Thursday, February 28, 2013

Where to Incorporate: Should a California-based startup incorporate in Delaware?

One of the commonly asked questions that entrepreneurs ask their attorneys when forming a company is where to incorporate it. Most frequently, companies choose between incorporating in their home state and registering in Delaware.

Delaware is chosen by many companies because of its well-developed corporate law that is typically viewed as pro-management and that gives the majority shareholders the flexibility in dealing with the minority shareholders. It is easy to file documents and obtain certificates from the Delaware Division of Corporations. Also, Delaware has a separate Court of Chancery, dating back to 1792, which is a business law court where judges are appointed on merit, not elected. This Court has no juries, and decisions are issued in a form of written opinions. Delaware business case law is abundant and there is much precedent for corporations to refer to when considering what actions they can and cannot take. Delaware business law (statutes and precedents) has come to be considered as the “national corporation law” since all lawyers are well familiar with it, having studied it in law school, and the most well-known business-related decisions have come out of Delaware courts.

Large companies with complex structures or those companies that plan to seek venture capital financing or go public typically consider Delaware as the state of incorporation. In fact, it is almost expected that a company going public be a Delaware corporation. In the 1990s, for example, the share of Delaware companies’ IPOs registered on the New York Stock Exchange increased to 73-77%. After all, Delaware’s corporate laws are the most flexible, its Chancery Court is the oldest in the country, and the abundance of business law precedent is clear. However, costs of incorporation and ongoing tax obligations in Delaware may be substantial.

Typically, companies are entitled to apply the laws of their state of incorporation to their internal affairs and corporate governance. However, it is not entirely the case if the company is deemed to be a quasi-foreign corporation in California. A private corporation becomes subject to the California Corporations Code Section 2115 (to the exclusion of the law of the state of incorporation) if more than 50% of its outstanding voting stock is owned by California residents and more than 50% of its business is conducted in California (measured by property, payroll and sales).

So, a Delaware private corporation with business in California may find itself subject to pro-shareholder corporate governance laws of the state of California. Section 2115 of the California Corporations Code requires foreign companies to apply various provisions of California laws to such fundamental areas of their internal affairs as annual election of directors (cumulative voting is required, not optional), directors standard of care, removal of directors without cause, indemnification of officers and directors, distributions to shareholders, supermajority vote requirements, limitations on sale of assets, cumulative voting provisions, reorganizations, dissenters’ rights, rights of inspection and class voting for mergers.

A particular area of concern is the provision applicable to class voting on mergers. The California law requires that the holders of each class of capital stock of a corporation approve the merger, whereas the Delaware law only requires the approval of holders of the majority of the outstanding stock. This class vote requirement gives a small group of shareholders holding a majority of one class of stock the opportunity to block the merger, even if the merger is favored by the majority of shareholders of the company.

In VantagePoint Venture Partners 1996 v. Examen Inc., 871 A.2d 1108 (2005), the Delaware Supreme Court considered this point and found that California could not constitutionally impose its corporate governance laws on a Delaware corporation that was governed by the Delaware General Corporation Law.

The California courts have also recently come to the same conclusion, although indirectly. In May 2012, the Second District Court of Appeal in California mentioned, in dicta, that matters of internal governance should be governed by the laws of the corporation’s state of incorporation.

However, Section 2115 still governs as written. It is a matter of the local legislature to repeal or amend the long-arm statute. Recently, proposals have been made and considered to repeal Section 2115, but they have not been successful.

So, what are startups to do in the meantime? Businesses that are based in California or that would qualify as quasi-foreign corporations pursuant to Section 2115 may be better off choosing to incorporate in California (since Section 2115 would still subject them to the California Corporations Code), and then re-incorporate in Delaware when they are ready to go public. Remember: Section 2115 only applies to private companies, not those with stock listed on a national stock exchange or quoted on Nasdaq.

This article is not a legal advice, and was written for general informational purposes only.  If you have questions or comments about the article or are interested in learning more about this topic, feel free to contact its author, Arina Shulga.  Ms. Shulga is the founder of Shulga Law Firm, P.C., a New York-based boutique law firm specializing in advising individual and corporate clients on aspects of business, corporate, securities, and intellectual property law.  Ms. Shulga is licensed in the State of New York.  

Wednesday, February 27, 2013

Apps Developers: Please Pay Attention to the New Amendments to COPPA

This blog’s mission is to summarize the recent amendments to the Children’s Online Privacy Protection Act (COPPA), a federal law that regulates whether and how website owners as well as mobile apps developers can use personal information collected from children under the age of 13. Interestingly, according to The Wall Street Journal’s study, apps and websites that target children tend to collect more tracking data than any other websites or apps. The WSJ compared 50 popular sites for teens and children with the 50 most popular sites generally aimed at adults, and found that the sites targeting kids placed 30% more cookies, beacons and other pieces of tracking technology than the sites targeting the adults.

So, what are the new amendments to COPPA that affect apps?
  • The definition of “personal information” has been expanded to include photos, videos, voice recordings, the IP addresses and the geo-location data, in addition to name, address and phone numbers. Such personal information cannot be collected from children under the age of 13 without parental consent; 
  • Data received by apps cannot be shared with third parties unless the third parties are “capable of maintaining the confidentiality, security and integrity of such information”; 
  • Collecting certain tracking processes, such as cookies, usernames, IP addresses and device IDs also require parental consent (but no consent is needed if the collected data is used only for internal purposes, such as ensuring functionality of the app, personalizing its content, offering contextual advertisements, authenticating users); 
  • Interactive features in the apps, such as integration with social networks, are allowed so long as such third party networks do not collect and share information in violation of COPPA; 
  • Parents can now provide their consent in a variety of ways, including electronically scanned consent forms, video-conferencing, emails accompanied by a PIN or password, and toll-free numbers they can call to answer consent questions (obtaining valid parental consent, however, is likely the most confusing aspect of complying with COPPA since the consent must meet certain criteria to be valid. The exact criteria, however, have not been disclosed by the FTC); 
  • App stores and app download platforms are exempted from complying with COPPA and therefore don’t have to confirm that apps for sale are in compliance with COPPA. 
According to The New York Times, small apps developers will be affected the most by these amendments. Previously, many small app developers were able to comply with COPPA by outsourcing data collection, often free of charge, to advertising networks and analytics companies. The new COPPA, however, makes app developers primarily liable for inappropriate or illegal data collection processes by such third parties. In practice, it means that the app developers have to notify parents of data collection practices of every third party whose services are integrated into the app and obtain parental consent. This greatly increases compliance burdens on the small apps developers that often operate on a tight financial budget. Additionally, if the small developers continue outsourcing their data collection practices to the analytics companies, they will have to limit such companies’ use of the collected information in compliance with COPPA, which may provide a disincentive for the analytics companies to collect and analyze data free of charge.

So, what can children’s apps developers do now to comply with the new rules? They can stop collecting any personal information from children unless it is for strictly internal use (which may negatively affect the monetization of their apps). Alternatively, they can target their apps to teenagers who are older than 13 (thus avoiding COPPA). Finally, they can increase the price of their apps to account for the increased legal and compliance costs associated with obtaining parental consents and providing adequate disclosure regarding the data collection practices of the apps and their affiliates.

In any case, it is highly advisable for the apps developers to have a well-written privacy policy that accurately describes data collection and data use practices of the app and its partners. It is also helpful to bring any unusual or important data collection practices to the attention of the parents through special notices.

Some argue that the amendments may already be ineffective and outdated. For example, it is widely believed that children can get around privacy protections by simply misrepresenting their age. While app developers play a part in enforcing privacy policies, parents should be the ones ultimately bearing the burden of policing their children’s online behavior and the amount of information they reveal while playing the apps. Parents should use device controls such as location blocking and privacy management settings on their mobile devices to limit access to theirs and their children’s private information.

Compliance with COPPA is by far the most important legal aspect of apps development that developers should be aware of if their apps are targeting children. Failure to comply can result in costly lawsuits. Earlier this month, an apps developer Path, Inc. settled with the FTC for $800,000 for inappropriately acquiring personal information from children. Path's app allowed users to share their journals that included photos, thoughts or their location with up to 150 people. Path collected personal information from users’ mobile address books without disclosing such collection practices or obtaining parental consent. The FTC said that the app had been downloaded over 2.5 million times and that Path allowed the registration of approximately 3,000 users whose birth dates showed that they were under 13. Aside from having to delete all personal information relating to children, Path also agreed to implement a thorough privacy program and to obtain privacy audits from a third party. Path’s alleged practices are now subject of a putative class action lawsuit in the Northern District of California.

This article is not a legal advice, and was written for general informational purposes only.  If you have questions or comments about the article or are interested in learning more about this topic, feel free to contact its author, Arina Shulga.  Ms. Shulga is the founder of Shulga Law Firm, P.C., a New York-based boutique law firm specializing in advising individual and corporate clients on aspects of business, corporate, securities, and intellectual property law.