In the olden days, customers signed agreements using quill and ink; for many, a handshake sufficed.
These days, customers purchase many services and goods online. How do customers give their consent to the terms of their purchases in cyberspace [cue eerie music]? Most of our startup clients require their customers to agree to online terms of use (TOU), whether for a website or mobile app. The TOU set out “rules of the road” for customers, such as usage rights and prohibitions, which our clients need the ability to legally enforce. This ability rests on legal acceptance of the TOU by customers – without this, there is no binding contract.
The behemoth General Data Protection Regulation (GDPR) governs the European Economic Area*. By contrast, no federal privacy regulation applies across all U.S. states.
A company must comply with regulations of the states in which it does business. As a practical matter, compliance is geared towards the state with the most stringent regulations. Effective January 1, 2020, the California Consumer Privacy Act (CCPA) remains the most comprehensive data privacy regulation in the U.S. (Maine and Nevada also adopted data privacy regulations recently, but both are narrower in scope than the CCPA.)
Much has been written about CCPA, and this post does not cover all (or even most of) the nuances of this law. Our goal here is to help you understand enough about CCPA to determine if it might apply to your business, or if you need to consult an attorney who can make this determination.
Founders often come to us before they have formed a legal entity, seeking advice about the type of entity to form –usually it is between the two most common entity types, limited liability companies (LLCs) and corporations. The type of entity will not determine whether the business succeeds or fails. Still, entity selection merits consideration. goodcounsel is adept at guiding founders through this decision.
Here are some of the more important issues to consider when deciding between an LLC and corporation.
Fundraising is essential for many startups, but the types of fundraising methods are limited. The traditional methods are bootstrapping, convertible notes, simple agreements for future-equity (SAFEs), and priced equity rounds. We have guided many founders through fundraising.
Equity crowdfunding is a newer option. Crowdfunding is meant to allow founders to accept small investments from a broad base of investors. True crowdfunding was not previously feasible: securities laws – intended to protect investors (discussed below) – made it difficult for companies to accept investments from investors not meeting certain financial requirements, a.k.a. “non-accredited investors” (discussed below).
In 2013, the Securities and Exchange Commission (SEC) proposed its first set of rules governing equity crowdfunding. However, equity crowdfunding has not been as popular as proponents had hoped. The cost of complying with the SEC’s restrictions often outweighed the capital a founder could raise through crowdfunding. (See our original posts about the proposed rules in 2014 and their efficacy.)
This blog post aims to help you understand equity crowdfunding in general and how the new amendments to Regulation Crowdfunding may make equity crowdfunding more attractive to founders.
One of my legal newsletters today included the following blurb, crediting TechRadar:
TikTok enabled its Android app version to collect millions of users’ unique identifiers for at least 15 months that could be used for ad tracking, which violates Google’s privacy rules, according to a Wall Street Journal investigation. A TikTok spokesperson said, “The current version of TikTok does not collect [media access control] addresses,” and a Google spokesperson said the firm is investigating the Wall Street Journal’s report.
As we’ve written about before, Android is an example of the high cost of “free” (or cheap) services. Google basically subsidizes these phones because their more important business is to monetize people’s personal information. This is different than Apple, whose main business is selling you hardware and associated services.
I was browsing — okay, I admit it, I was on Twitter — and came across an ad for a new, privacy-respecting web browser called Brave. Intrigued, I went to look at it.
It’s based on Chromium (Google’s open-source code behind the Chrome browser) but has a whole different (better) approach to privacy.
Interestingly, it also has an innovative approach to helping content creators get paid. It seems that users tip websites using “Basic Attention Tokens” (a form of cryptocurrency) that they earn by voluntarily looking at browsing privacy-compliant ads.
This seems like a promising model; I am going to try it out.
There’s so much great content being created today. It’s virtually impossible to keep up with the high quality “television” shows being broadcast and streamed. (Still, do yourself a favor and watch Orange is the New Black and Chernobyl at minimum.)
It’s pretty much the same with podcasts. Fortunately, I have a reasonable amount of commuting, dog-walking, and dish-washing time to pop the earbuds in and listen. Ezra Klein of Vox is so sharp and interesting and I have developed a genuine soft spot for the NY Times journalists on The Argument. However, the podcast that I feel is fantastic and indispensable, certainly for anyone with professional or personal interests in tech, is Recode | Decode with Kara Swisher.
I have been interested in computers and technology since junior high school, when my school acquired its first computer – a lonely RadioShack TRS-80, housed up in the library. Because I was a strong math student, I was selected as one of two kids from each class to visit with the computer a couple of times a week to learn how to program in BASIC. From that point forward, I was enchanted.
In those days (we are talking about the early 1980s now) and for the two decades that followed, the power and sophistication of technology grew exponentially, accompanied by optimism about the promise of offering amazing services and solving big problems. Sure, there were people of great foresight, who saw the darker implications just over the horizon of this rise in processing power and the increasing ubiquity of computer hardware. But these were lone voices in the wilderness, for the most part; I consider myself a critical person yet I certainly did not pay a whole lot of attention to these concerns.
Most companies are aware of issues concerning how they use
and handle “personally identifiable information” (PII) of their customers. In
general, web-based businesses (which is to say, nearly all businesses) disclose
their uses of PII with some specificity in their privacy policies and terms of
use (goodcounsel is often called up to draft these for its clients). PII in the
healthcare context is tightly regulated under the Health Insurance Portability
and Accountability Act, and the
use of PII more generally by the Internet giants has come under increased
scrutiny in the last two years.
Many startup founders don’t really have to sweat board of directors meetings all that much; typically, at the earliest stages, the founders are the only people on the company’s board. If the board meets at all, it’s a “family affair” or otherwise, official actions are handled by written consents outside of meetings. However, once you have outsiders on the board – and especially, outside institutional investors like VCs – there is more pressure to perform.
