goodthinking! blog

Don’t let the CCPA stop your startup goldrush – a primer on privacy in California

The behemoth General Data Protection Regulation (GDPR) governs the European Economic Area*. By contrast, no federal privacy regulation applies across all U.S. states.

A company must comply with regulations of the states in which it does business. As a practical matter, compliance is geared towards the state with the most stringent regulations. Effective January 1, 2020, the California Consumer Privacy Act (CCPA) remains the most comprehensive data privacy regulation in the U.S. (Maine and Nevada also adopted data privacy regulations recently, but both are narrower in scope than the CCPA.)

Much has been written about CCPA, and this post does not cover all (or even most of) the nuances of this law. Our goal here is to help you understand enough about CCPA to determine if it might apply to your business, or if you need to consult an attorney who can make this determination.

Read the rest of this entry »

Categorised as: Lawyering

Entity type: corporation or LLC?

Founders often come to us before they have formed a legal entity, seeking advice about the type of entity to form –usually it is between the two most common entity types, limited liability companies (LLCs) and corporations. The type of entity will not determine whether the business succeeds or fails. Still, entity selection merits consideration. goodcounsel is adept at guiding founders through this decision.

Here are some of the more important issues to consider when deciding between an LLC and corporation.

Read the rest of this entry »

Categorised as: Lawyering

Updates to Crowdfunding

Fundraising is essential for many startups, but the types of fundraising methods are limited. The traditional methods are bootstrapping, convertible notes, simple agreements for future-equity (SAFEs), and priced equity rounds. We have guided many founders through fundraising.

Equity crowdfunding is a newer option. Crowdfunding is meant to allow founders to accept small investments from a broad base of investors. True crowdfunding was not previously feasible: securities laws – intended to protect investors (discussed below) – made it difficult for companies to accept investments from investors not meeting certain financial requirements, a.k.a. “non-accredited investors” (discussed below).

In 2013, the Securities and Exchange Commission (SEC) proposed its first set of rules governing equity crowdfunding. However, equity crowdfunding has not been as popular as proponents had hoped. The cost of complying with the SEC’s restrictions often outweighed the capital a founder could raise through crowdfunding. (See our original posts about the proposed rules in 2014 and their efficacy.)

This blog post aims to help you understand equity crowdfunding in general and how the new amendments to Regulation Crowdfunding may make equity crowdfunding more attractive to founders.

First, some basics…

Read the rest of this entry »

Categorised as: Crowdfunding, Fundraising, Securities Regulation

This is why no one who values their privacy should be using an Android device

One of my legal newsletters today included the following blurb, crediting TechRadar:

TikTok enabled its Android app version to collect millions of users’ unique identifiers for at least 15 months that could be used for ad tracking, which violates Google’s privacy rules, according to a Wall Street Journal investigation. A TikTok spokesperson said, “The current version of TikTok does not collect [media access control] addresses,” and a Google spokesperson said the firm is investigating the Wall Street Journal’s report. 

As we’ve written about before, Android is an example of the high cost of “free” (or cheap) services. Google basically subsidizes these phones because their more important business is to monetize people’s personal information. This is different than Apple, whose main business is selling you hardware and associated services.

Categorised as: Legal Issues, Privacy

Now THIS is interesting…

I was browsing — okay, I admit it, I was on Twitter — and came across an ad for a new, privacy-respecting web browser called Brave. Intrigued, I went to look at it.

It’s based on Chromium (Google’s open-source code behind the Chrome browser) but has a whole different (better) approach to privacy.

Interestingly, it also has an innovative approach to helping content creators get paid. It seems that users tip websites using “Basic Attention Tokens” (a form of cryptocurrency) that they earn by voluntarily looking at browsing privacy-compliant ads.

This seems like a promising model; I am going to try it out.

(Apparently the company started all the way back in 2015, but it seems like there is a new push on the product.)

Categorised as: soapbox

Everyone (in and out of tech) should be listening to Kara Swisher

There’s so much great content being created today. It’s virtually impossible to keep up with the high quality “television” shows being broadcast and streamed. (Still, do yourself a favor and watch Orange is the New Black and Chernobyl at minimum.)

It’s pretty much the same with podcasts. Fortunately, I have a reasonable amount of commuting, dog-walking, and dish-washing time to pop the earbuds in and listen. Ezra Klein of Vox is so sharp and interesting and I have developed a genuine soft spot for the NY Times journalists on The Argument. However, the podcast that I feel is fantastic and indispensable, certainly for anyone with professional or personal interests in tech, is Recode | Decode with Kara Swisher.

Read the rest of this entry »

Categorised as: Current events, News and Views

The surveillance state has arrived

I have been interested in computers and technology since junior high school, when my school acquired its first computer – a lonely RadioShack TRS-80, housed up in the library. Because I was a strong math student, I was selected as one of two kids from each class to visit with the computer a couple of times a week to learn how to program in BASIC. From that point forward, I was enchanted.

In those days (we are talking about the early 1980s now) and for the two decades that followed, the power and sophistication of technology grew exponentially, accompanied by optimism about the promise of offering amazing services and solving big problems. Sure, there were people of great foresight, who saw the darker implications just over the horizon of this rise in processing power and the increasing ubiquity of computer hardware. But these were lone voices in the wilderness, for the most part; I consider myself a critical person yet I certainly did not pay a whole lot of attention to these concerns.

Read the rest of this entry »

Categorised as: Surveillance and privacy

The risks of biometrics non-compliance

Most companies are aware of issues concerning how they use and handle “personally identifiable information” (PII) of their customers. In general, web-based businesses (which is to say, nearly all businesses) disclose their uses of PII with some specificity in their privacy policies and terms of use (goodcounsel is often called up to draft these for its clients). PII in the healthcare context is tightly regulated under the Health Insurance Portability and Accountability Act, and the use of PII more generally by the Internet giants has come under increased scrutiny in the last two years.

Read the rest of this entry

Categorised as: Biometrics non-compliance, Legal Issues

Making board meetings work for you

Many startup founders don’t really have to sweat board of directors meetings all that much; typically, at the earliest stages, the founders are the only people on the company’s board. If the board meets at all, it’s a “family affair” or otherwise, official actions are handled by written consents outside of meetings. However, once you have outsiders on the board – and especially, outside institutional investors like VCs – there is more pressure to perform.

Read the rest of this entry

Categorised as: Startup Stuff

Websites as places of public accommodation

Clients frequently ask goodcounsel to draft online Terms of Use and Privacy Policies. What they often fail to consider is whether the Americans with Disabilities Act applies to their websites and mobile apps. Yes, you read that correctly: the Americans with Disabilities Act. Whether the ADA applies depends on the state(s) the company operates in, the kind of goods or services the company offers, and how and to whom the company provides such goods or services.

Read the rest of this entry »

Categorised as: ADA Compliance, Legal Issues