions data control on consent requests in an “intelligible and easily accessible form, using clear and plain language,” containing no “unfair terms.”). 114. Regulation 2016/679, supra note 104, at 37. 115. Regulation 2016/679, supra note 104, at 8 (Recital 42 explains where consent is a condition of using the service the court should be wary of finding that consent was “freely given.”). 116. ICO, Guide to the General Data Protection Regulation 55 (GDPR) (Aug. 2, 2018), https://ico.org.uk/media/ for-organisations/guide-tothe-general-data-protectionregulation-gdpr-1-0.pdf [hereinafter ICO Guide to GDPR]. 117. See Chiara Giorgetti, Rethinking the Individual in International Law, 22 Lewis & Clark L. Rev. 1085, 1111–16 (2019) (discussing the international approach to standing and enforcement of individual rights internationally). 118. E.g. YouTube, https://www. youtube.com/about/press/ (last visited Nov. 15, 2019) (providing that users watch one billion hours of copyright subject matter daily and, thus, YouTube collects massive amounts of personal information daily). 119. ICO Guide to GDPR, supra note 115, at 100, 105 (providing individuals can make a request verbally or in writing and the Service Provider has one month to comply; this one-month period may be extended by a further two months).

120. Regulation 2016/679, supra note 104, at 39; see also, Regulation 2016/679, supra note 104, at 32 (“This Regulation . . . [applies] . . . to the processing of personal data . . . .”); see also, Regulation 2016/679, supra note 104, at 33 (“[A]ny information relating to an identified or identifiable natural person.”). 121. Regulation 2016/679, supra note 104, at 5 (“The application of pseudonymisation to personal data can reduce the risks to the data subjects concerned and help controllers and processors to meet their data-protection obligations.”). 122. Regulation 2016/679, supra note 104, at 3 (providing for Recital 13 which sets out the policy of ensuring a “consistent level of protection for natural persons . . . [and] provid[ing] legal certainty and transparency for economic operators . . . and to provide natural persons . . . with the same level of legally enforceable rights and obligation and responsibilities for controllers and processors . . . ”). 123. Inge Graef, Martin Husovec & Nadezhda Purtova, Data Portability and Data Control: Lessons for an Emerging Concept in EU Law, 19 German L.J. 1359, 1371-72 (2018) [hereinafter Data Portability] (“[C]ontrollers [may] opt for processing pseudonymized datasets to avoid the obligations of data portability when they are unwilling to share—for instance to preserve their unique datasets.”). 124. 16 C.F.R. § 682.3(a) (2018) (“Any person who maintains or otherwise possesses consumer information for a business purpose must properly dispose of such information by taking reasonable measures to protect against unauthorized . . . use of the information in connection with its disposal.”); see also 16 C.F.R. §§ 682.3(b), 312.1, 312.8, 312.10 (2018). 125. Regulation 2016/679, supra note 104, at 2 (“Natural persons should have control of their own personal data.”). 126. Regulation 2016/679, supra note 104, at 13. 127. Regulation 2016/679, supra note 104, at 13. 128. Data Portability, supra note 122, at 1369. 129. Paul M. Schwartz, Property, Privacy, and Personal Data, 117 Harv. L. Rev. 2055, 2081-82, 2084 (2004) (“Propertization . . . will neglect important social values that information privacy should

121

Currents 24.1 2020

advance.”). 130. See 17 U.S.C. § 106 (2018); see also 35 U.S.C. § 154 (2012). 131. Ownership of data may always be contracted for, and the data subject enters into a contract with the Service Provider upon consent to processing, whereby the Service Provider obtains title to the data subject. Nothing in the GDRP prohibits this. See Regulation 2016/679, supra note 104, at 13 (providing that the data subject’s rights are overshadowed where processing is necessary for the performance of a legal obligation). 132. Regulation 2016/679, supra note 104, at 12 (“Where personal data can be legitimately disclosed to another recipient, the data subject should be informed when the personal data are first disclosed to the recipient.”); this only applies to the disclosure of the data set to which the data subject has control. 133. Regulation 2016/679, supra note 104, at 12 (providing the “data subject . . . [has] the right to have personal data . . . rectified and a ‘right to be forgotten’ where the retention of [the] data infringes this Regulation . . . to which the controller is subject.”); Regulation 2016/679, supra note 104, at 33 (“ ‘[C]ontroller’ means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data . . . .”). 134. Regulation 2016/679, supra note 104, at 34 (“ ‘[P]ersonal data breach’ means breach of security leading to the accidental or unlawful destr uction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.”). 135. Regulation 2016/679, supra note 104, at 36 (providing six legal bases for processing data without consent at Article 6). 136. The transparency obligation is a contractual performance obligation for those who seek to license copyright protected works. See Directive 2019/790, supra note 10, at 122. 137. Regulation 2016/679, supra note 104, at 13. 138. Directive 2002/58/EC, of the European Parliament and of the Council of 12 July 202 concerning the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector, 2002/58/EC, 2002 O.J. (L 201) 37, 42 [hereinafter Directive 2002/58/EC]. 139. Catherine Schmierer, Better Late

than Never: How the Online Advert. Industry’s Response to Proposed Privacy Legis. Eliminates the Need for Reg., 17 Rich. J.L. & Tech. 1, 13 (2011); see also Pamela Jones Harbour, Remarks Before FTC Exploring Privacy Roundtable Washington D.C, Federal Trade Commission 1, 2 (2009), http://www.ftc.gov/ speeches/ arbour/091207privacyroundtable. pdf; see also M. Angela Buenaventura, Teaching a Man to Fish: Why Nat’l Legis. Anchored in Notice and Consent Provisions Is the Most Effective Solution to the Spyware Problem, 13 Rich. J.L. & Tech. 1, *14-*15 (2006) (noting that courts often construe clickwrap agreements as binding “whether or not meaningful consent was actually present, and whether or not the user even saw the terms [of the contract] to begin with.”). 140. Schmierer, supra note 138, at 14–15. 141. See In re Sears Holdings Mgmt. Corp., No. 082-3099, 2009 WL 2979770 (F.T.C.), at *1 (Aug. 31, 2009); id. at *6–7 (Sears Privacy Statement and User License Agreement contained deceptive language in its websites where the language stated that consumer would retain control over the collection of their information w h e n i n f a c t t h e s o f t w a re downloaded upon acceptance of the agreement terms ran in the background of consumer’s computers, and consumers who installed the application often had no knowledge that their personal information was collected; this resulted in settlement between Sears and the FTC, whereby Sears agreed to destroy all data collected and to clearly identify all future attempts to track consumers’ online activities.). 142. Tribunal de Grande Instance [ordinar y court of original jurisdiction] Paris, civ., Aug. 7, 2018, 14/07300; see also Tribunal de Grande Instance [ordinary court of original jurisdiction] Paris, civ., Feb. 12, 2019, 14/07224 (“Ses finalités générales concourent donc parfaitement avec celles du droit de la consommation visant notamment à sanctionner tout déséquilibre contractuel significatif entre les professionnels et les simples particuliers dans leurs différentes activités de consommation.”) (providing that the GDPR is aimed at “penalizing any significant contractual imbalance between professionals and private individuals in their

various consumer activities . . . .”). 143. C o m m i s s i o n Na t i o n a l e d e l’Informatique et des Libertés [ Na t i o n a l Da t a Pro t e c t i o n Commission] Paris, civ. Jan. 21, 2019 SAN-2019-001. 144. Regulation 2016/679, supra note 104, at 82 (providing for a “lower” level, $10 million or 2% of worldwide revenue, and “upper” level $20 million or 4% of worldwide revenue). 145. Cynthia O’Donoghue & Karen Lee Lust, Danish DPA Issues its First GDPR Fine for Late Deletion of Customer Telephone Numbers, Lexology, Apr. 18, 2019, https:// www.lexology.com/library/detail. aspx?g=13e6d9c1-1c7d-410ca583-7776062d41d9 [https:// perma.cc/V6SB-VW9V]. 146. Id.; Regulation 2016/679, supra note 104, at 35–36 (recalling Article 5 obligations and responsibilities imposed on all controllers and processors). 147. 2018 Cal. Stat. 1807 (2017-2018 Regular Session) § 1798.120 (to be codified at Cal. Civ. Proc. §§ 1798.100–1798.198, eff. Jan. 1, 2020) [hereinafter CCPA]. 148. Id. § 1798.140(c)(1). 149. Regulation 2016/679, supra note 104, at 33 (providing for Article 4(7) & (8); both are defined as people or entities that determine how data will be processed, with “processors” being third parties that process data on behalf of “controllers”); see Directive 2019/790 at note 10, at 113 (providing for Article 2 which states that an online contentsharing Service Provider means a “provider of an information society service of which the main or one of the main purposes is to store and give public access to a large amount of copyright-protected works or other protected subject matter uploaded by its users, which is organises and promotes for profit-making purposes.”). 150. Press Release, U.S. Chamber Releases Model Privacy Legislation, Urges Congress to Pass a Fed. Privacy Law (Feb. 13, 2019, 9:15 AM), https://www. uschamber.com/press-release/uschamber-releases-model-privacylegislation-urges-congress-passfederal-privacy-law [https:// perma.cc/T6WV-EGAL]. 151. R a c h e l F. F e f e r, C o n g . Research Serv., R45584, Data Flows, Online Privacy, and Trade Policy 18 (2019). 152. Schwartz, supra note 128, at 2110. 153. Schwartz, supra note 128, at 2111. 154. See Directive 2019/790, supra note 10, at 122-23. 122

Currents 24.1 2020

155. Directive 2019/790, supra note 10, at 122-23. 156. Directive 2019/790, supra note 10, at 113-14 (providing for Article 7 prohibitions on contract: “[a] ny contractual provision contrary to the exceptions provided for in Articles 3, 5 and 6 shall be unenforceable,” where these Articles, respectively, provide for use of online content for text and data mining for the purposes of scientific research, use of content for cross-border teaching activities, and use of content for preservation of cultural heritage). 157. See Directive 2019/790, supra note 10, at 107, 120. 158. Directive 2019/790, supra note 10, at 120. 159. Directive 2019/790, supra note 10, at 120. 160. Schwartz, supra note 128, at 2098. 161. Schwartz, supra note 128, at 2109. 162. Schwartz, supra note 128, at 2098. 163. Recall that the transparency obligation cannot be negotiated out of the license, the Service Provider can negotiate what data it hands over so long as the information adequately passes Directive muster. See Directive 2019/790, supra note 10, at 123. 164. See Directive 2016/943, supra note 91, at 1 (“Businesses, irrespective of their size, value trade secrets . . . [and] use confidentiality as a business competitiveness and research innovation management tool . . . that extends beyond technological knowledge to commercial data such as information on customers and suppliers, business plans, and market research and strategies.”). 165. See Directive 2016/943, supra note 91, at 2. 166. Directive 2016/943, supra note 91, at 2. 167. Directive 2016/943, supra note 91, at 2. 168. See Directive 2019/790, supra note 10, at 124. 169. See Dust, https://watchdust. com (last visited Nov. 16, 2019) (example of a niche online-content sharing Service Provider).

Career Paths in Internal Corporate Legal Practice

When asked what qualities they most value

His professional certifications include

for four years in the U.S. Marine Corps, Mr.

in attorneys interested in pursuing similar

Certified Fraud Examiner (CFE), Certified

Rabalais earned a bachelor’s degree from

career paths, compliance professionals and

Information Privacy Manager (CIPM),

Texas A&M University, and a law degree

Symposium authors recounted their own

Certified Information Privacy Professional

from the University of Houston.

career paths. The following ten tips represent

(CIPP/US), and Certified Compliance and

a portion of frequent answers gleaned from

Ethics Professional.

that discussion.

“Any volunteering we can do to get training, to

“Some of the skills that I think are important

help review somebody else’s policy, or, frankly,

for a privacy attorney? I think you have to be

“The real key is you have to hustle. There are so

to do something else that somebody else doesn’t

willing to constantly learn and adjust to the

many great opportunities out there. Grab a cup

want to do—that goes a long way in the eyes of

changing laws, which may happen every day,

of coffee, try for that scholarship, or even look

someone who has to delegate a compliance task”

the changes in technology, the change in data

into a policy that no one wants to touch. That

(Ryan Rabalais).

uses, etc. You have to be willing to kind of step

will really pay off” (Steven Gyeszly).

Ryan Rabalais is the Ethics & Compliance

Steven Gyeszly is Chief Compliance

at Bechtel Oil, Gas, & Chemicals and is

Counsel for Marathon Oil, an independent

the former the Vice President and Chief

exploration and production company

Compliance Officer of Rowan Companies.

operating on four continents. In this

In this capacity, he is responsible for

role, he oversees the company’s corporate

the company’s Compliance Program—

compliance and ethics organization.

principally dealing with anti-corruption

His office partners with operations and

efforts, internal investigations, and ensuring

other corporate functions to lead the

sound international business practices. Mr.

development, implementation, maintenance,

Rabalais has spent his career working as a

Wendell Bartnick is an associate in Reed

and enhancement of a pragmatic corporate

lawyer in the oil field for publicly traded

Smith’s IP, Tech & Data Group. He has a

compliance program. Prior to joining

companies with international operations,

computer science background and extensive

Marathon Oil, Mr. Gyeszly was the Director

primarily in legal compliance and operation

experience advising on privacy, data

of the Office of Global Compliance for a

support roles. Before coming to Rowan

protection, technology, and e-commerce

multi-national energy services company

Companies, he served as Chief Compliance

matters. Mr. Bartnick provides advice to

and an Associate in the International

Officer of Paragon Offshore, prior to which

public and private clients in various industries

Litigation and Arbitration section at a

he worked for Noble Drilling, BHP Billiton,

on regulatory compliance, technology-related

global law firm. He also serves on the Board

and Baker Hughes. As a lawyer, Mr. Rabalais

transactions, and data breach response efforts.

of Directors at Birkman International. Mr.

has primarily worked in Houston, Texas, in

Mr. Bartnick earned his J.D. at George

Gyeszly holds a bachelor’s degree in business

addition to holding positions in Caracas,

Mason University in 2008, graduating magna

administration from Texas A&M University.

Venezuela, and Perth, Australia. After serving

cum laude.

Hustle.

Be willing to constantly evolve, learn, and adjust.

out of your comfort zone to do this kind of work. You’re not going to see much of the same kinds of things, so having some basic knowledge about technology is helpful. If not, don’t be afraid to just sort of step in and learn. Virtually every question having to do with privacy really comes down to what you are doing with data. I think those two big things can help you have a leg up, or at least to do a good job” (Wendell Bartnick).

123

Currents 24.1 2020

“I don’t have a background in data privacy.

with the IT department, government affairs,

global, fully-integrated professional services

I got a call from a recruiter and it sounded

and corporate communications. It takes a team

and project management company, and

really interesting to work for an international

player, as you have to build trust with the folks.

major player in infrastructure ownership

technology company, to learn different things,

Also, having some sort of technological expertise

with 50,000 employees worldwide. In

learn the business, which I think being at a law

or background is helpful. I don’t have that

her former role, she supported the senior

firm you see a lot of snippets. However, you don’t

background, but I ask a lot of questions and

leadership team across the company’s five

really see what happens after that. It’s a little

that goes a long way in building trust with the

sectors, identifying risks and executing the

different from the work done at SCI, as we’re

technology folks at the company. I also stay up

company’s world class Integrity Program. Ms.

not so concerned about state data privacy laws

to date on new technologies. That’s important”

Tran gained her anti-bribery and corruption

in terms of our contract negotiations. We have

(Alexandra Chughtai-Harvey).

experience in the oil industry in Houston, the

a lot of focus on international laws because we

Alexandra Chughtai-Harvey is Corporate

Netherlands, and Hungary, including serving

have customers in South America, Europe, and

Counsel at Service Corporation International

Asia, and so it keeps you constantly thinking

(SCI), the largest provider of funeral and

and that’s what I really enjoyed about it. It’s a

cremation products and services in North

learning process. It’s constant learning and you

America. Ms. Chughtai-Harvey handles

cannot have an ego. There’s a lot of things that

data privacy and mergers and acquisitions

you’re not going to know, both of the technical

for SCI and advises on all aspects of the

side and the legal side, and so you learn when to

company’s data privacy program. She also

ask questions and how not to fear asking those

serves as a legal advisor to SCI’s Cybersecurity

Counsel.

questions” (Mary Isensee).

Executive Steering Committee and the

“Two pieces of advice—one, always be on the

Mary Isensee is Technology Counsel at

Cybersecurity Incident Response Team. Ms.

lookout for new opportunities. They pop up in

PROS, Inc., a cloud provider of AI-powered

Chughtai-Harvey graduated cum laude from

totally unexpected places. You will get all of

software solutions that optimize selling in the

the University of Miami School of Law and

your jobs through having a cup of coffee with

digital economy by enabling companies to

holds a bachelor’s degree in English from

someone. I’ve got all of my jobs through having

price, configure, and sell their products and

SUNY Buffalo. Prior to law practice, Ms.

coffee with someone. Two—never hesitate to

services in an omnichannel environment.

Chughtai-Harvey worked as a journalist and

reach out and ask someone to pick their brain,

There she provides support to the corporate

earned a master’s degree in Journalism from

or to say hey, this is what I am thinking, do you

and commercial teams. Prior to PROS, Ms.

New York University.

have any ideas? Everybody I’ve ever asked has

Isensee was a transactional associate at several Am Law 100 firms. She is a graduate of the University of Houston Law Center and the University of Texas at Austin.

Be collaborative.

“If I am building a future team of investigative lawyers, I want someone who is tech savvy, who can collaborate, and who has relationship

“Be comfortable with uncertainty and

building skills for dealing with accountants or

ambiguity in the law—that you are not going

certified fraud examiners, or someone who is a

to know all of the answers. Having a sense of

Human Resources person, who can break down

exercising legal judgment. Be able to collaborate

the psychology and the emotional intelligence

well. That’s very helpful. I work very closely

aspect of employees. That is my all-star team”

with many departments across the company

(Thuy Tran).

where any sort of data is either taken in or shared with a third party. I work particularly

Thuy Tran previously worked as the Regional Integrity Officer-USA for SNC-Lavalin, a 124

Currents 24.1 2020

as a subject matter expert on a pro bono basis for Transparency International in Budapest. Upon her return to the United States, she worked in Washington, D.C., where she managed global programs and partnerships for Trace International. Ms. Tran now works at Weatherford Int'l as Ethics Compliance

said yes, including people I thought were way too important to talk to me. That’s what I would suggest” (David Mortlock). David Mortlock is chair of the Willkie Farr & Gallagher Global Trade and Investment Practice group in Washington, D.C. He advises clients on international trade and government regulation of cross-border transactions, particularly the intersection of economic regulation and national security. Mr. Mortlock formerly served as Director for International Economic Affairs at the White

House National Security Council, in which

1996, graduating cum laude. She earned

worked as Deputy Compliance Officer

capacity he advised President Obama and

her law degree from South Texas College of

and Council-Litigation with St. Louis-

his National Security Advisor on sanctions,

Law Houston in 1999, where she served as

based Charter Communications Inc. His

corruption, and other international finance

assistant Managing Editor of the South Texas

governmental experience includes service as a

and trade issues. Mr. Mortlock also worked

Law Review.

Special Assistant United States Attorney from

at the U.S. Department of State as Deputy Coordinator for Sanctions Policy; Special Assistant to the Under Secretary for Economic Growth, Energy, and the Environment; and Attorney-Advisor of Sanctions and Terror Finance. Mr. Mortlock received his J.D. from Georgetown University Law Center, magna cum laude, in 2014 and his undergraduate degree from Cornell University in 2001.

Relationships will propel your career–foster them.

“How I got into compliance, one of my jobs in the past—I was a special assistant U.S. attorney who helped investigate for the FBI. At one point, they were assembling a team to work on a very significant investigation. They pulled me in because I had worked on the federal investigation. I ended up working on a white

1999 to 2000 with the office of the Special Counsel John C. Danforth. Mr. Sardar earned a bachelor’s degree in Economics from California State University at Long Beach, and a law degree from St. Louis University, and is a member of the Missouri Bar. “I would have never necessarily predicted that I would get a call from the general counsel that was a good friend who said, “let’s go to dinner” and asked me to come to Baker-Hughes and

“With litigation, you’re used to talking on your

collar crime investigation, and that steered my

feet. You have a lot of training, and you’re used

path to compliance. The first in-house role I

to interacting with a lot of people. Compliance

had was with a company in St. Louis where

definitely allows you to connect with people,

I managed litigation and compliance. The

provides the foundation for building people

next real full-time compliance role I had was

skills, and positions you to speak as a leader”

working for Jay. I remember when I interviewed

(Margaret Mousoudakis).

with Jay, I was about to get on my flight back

Margaret Mousoudakis is Assistant

to St. Louis, and I had the guts to turn to Jay

Compliance Officer for LyondellBasell, one

and tell him ‘I am not an FCPA expert.’ I

of the world’s largest olefins, polyolefins,

still remember that conversation. He was only

chemicals, and refining companies. She

looking for a smart, intelligent, hard-working

served in Brazil in April 2010 assisting the

guy, and the rest, he would teach me.” (John

Jay Martin has retired from Baker Hughes

company and establishing a compliance

Sardar).

as its Chief Compliance Officer and is now

department which included implementing

John Sardar is the Chief Compliance Officer

a new code of conduct, new companywide

for Noble Energy, Inc., a publicly traded

policies and procedures including an anti-

company and independent energy leader,

corruption policy, gifts, entertainment, and

engaged in worldwide oil and gas exploration

travel policy, and due diligence procedures for

and production. In his current role, Mr.

third parties. Previously, Ms. Mousoudakis

Sardar oversees all aspects of Noble Energy’s

was a Senior Attorney for Marathon Oil

ethics and compliance program globally,

Company, where her practice included

and is responsible for implementation

providing Foreign Corrupt Practices Act-

and management of the company’s ethics

related legal support to all Marathon

and compliance policies, procedures, and

subsidiaries. Ms. Mousoudakis received her

guidelines. Prior to joining Noble Energy, he

bachelor’s degree in History and Spanish

was Director, Ethics and Legal Compliance

from Washington and Lee University in

for Baker Hughes Inc. Mr. Sardar also

play a role. I had a lot of confidence in him and the senior management team and the board. I would tell anybody going into that type of opportunity to only do it if you have a feeling of comfort. You can’t succeed if you don’t have the support around you. I felt that support. Every time you make a move like that, it has a risk in it, it has as a reward. You never know until you do it whether it’s going to pan out. But it turned out to be a great thing” (Jay Martin).

Senior Counsel with the law firm Wilkie, Farr & Gallagher in Washington, D.C. Prior to these roles, Mr. Martin was a shareholder at Winstead Sechrest & Minick P.C., a partner at Phelps Dunbar and Andrews & Kurth, and the Assistant General Counsel of Mobile Oil Corporation’s Worldwide Exploration and Production Division in Fairfax, Virginia. Mr. Martin has also served as General Counsel of Mobil Natural Gas, Inc. in Houston, Texas. Mr. Martin holds J.D., M.P.A., and B.B.A. degrees from Southern Methodist University in Dallas, Texas.

125

Currents 24.1 2020

“You have to be selfish. No one is going to

Hughes, a GE company (BHGE). At BGHE

Motiva, Ms. Bradshaw worked at Andeavor

navigate your career for you—eighteen months

she advises the business on anti-boycott

(formerly Tesoro Corporation) supporting

at a law firm wanting bigger cases with bigger

compliance and implements the annual

the supply chain management function

deals only to go to another law firm wanting

compliance questionnaire. Prior to joining

and managing commercial, marketing, and

even bigger cases and even bigger deals, and then

BHGE’s International Trade Compliance

refining litigation. Ms. Bradshaw received a

to a multinational law firm where you start to

group, Ms. Flores served as Legal Compliance

B.A. from Saint Mary’s College and J.D. from

get the phone calls from the headhunters. Take

Training Coordinator, managing BHGE’s

the University of Missouri-Kansas City in

those calls okay. It does not matter who they are

annual legal compliance training. Ms. Flores

2004. After law school, Ms. Bradshaw served

calling on behalf of, that is a relationship in the

earned her undergraduate degree from Texas

as a Captain in the U.S. Army Reserves, 8th

making” (Natalia Shehadeh).

Christian University in Fort Worth, Texas,

Legal Support Organization. Ms. Bradshaw

and earned her J.D. from South Texas

worked in private practice at Greensfelder,

College of Law in Houston, Texas.

Hemker & Gale, where she practiced in the

TechnipFMC PLC, a London-based global

“The job is never done, and is ever changing.

construction group, focusing on contracting

leader in subsea, onshore/offshore, and

You’re watching out for what laws are coming

surface projects in the oil and natural gas

next. You have to be a proactive business partner,

industries. Prior to joining TechnipFMC in

and that is true in many areas of the law. You

2018, Ms. Shehadeh was the Chief Assurance

also have to build a relationship with the

Officer and, formerly, Chief Compliance

business so that they are proactive and coming

Officer, interim General Counsel and chair

to you before they’re entering into a new region

of Diversity and Inclusion at Weatherford

or new territories, understanding that you’re not

International PLC, a global oil field services

going to slow them down but work with them

company. As Chief Compliance Officer for

in parallel—that you’re going to put the right

Technip FMC, Ms. Shehadeh leads a global

protections in place for the company. Come to an

team of compliance professionals responsible

understanding of the business objectives, build

for a broad array of ethics and compliance

the partnerships, either with your information

topics including trade, anti-corruption,

security officer, with the different parts of the

and anti-trust compliance. Previously, Ms.

business, or with the different compliance leads

Shehadeh served as Senior Trade Compliance

in the business. Don’t be afraid to admit when

Counsel at Shell Oil Company and was

you don’t have the subject-matter expertise in a

Of Counsel with the law firm Greenberg

new area where the law is changing, but letting

Traurig, LLP. Ms. Shehadeh earned degrees

the business know that you’re going to learn it,

at the University of Houston and South

that you’re going to get up to speed at the rate of

Texas College of Law Houston in 1999. Ms.

business, and that you are going to get the right

Shehadeh is originally from Madrid, Spain

partners, to put the right connections in place”

and is presently based in Houston, Texas.

(Shenna Bradshaw).

Natalia Shehadeh is Senior Vice President and Chief Compliance Officer for

Understand the business.

“At the end of the day, a lawyer must be a business facilitator” (Courtney V. Flores). Courtney V. Flores is Legal Counsel for International Trade Compliance at Baker

house to Aegion Corporation for nine years, serving her final role at Aegion as General Counsel and Vice President of Human Resources over the energy services platform. 6.

Backbone.

“This may apply more to compliance professionals in general—many of the conversations are going to be difficult conversations. Setting special investigators aside, generally speaking compliance professionals are trying to help somebody get to ‘yes’ in a way that is ethical and does not cross any lines. Lawyers do not want to be pushovers. They want to help, but they do not want to be steamrolled. Lawyers must have the backbone to stand up for their convictions when they know something is not right and to say that. KPMG1 has a pamphlet on revamping investigations that lists some of the key skills, one of which is the ability to investigate root causes. Those are things that professionals are looking at now— setting up their systems to track root

Shenna Bradshaw currently serves as

causes, to understand what is happening in a

Senior Legal Counsel at Motiva Enterprises

given case, hoping to get to the bottom of it, and,

LLC, supporting compliance, information technology, supply chain management, and refining capital projects. Prior to 126

Currents 24.1 2020

and litigation. Ms. Bradshaw then moved in

1. https://advisory.kpmg.us/content/dam/ advisory/en/pdfs/revamping-investigations. pdf.

ultimately, to fix the issue” (Michael Miner).

Foreign Corrupt Practices Act (FCPA), trade

program was certified by its appointed

Michael Miner currently serves as Associate

compliance, economic sanctions, data privacy

Monitor, marking a major milestone in the

and protection, and anti-trust compliance.

company’s compliance efforts with respect

She has extensive experience conducting

to its Extended Deferred Prosecution

due diligence of third-party representatives

Agreement with the Department of Justice.

including the identification of anti-bribery,

Prior to Bilfinger, Mr. Leal served as Chief

trade, sanctions, human rights, and ethical

Compliance Officer of Layne Christensen

risks, in addition to conducting anti-

Company. Mr. Leal began his career as a

corruption audits and internal investigations.

litigator with Baker Botts LLP. Mr. Leal

Ms. Coselli's expertise includes the

graduated with Honors from The University

development and implementation of ethics

of Texas at Austin and received his law

and compliance programs and processes,

degree from Columbia Law School. Mr. Leal

along with partnering with dedicated trade

commits his time to serving on the Board

compliance teams. She earned her law degree

of Family Houston, a non-profit providing

from South Texas College of Law in addition

mental health services, family counseling,

to her B.B.A. in finance from Texas Tech

and financial coaching on a reduced or free

University. Prior to attending law school,

basis to area residents.

General Counsel for Investigations at Weatherford Int'l, where he leads the global investigations team, reporting to the General Counsel and Chief Compliance Officer. Mr. Miner has previously held a number of roles at Weatherford, including Regional Compliance Counseling and Managing Counsel for Investigations. Prior to joining Weatherford, Mr. Miner was in private practice for over fifteen years, most recently as Partner at Drinker Biddle & Reath, LLP in Washington, D.C. At Drinker Biddle & Reath, his practice focused primarily on white collar criminal defense, corporate and governmental investigations, and commercial litigation. Mr. Miner received

she worked as a tax consultant, specializing

his undergraduate degree from the University

in state and local taxes.

of Michigan and his law degree from The

“Serendipity led me to this career. We were

George Washington University Law School.

coming up in the game, and it was probably

“Having a backbone is important. For example,

happenstance. I was a litigator at Baker Botts

roadside stops in certain countries are risky situations. Having boots on the ground and being in the same situations that the business guys are in, some of which are dangerous—these are the things that give the lawyer or investigator some ‘street cred.’ It is easy as a compliance professional to sit here in Houston in an ivory tower and say, ‘don’t give this bribe’ or ‘don’t give this facilitating payment’ or ‘you can’t do that.’ But when you are living and working in certain countries, when you are faced with a roadside stop where the officer is drunk and pointing a gun into the car—then you gain a

here in the Houston office. Like many defense lawyers, I had an itch I wanted to scratch on the plaintiff side, to see what that was like. For about three years, I worked with the national plaintiff firm, Merlin Law Group, and that was an amazing experience for compliance. When litigating these cases, you are taking depositions of powerful people, which is a big part of compliance and internal investigations. Not everyone has that comfort level of being so bold with a CEO or billionaire. If you have that opportunity to experience that early on, it’s a one less hurdle that you have to deal with”

different perspective.” (Ashley Coselli).

(Sergio Leal).

Ashley Coselli works as Senior Ethics &

Sergio Leal is the Head of Compliance

Compliance Counsel with Total American Services. Her practice specializes in corporate compliance including with respect to the

at Ericsson and is the former Compliance Officer for Bilfinger North America. This past December, Bilfinger’s compliance

Sound legal judgment.

“Qualities that make good lawyers in any field, but which are particularly helpful in this space: the ability to exercise good judgment and to think about issues in a deep way; analyze them and be able to give advice that’s not just giving legal jargon, but applied in the situation you’re giving advice on; giving options but also potentially a recommendation to your client; and then knowing the situation where you just have to tell your client no. There are a lot of solutions you can bring to the table, but there are some situations where you have to be willing to say no. As you’re looking at entering into this field, I think those are things to start thinking about as you’re taking law school courses” (Tim Brown). Tim Brown is an accomplished legal counselor in the energy industry, with unique and diverse experience in litigation, international transactions, and both trade and anti-corruption compliance. Mr. Brown has held a variety of significant roles at Anadarko

127

Currents 24.1 2020

Petroleum Corporation (Anadarko) for

seasoned investigator, having conducted

counsel for companies in the upstream and

fourteen years. His current role at Anadarko

numerous and often complicated internal

midstream markets. Notably, in this role

is Managing Senior Counsel-International, in

investigations for her clients over the years.

she developed, implemented, and advised

which he leads a team of lawyers responsible

Ms. Moore graduated magna cum laude

on a compliance framework for the Dodd-

for all legal work with respect to exploration,

from Southwestern University and received

Frank Wall Street Reform and Consumer

development, and production activity, as well

her J.D. from the University of Texas. She is

Protections Act of 2010.

as all new international ventures in business

a member of the Employment Law Section of both the Texas State Bar and the Houston

“I took time between my undergrad and law

development work. Mr. Brown earned his J.D. from Texas Tech University, cum laude,

Bar Association and a past-President and

and his Bachelor of Arts, with honors, from

Treasurer of the American Petroleum Labor

Baylor University. Mr. Brown is a licensed

Lawyers Association.

school and worked as a logistics provider. The intent there was they had international in their name and I thought that I would get to travel. I decided to go to law school at night

customs broker and serves as an adjunct law

“Good” experience includes

and worked full time. Then I got married,

professor teaching International Petroleum

non-traditional experience.

had a kid, and bought a house. I don’t know

Transactions at South Texas College of Law–Houston. 8.

Social self-awareness and

cultural competency.

“Practitioners should be ready to be bold but practical. Don’t be scared to take risks with nontraditional roles that are quasi-legal in nature. This enables a starting attorney to learn the

how I did it. Looking back, it makes me tired. I did a short detour as a medical malpractice lawyer before deciding that I wanted to get back in the international space and use what I learned for seven years working as a logistics

“The young lawyer should be aware enough to

business side of things while getting started in

check in and make sure that, culturally, he or

their legal career. These quasi-legal positions or

she is not going to be stepping on someone’s toes.

non-traditional positions may be good stepping

Language ability is another big skill to have as

stones for new lawyers. However, landing and

well. Having emotional intelligence, be able to

succeeding in these roles may take a little bit of

read a situation, to read a person, to know what

humble pie. After graduating from law school,

needs to be done in order to get the information,

I did not realize how much non-legal work is

have cultural sensitivity, and know that not

roped into working in-house. Lend a hand and

everything works abroad like it does here in the

make relationships outside of the legal team.

U.S., in fact nothing works like it does here in

After working within the business, you have

the U.S., ever” (Marla Moore).

an opportunity to see why things go wrong and

Marla Moore has over twenty-four years

how to give business-minded legal support.

look for” (Ellen C. Smith).

of employment law experience, with

Hopefully, taking on these non-traditional roles

Ellen C. Smith serves as Executive

nearly seventeen years spent as an in-

will enable you to become a partner with the

Counsel-International Trade Compliance,

house labor and employment lawyer

business and help you recognize the legal risks

at Baker Hughes, a GE Company, where

managing a host of issues for a major

for that business” (Elanor Benmenashe).

she leads a global team of trade compliance

multi-national oil and gas company. By

Elanor Benmenashe is a Senior Human

professionals responsible for daily import,

leveraging her significant experience in the

Resources and Business Partner with SNC-

corporate world, she now runs her own

Lavlin in the Oil & Gas Sector, with about

successful practice focusing primarily on

20,000 employees. Her work focuses on

workplace training and investigations. Her

managing global labor and employment

clients include companies, nonprofits, and

investigations. Prior to joining SNC-Lavalin,

quasi-governmental institutions. She is a

Ms. Benmenashe served as in-house legal 128

Currents 24.1 2020

provider. My recommendation to you is to get law firm experience, because, if you’re going to be in-house, it’s important to understand how outside council works. It’s a great training ground. If you’re not able to do that, you still have to understand your supply chain. I think that’s critical. Really understand that if you have the opportunity to work in house, meet your supply chain folks, and understand how the business works. These are keys that I really

export, trade sanctions, and boycott compliance; providing advice and training; and program development, implementation and administration. Ms. Smith has held various trade compliance roles in the oil and gas industry for almost ten years.

“I did not go straight from my undergrad to

career working in the customs broker and

global enforcement authorities. She also

law school. I had a gap of six years working

freight forwarder community managing

provides counsel in the design, enhancement,

out of two different trade quarters. The reason

day-to-day supply chain on behalf of

and implementation of compliance programs,

why I got in that space, was actually because of

various clients. After passing the Customs

as well as the execution of anti-corruption

an undergraduate marketing class. I was trying

Broker exam in 2000, he transitioned into

transactional due diligence and integration.

to figure out what I was going to do after I

a compliance role and acted as a customs

Ms. Dowdle has conducted investigations

realized that accounting was not in my future.

broker for a boutique law firm specializing

as well as corporate independent and self-

We had a guest speaker, another professor, who

in international trade and customs matters.

monitorships in Europe, Asia, Africa, and

came in to talk about logistics, and I thought,

Upon finishing law school in 2005, Mr.

the Americas. Additionally, Ms. Dowdle

well I am not good at math, so it is not going

Chavez moved to an in-house role and

represents clients in complex commercial and

to work out for me. But the professor was a

eventually joined Shell Company in 2007.

securities litigation arising from governmental

dynamic speaker and talked about all the

In addition to a J.D., Mr. Chavez also holds

investigations.

things that need to happen behind-the-scenes.

a Tax L.L.M.

“Like a lot of people in compliance, I wanted to

It’s a part of marketing, but you’re not out there promoting. It’s not advertising, it’s not sales, but everything that we’ve talked about that have to go perfectly. To go from point A, whether that’s in China or elsewhere, to point B, here in the United States, to that item being on the shelf. That appealed to me. I started, six years

10.

The Value of Judicial Clerkships.

be a general litigator. After law school, I had the

“When I was in law school, I had no idea that

opportunity to clerk for a federal judge on the

the FCPA existed. I clerked on the Fifth Circuit, and I’m going to date myself, but my tenure on the court was when the Enron appeals were coming through. I worked on a lot on both

Fifth Circuit. I would encourage all students to consider clerking. There are some judges who are excellent mentors, and either way, you have an inside view of how the judicial system really

the individual and the Enron criminal work,

works” (David Searle).

and I found it absolutely fascinating. We were

David Searle is Vice President, Chief

doing the sentencing calculations and looking

Ethics and Compliance Officer at Walmart

at things like credibility and used the same

Inc. He is the former Chief Compliance

factors we would be using if it was someone

Officer, Associate General Counsel, and

who committed a rape or murder. I appreciated

Assistant Corporate Secretary of Bristow

how—from the political perspective—the courts

Group. He is responsible for overseeing

had come to deal with white collar crime. If you

legal compliance in all the jurisdictions

have the opportunity to clerk, take it. It will be

in which Bristow Group operates, dealing

the best job you ever have, so take it. You will

with issues related to export controls, anti-

learn more and have more doors open to you

corruption, sanctions, and fair competition.

particularly if you have a good judge. I still go

He previously served as an Assistant United

by my judge’s house for a glass of wine and let

States Attorney in the U.S. Attorney’s Office

him tell me everything that I need to do in the

in Houston, where he prosecuted corporate

next year” (Joy Dowdle).

international money laundering cases. He

experience that may be relevant, then that is

Joy Dowdle is a partner in the litigation

began his career in commercial litigation as

an advantage” (Mel Chavez).

department at Paul Hastings LLP, based out

later got my broker’s license, and at that point transitioned to a boutique law firm specializing in international trade, before going to law school at nights. Then I got a position in-house in Wisconsin, and finally came down to Shell in 2007. I’ve bounced back and forth between the import side and export side, but having that supply chain background and knowing how to roll up your sleeves, actually moving freight, importing and exporting are things that I still rely upon today. It’s been very helpful for me. What I look for is good experience. If you came straight from undergrad into law school, great. But in case you haven’t, don’t feel that you are at a disadvantage. If you have comparable

Mel Chavez serves as Trade Compliance Officer at Shell Oil Company. Mr. Chavez has twenty-five years of various international trade compliance experience. He started his

of the firm’s Houston office. Specifically, Ms. Dowdle has experience with global anti-corruption compliance and regularly represents clients across industries before 129

an appellate lawyer with Baker Botts LLP, after serving as a law clerk to the Honorable Jerry E. Smith of the U.S. Court of Appeals for the Fifth Circuit. Mr. Searle received his law degree from Duke University and holds an undergraduate degree in economics from Stanford University.

Currents 24.1 2020

Interested in supporting CURRENTS ? Students who serve on the Currents editorial board receive no compensation or scholarship assistance. The editorial board oversees the entire editorial process for each of the bi-annual issues published. In addition, they must complete written notes of publishable length and quality, while juggling the competing demands of classes, part-time jobs, and families. Without scholarship assistance, many talented students simply cannot make such a sacrifice. We believe that a scholarship fund would enable Currents to attract talented students who could focus more exclusively on improving and expanding the journal in the coming years. Please consider supporting this new fund, which will help Currents continue to provide a unique forum for the exploration of the prevalent international trade law and business issues of the next decade. To contact Currents: Journal of International Economic Law with any questions, to give to the Editorial Board Scholarship Program or for subscription information, please visit our website :

www.stcl.edu/academics/law-reviews-journals/currents/

Currents 24.1 2020

Currents Vol. XXIV, No. 1 | 2020

Articles inside

Cross Border Trade Compliance: Background

Managing Cross Border Internal Investigations

Career Paths in International Corporate Legal Practice

Anti-Bribery Laws and Investigation: Background