Learning From the Sephora Settlement: How to Mitigate the Risk of CCPA Public Enforcement

Sephora, Inc. recently became the target of California’s first public enforcement of the California Consumer Privacy Act (CCPA), and Attorney General Rob Bonta is signaling that more will follow. Companies doing business in California should learn from Sephora’s consumer data privacy missteps to avoid becoming the next focus of CCPA public enforcement.

On Aug. 24, 2022, Sephora settled with the Attorney General’s office after allowing third-party companies to create consumer profiles for targeted marketing, despite the fact that consumers were not given the right to opt out of this sale—a violation of the CCPA. To resolve these claims, the cosmetics chain agreed to pay $1.2 million, inform consumers that it sells their personal data, and honor consumers’ requests to opt out of such sales.

The investigation into Sephora began when the Attorney General’s office initiated an “enforcement sweep” in June 2021. By spot-checking more than one hundred online retailers’ compliance with CCPA’s opt-out rules, the Attorney General determined whether online retailers offered (and honored) consumers’ rights to opt out of the sale of their personal data. Sephora received notice that it was not compliant with the CCPA, but the company failed to fix the alleged violations after its thirty-day grace period, prompting further investigation.

According to Attorney General Bonta, this settlement should be considered a warning to all CCPA-covered businesses. “Today’s settlement with Sephora makes clear we will not hesitate to enforce the law,” he said. “It’s time for companies to get the memo, protect consumer data, honor their privacy rights.” Companies doing business in California should heed Bonta’s warning and get their privacy house in order. As they work to comply with the CCPA and the California Privacy Rights Act (CPRA)—which becomes effective January 1, 2023—businesses should learn from Sephora’s settlement to avoid becoming California enforcers’ next target.

Utilize—But Do Not Rely On—a Grace Period to Cure Noncompliance

Businesses should immediately cure their noncompliance when the Attorney General notifies them of law violations—but they should no longer rely on such a grace period. Whereas the CCPA required the Attorney General to provide businesses with 30 days to cure the violation before enforcing the law, the CPRA eliminates this requirement on January 1, 2023 and instead gives enforcers discretion on whether to provide a grace period.[1]

In this case, the Attorney General notified a number of businesses that they failed to honor consumers’ opt-out requests and provided them with thirty days to cure their noncompliance. Sephora disregarded the warning—a $1.2 million mistake.

Since businesses may no longer expect a grace period to cure any shortcomings before the Attorney General brings an enforcement action, businesses should enter 2023 fully compliant with CPRA. Those that are fortunate enough to still receive notice of their noncompliance before being penalized should take full advantage of the opportunity, immediately curing their CPRA violations.

Know Whether You “Sell” or “Share” Personal Data

The CCPA and CPRA require businesses that “sell” or “share” personal information to give consumers the opportunity to opt out of this transaction.[2] However, both terms are afforded somewhat nuanced definitions. “Selling” means transferring a consumer’s personal information to a third party for monetary or other valuable consideration.[3] “Sharing” means transferring a consumer’s personal information to a third party for cross-context behavioral advertising, whether or not for valuable consideration.[4] Significant exceptions are baked into these definitions, allowing businesses that would otherwise “sell” or “share” personal data to do so without offering consumers the right to opt out.

The term “valuable consideration” has given many stakeholders pause, since this undefined term can determine a business’s legal liability. This action against Sephora demonstrates one such application. In the complaint, Attorney General Bonta alleged that Sephora installed third-party trackers in the form of cookies, pixels, software development kits and other technologies that automatically sent data about consumers’ online behavior to third parties. Sephora allegedly “sold” consumer data when it gave companies access to this data in exchange for free analytics and advertising benefits, without providing consumers the opportunity to opt out of the sale. Therefore, the term “valuable consideration” includes receiving information about a consumer’s activities and preferences.

Notably, this transaction between Sephora and the third parties would likely have been permitted if Sephora had a compliant service provider contract with each third party (under a common exception to a “sale”). However, Sephora failed to establish this relationship. Perhaps misapprehending the law’s requirements, the cosmetics company found itself without legal cover.

Businesses should learn from Sephora’s oversight and scrupulously examine the CPRA’s precise language and subsequent applications of these laws—particularly regarding “selling” and “sharing.” Many of the CPRA’s mandates include legal terms of art and exceptions, which include other terms of art and exceptions. As they enter 2023, businesses must fully grasp the law’s detailed requirements and comprehend how their current practices map onto these obligations.

Honor Opt-Out Requests via Global Privacy Controls

Businesses should review and test their technical procedures to ensure that Global Privacy Control (GPC) signals are honored. Initially, there was some uncertainty about whether the CCPA requires businesses to honor consumer opt-outs received via GPCs—plug-ins that allow consumers to universally opt out of the sale of their data across all websites. Subsequent CCPA regulations put the issue to rest: businesses must now treat user-enabled GPCs as a valid consumer request to opt out of the sale.[5] However, Sephora’s website was not configured to detect or process any GPC signals and entirely disregarded these requests, in clear violation of this regulation. The Sephora settlement underscores the California regulators’ consistent emphasis not just on honoring GPC mechanisms, but also on consumers’ efficient management of their CCPA-established rights.

Businesses should learn from Sephora’s counterexample and, at very least, test their technical capabilities to process GPC signals. Taking it a step further, businesses should embrace the spirit of the settlement and empower their consumers to easily exercise their data rights. By ensuring that privacy disclosures are candid and clear, opt-out mechanisms are conspicuous, and links are fully operative, businesses can help mitigate the risk of public enforcement.

Sephora’s $1.2 million settlement should serve as a cautionary tale to businesses still honing their CCPA and CPRA compliance. Businesses should utilize a grace period if they are provided time to cure (although soon this will no longer be mandated), know how their data practices apply to the laws’ detailed requirements, and consistently honor consumer opt-out requests—including those made via GPCs. In so doing, businesses can minimize the odds of becoming the industry’s next source of “lessons learned” for CCPA and CPRA compliance.

[1] Cal. Civ. Code § 1798.155.

[2] Cal. Civ. Code § 1798.120.

[3] Cal. Civ. Code § 1798.140(ad).

[4] Cal. Civ. Code § 1798.140(ah).

[5] Cal. Code Regs. Tit. 11 § 7026(c).

Proposed Senate Bill Would Deny Deductions for NIL Contributions

On September 28, 2022, U.S. Senators Ben Cardin (D-Md.), a member of the Senate Finance Subcommittee on Taxation and Internal Revenue Service (IRS) Oversight, and John Thune (R-S.D.), ranking member of the Subcommittee on Taxation and IRS Oversight, introduced the Athlete Opportunity and Taxpayer Integrity Act, which seeks to deny charitable deductions for any contribution used by the donee to compensate college athletes for the use of their name, image, or likeness (NIL) by reason of their status as athletes.

One entity type that is impacted by the Athlete Opportunity and Taxpayer Integrity Act are “NIL collectives” that have been established as 501(c)(3) organizations. These types of NIL collectives have been used to allow donors to make tax deductible contributions that are then used to fund NIL opportunities for college athletes, for example, by having a college athlete provide services to a separate charity in exchange for payment from the NIL collective. A press release from Senator Cardin noted that “[s]uch activity is inconsistent with the intended purpose of the charitable tax deduction, and it forces taxpayers to subsidize the potential recruitment of – or payment to – college athletes based on their NIL status.”

Notably, the Opportunity and Taxpayer Integrity Act would only apply to charitable deductions. A person engaged in a trade or business would still be able to deduct payments to college athletes for the use of their name, image, or likeness if such payments qualify as ordinary and necessary business expenses.

Although it is not clear at this time whether the Opportunity and Taxpayer Integrity Act will pass, it does indicate increased scrutiny over nonprofit NIL collectives and possibly other NIL arrangements. 

Download Varnum’s State-by-State NIL Compliance Playbook

Cover of Varnum's State-by-State NIL Compliance Guide Playbook

To aid individuals, schools and collectives with the often inconsistent and rapidly developing legislative and executive actions of the states, Varnum’s dedicated team of NIL attorneys created an all-inclusive, state-by-state compliance playbook. Learn more and download your free copy: varnumlaw.com/NILguide

Hurricane Ian Reconstruction: Considerations for Condo Associations, HOAs and Landowners

Hurricane Ian brought unprecedented storm surge and wind damage to Naples, Bonita Springs, Marco Island and Fort Myers Beach, leaving an unrecognizable footprint in its wake. And while the focus in the short term is on practical needs: finding housing for those who need it, restoring essential services, attending to the elderly, other issues also warrant attention. Residential and commercial structures sustained catastrophic damage, leaving thousands of owners and residents with questions, such as:

  • How can I afford to rebuild with rising construction costs and escalating interest rates?
  • Will my insurance carriers honor and grant additional coverage in a tightening insurance market with continuing premium increases?
  • Did I bind enough insurance based on flood and/or wind damage to rebuild based on FEMA and reconstruction estimates?
  • Will FEMA limit our ability to rebuild based on the reconstruction costs relative to the market value of the structure?  Will our building or home be condemned? How does zoning limit my ability to rebuild?
  • Can I qualify to borrow funds with rising interest rates?
  • For condominium and HOAs, are there sufficient available reserve funds in light of recent condominium legislation requiring stricter budgeting and use of reserves?

With Varnum attorneys resident across Southwest Florida, we have a personal appreciation for the tough decisions that many of us are navigating. Our team focuses on condominium law, real estate development, real estate acquisition and finance solutions, and construction law and is equipped to provide actionable legal and business advice as we all navigate the realities of Hurricane Ian.

Among the realities that Floridians are facing is that property damage will necessitate creative real estate solutions. Real estate investors looking for new development opportunities may now be a solution for many condominium associations, homeowners and business owners who would prefer to sell their property rather than navigate flood regulations, FEMA guidelines, insurance coverage disputes, and condemnation.

For example, consider an older low-rise condominium that sustained extensive flood damage to the lower units and the cost of reconstruction will exceed FEMA allowances in a flood zone.  When the cost to repair damage exceeds 50 percent of the fair market value of the condominium building, you might be denied a permit to commence repairs when the property is located in a special flood hazard zone. While not technically condemned, this could result in a practical condemnation of the building. Condominium buildings could also face actual condemnation by local officials due to safety concerns regarding structural integrity or other issues.

Even if restoration is preferred by the owner, the financial reality is that flood policies have coverage limits that may not cover the increasing construction costs (especially in coastal areas) consistent with current building codes. And with maximum flood coverage limits of $250,000 for the building and $100,000 for contents, it would hardly allow for major repairs or replacements for many properties. Under the Florida Condominium Act the cost to repair a large portion of the condominium is a common expense (whether you sustained damage or not). Therefore, many owners will see a greater economic benefit of terminating the condominium property rather than pursuing and paying for a multi-year reconstruction. Many owners will prefer to terminate the condominium and shift the burden to investors and real estate developers to deal with redevelopment.   

However, these coastal homes are unique and sentimental. The decision to rebuild in order to protect the integrity of historic Naples, Bonita Springs, Marco Island and Fort Myers beaches may be paramount for many residents. In this situation, condominium associations and landowners should seek counsel regarding procuring proper financing and assessments, construction contract negotiations and approvals, and adherence to condominium documents and local ordinances.

Many property owners in Southwest Florida will consider some or all of these questions in the coming weeks and months. And each property requires a unique analysis and solution with individual land covenants, condominium covenants, repair estimates, and insurance policies. We stand ready to assist.

Department of Justice Announces “Strike Force Teams” Focused on Pandemic Fraud

As part of the U.S. Department of Justice (DOJ) crackdown on white-collar crime, it has announced the creation of “strike force teams” focused on pandemic fraud – a type of crime that usually involves unlawfully participating in the Paycheck Protection Program (PPP), Economic Injury Disaster Loan program, unemployment insurance programs or COVID-19 health care. These teams will be made up of federal prosecutors and law enforcement agents from the FBI, Secret Service, IRS and more than a half-dozen other executive agencies. According to Attorney General Merrick B. Garland, the teams will “build on the Department’s historic enforcement efforts to deter, detect and disrupt pandemic fraud wherever it occurs,” and will add to the DOJ’s already considerable pandemic fraud prosecution efforts. Since the start of the COVID-19 pandemic, the DOJ has charged over 1,500 defendants with crimes in federal districts across the country and seized over $1.2 billion in misappropriated relief funds.

The creation of strike force teams demonstrates that federal law enforcement will continue to scrutinize individuals and companies that participated in COVID relief programs. If law enforcement concludes that its targets acted improperly, formal investigations and prosecutions may follow.

Because of the DOJ’s new surge of resources to its pandemic fraud investigations, companies that participated in COVID relief programs should consider what steps they can take to mitigate potential criminal consequences. For example, the DOJ has recently announced new policies related to a corporation’s disclosure of criminal acts. If a company or its employees has committed pandemic fraud, self-disclosure can lead to a more favorable corporate outcome.

Varnum has significant experience counseling and representing companies and individuals during government investigations, proffers and prosecutions related to the PPP and other forms of pandemic fraud. For more information, contact a member of Varnum’s White Collar Defense and Government Investigations team.  

Department of Justice Encourages Corporations to Disclose Criminal Conduct and Develop Strong Compliance Programs… Or Else

The U.S. Department of Justice (DOJ) has announced sweeping changes to how it will evaluate accountability for corporate criminal conduct. In a memo released September 15, 2022, the DOJ reasserted that its first priority in corporate criminal matters will be to go after individuals who commit and profit from corporate crime. But to do so, the department intends to rely on these individual’s employers. The DOJ is encouraging companies to timely investigate employee wrongdoing and disclose “all relevant, non-privileged facts and evidence about individual misconduct such that prosecutors have the opportunity to effectively investigate and seek criminal charges against culpable individuals.” This encouragement has teeth: failure to timely inform the department of individual misconduct will result in the company losing credit for its cooperation.

Under the DOJ’s new approach, voluntary disclosure will also help companies resolve criminal matters in which they are directly involved. The department directed its offices to establish policies that encourage corporations to disclose their own misconduct. Benefits from voluntary disclosure could include avoiding a guilty plea or an independent monitorship.

The DOJ also instructed its prosecutors to consider certain factors when resolving corporate criminal factors. Many of these new considerations evaluate the strength of the company’s compliance policies. For example, prosecutors must now consider whether the company provides “full cooperation”— which includes the timely collection, preservation and disclosure of relevant documents located in the United States and elsewhere — and whether the company’s compliance program is “well designed, adequately resourced, empowered to function effectively and working in practice.” Prosecutors will also consider whether the company’s compensation structure promotes compliance (by, for example, clawing back the compensation of employees who commit crime or using compliance metrics when considering raises), whether the company has used non-disclosure or non-disparagement provisions to inhibit the disclosure of criminal misconduct and whether the company has taken steps to preserve all business-related electronic data on its employees’ personal devices.

Finally, the DOJ announced its intent to place greater emphasis on a company’s record of past misconduct when determining the proper resolution of criminal matters. The department also stated that “multiple non-prosecution or deferred prosecution agreements are generally disfavored, especially where the matters at issue involve similar types of misconduct; the same personnel, officers or executives; or the same entities.”

In all, the DOJ’s announcements make clear that it intends to ramp up its investigation and prosecution of corporate crime. The department’s new guidelines on voluntary disclosure should be of particular interest to general counsels and compliance officers. These guidelines encourage companies to get ahead of their employee’s criminal misconduct by timely disclosing it to federal law enforcement. In exchange, companies can receive cooperation credit that might prevent corporate consequences. If the company itself is engaged in wrongdoing, disclosure can lighten or avoid criminal penalties. 

Companies who have experienced criminal, civil or regulatory issues in the past should also take note of the DOJ’s new emphasis on recidivism. Of particular interest, companies who have previously received non-prosecution or deferred-prosecution agreements cannot expect that treatment again. Voluntary disclosure could therefore be particularly beneficial for repeat offenders.

The DOJ’s announcements also demonstrate the importance of having a strong compliance program. In addition to preventing criminal conduct in the first place, these programs can also weigh in the company’s favor if some misconduct does occur.

Varnum has significant experience in counseling and representing companies during government investigations, proffers and prosecutions, and can provide guidance to companies seeking to review, update or create compliance programs. For more information, contact a member of Varnum’s White Collar Defense and Government Investigations team.

Auto Dealerships and Service Providers: Managing Compliance Under the Amended Safeguards Rule

On December 9, 2021, the Federal Trade Commission (FTC) revised what is known as the Safeguards Rule under the Gramm-Leach-Bliley Act (GLBA), which regulates the data privacy practices of financial institutions to require auto dealerships to – among several other things – more intentionally oversee the data privacy and security practices of their service providers. Although these regulations were finalized nearly a year ago, the FTC provided dealerships, their service providers and others subject to these rules one year to come into compliance.  As December 9, 2022 is right around the corner, it is time for dealerships and service providers that have not addressed these rules to consider how to structure their relationship for compliance. 

To start down this path, dealerships should assess what types of information they share with their service providers and service providers should assess what types of information they receive from dealerships. Importantly, the GLBA is not only concerned with personally identifiable information like names paired with phone numbers, addresses or other identifiers but extends its scope to what it terms “customer information,” which is broad enough to cover any information about a consumer resulting from any transaction involving a financial product or service between the dealership and the consumer. Even the fact that an individual has been a dealership’s customer qualifies under this broad term.

Likewise, service providers – “any person or entity that receives, maintains, processes or otherwise is permitted access to customer information through its provision of services” to dealerships – should identify the types of customer information they receive from dealerships, what they do with it and how it is stored and protected.

Taking these initial steps now is critical to being well-positioned to meet the FTC’s December compliance deadline for the updated Safeguards Rule requirements. As noted above, one of the several new data security requirements for dealerships is to oversee service providers. This includes:

  1. Taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue;
  2. Requiring service providers by contract to implement and maintain such safeguards; and
  3. Periodically assessing service providers based on the risk they present and the continued adequacy of their safeguards.

In discussing these oversight requirements, the FTC rejected a “one-size-fits-all approach,” given the variation among service providers. The Commission did make clear, however, that the new regulations would require institutions like dealerships to “assess the risks service providers present and evaluate whether they continue to provide the safeguards required by contract,” emphasizing the importance of adequate data privacy and security safeguards built into these relationships through contracts. 

The FTC has become notably more aggressive in the data privacy and security context. Since the GLBA authorizes fines up to $100,000 against non-compliant entities per violation and up to $10,000 against officers and directors in their personal capacities per violation, dealerships have ample incentive to comply with the GLBA’s new requirements outlined above. Given the importance of those contractual safeguards and the absence of clearly prescribed contractual requirements, dealerships and service providers will be best prepared to negotiate efficient, effective and compliant contractual safeguards by first understanding the nature and extent of any customer data exchanged between the parties and designing reasonable safeguards accordingly. 

Varnum’s Data Privacy and Mobility attorneys are experienced in negotiating these terms and are glad to assist your company in preparing for the GLBA’s upcoming deadline to comply.

Name, Image and Likeness: What Higher Education Institutions Need to Know for Legal Compliance

More than a year has passed since the NCAA v. Alston ruling and roll-out of the NCAA Name, Image and Likeness Interim Policy. What processes should institutions have in place, and what situations should they be on the lookout for at this point in the NIL game? While institutions cannot provide compensation to student-athletes or potential student-athletes in exchange for use of a student’s NIL, below are items counsel at higher institutions should have on their radar.

Review and Approval of NIL Agreements

The NCAA Interim Policy does not require student-athletes to disclose NIL agreements and/or opportunities to their institutions. In the State of Michigan, however, pursuant to House Bill 5217, beginning December 31, 2022, student-athletes must disclose proposed NIL opportunities or agreements to the institution at least seven days prior to committing to the opportunity or contract. For the institution, this means there needs to be a process in place by which student-athletes submit opportunities or agreements to the institution and the institution does a timely and thorough review of the submission. The institutional representative reviewing the submissions must be knowledgeable of the institution’s active contractual obligations and only sign off on the student-athlete’s potential NIL opportunity or contract once confident there is no conflict with an existing institutional contract. This is most likely to come up in agreements with exclusivity terms, such as sports apparel and campus-wide pouring rights agreements. If there is a conflict, the institution needs to articulate the specific conflict to the student-athlete so they can negotiate a revision, which is then subject to additional review and potential approval by the institution.

Institutions are the Regulating Bodies

Institutions in states that require submission of NIL opportunities by student-athletes need to pay close attention when reviewing submissions because the NCAA has placed most of the NIL regulatory burden on institutions. Specifically, institutions are obligated to report potential violations of NCAA policy. Among other potential violations, institutions must report possible abuses on the prohibition of pay-for-play and improper inducements of potential student-athletes and current student-athletes. Essentially, in addition to spotting potential conflicts between NIL agreements and current institution agreements, institutions need to review NIL agreements to determine if a student-athlete is being compensated for athletic achievement and/or for their enrollment or continued enrollment at a particular institution. Any indication that the student-athlete’s NIL agreement will be void if they no longer participate on an athletic team requires the institution to complete due diligence and determine the appropriateness of the arrangement in light of the NIL policy. Institutions are ultimately responsible for certifying the eligibility of student-athletes, and the presence of the previously mentioned terms place the agreement in direct violation of the language in the NIL Interim Policy and corresponding NCAA guidance.

Institutional Staff Members

It is in the best interest of institutions to train their staff members on appropriate interactions with boosters because the NCAA holds institutions responsible for the “impermissible recruiting activities engaged in by a representative of athletics interest (i.e., a booster).” Staff members need to understand the actions they are permitted to take and conversations they are permitted to have, as failure to do so could land them deep in the gray area of NIL.

  • An institutional staff member cannot directly or indirectly communicate with a potential student-athlete on behalf of a booster or NIL entity.
  • An institutional staff member cannot enter into agreements with an NIL entity to secure NIL deals between the entity and potential student-athletes.
  • An institutional staff member cannot “organize, facilitate or arrange” a meeting or any conversations between an NIL entity and a potential student-athlete, which includes transfer students coming from other institutions.

Financial Aid

Institutions should ensure they are not influencing how a student-athlete uses their compensation. Specifically, institutions should not direct student-athletes to use their NIL compensation for financial aid. Student-athletes’ financial aid is not impacted by compensation they would receive from NIL agreements. Financial aid limitations exclude compensation which also extends to NIL compensation. However, if a student receives NIL compensation, this may impact need-based financial aid.

FERPA

Many public institutions have made the argument that FERPA precludes them from disclosing NIL agreements without a release executed by the student-athlete. If a copy of an NIL agreement or summary of an NIL opportunity is provided to the institution by the student-athlete, this becomes a record of the university per the definition of FERPA and is likely part of the student-athlete’s educational record. There may be a particular circumstance in which a FERPA exception would apply to a request, but there is no broad FERPA exception that would apply in this situation. Institutions might find it strategic to include their stance on FERPA in an NIL policy to ensure all requests for NIL agreements are handled consistently.

International Students

International students can receive NIL compensation but with some caveats. In its documentation, the NCAA directs international student-athletes to their institution’s Designated School Official for “guidance related to maintaining their immigration status and tax implications.” As a result, institutions should make sure the individual(s) is/are well equipped to provide answers regarding NIL from international students.

Five Steps to Become a Well-Organized and Compliant Institution

  1. Have an NIL policy and procedures that are followed consistently and made available to student-athletes for reference and consultation;
  2. Have a process in place to review NIL agreements between the institution’s student-athletes and outside entities or individuals (if located in a state that requires student-athletes to make such disclosures);
  3. Have trained its staff (especially athletics staff) on what actions can and cannot be taken in relation to student-athletes’ NIL opportunities;
  4. Have trained its student-athletes on available resources; and
  5. Have a team of institutional staff members ready to pivot if additional laws are enacted by their state, if additional guidance is provided by the NCAA or if federal legislation is enacted.

Varnum’s team of experienced practitioners continually monitors NIL activity at the federal, state and institutional levels. Contact a member of our team for additional insight.

Free Download

Cover of Varnum's State-by-State NIL Compliance Guide Playbook

To aid individuals, schools and collectives with the often inconsistent and rapidly developing legislative and executive actions of the states, Varnum’s dedicated team of NIL attorneys created an all-inclusive, state-by-state compliance playbook. Learn more and download your free copy: www.varnumlaw.com/state-by-state-nil-compliance-guide/

Increases to 2023 Estate and Gift Tax Exemptions Announced

The American Taxpayer Relief Act of 2012 (ATRA) was the first piece of legislation to set a permanent estate tax and gift tax exemption (“exemption”). The exemption is the amount of wealth a person can shelter from estate tax on transfers at the time of their death or during their lifetime. Lifetime gifts over the annual exclusion amount will reduce the available exemption amount. ATRA set the exemption at $5,000,000 per person, indexed for inflation, at passage. Five years later when the Tax Cuts and Jobs Act of 2017 (TCJA) was passed, the exemption almost doubled to $11,180,000 per person. That amount has been adjusted upward for inflation annually, and in 2023, the new exemption amount is set to be $12,920,000 per person and $25,840,000 per married couple. This is a substantial increase from the $12,060,000 ($24,120,000) amount of 2022 and welcome news for those individuals or families who may now have additional planning opportunities to transfer wealth and shelter assets from estate taxes.

Moreover, the annual gift tax exclusion is set to rise from $16,000 per donee in 2022 to $17,000 per donee in 2023. This means that any individual can give up to $17,000 to any other person(s) without incurring gift tax consequences or reducing their remaining exemption. Married couples can also gift-split and effectively gift $34,000 to any donee. This is a tried-and-true method of passing wealth to others in a tax efficient manner and is in addition to any taxable gifts utilizing exemption. For example, if an individual has already used all of their $12,060,000 exemption, as of January 1, 2023, they could gift an additional $860,000 (utilizing the increased exemption amount) and make as many $17,000 gifts to individuals as they would like without any gift tax concerns. All of these funds would also be removed from their estate for estate tax purposes.

The TCJA is set to sunset at the end of 2025. Therefore, if Congress does not proactively take action to extend the current increased exemptions, as of January 1, 2026 the exemption will revert to the ATRA level of $5,000,000, indexed for inflation. This amount is expected to be in the mid to high $6,000,000 range. In light of this potentially time-limited opportunity, individuals and families should work with their trusted advisors to finalize any 2022 gifting under current exemption amounts and determine if additional gifting in 2023 is advantageous for their situation.