Tag Archives: registry

Registering Trademarks in the Cannabis Space

By Mike R. Turner, Joseph Sherling
No Comments

As the legality and availability of hemp and non-hemp cannabis products continues to grow, having strong, recognizable brands will become increasingly important in order to stand out from the competition. Unfortunately, strong brands invite knock-offs and can require aggressive policing. Registering your trademarks makes policing much easier, but registration of marks used to sell hemp and non-hemp cannabis products requires strategy and forethought.

Why Register?

Trademark rights flow from use, so a registration is not required for enforcement. However, “common law” rights based on use alone must be proven in each instance, and you must show that your use of the mark has been sufficient such that consumers recognize and associate it with your goods or services. This can be difficult, expensive and time consuming. Also, common law rights are territorially limited. Even if you can prove such rights in Oregon (for example), you may have no right to prevent use of your mark in other states. State trademark registrations are similarly limited, but are presently all that is available for marks used exclusively to sell non-hemp cannabis products.

By contrast, a federal trademark registration provides the registrant a nationwide, exclusive and presumed right to use the mark in association with the designated goods and services. In addition, counterfeit use of a federally registered trademark can lead to statutory damages. That is, you don’t have to prove an amount of harm—a court may simply award damages based on statute. Yet another benefit is the ability to file based on an “intent to use.” You can thereby reserve a mark nationwide for up to three years before you must show use. Federal registration is available for marks used to sell hemp products, but with some strict limitations as discussed below.

Use in Commerce Requirement

Federal registrations are issued by the United States Patent and Trademark Office (the Office) once an application is approved and use in commerce is demonstrated. To satisfy the “use in commerce” requirement, an applicant must show that a mark is being used in association with the sale of goods or services that are legal to trade under federal law. Sale of products not legal under federal law simply does not count to establish trademark use for purposes of federal registration. This is where the vast majority of federal trademark applications for use with cannabis products get rejected. A search of the federal registry shows that, of over 8000 trademark applications for products containing cannabis extracts, only about 1,300 have resulted in registrations. But these 1,300 illustrate that there is a path to success.

Allowable Goods

The Office traditionally rejected all applications for use with products containing any cannabis extracts under the Controlled Substances Act (CSA). The Agricultural Improvement Act of 2018, commonly known as the Farm Bill, created an exception to the CSA for hemp, defined therein as cannabis extracts containing < 0.3% THC by dry weight. Based on this, the Office began allowing applications provided they designate only goods having 0.3% THC content or less. But even that limitation isn’t sufficient for some types of goods.

FDAlogoUnless specifically disclaimed, the Office will assume the presence of CBD in products containing cannabis extracts, regardless of THC quantity. On that basis it will reject applications for hemp products that are ingestible (food, drinks, nutritional supplements, etc.), or that claim a medical or therapeutic purpose, under the Food, Drug & Cosmetic Act (FDCA). The FDCA requires Federal Drug Administration (FDA) endorsement to add “drugs” to such products, the FDA classifies CBD as a “drug,” and the FDA has authorized only a few products that include CBD. Thus, an allowable good that is ingestible or therapeutic must not only contain the low THC disclaimer, but must also state an absence of CBD. Notably, the Office has not been rejecting products on the basis that they contain CBG (cannabigerol) or other naturally occurring non-THC, non-drug cannabinoids.

Are the Goods Sold Really Allowable?

Of course this scheme of word-smithing designations to obtain allowance of federal trademark registrations invites error, if not fraud. Registrations are subject to cancellation if use of the mark with the designated goods is not maintained, or if it can be shown that the registration was fraudulently obtained. Thus, critical to a claim of use is that the applicant offers products that actually meet the designation description. The Office does not check for THC levels or CBD presence, and most purveyors of hemp products don’t either. Indeed, there is not even a standardized method for measuring these things. However, studies show that more than half of hemp products either purposefully or accidentally misrepresent their actual THC and CBD levels.i Though legally untested, this presents a potential problem for many existing federal registrations.

If a mark registered for use with goods having < 0.3% THC is found to be used only with products that actually have a greater amount of THC in them, the registration could be canceled. The same fate could befall a registration for goods claiming to have no CBD that, when tested, actually do contain more than trace levels. Even if non-hemp cannabis products are legalized under federal level, registrations obtained with THC and/or CBD limitations would still require the registrant to use the mark with products meeting such limitations.

Keeping Evidence for Insurance

So long as a registrant has maintained use of the registered mark “in commerce” in association with the designated goods, the registration is insulated from attack based on claims of non-use or fraud. The fact that the registrant also uses the mark for goods that are not legal on the federal level is of no consequence to the registration. Thus, it is wise to include in the product lineup under the brand to be protected at least some good that meets the present requirements for federal trademark registration.

One option is to include a product where the only cannabis extract is from hemp seed oil. Without even testing it, you can be reasonably assured that such a product will contain little or no CBD or THC. Another option short of testing is to obtain a certification or warrant from your supplier that particular ingredients truly are hemp, i.e., have < 0.3% THC by dry weight. This could be relied on as evidence should no original product be available for testing to show that use was legitimate at the time registration was obtained. If you can’t obtain such a certification, testing the occasional sample and keeping records over time would also work. Product samples can now be tested for THC content for around $100 per sample, with results back in about a week.ii

Zone of Natural Expansion

Though non-hemp cannabis products cannot be covered directly by federal registrations, a federal registration for CBD/hemp products can have spillover benefits. This is because the scope of a registration may expand to cover things similar to what is designated. The question comes down to likelihood of confusion. Imagine a company holds a registration covering LOOVELA for “nutritional supplements containing hemp seed oil having no CBD and < 0.3% THC by dry weight.” It would be logical for a consumer to assume that non-hemp cannabis products sold under the LOOVELA mark would likely be made by the same company. Thus, provided the company actually sold products complying with its designation, it could assert the CBD-based registration to prevent sale of LOOVELA branded non-hemp cannabis products. Also, should such products be legalized federally, the company would likely be the only applicant able to obtain an additional federal registration for LOOVELA for use with them, because any competing attempt would be confused with their pre-existing registration for CBD/hemp products.

In conclusion, it should be noted that the law in this space is evolving rapidly and is nuanced. Every situation is unique in some way, and there are many reasons an application may fail or a registration may be attacked that are not addressed above. But there is value in obtaining a federal registration for your hemp brands, and there is an overall strategy to be employed for brand protection in the cannabis space.

The content above is based on information current at the time of its publication and may not reflect the most recent developments or guidance. Neal Gerber Eisenberg LLP provides this content for general informational purposes only. It does not constitute legal advice, and does not create an attorney-client relationship. You should seek advice from professional advisers with respect to your particular circumstances.

References

  1. See, e.g., Bonn-Miller, Marcel O., et al., “Labeling Accuracy of Cannabidiol Extracts Sold Online,” Journal of the American Medical Association, Vol. 318, No. 17, pp. 1708-09 (Nov. 7, 2017); Freedman, Daniel A. and Dr. Anup Patel, “Inadequate Regulation Contributes to Mislabeled Online Cannabidiol Products,” Pediatric Neurology Briefs, Vol. 32 at 3 (2018).
  2. See, e.g., www.botanacor.com/potency/

Cannabis Registry Reality Check: Privacy Must be Paramount

By Shadrach White
No Comments

The task of preserving privacy for any records platform, especially a cannabis registry, cannot simply be relegated to ones and zeros lurking in some forgotten codebase. This past year taught us many lessons, especially related to the trauma unleashed by vulnerabilities in government domains. We learned time and again that a registrant’s privacy must be the first order of business for the architects of registries.

But the first order of business isn’t the last order of business. That intention and effort to secure privacy must then be communicated and reinforced through real-world reality checks.

Lapses in data security and rising distrust for government institutions block the efficacy of well-intentioned and vital registries. Those states launching new registries in 2021 are at a precarious crossroads as public trust erodes.

As I write this, we’ve just learned illicit operators hacked a third-party service provider for the Washington State Auditor’s office. The attack compromised the personal data of 1.4 million users seeking unemployment benefits. Security hacks are a cautionary tale, whose impact is felt too often.

But many in the government sector are staring at a once-in-a-generation challenge to launch new registries – those related to cannabis – with privacy top-of-mind from the initial Request For Bid.“The question isn’t when these privacy-first registries will be implemented, it’s a question of whether they’ll be implemented proactively ahead of hacks or after the damage is done.”

Here’s how:

Table Stakes for New Cannabis Registries

These suggestions are just the beginning, and I see them as the minimum buy-in to begin the architecture of a new cannabis registry. They include:

  • End-to-end data encryption while in transit and within the system while the data is at rest.
  • A solution that is a cloud-native web application which is managed as a service for maximum uptime and strong security posture.
  • Registries should also leverage algorithms and machine learning to ensure accurate data entry by analyzing incorrect or duplicate data before it is saved within the system.

Beyond HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) requires privacy and security measures to protect Personal Health Information (PHI). Debate exists on whether compliance is a requirement for all entities transacting in the medicinal cannabis space. While some state registries are exempt from HIPAA, others choose to provide HIPAA compliance not just for the optics, but the known benefit to users’ privacy and confidence. New cannabis registries should commit to HIPAA-compliance to set a trusted new privacy standard for medical patient credentials and legal authorization for the use of cannabis for medical purposes.

That’s just the start. Registries should also ensure SOC2 Type II certification, which safeguards security, site availability, confidentiality and privacy through independent third-party auditors.

Connect with Confidence

Registries function as a hub of information in an often-confusing cannabis space. The California Bureau of Cannabis Control displays more than 25 links wired into its top navigation bar alone. Each link sends the curious to new resources. Registries must establish themselves as credible resources, especially when directing users to third-party sites.

One example is for cannabis registries to provide secure access to healthcare professionals who are verified by the Drug Enforcement Agency (DEA). These healthcare professionals are licensed to distribute controlled substances including cannabis. Each third-party link should offer the same high-level of scrutiny to enshrine confidence and credibility in the registry.

Next-Generation ID Cards

A cannabis registry card should not just be a document, but a toolset that attests to the identity and the authority of the carrier represented. An illicit counterfeiting market seeks to exploit registry card vulnerabilities. Next generation ID cards present the best defense against counterfeiting and illegal use with robust security measures. That starts with assuring that any credential is mobile ID compatible with iOS Wallet and GooglePay for mobile identification.

ID cards should also include:

The automated modification of the document bearer’s photograph to ICAO (International Civil Aviation Organization) standards. This critical modification makes the photograph easier to use for ID verification; it also facilitates the detection of photograph substitution.

A two-dimensional barcode compiles information contained in a one-dimensional barcode. It also delivers confirmation of other data shown on the card or in the system such as license authorization and limitations. Adding additional material to the physical document such as holograms, UV image, micro-printing or laser perforations offers another level of protection against illicit use or counterfeiting.

While cannabis registries are the beginning, they’re not the end. Driving efficacy for government registries needed for COVID19 track-and-tracing, cannabis plant track-and-tracing and vaccine distribution require the same attention to privacy, security and ultimate useability. A sea change is required – not just for the sake of those who use the registries but also for those who must implement, deploy and maintain those registries. The question isn’t when these privacy-first registries will be implemented, it’s a question of whether they’ll be implemented proactively ahead of hacks or after the damage is done. I believe the government sector leaders exploring new cannabis registries offer the wisdom and foresight to choose the proactive approach.

It’s High Time for the Cannabis Industry to Pay Attention to Contact Compliance

By Daniel Blynn
No Comments

Communicating with consumers through the telephone—either by text messages or by calls—is a great way to engage with them. Indeed, a recent analysis of text messaging trends reveals that most consumers check their cell phones more than 20 times a day, with almost 20% saying they check it more than 50 times.1 Text messages have a nearly five-times higher open rate than email, and the average consumer has 96 unread emails in his inbox compared to about one unread text message at any given time.2 In short, used properly, text messaging is an effective medium to reach consumers. And cannabis companies have embraced texting with open arms, especially given that other forms of advertising currently are off limits to the industry.

But with the utility of text messaging consumers comes substantial risk. Cannabis companies are frequent targets of private litigation arising out of their texting practices. Over the past two years, dozens of class action lawsuits alleging unlawful text messages have been filed against cannabis companies, including well-known multistate operators and less recognizable ones. Most of these cases are ongoing and may rightfully be considered “bet the company” litigations. For example, a pending case against cannabis delivery company Eaze Solutions, Inc. alleges that unsolicited text messages were sent to 52,104 individuals.3 Assuming each putative class member received just one text from Eaze, the statutory damages exposure ranges between $26 million and $78 million. The court twice has rejected proposed class settlements of $1.75 million and, later, $3.5 million as being too low. Given the potential exposure, before cannabis companies click the send button on a text message, they need to ensure that they’re abiding by the law.

At the federal level, the Telephone Consumer Protection Act (TCPA) regulates all types of text messages, telemarketing and transactional/informational alike. Generally speaking, the TCPA governs how text messages are sent (i.e., manually versus automatically dialed), and how calls are conducted and voicemail messages delivered (live representative versus “artificial or prerecorded voice”).4 The TCPA also contains do not call rules applicable to marketing messages. The TCPA is enforced by the Federal Communications Commission (FCC) and, notably, through private lawsuits, including class actions. Under the TCPA, a private plaintiff can seek statutory damages of $500 for each unsolicited autodialed text message (or unsolicited call that utilizes an artificial or prerecorded voice or delivers a prerecorded message). If a solicitation text is sent to a telephone number registered on the National Do Not Call Registry or the cannabis seller’s own internal do not call list, the statutory damages are “up to” $500 per call or text. In all cases, statutory damages may be trebled to $1,500 if the TCPA violation was committed either knowingly or willfully.

These rules fit atop myriad state telemarketing and do-not-call laws, which may be more restrictive than the TCPA.

While I could fill up this entire website with the various calling and texting issues with which sellers generally struggle under the TCPA—such as the use of artificial or prerecorded voices and prerecorded messages, how to handle reassigned numbers, revocation of consent issues, etc.—this article focuses on the basic rules governing how cannabis companies can text consumers, and what types of consent they need to do so under the Act.

Overview of TCPA’s Consent Rules

Under the TCPA, a seller is required to have a consumer’s “prior express consent” in order to send an autodialed non-marketing text message to a cell phone; The consent rule for autodialed marketing text messages to cell phones are different in that they require “prior express written consent” (EWC). No consent is needed in order to manually send a text message (and note that “manually” does not necessarily mean that an individual must dial all ten digits and click send from a standard smartphone).

“Prior express consent” is a lower level form of consent and generally exists where a consumer voluntarily has provided her telephone number to the seller.

“Prior express written consent,” on the other hand, is a heightened consent standard requiring a written agreement bearing (1) the signature of the person called (either traditional “wet” signature or an electronic/digital one) that clearly authorizes the seller to deliver or cause to be delivered to the consumer telemarketing messages; and (2) the telephone number to which the signatory authorizes such telemarketing messages to be delivered. If the seller utilizes an autodialer to send a marketing text message to a cell phone, then the written agreement with the consumer must also clearly and conspicuously disclose both that (a) the text may be sent using an autodialer, and (b) the consumer is not required to provide his consent as a condition of purchasing any goods or services. This EWC to be contacted must have been provided by the consumer before the text is sent. Unlike the lower standard for prior express consent, the mere provision of a cell phone number to the seller does not constitute the required EWC to be contacted at that number via an autodialer marketing purposes.

Confusing enough? Don’t worry, a table summarizing the current TCPA consent rules is below:

What Type of Text Are You Sending?

Generally, the type of consumer consent that is needed to send a text message is a function of the type of text and how it is being sent. “Telephone solicitations” are subject to more restrictions than purely informational or transactional text messages. The TCPA defines “telephone solicitation” to be “the initiation of a [text] message for the purpose of encouraging the purchase or rental of, or investment in, property, goods, or services.”

On the other end of the spectrum lie pure informational or transactional text messages. These are communications designed to provide information, rather than promote products and services (in the case of informational calls), and to “facilitate, complete, or confirm a commercial transaction that the recipient has previously agreed to enter into” (in the case of transactional calls). For example, customer satisfaction survey texts and texts to confirm orders and deliveries are informational and transactional, respectively.

Finally, the TCPA also covers a third category of text messages—“dual purpose” texts. These are texts with either a customer service or informational component as well as a marketing one. Because courts and the FCC take an expansive view of what constitutes telemarketing, dual purpose texts are treated as pure marketing messages and subject to the more rigorous standards to obtain the requisite level of consumer consent.

Common examples of texts that cannabis companies send and the corresponding level of consent needed are as follows: 

  • Autodialed Text Messages: Under the TCPA, an autodialer is defined to be equipment, which has the capacity to store or produce telephone numbers to be called using a random or sequential number generator, and to dial such numbers without a requisite level of human involvement. However, there currently is a “significant fog of uncertainty” as to what is and is not an autodialer, with different courts reaching conflicting decisions as to, for example, whether simply dialing from a curated list of targeted telephone numbers constitutes autodialing, or whether the numbers on that list must have been randomly or sequentially generated in order for a platform to constitute an autodialer.
  • While proceedings are ongoing at the FCC to clarify the autodialer definition, the Supreme Court recently agreed to decide the autodialer issue during its next term in a TCPA case filed against Facebook; a decision is expected by May or June 2021. Notably, in mid-September 2020, the Department of Justice filed a “friend of the court” brief taking the industry-favorable position that a platform itself must randomly or sequentially generate the telephone numbers that it texts to be considered an autodialer under the statute.
  • Texts sent by autodialer (whether the autodialing functionality is actually used to send the text or not) require consent from the recipient. Note that this rule generally applies to both individual and business cell phone numbers. As long as the text is not a solicitation message, then consent may be obtained orally. Alternatively, if a consumer provides his cellular telephone number to you via an online lead form or during the checkout process, then this should be sufficient to constitute “prior express consent” to receive autodialed non-solicitation texts, such as order confirmations or delivery updates. The key to obtaining prior express consent, however, is that the consumer provide you with his telephone number voluntarily.
  • However, EWC is required to send a text for marketing purposes using an autodialer. The EWC requirements are described above and examples of EWC are below.
  • Note that, under the TCPA, the seller has the burden of demonstrating that it had the requisite level of consent to send the text in question. Thus, cannabis companies should maintain records evidencing such consent. A good rule of thumb is to maintain such records for a period of five years from the date of text, which covers the TCPA’s statute of limitations and the limitations periods under most state telemarketing laws.
  • Manually-Dialed Text Messages: If a cannabis company manually sends text messages—e., using a device that does not have the capacity to autodial—then no special consent is needed. However, even for manually-dialed texts, applicable do not call lists must be checked.
  • Texts to Numbers on Do Not Call Lists: The TCPA also prohibits companies from sending marketing texts to consumers whose telephone numbers are registered on either the National Do Not Call Registry or the seller’s own internal do not call list, unless an exemption applies, such as calls with the consumer’s EWC or to consumers with whom the seller has an “established business relationship.”5 The TCPA’s do not call rules are agnostic to how a telephone number is dialed, whether it be manually or by automated means. Be sure to scrub against relevant do not call lists.

Best Practices for Obtaining Proper Consent

As noted above, for autodialed non-marketing text messages to cell phones, the lower level of simple “prior express consent” is required. Prior express consent is deemed to exist by virtue of a consumer having provided his telephone number to a cannabis company, either orally or in writing.

EWC for autodialed solicitation text messages, however, requires more. First, specific disclosures must be made “clearly and conspicuously” to the consumer. Specifically, a consumer should be advised and agree that, by providing his telephone number to the cannabis company, he is agreeing (1) to receive potentially autodialed (2) marketing text messages, and (3) that he is not required to provide his consent as a condition of making a purchase. This disclosure should not be placed beneath a submission button on a lead form or checkout page (unless an unchecked check box is utilized to demonstrate that the consumer has reviewed and accepted the disclosure); it needs to be unavoidable. The disclosure should be presented in readable, crisp font, both in size and in color, that contrasts against its background. For example, the following disclosures likely would pass muster to demonstrate EWC:

As you may now appreciate, the TCPA is a minefield (and this article just scratches the surface). However, with planning and a good compliance program, the law can be navigated to minimize risk while, at the same time, allowing for communications with cannabis consumers. Remember, an ounce of compliance now can lead to a pound of litigation prevention later.

Disclaimer: Using, distributing, possessing, and/or selling marijuana is illegal under existing federal law. Compliance with state law does not guarantee or constitute compliance with federal law. This informational overview is not intended to provide any legal advice or any guidance or assistance in violating federal law.

References

  1. Zipwhip, 2020 State of Texting, at 4 (2020).
  2. Id. at 11.
  3. See Lloyd v. Eaze Solutions, Inc., No. 3:18-cv-05176 (N.D. Cal.).
  4. Although the TCPA utilizes the term “calls,” courts have found the statute applies with the same force to text messages. This article focuses on text messaging but most of the principles extend to calls as well.
  5. There are two types of “established business relationships” (EBRs) under the TCPA: (1) inquiry EBRs and (2) transactional EBRs. Pursuant to a transactional EBR, a seller may text a consumer whose telephone number is listed on the National Do Not Call Registry for up to 18 months after the consumer’s last purchase, delivery, or payment—i.e., from the date of the seller’s last transaction with the former customer—unless the consumer asks the seller to stop calling him. In that case, the seller must honor the do not call request by placing the consumer’s telephone number on its own internal do not call list. Under an inquiry EBR, the seller may text a consumer who has inquired about its products or services, but only for up to three months. Again, if the consumer asks the seller to stop calling within that three-month timeframe, it must honor the request and add the consumer’s telephone number to its internal do not call list. Telephone numbers on the seller’s internal do not call list should remain on that list indefinitely or until the consumer subsequently provides her prior express written consent (or explicitly asks to be removed from the internal do not call list); a new EBR will not override an internal do not call request. Indeed, as to the latter, the Federal Trade Commission and several state attorneys general made this point clear in their briefing in a recent TCPA and Telemarketing Sales Rule litigation then-pending in Illinois federal court; the practical reason for the rule is that a consumer may wish to do business with a seller yet not receive telemarketing calls.