The EU Institutions are currently adding the finishing touches to the new Packaging & Packaging Waste Regulation (“PPWR”) which is expected to be adopted in Q4 2024 or Q1 2025. While many companies are fully preoccupied with preparing for other EU legislation (e.g. the Deforestation Regulation) – companies will ignore the PPWR at their peril. The PPWR contains a host of ambitious legal targets and requirements – which industry will find it difficult to achieve in practice. And the deadlines to comply – are perhaps even more challenging. Companies will need to start preparing for the EU PPWR now, to avoid serious problems – including supply-chain disruption, penalties and litigation – in the future.Continue Reading Do You Sell or Manufacture Products in the EU? Then You Should Be Preparing for the New EU Packaging and Packaging Waste Regulation (PPWR) Now.

On December 15, 2020, the European Commission (EC) presented its long-awaited proposal for a Digital Services Act (DSA), together with a proposal for a Digital Markets Act (DMA), which we discussed in a previous alert. Whereas the DMA aims to promote competition by ensuring fair and contestable markets in the digital sector, the DSA proposal intends to harmonize the liability and accountability rules for digital service providers in order to make the online world a safer and more reliable place for all users in the EU.

Most notably, the DSA would impose far-reaching due diligence obligations on online platforms, with the heaviest burdens falling on “very large” online platforms (i.e., those with more than 45 million average monthly active users in the EU), due to the “systemic” risks such platforms are deemed to pose in terms of their potential to spread illegal content or to harm society. In this day and age when the perceived power of online platforms to independently control content publication and moderation is headline news daily, with governments throughout the globe grappling with different legislative and regulatory proposals, the DSA stands out as an ambitious effort by the EC to create a consistent accountability framework for these platforms, while striking a balance between safeguarding “free speech” and preserving other values and interests in a democratic society. Like the parallel DMA proposal, the DSA proposal has been criticized for targeting mainly U.S.-based companies, which would make up most of the “very large” platforms. Given the huge commercial interests at stake, the passage of both laws will no doubt be the subject of intense debate and lobbying, including with respect to the asymmetric nature of the proposed regulation and the powerful role that the EC reserves to itself in both proposals.
Continue Reading Digital Services Act: The European Commission Proposes An Updated Accountability Framework For Online Services

The Federal Trade Commission (FTC) has struck again in the data privacy world, this time at 13 companies that allegedly misrepresented in their privacy statements that they were U.S.-EU or U.S.-Swiss Safe Harbor certified. This latest enforcement sweep demonstrates the FTC’s privacy focus and reinforces the need for companies to make accurate public representations.

The FTC charged the 13 companies with misleading consumers and has proposed placing them under a familiar 20-year consent order. The consent order requires the companies to refrain from  misrepresenting privacy or security program adherence and to keep strict records for the FTC’s overview. For the next 20 years, any companies that disobey the consent order will be subject to a $16,000 civil penalty per violation.

The U.S.-EU and U.S.-Swiss Safe Harbor Frameworks (collectively, “Safe Harbor”) are the most popular of several mechanisms through which companies can legally transfer personal data from Europe to the United States. There are currently over 4,300 U.S. companies certified to the U.S.-EU Safe Harbor.

As FTC Chairwoman Edith Ramirez said this week, “The U.S.-EU and U.S.-Swiss Safe Harbor Frameworks are important agreements, and the FTC remains strongly committed to enforcing them. Companies must not deceive consumers about their participation in these programs.”

The FTC’s focus on Safe Harbor enforcement, and privacy enforcement in general, raises concerns for companies of all sizes. Indeed, the FTC has now undertaken 39 Safe Harbor-related enforcement actions against both small and large U.S. companies in the past five years. Here are five key items for companies to review based on the lessons learned from these settlements:Continue Reading Recent FTC Safe Harbor Enforcement Takeaways

Politicians and public interest groups in the European Union are showing renewed interest in expanded country of origin labeling requirements in the wake of February’s horse meat scandal, where lasagna and other products sold in the EU purportedly made from beef were found instead to contain horse meat. Specifically, attention is focused on Regulation (EU)