Audrey Conrad

BC EIC Law Student

October 20, 2023

To say that the world as we knew it changed in March 2020 would be an understatement. Overnight, the entire world shut down, forcing people to live and exist solely within their homes to avoid COVID-19. What was supposed to be a two week shut down, turned into months if not years of doing everything from home. While the primary concern was stopping the spread of COVID-19, it became clear early on that this pandemic would create a widespread mental health crisis due to prolonged periods of isolation, COVID-19 related illness and death, and employment insecurity. General rates of depression, anxiety, and substance abuse skyrocketed during this time, and was especially pronounced in communities of color, women, and young people.[i] To make matters worse, traditional mental health care, already known for being expensive and difficult to obtain, became even more elusive due to increased need and office closures.

            While the height of the pandemic was a stressful and generally miserable experience, it also prompted a wave of innovation. There became a need for creative and motivated individuals to fix the myriad problems within society that were created by the pandemic. The past few years since March 2020 have seen the creation of several mental health related startups. After existing mental health services companies like Talkspace, BetterHelp, and Cerebral saw an uptick in popularity at the start of the pandemic, startup founders have been quick to launch companies seeking to fill the need for remote accessible mental health care.

One company hailing from Cambridge, MA, is Cartwheel, a startup that offers telehealth based mental health programs and therapy for school districts. School age children were hit hard by the pandemic, as they not only had to adapt to doing school entirely remotely, but they also missed out on the developmental growth and social benefit that comes from being in school in person. Through Cartwheel, school staff members can submit a referral to Cartwheel, which then reaches out to the students family to set up a plan for telehealth mental health services. This eliminates the need for a family to find care on their own, and saves them from being stuck on a waitlist for another form of care.[ii] The startup has become a great success story, with the company now serving over fifty school systems across five states in the New England area.

            While telehealth services have been invaluable as the world navigated through the global pandemic, they have not gone without legal issues, challenges, and scandals. Most notably, several high profile telehealth companies have come under fire for sharing the personal health data of their users with third parties. In March 2023, the Federal Trade Commission banned BetterHelp from sharing health data of its users with third parties, and required the organization to pay $7.8 million to users for sharing their sensitive health data with organizations like Facebook and Snapchat. This is the first time that the FTC has intervened with a sensitive data breech related to the healthcare industry, and has actually returned funds.[iii]

            BetterHelp is not the only company facing backlash. The United States Senate launched an inquiry into Cerebral, another telehealth mental health service, that ultimately admitted to sharing users’ private, HIPAA protected health data with Facebook, Google, and TikTok.[iv] The issue in this case is largely of a contractual nature. By accepting Cerebral’s terms and conditions, users agreed to allow the company to use tracking technologies which shared their data with tech giants. How tracking technologies work, on a basic level, is that Cerebral used bits of Google, Facebook, and TikTok’s code within the Cerebral app, which in turn gave the third party technology companies access to user data that they could then use to target advertisements.[v]

This case represents another in the line of “clickwrap” cases, where users agree to the terms and conditions on a website or app without reading through them. In Meyer v. Uber (2017), Uber was sued by a user who agreed to Uber’s terms of service with a “click.” The user did not open the terms and conditions, as this was not required to accept them. The court found that the user unambiguously manifested his assent to Uber’s terms of service even though he had not read them, and that a “reasonably prudent user” would know that they were agreeing to terms of service by creating an account.[vi]

             Decisions like the Meyer case carry an extra weight when the terms of service contain terms that allow the app to share answers to questions like: “Have you ever experienced depression?”, “Are you suicidal?” and “Rate your anxiety on a scale from 1-10.” It is unsettling to think that millions of users are unknowingly agreeing to the sharing of their personal health data to third party advertisers.

Telehealth, especially mental health, provides a great service to society by making healthcare more accessible and affordable than ever before. However, startup founders would be wise to ensure that they protect their users’ sensitive health data as the legality of “clickwrap” and waivers of privacy continue to develop. Startup owners should ensure that their terms of service for any mental health services that they release are clearly accessible to their users, and should avoid giving user data to large companies for advertisement purposes.

[i] https://www.kff.org/mental-health/issue-brief/the-implications-of-covid-19-for-mental-health-and-substance-use/

[ii] https://www.hcinnovationgroup.com/population-health-management/behavioral-health/news/53074052/telehealth-startup-cartwheel-raises-20m-to-address-student-mental-health

[iii] https://www.ftc.gov/news-events/news/press-releases/2023/03/ftc-ban-betterhelp-revealing-consumers-data-including-sensitive-mental-health-information-facebook

[iv] https://www.benefitspro.com/2023/03/27/mental-health-provider-cerebral-admits-to-sharing-health-data-with-facebook-google-tiktok/?slreturn=20230904151655

[v] https://www.benefitspro.com/2023/03/27/mental-health-provider-cerebral-admits-to-sharing-health-data-with-facebook-google-tiktok/?slreturn=20230904151655

[vi] Meyer v. Uber Technologies, Inc., 868 F.3d 66 (2017).

Sean Doolittle

BC EIC Law Student

October 20, 2023

Privacy seems to be on every tech industry analyst's mind nowadays: Law enforcement agencies are partnering with genetic testing services to conduct “DNA drives,” opening up relatives’ genetic markers for commercial exploitation without their consent. Italy banned the popular new generative AI ChatGPT over privacy concerns. Elon Musk found himself under investigation earlier this year for X’s (née Twitter’s) alleged failure to comply with cybersecurity and privacy orders from the Federal Trade Commission.

We live in the era of big data, where tech companies collect and then exchange consumer data with countless third parties — often derived from mobile app usage, website cookies, and other “smart” technologies — in order to learn what makes us consumers tick. Perhaps surprisingly, the United States lacks a singular, comprehensive federal privacy law like the European Union’s General Data Protection Regulation (GDPR); what we do have is a regulatory patchwork that leans heavily on the individual states to fill in the gaps. Efforts to pass such a law, like the American Data Privacy and Protection Act (ADPPA), have stalled in Congress, although they continue to enjoy largely bipartisan support.

One of the few federal privacy laws on the books is the Children’s Online Privacy Protection Act of 1998, also known as COPPA. In the 1990s, when the dot-com bubble was close to bursting, lawmakers began to recognize that the nascent but rapidly growing internet was a lawless “wild west.” No population was at greater risk of exploitation than digitally-native children that often surpassed their parents in computer usage and technical understanding. COPPA imposes a number of regulatory requirements on the “operators” of websites and other online services that collect personal information from users younger than the age of thirteen.

What sort of data is protected? COPPA takes an expansive definition of protected data, including all sorts of “personally identifiable information,” or PII. PII includes first and last name, physical and electronic addresses, telephone and social security numbers, photographs, and geolocation data. Courts have been asked to interpret PII in relation to COPPA and other privacy laws; the Ninth and Third Circuits have both adopted a liberal definition of PII to include any data that permits an “ordinary person” (that is, someone lacking expert technical skills) to identify a particular individual. Even novice internet users can recall sharing something that would personally identify themselves on the internet; in fact, sharing information about oneself is often a prerequisite for accessing online services.

Regulatory compliance is one of the most important considerations for entrepreneurs and their new startup businesses. Any business operating an “online service” within the United States must understand their duties when engaging in data collection vis-a-vis children, lest they face terrible legal and economic consequences. Just this last year, the popular social media app TikTok was fined €345m for failure to comply with the EU’s privacy regulations, and Epic Games — the studio behind the video game phenomenon Fortnite — recently settled a lawsuit with the Federal Trade Commission over COPPA violations for a sum of over $500m.

How can a startup avoid these privacy pitfalls? Compliance begins with understanding the types of businesses to which the law applies. COPPA quite simply makes it illegal for organizations that run websites or other online services (like apps and games) directed at children to collect information on children outside of the strict bounds of the law. The FTC looks at a number of subjective factors to determine whether a website is “directed at children,” including the use of animated characters and presence of “child-oriented” activities.

But COPPA is not limited in its application to websites directed at children; if an online services operator has “actual knowledge” that it has collected the personal information of someone under the age of thirteen, they fall under the purview of the law. While relatively few websites are categorized as explicitly “directed to children,” the actual knowledge clause broadens the net cast by COPPA to capture many — if not most — websites.

First and foremost, entrepreneurs must ensure that their online service provides clear and prominent notice of its data collection practices and discloses how the information is subsequently used (including sale or exchange with third parties). This notice is intended for the parents of children attempting to access the internet, because “verifiable parental consent” is the sine qua non of COPPA. That being said, the FTC is not overly prescriptive about the manner in which verifiable parental consent is gathered; so long as the operator chooses a “reasonable” method of ensuring that it is indeed the parent of a child giving the consent, they will fall in compliance with the law.

Importantly, this verifiable parental consent is freely revocable at any time. A website must make available the information they have collected on a child upon request, and must delete said information if a parent deems it necessary to protect their child’s digital privacy. It is imperative for internet-based businesses and startups in particular to realize that their obligation to protect children’s data on the web does not end with the receipt of parental consent; the obligation is ongoing, and requires constant vigilance to ensure that the integrity and security of the online service is maintained for as long as they are in possession of personal information.

Of course, a prudent new business venture would be foolish to limit themselves to bare regulatory compliance given the fast-moving nature of the tech industry. Recent attempts at passing privacy legislation indicate a growing appetite for stricter data protections for consumers (and especially children), including a desire to increase the minimum age for COPPA from thirteen to fifteen years. As a result, entrepreneurs would be wise to err on the side of caution when it comes to handling personal information online.

By Arden Bonzo

BC Law EIC Student

April 2023

Among the first tasks in building an online LLC is choosing a name that reflects what the business offers and that uniquely sets your business apart from others. It is easy to see how an entrepreneur may be emotionally attached to the name they choose—when you file your LLC’s articles of organization you are sharing the name of your brainchild with the world. This is not to mention all the time dedicated to surrounding that name with design, branding, and goodwill.

But perhaps your business offers a wide range of goods or different kinds of services. The name of your LLC might not reflect all the facets of your business as your LLC evolves. If you feel that your LLC would benefit from operating with multiple brands without legal separation, consider obtaining a DBA.

 Imagine that during the COVID pandemic you discovered a love for plants. You founded an online business named “Plant Depot LLC,” which connects customers with local businesses selling indoor and outdoor plants. You then decide to create another website that exclusively caters to those searching for herbs. To reflect the smaller selection, you decide to call the site “Herbalicious.” To use Herbalicious for providing services on behalf of Plant Depot LLC, you choose to obtain a DBA. The DBA would reflect that Plant Depot LLC is doing business as Herbalicious.

 But what if, like Plant Depot LLC, your business is operating entirely online? Must you obtain a DBA? From where should you obtain a DBA?

 A DBA, also called a business certificate, trade name, or fictitious business name (FBN), allows your business to effectively have multiple brands under one LLC. A DBA on its own does not form a new entity or provide trademark protections. However, a DBA would allow Plant Depot to conduct business using the name “Herbalicious.”

 With a DBA connecting the two, you could open a bank account under Herbalicious, preventing bank charges from being innocently flagged. A customer knows that Plant Depot LLC is the legal entity operating Herbalicious, thereby promoting transparency in the marketplace. A DBA also gives customers legal recourse if they are harmed, by signaling who is controlling Herbalicious. Additionally, those operating Herbalicious are protected by the limited liability of Plant Depot. Legal protection is important for every business, including those conducted entirely online.

 The process for obtaining a DBA varies by state. In Massachusetts, a DBA is obtained at the local level, in the city or town where the primary place of business is located. Many towns provide online filing, and filing fees are relatively modest. The fee for filing a DBA in Boston is $65 and the certificate must be renewed every 4 years.

 Some towns in Massachusetts require that a business obtain zoning verification prior to obtaining a DBA in that town. Zoning laws regulate the activity that can be conducted in a particular location. For example, a manufacturing plant could not be run in an area zoned as residential.

The details of the business matter, however, when determining whether a business run at home is in violation of a particular location’s zoning laws.

Businesses run entirely online, especially those in the service industry like our fictitious company Plant Depot, are unique; customers do not visit the premises and there is no inventory being stored on site. Despite these characteristics, a business conducted entirely online should nonetheless contact the town clerk to be sure they are in conformity with local laws, regulations, and ordinances, as there is little guidance on point for the entirely online business owner.

Online businesses, though unique, are subject to many of the same regulatory requirements as their brick-and-mortar counterparts. Online businesses are responsible for registration with the Secretary of State and tax filing requirements for their particular entity type, as well as compliance with insurance and employment regulations. DBAs are also an important tool for online businesses seeking to develop alternative brands under the liability limiting scheme of the umbrella company.

By Brendan Franca

BC Law EIC Student

April 2023

Cyber-attacks have become an inevitable reality of today's online world. Criminals target organizations in every industry, extracting sensitive customer data to sell on the dark web or locking down computer systems until a ransom is paid [1]. These attacks have grown in both sophistication and frequency since COVID-19 established remote work as the new normal [2]. 2022 saw a series of high-profile attacks, with the average data breach costing companies over $9 million [3]. But it is not just big businesses that are vulnerable. Startups are not immune from cyber-attacks, and founders should not assume that their businesses will fly under the radar.

In fact, many cybercriminals see startups as prime targets. Startups do not usually have the resources of a large company such as dedicated information technology staff, enterprise-level security tools, and a thorough understanding of cybersecurity risks [4].

Cyber-attacks also carry more severe consequences for startups. Businesses can face loss of revenue from suspended operations and even lawsuits from customers who have had their personal data compromised. Furthermore, the reputational damage from an attack can erode customer trust and reduce interest from investors. For these reasons, an estimated 60% of small businesses close within six months of a cyber-attack.

Startups can take several steps to build an effective cybersecurity strategy and reduce the risk of cyberthreats.

Conduct a Risk Assessment

The first step of a solid cybersecurity plan is conducting a comprehensive risk assessment. This will allow a company to understand the threats it faces and develop a plan to protect itself against them. A startup should take stock of the types of data it handles, evaluate the current security measures in place, and identify any gaps or vulnerabilities that can be addressed.

As part of this assessment, startups should also ensure they are complying with applicable cybersecurity laws. The United States has no single law regulating cybersecurity, but there are several laws that apply to specific operations. For example, the Children’s Online Privacy Protection Act regulates how websites directed at children collect, use, and/or disclose personal information.[5]

Data Encryption and Backups

Startups should regularly back up all critical data to ensure it is not lost in the event of a cyber-attack. It is best practice to keep these backups encrypted and stored in a secure cloud server or an external hard drive.

 Secure Passwords and Two-Factor Authentication

 An estimated 81% of data breaches result from stolen or weak passwords.[6] Startups can protect themselves by setting minimum password requirements that are special, complex, and difficult to guess. In addition, all accounts should be secured with two-factor authentication. This provides an additional layer of security in the event that sign-in credentials are compromised.

 Check the Security Reputation of Vendors

Startups often must rely on outside vendors for many of their operations, such as cloud computing and payroll services. These vendors can have extensive access to sensitive company data. It is essential to monitor what data vendors have access to, how the data is used, and whether they have adequate security measures in place. Startups may want to include security provisions within their vendor contracts to set minimum expectations.[7]

Be Prepared for Failure

No cybersecurity strategy will guarantee protection from cyber-attacks. It is therefore essential to have a plan in place specifying how a company will respond to a security breach. This plan can include assigning certain individuals to a response team, outlining steps to isolate the problem and minimize damage, and procedures for restoring data from backups. Having this plan in place can help reduce panic and allow a company to resume operations as quickly as possible. Startups should also consider purchasing cyber liability insurance to offset the cost of business interruption.

When drafting an incident response plan, companies should also be aware of state notification laws that may be triggered by a cyber-attack. For example, Massachusetts requires businesses that handle personal information of Massachusetts residents to notify the Office of Consumer Affairs and Business Regulation when they learn of a security breach.[8]

Conclusion

It is critical for founders to be proactive in developing a cybersecurity strategy to protect the assets of their growing businesses. Having strong security protocols in place will allow startups to safeguard their reputations and operate with confidence.

By Sarah Litwin

BC Law EIC Student

April 2023

There are many reasons a startup should consider using ChatGPT. ChatGPT is an artificial intelligence (AI) chatbot developed by OpenAI. OpenAI is an American AI research lab consisting of the non-profit OpenAI Incorporated and its for-profit subsidiary corporation OpenAI Limited Partnership. ChatGPT presents exciting solutions for startups as well as challenges. Understanding the benefits and limitations of ChatGPT will assist startups in leveraging new technology to efficiently achieve goals.

What is ChatGPT? Chat Generative Pre-trained Transformer (ChatGPT) is a powerful tool that can help businesses automate customer service with tailored conversations. With a few typed instructions, ChatGPT can produce coherent text that imitates human-created work (see image below). With conversational capabilities, ChatGPT can be used for professional emails and to automate sales processes by assisting customers with product recommendations and quotes. Startups can implement ChatGPT or other forms of Artificial Intelligence into their platforms by using a third-party application, or by building a custom chatbot. By providing basic instruction, the system has the capability to suggest detailed ideas for content and social media posts. In fact, ChatGPT is already being utilized by State legislatures to protect the public’s safety, privacy, and intellectual property rights [1].

How can ChatGPT help startups? ChatGPT can be used by entrepreneurs to identify customer interests, including effective marketing strategies for small businesses [3]. AI Chatbots are also used to automate routine tasks and processes, such as sending emails or updating social media accounts [4]. To prepare for counseling a startup client, lawyers can use ChatGPT to generate options and prepare advantages or disadvantages of various solutions [5]. In addition, ChatGPT can compile research, train and hire interns or customer service staff providing startups with valuable monetary savings [6].

What risks are there to using ChatGPT? ChatGPT also exposes startup businesses to risks. One risk or open question surrounding ChatGPT and AI Chatbots is how the resulting work fits into copyright law. A key aspect of entitlement to copyright protection is authorship. The U.S. Copyright Office says that works must be created by a human author. While AI-based works are produced by human inputs, the output that constitutes the work itself is not created by humans. Thus, the use of ChatGPT is likely to lead to copyright issues and questions surrounding who is the rightful copyright owner of a work.

Creators commonly utilize digital technology to assist with copyrightable works, such as iPhones to create protected pictures, 3D processors to create sculptures, and tablets to draw images among others. There is a strong argument that if a human started the creative process for a particular work, it should be granted copyright protection. However, the amount of input generating the creative process warranting protection is unclear. There are also questions about which individuals or entity has the right to publish or exhibit AI-produced works.

ChatGPT may also raise significant privacy issues. Chatbots collect and process highly sensitive details. While conversations are not visible to other users, user data may require encryption and secure storage [7]. It is unclear to what extent protective measures may be incorporated into Chatbots and how to manage compromised information within these platforms.

Each of these concerns may lead to the emergence of litigation. To prepare for these potential issues, startups can set standards for inputs to ChatGPT. In particular, if a startup seeks copyright protection for a work partially produced with ChatGPT, they can demonstrate that their contribution to the work is greater than the result contributed by the new technology. Startups might also consider preparing liability waivers or click-wrap for consumers engaging with the Chatbot to minimize concerns of a privacy suit. These are just a few considerations an entrepreneur might consider when deciding whether to incorporate ChatGPT into their business. 

ChatGPT is a disruptive technology that has already changed the context of startup environments. While artificial intelligence is here to stay, startups can and should consider the ethical implications of how these developments will affect their business. Moreover, startups looking to leverage artificial intelligence to build their business must give thought to the legal implications of integrating the new technology into their work.

[1] An Act drafted with the help of ChatGPT to regulate generative artificial intelligence models like ChatGPT, SD.1827, 193rd Gen. Assemb., Reg. Sess. (Ma. 2023), https://malegislature.gov/Bills/193/SD1827. 

[2] ChatGPT conversation with author on March 10, 2023.

[3] 100 Valuable Chat GPT Prompts To Boost for Startups and Businesses, MEDIUM, 

https://medium.com/@thestartupjournal/100-valuable-chat-gpt-prompts-to-boost-for-startups-and-businesses-e7ec4e2660a2.

[4] 7 Great AI Opportunities for Any App Startup, by ChatGPT, PROTOTYPE.IO, https://prototypr.io/post/chatpgt-7-startup-ai-opportunities.

[5] See Neumann, “Part III: Counseling and Advice,” TRANSACTIONAL LAWYERING SKILLS, page, 54.

[6] Marr, B.,What Does ChatGPT Really Mean For Businesses?, FORBES, https://www.forbes.com/sites/bernardmarr/2022/12/28/what-does-chatgpt-really-mean-for-businesses/?sh=5428ae257d1e.

[7] How Can You Use Chat GPT For Your Small Business?, DREAMWORX,

https://dreamworxmarketing.com/blog/chat-gpt-for-small-business/.

By Austin Fahnestock

BC Law EIC Student

April 2023

Before you take another step, consider: is your startup a partnership?

Imagine that you and several of your friends have been life-long cowboy hat enthusiasts. Together, you’ve traveled the American West and amassed not only a collection of hats but a working knowledge of the basics of how they are made. You’ve long been interested in the design of hats, particularly when it comes to adapting them to modern contexts, and your friend, “Larry” has developed a line of proprietary leathers using techniques he adapted from old family trade secrets. Several years ago, you and Larry got together and created a prototype “Urban Bullrider Hat” which you designed and he helped craft using his leathers. After a positive reception from your friends, you suggest selling the hat online, and Larry agrees. You sell informally on social media with some success, and soon find that there is a market not only for the hats themselves but for the patterns and tutorials on how to make them. Excitedly, you begin exploring sales avenues and licensing regimes for the patterns, and, at the end of a conversation with a friend, informally agree to take them on as an investor with a share in a new entity you plan to form. Several days later, Larry approaches you, clearly upset. He says you should not have agreed to an investor without asking him and that you either need to buy him out or start passing along half of the profits.

While it may seem strange that someone else could possess an interest in your designs or the profit you derive from them, it can happen if your business is a general partnership. But how do you know if you have a general partnership?

Business Entities

 A general partnership is one of a number of common forms that a profit-making effort may take.[1] Other well-known forms include sole-proprietorships, Limited Liability Companies (“LLC”), S-Corporations (“S-Corp”), and C-Corporations (“C-Corp”).[2] Each of these has their own body of law and unique characteristics, but one of the most defining differences is that LLCs, S-Corps, and C-Corps require filing with a secretary of state to form, while sole-proprietorships and general partnerships may arise by implication simply through engaging in business for profit.[3] The main difference between a sole-proprietorship and a general partnership is that a sole-proprietorship involves only one person while a partnership has two owners.[4]

Legal Features of a General Partnership

Here in Massachusetts, a partnership involves two people co-owning a business for profit that is not already another form of association.[5] In fact, the sharing of profits is one of the defining features indicating the existence of a partnership.[6] Other features include pass-through taxation, in which profits and losses are realized on the individual partners’ tax returns, joint and several liability, and the option, but not requirement, of a governing partnership agreement.[7] 

Formation of a Partnership

A partnership forms on the intent of two or more parties to conduct business together, but that intent may be implied by actions.[8] Where parties disagree about the existence of a partnership, Massachusetts courts look to both statutes and case law for criteria.[9] Three of the most significant facts are an agreement by the parties showing their intention to be in a partnership, sharing of profits and losses, and participation in control or management.[10] Other factors may include a limitation to a single undertaking and the contribution of money, property, skill, knowledge, or effort.[11]

Rights and Obligations of a Partner

Once a partnership exists, each partner is subject to a series of rights and obligations which may come either from an oral or written agreement between the parties or from state law.[12] Obligations include joint liability, as already discussed.[13] Rights include a share of the profits and surplus, rights in the property of the partnership, and fiduciary duties from the other partners [14]. Partnership agreements, especially those that are written, may supply sophisticated terms for dividing profits or property [15]. Where a partnership agreement does not supply terms, state default law applies, which, in the case of shares of profit, mandates a split of equal shares [16].

Riding Alone… Or Not

As a business develops, a founder may receive assistance and input from many different people. For solo founders who do not want a business partner, it is important to clarify the relationship between the business and any others involved as something other than a partnership, such as an employment or contractual relationship. Similarly, for those who are working with one or several cofounders, defining the relationship early on with a written partnership agreement will reduce the possibility of unwanted legal defaults applying later on.

Conclusion

Unlike LLCs, S-Corps, C-Corps, and other entities formed by registration, a general partnership is formed by the agreement of the partners, which may be implied from series of factors. The rights of those partners are then either derived from the partnership agreement or supplied by law if there are none. This has important implications for the rights of partners to partnership property and profits. For founders working with others on a startup, like Urban Bullrider, it is important to recognize that their shared effort may be a partnership. For founders who know they are in a partnership, there may be some ambiguity as to the rights and liabilities of the partners. In both cases, founders will benefit from implementing an explicit, written agreement before proceeding further with their enterprise.

[1] Andrew Bloomenthal, General Partnerships: Definition, Features, and Example, Investopedia https://www.investopedia.com/terms/g/generalpartnership.asp (last visited February 24, 2023).

[2] Types of Corporations, Investopedia https://www.investopedia.com/types-of-corporations-5270647 (last visited February 24, 2023).

[3] Andrew Bloomenthal, General Partnerships: Definition, Features, and Example, Investopedia https://www.investopedia.com/terms/g/generalpartnership.asp (last visited February 24, 2023) (“General partnerships are unincorporated businesses”).

[4] Id. (“A general partnership is a business arrangement by which two or more individuals agree to share responsibilities, assets, profits, and financial and legal liabilities of a jointly-owned business.”)

[5] ALM GL ch. 108A, § 6 (“A partnership is an association of two or more persons to carry on as co-owners a business for profit and includes, for all purposes of the laws of the commonwealth, a registered limited liability partnership.”)

[6] ALM GL ch. 108A, § 7(4) (“The receipt by a person of a share of the profits of a business is prima facie evidence that he is a partner in the business. . . .”)

[7] 26 U.S.C.S. § 701 (“A partnership as such shall not be subject to the income tax imposed by this chapter [26 USCS §§ 1 et seq.]. Persons carrying on business as partners shall be liable for income tax only in their separate or individual capacities.”); ALM GL ch. 108A, § 15(1) (“[A]ll partners are liable . . . . jointly and severally for everything chargeable to the partnership. . . .”); Kansallis Fin. v. Fern, 40 F.3d 476, 479 (1st Cir. 1994) (“While a partnership undoubtedly requires an agreement among the partners, that agreement need not be in writing. Rather, intent to carry on business as partners may be inferred from the partners' words and acts.”)

[8] Kansallis Fin. v. Fern, 40 F.3d 476, 479 (1st Cir. 1994) (“Rather, intent to carry on business as partners may be inferred from the partners' words and acts.”)

[9] Id.

[10] Fenton v. Bryan, 33 Mass. App. Ct. 688, 691 (1992) (“Those factors include, among others, (1) an agreement by the parties manifesting their intention to associate in a partnership (2) a sharing by the parties of profits and losses, and (3) participation by the parties in the control or management of the enterprise.”)

[11] Shain Inv. Co. v. Cohen, 15 Mass. App. Ct. 4, 8-9 (1982) (“Nevertheless, the following pragmatic check list suggests considerations which, if present or absent, may bear upon the recognition of one: (1) an agreement by the parties manifesting their intention to associate for joint profit not amounting to a partnership or a corporation; (2) a contribution of money, property, effort, knowledge, skill, or other assets to a common undertaking; (3) a joint property interest in all or parts of the subject matter of the venture; (4) a right to participate in the control or management of the enterprise; (5) an expectation of profit; (6) a right to share in profits; (7) an express or implied duty to share in losses; and (8) a limitation to a single undertaking (or possibly a small number of enterprises).”)

[12] See e.g. ALM GL ch. 108A, §1-49; Whitcomb v. Converse, 119 Mass. 38, 42-43 (1875) (“In the absence of controlling agreement, partners must bear the losses in the same proportion as the profits of the partnership, even if one contributes the whole capital, and the other nothing but his labor or services. Whether a loss of capital is a partnership loss, to be borne by all the partners, depends upon the nature and extent of the contract of partnership.”)

[13] ALM GL ch. 108A, § 15(1) (“[A]ll partners are liable . . . . jointly and severally for everything chargeable to the partnership. . . .”)

[14] ALM GL ch. 108A, § 18, 25, 26.

[15] See, e.g., Adams v. Adams, 459 Mass. 361, 366 (2011) (discussing a relatively complex partnership agreement in the context of determining marital property).

[16] Whitcomb v. Converse, 119 Mass. 38, 42-43 (1875) (“In the absence of controlling agreement, partners must bear the losses in the same proportion as the profits of the partnership, even if one contributes the whole capital, and the other nothing but his labor or services. Whether a loss of capital is a partnership loss, to be borne by all the partners, depends upon the nature and extent of the contract of partnership.”)

By Amanda Morales

BC Law EIC Student

April 2023

Last summer, I received an email with a subject line asking: “Want to Own a Piece off Comrad?” In exchange for an investment of $100, I could enter in a Simple Agreement for Future Equity (“SAFE”), a type of security commonly used by start-up companies to raise capital. Upon the occurrence of certain conditions, the SAFE would convert into capital interest, or partial ownership, in the company[1]. This email solicitation was my first introduction to equity crowdfunding. Just a few weeks earlier, I had made a different kind of investment in the company through my seventy-dollar purchase of a 3-pack of Comrad compression socks– a hefty, yet reasonable price for socks promising me “happy feet.”[2]

Without knowing whether these socks would actually give me “all day energy, comfort, and support,” I pulled out my credit card and made my purchase. Globally, consumers use their buying power to support businesses that align with their values and interests [3]. In my own case, I was drawn to the company’s science-backed, proprietary sock design, impeccable branding, and glowing customer testimonials. Although I did not participate in the crowdfunding campaign due to my own lack of information, in the future, if given the chance to support an emerging company I believe in, I would make that investment.

Because of the well-known funding disparities faced by women and minority-founded companies, a successful round of crowdfunding can not only serve as a much-needed source of funding for these companies but can also, as Professor Darien Ibrahim suggests, signal to follow on investors, like venture capital (“VC”) firms and Angels, the company’s quality [4]. Lawyers advising emerging companies should be prepared to dispel misconceptions about equity crowdfunding and counsel clients through the required disclosures, as to ensure regulatory compliance, strengthen investor protection, and aid in democratizing access to capital.

Capital Raising Online While Deterring Fraud and Unethical Non-Disclosure (“CROWDFUND”) Act of 2012

The Jumpstart Our Business Startups (“JOBS”) Act, signed into law in 2012, contains a crowdfunding provision, Title III, that enables start-up companies and other small businesses to raise capital through equity crowdfunding [5]. Title III, or the CROWDFUND Act, amended the Securities Act of 1933 (“Securities Act”) by adding a “crowdfunding exemption” under Section 4(a)(6) [6]. Typically, securities must be registered with the SEC; however, some securities and transactions may qualify for an exemption from the SEC registration requirements. By 2015, the Securities and Exchange Commission (“SEC”) had adopted Regulation Crowdfunding, a regulatory framework which permits emerging companies that meet certain requirements to offer and sell securities. Regulation Crowdfunding (“Reg CF”), promulgated under Section 4(a)(6), allows private start-up companies to bypass some of the regulatory burdens that often accompany large offerings of securities to the general public, such as filing a registration statement, prohibitions on general solicitation, or limitations on the size of an offering [7]. Because of the risks inherent in a general offering of securities to the public, Reg CF contains several requirements aimed at bolstering investor protection.

Many may be familiar with popular crowdfunding platforms like GoFundMe where users can fundraise for charity or Kickstarter where users can support creative projects and later receive rewards. In contrast, equity crowdfunding allows companies to raise capital by broadly offering or selling securities to any investor, regardless of their level of sophistication. Prior to the adoption of Reg CF, companies that required capital investments had to proceed under existing exemptions, like Regulation D [8]. Regulation D offerings, which may proceed under Rules 506 or 504, are subject to restrictions that make it more difficult for emerging companies to effectively raise capital. For example, Rule 506 offerings place a limit on the number of non-accredited purchasers who may participate in an exempt offering, which may necessitate a start up’s reliance on accredited investors, like VC firms, for capital [9]. For context, accredited investors are presumed to be sophisticated, unlike non-accredited investors for whom the securities laws are aimed at protecting from market abuses and other information asymmetries [10].

Crowdfunding Basics

Reg CF exempts from registration transactions involving the offer or sale of securities by emerging company issuers, if the offering amount does not exceed $5,000,000 [11]. The maximum aggregate amount eligible to be sold was recently raised from $1,000,000 to $5,000,000 in 2021 [12]. There are also restrictions on how many securities may be sold to an individual investor depending on whether the individual’s annual income or net worth is below or exceeds $100,000. Typical forms of equity securities sold include SAFE’s or common stock [13]. Additionally, all crowdfunding transactions must be conducted through a broker or funding portal registered with the SEC and the Financial Industry Regulatory Authority (“FINRA”). Examples of registered funding platforms include Republic [14] or SeedInvest [15].

Both issuers and intermediaries facilitating the transactions are tasked with providing certain disclosures to investors [16]. The disclosure requirements in a private placement of securities are less burdensome than traditional offerings, but nonetheless require a special level attention to detail and candor. Intermediaries must answer investor questions and ensure that investors participating in an offering review investor-education information and affirm their understanding of the risks involved [17]. Issuers are also required to prepare a Form C and file it with the SEC. Information detailed on the Form C disclosure that may be of importance to investors includes details about the company’s ownership and capital structure, the purpose of the offering, the terms of the investment commitment, and, of course, risks related to the investment [18]. Issuers can be held liable for omissions or misstatements of material fact, so it is important for issuers to pay special attention to the disclosure requirements [19].

The State of Crowdfunding

In a 2019 report on Reg CF by staff at the SEC, the authors assessed the “impact of the regulation on capital formation and investor protection [20].” The report revealed that despite Reg CF’s loosened disclosure requirements, many issuers still found the requirements to be complex and expensive [21]. Further, in the year following the enactment of Reg CF, participation in crowdfunding campaigns by women owned businesses was low and data on minority owned businesses was difficult to measure [22].

It should come as no surprise that while start-up companies led by women and minority founders, on average, spent more time fundraising, those teams still raised less from VC investors than all-male teams [23]. Although there have been significant increases in VC engagement and funding for women and minority-founded start-ups, biases in early-stage fundraising still exist and reinforce the status quo. Founders that are ready to elevate their emerging company to its next stage of growth should consider equity crowdfunding as either a promising starting point for their company’s fundraising journey or a potential solution for filling in any financing gaps. With the knowledge that a start-up client may perceive Reg C-F disclosures as an impediment to their participation in a crowdfunding campaign, attorneys advising emerging companies should be prepared to allay client concerns about this form of capital fundraising.

Footnotes;

[1] https://republic.com/comrad

[2] https://www.comradsocks.com/

[3] See Andrea Willage, People prefer brands with aligned corporate purpose and values, World Economic Forum (December 17, 2021), https://www.weforum.org/agenda/2021/12/people-prefer-brands-with-aligned-corporate-purpose-and-values/

[4] See Ibrahim, Darian, Crowdfunding Signals, 53 Ga. L. Rev. 197 (2018).

[5] Jumpstart Our Businesses Start Up Act, 112 P.L. 106, 126 Stat. 306, https://www.govinfo.gov/content/pkg/BILLS-112hr3606enr/pdf/BILLS-112hr3606enr.pdf

[6] Securities Act of 1933, 15 U.S.C. 77d(a)(6), https://www.govinfo.gov/content/pkg/COMPS-1884/pdf/COMPS-1884.pdf

[7] Regulation Crowdfunding, 17 C.F.R. § 227, https://www.ecfr.gov/current/title-17/chapter-II/part-227?toc=1

[8] James D. Cox, Robert W. Hillman, Donald C. Langevoort, and Ann M. Lipton, Securities Regulation: Cases and Materials, tenth edition, at 245 (2022).

[9] See id. at 249.

[10] See id. at 234.

[11] Regulation Crowdfunding, 17 C.F.R. § 227, https://www.ecfr.gov/current/title-17/chapter-II/part-227?toc=1

[12] SEC Rule, Facilitating Capital Formation and Expanding Investment Opportunities by Improving Access to Capital in Private Markets (January 14, 2021) https://www.federalregister.gov/documents/2021/01/14/2020-24749/facilitating-capital-formation-and-expanding-investment-opportunities-by-improving-access-to-capital

[13] SEC, Investor Bulletin: Be Cautious of SAFEs in Crowdfunding, https://www.investor.gov/introduction-investing/general-resources/news-alerts/alerts-bulletins/investor-bulletins-52

[14] https://republic.com/

[15] https://www.seedinvest.com/

[16] 17 CFR Part 227 Subpart B, https://www.ecfr.gov/current/title-17/chapter-II/part-227/subpart-B/section-227.201

[17] 17 CFR Part 227 Subpart C, https://www.ecfr.gov/current/title-17/chapter-II/part-227/subpart-C

[18] 17 CFR 227.203 https://www.ecfr.gov/current/title-17/chapter-II/part-227/subpart-B/section-227.203

[19] Securities Act of 1933, 15 U.S.C. 77d-1(c), https://www.govinfo.gov/content/pkg/COMPS-1884/pdf/COMPS-1884.pdf

[20] Report to the Commission on Regulation Crowdfunding (June 18, 2019) https://www.sec.gov/files/regulation-crowdfunding-2019_0.pdf

[21] See id. at 30.

[22] See Lindsay M. Abate, One Year of Equity Crowdfunding: Initial Market Developments and Trends, U.S. Small Business Administration Office of Advocacy Economic Research Series, at 5, 13 (March 29, 2018) https://advocacy.sba.gov/2018/03/29/one-year-of-equity-crowdfunding/

[23] See Dropbox DocSend Research Report, The Funding Divide: Tracking Systemic Bias in Early-Stage Fundraising (2022) https://docsend.com/view/ytshcechjuufnp27/d/gbh34gv8v8reep5m