The Internet went through a period of stability with legal standards for roughly five years. Unfortunately, that period ended, and we’re now faced with an era best described as “The Empire Strikes Back” with apologies to Star Wars.
Just who is the empire and what does it want? The empire can best be described as a group of governments and economic unions that have decided to make their mark on the web. The EU alone has or is in the process of enacting four regulations that will radically change online practices related to copyright, privacy, competition, and email law. In the United States, the Supreme Court has ruled states can collect sales tax for online sales from out of state retailers while states are enacting laws on a host of topics including privacy.
What do the changes mean to parties running businesses small and large online? In most cases, that your normal way of doing business must be modified to reflect a new paradigm in legal regulation – one that is at best annoying and at worst a threat to your online viability.
US Sales Tax
Can states collect sales tax for online sales from companies that don’t have a physical presence in the state in question? This simple question has produced decades of litigation and debate. After some 20 years of conflicting decisions issued by various courts, the Supreme Court stepped in to settle the matter in 2018 in a case known as South Dakota vs. Wayfair.
Yes, states can collect such taxes, but only if the collection isn’t excessively burdensome on the business in question, to wit, states must set thresholds of sales before companies must comply. For instance, the Supreme Court noted:
1. The South Dakota sales tax law only requires out of state online retailers that generate sales of $100,000 plus a year or 200 transactions from the state to collect and pay sales tax.
2. The defendants are all large companies that will not be unduly burdened by building compliance systems.
If both elements are not present, one can argue sales tax is not justified.
A quick word about digital products. Many writers are suggesting online sales tax need not be collected on digital products. This view is incorrect. Roughly 20 plus states include digital products in the definition of product sales that trigger sales tax collection, and you should expect nearly all states to move to tax such sales over the next five years.
If you are selling products, digital or otherwise, make an appointment with your CPA to begin the collection and payment process.
EU Copyright Law
After decades of stability, the EU has taken a red marker to copyright law in the region by issuing a new Copyright Directive. While still going through the final stages of amendments, two provisions of the new Directive are raising a fuss – Articles 11 and 13.
Article 11 is known as the link tax. If you link to news content in the EU and use something more than just the link, you will be required to purchase a license for that content. The solution? Don’t link to news sources in the EU.
Article 13 is raising a good bit of fuss because it requires online platforms to filter content uploaded by users for infringing material – something similar to what you see with the Content ID system employed by YouTube. While people are melting down over this provision, it is important to understand it applies only to platforms processing large amounts of data. What does “large amount” mean? It isn’t yet clear, but nearly ever commentator believes the definition will be set at a high number since the goal is primarily to focus on the Googles and Facebooks of the world. In short, Article 13 is unlikely to impact your business.
If you’ve ignored the GDPR, now is the time to reconsider. We’re starting to see the first enforcement actions and Supervisory Authorities in the EU are reporting record complaints. It is only a matter of time until those complaints are acted on by the authorities.
Of course, ignoring the GDPR becomes less of an option for many companies given California enacted a “GDPR-lite” this summer. Not familiar with it? Read this article and this article. While the new law doesn’t go into effect until January 1, 2020, the recordkeeping requirements kick in starting January 1, 2019. Unlike the GDPR, the California Consumer Privacy Act is not something you can avoid.
Kids Privacy Online
If you collect information from children under 13 online in the United States, you should be complying with the Children’s Online Privacy Protection Act. Sadly, the agency charged with enforcing the law – the FTC – has been delinquent in its duties. Well, no more. Enforcement actions seem all the rage and states are jumping in on the action as well. Fines are huge, so make sure to get into compliance.
COPPA is not your only concern. Keep in mind the GDPR in the EU has a similar provision but with a much higher age cut-off. Article 8 of the GDPR states companies must have verified parental consent before collecting personal data from kids under 16. Yes, 16. Some Member States have picked younger ages, but 16 appears to be the default position unless you wish to set up a different compliance mechanism for each of the 28 Member States in the EU.
Know Your Market
All of these legal developments are raising a practical issue – it is critical to know your market now and project the nature of that market in the near future. As regions pass new and complex regulations and laws, many businesses will be forced to pick and choose where to conduct business given the expense of compliance.
Get ahead of the game.
Don’t waste time and effort on markets that don’t produce significant revenues for your business.
It just doesn’t make sense.
Richard A. Chapo, Esq.