The Virginia Consumer Data Protection Act (CDPA) has become the next major U.S. state privacy law, after being signed into law by Virginia Governor Ralph Northam on Tuesday, March 2, 2021. The new law amends Title 59.1 of the Code of Virginia with a new chapter 52 (creating Code of Virginia sections 59.1-571 through 59.1-581).

Who is covered?

Per Section 59.1-572, the bill applies to “persons that conduct business in the Commonwealth or that produce products or services that are targeted to residents of the Commonwealth” who “control or process personal data of at least 100,000 consumers” or those who “control or process the data of at least 25,000 consumers” AND “derive at least 50% of their gross revenue from the sale of personal data.”

As defined in Section 59.1-571 the bill, “[c]onsumers” are any “natural person who is a resident of the Commonwealth acting only in an individual or household context. [Consumer] does not include a natural person acting in a commercial or employment context.”

Both covered entities and “consumers” are defined more narrowly than under other general data privacy laws such as the California Consumer Privacy Act (CCPA). For example, in contrast to the CCPA’s application to any California business with more than $25 million in annual revenue, the CDPA does NOT apply on a blanket basis to any Virginia business above a specified revenue threshold. To be covered under the CDPA, a person must always process the data of a minimum number of Virginia residents “acting only in an individual or household context.” Additionally, the exemption for individuals acting in “commercial” or “employment” contexts is a complete one, and does not have a “sunset” date where the exemption will expire like the California law.

Notably, the CDPA follows the model established under the EU General Data Protection Regulation and categorizes relevant businesses as “controllers” and “processors.” “Controllers” are “the natural or legal person that, alone or jointly with others, determines the purpose and means of processing personal data,” while “processors” are “a natural or legal entity that processes personal data on behalf of a controller.” Similar to the controller/processor relationship created by the GDPR and the business/service provider relationship created under the CCPA, a CDPA processor must be engaged by a controller via a written agreement that governs the processor’s data processing and provides specific instructions for the processing of data, as well as the nature and purpose of the processing. Continue Reading Virginia Consumer Data Protection Act (S.B. 1392)

This past Wednesday, Robert Adler, Acting Chairman of the U.S. Consumer Product Safety Commission (CPSC), delivered a keynote address at the annual conference of the International Consumer Product Health and Safety Organization (ICPHSO).  In his final remarks to the conference as leader of the agency, Adler confirmed what many have suspected over recent months—with the arrival of a new Administration that, according to Adler, “clearly views product safety in different terms,” he has seen his role morph from a temporary caretaker to agenda setter.  Adler raised some immediate priorities of the agency, which, to nobody’s surprise, included enhancing , seeking more monetary resources for the agency, and supporting certain legislative changes on Capitol Hill, including amending Section 6(b).  He also emphasized the need for the agency to approach product safety from a variety of perspectives considering diverse communities.  For those who missed the speech, we highlight some key takeaways here.

Compliance and Enforcement.  Adler stated that the agency will use its dedicated Compliance and Enforcement team “to their fullest,” and “not forget about” certain of the agency’s enforcement tools including civil penalties, unilateral press releases, and administrative litigation.  As we highlighted in a recent post, the agency has announced two civil penalties this year, which is two more than it had announced in the past several years.  Industry stakeholders should anticipate a more empowered Compliance and Enforcement Division at the agency.

Budget and Resources.  It is universally acknowledged that the CPSC is underfunded.  In what may be his swan song, Chairman Adler is making a full court press with the Office of Management and Budget, and Congress, to obtain additional funding for the agency—not mere “incremental budgeting,” but rather the doubling of the CPSC’s annual budget.  Adler wants those monies to support unfunded mandates from Congress; additional mandatory safety standard proceedings (think infant sleep products; dressers; flame retardants; window coverings; magnets; CO hazards; and table saws) and other priorities in the agency’s current operating plan, among other projects.  We applaud Chairman Adler for his efforts in this regard—a significant increase in funds available to the agency is long overdue.

Legislative Changes.  It also did not come as a surprise that Chairman Adler asserted forcefully that the agency needs to be “unshackled” from the “information muzzle” known as Section 6(b) of the CPSA, and that it’s the public that suffers from limits on information sharing.  He discounted concerns that without 6(b) controls, misinformation about companies will run rampant.  He also expressed a desire to see “less cumbersome” rulemakings.  We should expect to see a Commission with a 3-2 Democratic majority to not only support, but also push for, big fixes to the agency’s enabling statute—especially, with a Democratic Congress and Administration in power.

Diversity.  In a nod to current events, in addition to stating that the agency should look more like the people it serves, Chairman Adler discussed the need for the agency to approach product safety from a variety of diverse viewpoints.  He asked “how might certain hazards exist for some vulnerable populations more than others?  How might real-life barriers, like socio-economic status, affect our safety messages and peoples’ ability to respond to them?  What methods can we use to reach marginalized and underserved communities?”  These are important questions worthy of the agency’s consideration.

Chairman Adler’s remarks at ICPHSO served as a reminder that we are undergoing a political transition at the agency that will certainly impact industry and other stakeholders.  All eyes are on the White House as we await agency nominations, particularly that of a new, permanent Chairman.  As part of Crowell’s “First 100 Days of the Biden Administration” webinar series, our team will be focusing on these and other CPSC related issues on March 30, 2021—watch for a formal announcement soon!


Recalls in Review: A monthly spotlight on trending regulatory enforcement issues at the CPSC.

Extended time spent at home over the past year has encouraged many Americans to update, redecorate, and renovate their living spaces.  As more people choose to “DIY” their home renovations in lieu of hiring professional services, we turn our attention in this Recalls in Review segment to CPSC regulatory actions involving power tools.

The CPSC has regulated power tools at a fairly consistent rate since the 1990s, conducting at least 93 recalls of power tools since 2001.  The recall data reveals small enforcement “spikes” occurring in 2004, 2005, and 2009, followed by a fairly steady recall frequency until 2018.

The Commission has issued four civil penalties relating to power tools.  Three of the penalties were imposed due to the firms’ failure to timely report to the CPSC after receiving information reasonably supporting the conclusion that their product contained a defect which could create a substantial risk of injury to the public, presented an unreasonable risk of serious injury or death, or violated a federal safety standard.  The fines ranged from $100,000 to $800,000.  The most recent civil penalty was for $5.7 million in 2017 for the sale of nearly three thousand units of previously recalled consumer products.

Numerous types of power tools have been recalled over the years.  The most commonly recalled category of power tool are saws, including circular saws, table saws, chain saws, and miter saws.  Nearly all of the saw recalls have been aimed at addressing a risk of laceration or injury.  However, a few saws were recalled due to a risk of electric shock related to exposed or damaged wiring.  Drills and drivers are the next most commonly recalled category of power tools, followed by air compressors, nailers, sanders, and grinders.  Drill recalls typically address problems with the trigger switch, which can pose various injury, shock, and fire hazards.

The hazards addressed by power tool recalls are not surprising.  Thirty percent of all power tool recalls address laceration hazards, twenty-eight percent address fire or burn hazards, and twenty-seven percent address “injury” hazards.  The remaining fifteen percent of the recalls address shock or electrocution hazards.  Perhaps more interesting, over one-third of all power tool recalls since 2001 were conducted despite having no reported incidents involving consumers.

Consumers should keep themselves up to date on power tool recalls and follow instructions for repair or replacement when necessary.  The most common remedy for a power tool recall is free repair of the defective product (or component part).  Less often, the remedy may be limited to receiving a replacement product (or component part), refund, store credit, or new instructions.

* * * * *

About Recalls in Review: As with all things, but particularly in retail, it is important to keep your finger on the pulse of what’s trending with consumers.  Regulatory enforcement is not different—it can also be subject to pop culture trends and social media fervor.  And this makes sense, as sales increase for a “trending” product, the likelihood of discovering a product defect or common consumer misuse also increases.  Regulators focus on popular products when monitoring the marketplace for safety issues.

As product safety lawyers, we follow the products that are likely targets for regulatory attention.  We share our observations with you through Recalls in Review.

Maryland became the first U.S. state to create a digital advertising tax on February 12, 2021. The Digital Advertising Gross Revenue Tax (DAGRT) was originally passed in March of 2020, but subsequently vetoed by Maryland Governor, Larry Hogan. Maryland’s legislature voted to override the Governor’s veto, however. The contentious journey for DAGRT passage is likely to be overshadowed by a litigious future.

DAGRT (full text here) imposes a progressive tax on the sale of digital advertising services’ gross revenue within the state. DAGRT focuses on large providers of digital advertising services; entities with revenue exceeding $100 million. The rate of the tax imposed, based on global revenue, is 2.5% for annual global gross receipts of $100 million to $1 billion, 5% for gross receipts of $1 billion to $5 billion, 7.5% for gross receipts of $5 billion to $15 billion, and 10% for gross receipts exceeding $15 billion. The rate then applies to digital advertising services’ gross revenue in Maryland. However, DAGRT does require all entities with an annual gross revenue derived from digital advertising services within the state over $1 million to file a specialized tax return. DAGRT’s focus on large providers of digital advertising services might incentivize these providers to find avenues to avoid the tax by changing their digital advertising strategies. For example, more companies may offer advertisement-free subscription options. It’s also possible that the companies faced with paying the tax may simply pass the cost on to the smaller businesses purchasing the advertisements and to consumers. Continue Reading Maryland’s Digital Advertising Tax: A Contentious Start, and an Uncertain Future

The U.S. Consumer Product Safety Commission (CPSC) has announced a civil penalty settlement with exercise equipment manufacturer Cybex International (Cybex).  Cybex has agreed to pay a civil penalty of $7.95 million to resolve charges that it knowingly failed to immediately report allegedly defectiveto the CPSC under Section 15(b) of the Consumer Product Safety Act.  This civil penalty, already the second of 2021, underscores a material change in enforcement approach from the past two years, in which the Commission did not announce a single civil penalty for violations of the product safety laws.

In this case, CPSC staff alleged that Cybex failed to report immediately to the Commission that it had information which reasonably supported the conclusion that components of certain pieces of its gym equipment—arm curl and press machines—could detach or fall causing severe injury to the user, including eye loss, spinal fracture, and in one case paralysis.  The Commission voted 3-0-1 to provisionally accept the settlement. We encourage our readers to review the settlement agreement here to learn more about the factual background. Continue Reading Cybex Civil Penalty at CPSC Confirms Return of Enforcement Tool

Recalls in Review: A monthly spotlight on trending regulatory enforcement issues at the CPSC.

As winter temperatures continue to drop and we’re all looking for a way to feel cozy, many Americans reach for candles as a way to bring some light into their homes during these dark months.  We don’t need to detail why candles – hi, open flames and hot wax! – regularly attract the CPSC’s attention in their mission to keep consumers safe.  In today’s installment of “Recalls in Review,” we look back at CPSC regulatory actions involving both candles and candle-related products.

The Commission has conducted at least 115 recalls of candles and candle-related products since 2001.  The recall data available on the website reveals a small enforcement “spike” that occurred between 2005 and 2008, followed by a fairly steady number of recalls nearly every year since 2008.

Three civil penalties relating to candles and candle-related products have been issued by the Commission, the most recent of which was in 2008.  The civil penalty fines ranged from $100,000 to $500,000.

Our analysis found various types of candle-related recalls: only half of the recalls involve concerns with the candles themselves, while the rest are caused by issues with the vessel or container into which a candle is poured, or problems presented by candle accessories such as candle holders or wax warmers.

Most often, candles are recalled due to the height of the candle’s flame.  Problems can also be caused by decorative objects added to the candle wax during manufacturing as well as paint, glitter, or other surface coatings on the candle.

Twenty percent of the relevant recalls involve an issue with the container that the candle was poured into, such as a ceramic or glass bowl or a metal tin.  Twenty-six percent of recalls involve separate holders into which candles can be placed.  For example, taper candle holders were recalled just last month due to a concern that the holders could catch fire if they came into contact with a candle’s flame.  Other recalled accessories include candle lighters, candle charms, and paper candle shades.

Unsurprisingly, nearly ninety percent of the relevant recalls address fire or burn hazards.  The Commission recently published news releases in November and December of 2020 reminding consumers to never leave burning candles unattended.  The other ten percent of recalls address laceration hazards.  The laceration recalls all involve glass candle holders and candles in glass jars, which could crack, break, or shatter.  Only one candle related recall since 2001 was conducted to address a hazard other than fire, burn, or laceration – that 2008 recall was of candle pendants and charms, which had been sold both separately and on candles, due to excessive levels of lead.

The most common remedy offered by recalling firms is a refund or store credit.  Less often, the remedy may be limited to a replacement product or instructions regarding safe use of the product.  However, four of the recalls provided no remedy for consumers.  In those instances, the recalling firms simply urged consumers to dispose of the products.

* * * * *

About Recalls in Review: As with all things, but particularly in retail, it is important to keep your finger on the pulse of what’s trending with consumers.  Regulatory enforcement is no different – it can also be subject to pop culture trends and social media fervor.  And this makes sense, as sales increase for a “trending” product, the likelihood of discovering a product defect or common consumer misuse also increases.  Regulators focus on popular products when monitoring the marketplace for safety issues.

As product safety lawyers, we follow the products that are likely targets for regulatory attention.  We share our observations with you through Recalls in Review.


Continue Reading UK and Canada Announce New Measures to Combat Forced Labor and Human Rights Violations

A new nationwide standard for upholstered furniture flammability was signed into law on December 27, 2020 as part of the Consolidated Appropriations Act, 2021, which includes the COVID–19 Regulatory Relief And Work From Home Safety Act.  This legislation embraces the California Technical Bulletin (TB 117-2013) for testing the smolder resistance of materials used in upholstered furniture.  The California standard has been mandatory in that state since 2015, so the standard should already be on the compliance radar for most national retailers.

TB 117-2013 is intended to assess the flammability of upholstered furniture when exposed to a smoldering cigarette, a common cause of residential fires.  TB 117-2013 requires different tests for outer fabric, inner linings, and filling material that simulate a discarded, lit cigarette.  Each material is required to survive for an extended period without creating flames or overly smoldering or charring.  The previous version of the TB 117 standard also required an open flame test, which had been criticized for forcing manufacturers to use flame retardant chemicals.

Continue Reading New National Standard for Flammability of Upholstered Furniture

On December 15, 2020, the European Commission (EC) presented its long-awaited proposal for a Digital Services Act (DSA), together with a proposal for a Digital Markets Act (DMA), which we discussed in a previous alert. Whereas the DMA aims to promote competition by ensuring fair and contestable markets in the digital sector, the DSA proposal intends to harmonize the liability and accountability rules for digital service providers in order to make the online world a safer and more reliable place for all users in the EU.

Most notably, the DSA would impose far-reaching due diligence obligations on online platforms, with the heaviest burdens falling on “very large” online platforms (i.e., those with more than 45 million average monthly active users in the EU), due to the “systemic” risks such platforms are deemed to pose in terms of their potential to spread illegal content or to harm society. In this day and age when the perceived power of online platforms to independently control content publication and moderation is headline news daily, with governments throughout the globe grappling with different legislative and regulatory proposals, the DSA stands out as an ambitious effort by the EC to create a consistent accountability framework for these platforms, while striking a balance between safeguarding “free speech” and preserving other values and interests in a democratic society. Like the parallel DMA proposal, the DSA proposal has been criticized for targeting mainly U.S.-based companies, which would make up most of the “very large” platforms. Given the huge commercial interests at stake, the passage of both laws will no doubt be the subject of intense debate and lobbying, including with respect to the asymmetric nature of the proposed regulation and the powerful role that the EC reserves to itself in both proposals. Continue Reading Digital Services Act: The European Commission Proposes An Updated Accountability Framework For Online Services

The Biden Administration has promised an across-the-government effort to combat climate change, consistent with policy priorities during the Obama Administration. While much speculation has focused on a climate infrastructure package or a possible revamp of the Clean Power Plan, appliance manufacturers should be prepared for a less publicized but similarly significant change in direction from the current administration: increased enforcement under the U.S. Department of Energy’s (DOE) appliance standards program.


The DOE administers the appliance standards program under the Energy Policy and Conservation Act (EPCA), which includes setting mandatory appliance energy and water efficiency standards for over 60 covered products, such as refrigerators, dishwashers, vacuums, and battery chargers. Each appliance standard has two components: a conservation standard and an associated testing procedure through which the manufacturer demonstrates compliance with the applicable standard.

Although this program has existed since the 1980s, the Obama Administration was the first to explicitly include goals for greenhouse gas emission reductions as a component of the standards-setting process. Over the course of 8 years, DOE issued new and updated conservation standards for numerous products, and DOE’s Office of Enforcement investigated and issued monetary penalties to companies failing to comply with updated standards incorporating these emission reduction goals. The Trump Administration, by comparison, has not directly incorporated these greenhouse gas-related factors into the rulemaking process, and has been comparatively less active in updating standards in general. The Trump Administration also has pursued fewer enforcement actions on the whole – and appears to have sought smaller penalties – relative to the Obama Administration. Continue Reading Appliance Manufacturers Should Prepare for Increased DOE Enforcement Activity