Aviation Regulatory Alert – August 2020
September 8, 2020
CALIFORNIA ATTORNEY GENERAL FINALIZES CCPA REGULATIONS
On August 14, 2020, California Attorney General Xavier Becerra announced that the Office of Administrative Law (OAL) had approved the final California Consumer Privacy Act (CCPA) regulations. This means that the CCPA regulations have been fully implemented and enforcement for noncompliance will begin immediately.
The following key compliance provisions are now in effect: i) Notice requirements, including website privacy notices, point of collection notices, notice of right to opt-out of sale, and notice of financial incentives, if applicable; and ii) Consumer requests requirements, including ensuring that the business implement an compliant intake process and act promptly on such requests, and maintaining proper records of the consumer requests and the business’ responses.
Notably, the final CCPA regulations do not contain requirements that: i) businesses obtain consumers’ explicit consent before using their personal information for any new business purpose; ii) businesses tell offline or in-store customers of their option to opt-out through paper notices or signs directing them to a website policy; and iii) a business’ methods for submitting the request to opt-out must be easy to execute or require minimal steps. Additionally, businesses can no longer deny a request from a customer’s agent who does not offer proof they are authorized by that customer.
If you have any questions regarding whether the CCPA applies to your operations, please contact us.
CJEU INVALIDATES EU-US DATA TRANSFERS UNDER GDPR FOR THE SECOND TIME
On July 16, 2020, the Court of Justice of the European Union (CJEU) found for a second time that the General Data Protection Regulation (GDPR) mechanisms for transferring personal data from the EU to the U.S. is invalid in Schrems and Facebook Ireland v Data Protection Commissioner, CJEU Case C-311/18 (Schrems II). Under the GDPR, before data transfers between EU members and third-countries is allowed, the European Commission must make an adequacy decision that the third country’s privacy laws are essentially equivalent to the rights and obligations under the GDPR. In Schrems II, the CJEU struck down the European Commission’s July 12, 2016 decision on the legal adequacy of the U.S.-EU Privacy Shield Framework.
A core issue in Schrems II cases was how national security agencies operate to preserve security and also ensure sufficient levels of privacy. The CJEU took issue with the U.S. government’s access to personal data for national security purposes, and specifically the rights of EU citizens in the U.S. to judicial review and redress. Until EU and U.S. officials are able to come to another agreement, and obtain another adequacy decision from the European Commission, the transfer of personal data from EU citizens to the U.S. will be limited. To address the potential impact of the decision the European Data Protection Board (EDPB) published a FAQ document, available here, on the implications of the decision. While the FAQ indicates that it may still be possible to transfer data to the U.S. pursuant to Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs), in each case it will depend on the result of a case-by-case analysis of the circumstances surrounding the transfer, and whether the company can ensure that U.S. law would not impinge on the adequate level of protection. Finally, the CJEU’s decision does not relieve participants in the EU-U.S. Privacy Shield of their obligations under the EU-U.S. Privacy Shield Framework.
GAO ISSUES CONGRESSIONAL REPORT ON FAA’S COMPLIANCE PROGRAM
On August 18, 2020, the Government Accountability Office (GAO) issued a report, available here, on the FAA’s Compliance Program which was originally initiated in 2015. The policy was intended to be a more collaborative and problem-solving approach to safety enforcement which emphasized using compliance actions, such as counseling or training, rather than enforcement actions, to address many violations.
The GAO report found that no specific FAA office or entity provides oversight for the Compliance Program. While FAA had originally tasked a working group to lead the initial implementation efforts, that group no longer regularly discusses the Compliance Program, and no office or entity was later assigned oversight authority. Based on this, GAO found that FAA is not positioned to identify and share best practices or other valuable information across the agency. GAO also found that while FAA had established goals for the Compliance Program, FAA had not taken any steps to evaluate whether the program accomplishes these goals.
Based on this review, GAO made the following three recommendations to the FAA: (1) the Agency should assign authority to an office or other entity to oversee use of the Compliance Program across program offices; (2) the Agency should collect and analyze data to monitor use of the Compliance Program across all program offices; and (3) the Agency should conduct an evaluation of the Compliance Program to assess the effectiveness of the program in meeting its goals. After reviewing the report, FAA concurred with the recommendations.
CDC REVISES COVID-19 TRAVEL ADVICE
The Center for Disease Control (CDC) has revised the “After You Travel” section of its COVID-19 travel advice website. Since March, the CDC has recommended that all individuals traveling internationally, or individuals traveling domestically to states with high incidence rates of COVID-19, quarantine for 14 days following that travel. However, CDC is no longer recommending a 14-day quarantine for this type of travel, instead, CDC is recommending that travelers watch for symptoms, social distance, wear masks, and wash their hands. However, the CDC does provide more specific after travel advice on the webpage it maintains for each country. For those countries that the CDC designates as a high-risk country, the CDC also additionally recommend that individuals stay home as much as possible, avoid being around individuals at high risk for serious illness from COVID-19, and to consider getting tested for COVID-19.
WHITE HOUSE AND AIRLINES END PLANS TO IMPLEMENT CONTRACT TRACING PROTOCOLS
In June 2020, Trump Administration officials began discussions with a group of airlines about how to best implement a Centers for Disease Control and Prevention (CDC) mandate for the collection and reporting of tracing information from passengers arriving to the United States from foreign destinations, with a goal of having a plan in place by September 1, 2020. However, during meetings at the White House on August 21, 2020, officials from both the administration and airlines indicated that the current round of discussions was ending and that no plan was likely to be adopted and in effect before the end of 2020. While a plan for contact tracing may no longer be pursued at this time Trump administration officials have indicated that they will continue to work with airlines to determine the best solutions to protect the health of the and safety of airline passengers.
FAA PROPOSES $1.25 MILLION IN CIVIL PENALTIES AGAINST BOEING
On August 5, 2020, the FAA proposed two civil penalties totaling $1.25 million against the Boeing Company for alleged violations of a program that allows the aircraft manufacturer to perform certain functions on behalf of the FAA. The FAA alleges that Boeing managers exerted undue pressure or interfered with the work of FAA designees at the company’s plant in South Carolina.
The first civil penalty, for $1,066,655, alleges Boeing implemented an improper structure of its FAA-approved Organization Designation Authorization (ODA) program, through which employees in two ODA units reported to managers who were not in approved ODA management positions. Furthermore, the FAA alleges that Boeing failed to ensure ODA administrators were in a position to effectively represent the FAA’s interests and that non-ODA Boeing managers exerted undue pressure or interfered with ODA unit members.
The second civil penalty, for $184,522, alleges that on February 26, 2020 Boeing failed to follow its quality control processes and subjected ODA members to undue pressure or interfered with an airworthiness inspection of a Boeing 787-9.
Despite the alleged undue pressure or interference from Boeing managers, the FAA asserts that ODA unit members fulfilled their FAA responsibilities to ensure aircraft were conforming and in a condition for safe operation prior to issuance of their airworthiness certificates.
FEDERAL COURT DISMISSES COVID-19 NEGLIGENCE SUITS AGAINST PRINCESS CRUISES
On August 21, 2020, a Federal judge in California dismissed three lawsuits which alleged that Princess Cruise Lines Ltd. knowingly exposed passengers to the novel coronavirus and that its negligence caused passengers to contract the virus and some to die. In all three cases, the plaintiffs alleged that they or their loved ones contracted COVID-19 on the Ruby Princess as a result of the cruise line’s negligent approach to their safety. In one case, the court found that the plaintiff needed to show that she had been appointed the personal representative of the estate of her late husband and dismissed the claim. In the other two cases, the judge dismissed the claims after finding that the complaints did not provide enough evidence to show the passengers actually contracted the illness on the ship. This same defense is likely to be relevant in any lawsuits brought against airlines for claims asserting that a COVID-19 related illness was contracted during a flight. Based on these recent cruise line cases, that may be a difficult claim to prove.
AMAZON RECEIVES PART 135 CERTIFICATE FOR COMMERCIAL UAS DELIVERIES
On August 29, 2020, FAA issued a Part 135 air carrier certificate to Amazon Prime Air for the delivery of packages using unmanned aircraft systems (UAS), allowing it to begin commercial UAS deliveries. Amazon Prime Air will utilize small drones, with the goal to deliver packages up to five pounds in 30 minutes or less, and each UAS will be equipped with “sense and avoid” technology to ensure safe operations. Additionally, the approval will allow Amazon Prime Air to make deliveries beyond the line of sight of the operator, which is currently a limitation on commercial UAS operations. This is only the third certification of this type, with the previous two being issued to Wing Aviation, a subsidiary of Google parent company Alphabet, and UPS Flight Forward.
COURT STRIKES KEY REGULATIONS ON FEDERAL PAID LEAVE
On August 24, 2020, a federal district court in New York struck down key provisions of the United States Department of Labor (DOL) regulations implementing the Families First Coronavirus Response Act (FFCRA) and its two key federal paid leave laws, the Emergency Family and Medical Leave Expansion Act (EFMLEA) and the Emergency Paid Sick Leave Act (EPSLA). The striking down of the regulations is likely to have the following impact:
Work-availability Requirement: Previously, if an employer’s business was shut down or an employee was laid off for lack of work due to COVID-19, the individual was NOT entitled to paid leave. Until DOL issues revised regulations or appeals the decision, these employees MAY be entitled to paid leave
Employer Consent for Intermittent Leave and Documentation Requirements: Likely to have limited impact because of difficulty of applying retroactively. These regulations required employees to obtain employer consent before taking intermittent leave and to provide the required documentation prior to taking leave.
FAA ISSUES TWO NOTICES SEEKING INFORMATION ON DRONE MITIGATION AND DETERRENCE
On August 21, 2020, issued two notices requesting information on counter unmanned aircraft system (UAS) technologies. The first notice seeks white papers to identify eligible manufacturers, vendors, and integrators of UAS detection and/or mitigation technologies in support of the FAA’s Airport UAS Detection and Mitigation Research Program. The FAA plans to test and evaluate at least 10 technologies or systems later this year, with tests to initially occur at the FAA’s William J. Hughes Technical Center, located adjacent to the Atlantic City International Airport in New Jersey. White paper should be submitted by October 5, 2020. The second notice is a market survey that seeks to identify companies that have the minimum capabilities to perform live engine ingestion tests involving small drones, and the FAA plans for this procurement to include a 24-month base period. Responses to this market survey are expected by September 4, 2020.
NBAA REQUESTS PUBLIC HEARING ON PROPOSED IRS REGULATIONS
On August 24, 2020, the National Business Aviation Association (NBAA) filed a comment, available here, on Prop. Treas. Reg. § 1.274-14, Qualified Transportation Fringe, Transportation and Commuting Expenses under Section 274, which was published in the Federal Register by the IRS on June 23, 2020. The NBAA’s comment requested a public hearing so that the IRS could provide additional guidance on a number of issues related to the disallowance of commuting expenses, a provision enacted in the Tax Cuts and Jobs Act of 2017. Specifically, the NBAA’s comments raises issues with: i) how compensation fringe benefits are reported as taxable compensation for employees; ii) distinguishing deductible business travel from commuting; iii) which costs should be disallowed under commuting benefits; iv) the travel exemption for employee safety; and v) the definition of “employee” under the regulation.
FAA PROPOSES $576,400 CIVIL PENALTY AGAINST FLORIDA-BASED BLUEFIN AVIATION SERVICES FOR ALLEGED ILLEGAL CHARTER FLIGHTS
On August 21, 2020, the FAA proposed a $576,400 civil penalty against Bluefin Aviation Services of Opa-Locka, Fla., for allegedly conducting illegal charter flights. The FAA alleges that in September 2019 and October 2019, Bluefin conducted at least 26 illegal for-hire flights using a Cessna 402B airplane to transport passengers and/or cargo between points in Florida and points in the Bahamas. The flights were illegal because Bluefin did not hold an Air Carrier or Operating Certificate, or Operations Specifications issued by the FAA, the agency alleges. The FAA further alleges the flight crew that conducted the operations had not passed required written or oral tests, competency checks and flight checks.
FAA REVOKES REPAIR STATION CERTIFICATE OF BROKEN WINGS LLC OF ALASKA
On August 21, 2020, the FAA issued an emergency order revoking the repair station certificate of Broken Wings Aviation LLC, of Wasilla, Alaska, for allegedly conducting maintenance work it was not authorized to perform. The FAA alleges that on four occasions between June 2019 and November 2019, Broken Wings conducted unauthorized maintenance operations on a Cessna 172’s landing gear, brakes and fuel-quantity indicator, when Broken Wings was only authorized to work on Beechcraft King Air 200 airplanes and was not rated to work on instruments. Broken Wings was ordered to immediately surrender its certificate to the FAA and faces fines up $1,501.00 for each day it fails to do so.
FCC ISSUES $2.8 MILLION FINE FOR MARKETING OF ILLEGAL UAS TRANSMITTERS
On July 23, 2020, the Federal Communications Commission (FCC) issued a forfeiture order, fining Hobbyking $2.86 Million in connection with the marketing of UAS transmitters that operated in unauthorized radio frequency bands. The FCC alleges that Hobbyking, “advertised and sold on its website to U.S. consumers dozens of models of auto/video transmitters for use with unmanned aircraft systems (drones), without regard to whether those AV transmitters were compliant with the…Commission’s rules,” which included at least 65 different transmitter models that had not been FCC certified. Furthermore, the FCC alleges that 12 of the marketed transmitter models operated in restricted frequency reserved for federal use and could potentially interfere with critical systems of the FAA. Hobbyking has 30 days from the date of the order to pay the fine.
This Aviation Regulatory Update is intended to keep readers current on developments in the law. It is not intended to be legal advice. If you have any questions, please contact author Evelyn Sahr at 202.659.6622 or firstname.lastname@example.org; Drew Derco at 202-659-6665 or email@example.com; or Andy Orr at 202-659-6625 or firstname.lastname@example.org or any other attorney at Eckert Seamans with whom you have been working.