Cell_iStock_000024872497XLargeOn July 10, 2015, the Federal Communications Commission (FCC) released a 140-page Omnibus Declaratory Ruling and Order in response to more than two dozen petitions from businesses, attorneys general, and consumers seeking clarity on how the FCC interprets the Telephone Consumer Protection Act (TCPA). As noted in vigorous dissents by Commissioners Pai and O’Rielly, several of the rulings seem likely to increase TCPA litigation and raise a host of compliance issues for businesses engaged in telemarketing or other practices that involve calling or sending text messages to consumers.

Since the FCC issued the order, trade associations and companies have filed multiple petitions for review in courts of appeals challenging the order (for example, see here and here). It will thus ultimately be up to the courts of appeals to decide whether the FCC’s new interpretations of the TCPA are reasonable.

What is an “Automatic Telephone Dialing System”?

The TCPA generally prohibits certain calls to cell phones made with an Automatic Telephone Dialing System (ATDS). As defined by statute, an ATDS is “equipment which has the capacity (A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.” In the absence of statutory or FCC guidance, some courts have construed “capacity” broadly to encompass any equipment that is capable of automatically dialing random or sequential numbers, even if it does not actually do so, or even if it must be altered to make it capable of doing so.

In light of these decisions, a number of entities asked the FCC to clarify that equipment does not qualify as an ATDS unless it has the present capacity to generate and dial random or sequential numbers.

In its ruling, the FCC found that an ATDS includes equipment with both the present and potential capacity to generate and dial random or sequential numbers, even if such potential would require modification or additional software in order to do so. An ATDS also includes equipment with the present or potential capacity to dial numbers from a database of numbers.

The FCC, however, did state that “there must be more than a theoretical potential that the equipment could be modified to satisfy the [ATDS] definition.”  Per this limitation, the FCC explicitly excluded from the definition of an ATDS a “rotary-dial phone.”

Consent of the Current Subscriber or User

The TCPA exempts from liability calls to mobile phones “made with the prior express consent of the called party.” It does not, however, define “called party” for purposes of this provision, and courts have divided over how to construe that term.

Some courts have construed the term to mean the actual subscriber to the called mobile number at the time of the call, while others have construed it to mean the intended recipient of the call. The distinction is critical because consumers often give up their mobile phone numbers and those numbers are reassigned to other people, meaning that the actual subscriber and the intended recipient may not be the same person.

Faced with lawsuits from owners of such reassigned numbers, a number of entities petitioned the FCC, asking it to clarify that calls to reassigned mobile numbers were not subject to TCPA liability where the caller was unaware of the reassignment, and to adopt the interpretation that “called party” means the intended recipient of the call.

In response to petitions seeking clarity on this issue, the FCC ruled that the “called party” for purposes of determining consent under the TCPA’s mobile phone provisions is “the subscriber, i.e., the consumer assigned the telephone number dialed and billed for the call, or the non-subscriber customary user of a telephone number included in a family or business calling plan.”

Consistent with its interpretation of “called party,” the FCC further ruled that where a wireless phone number has been reassigned, the caller must have the prior express consent of the current subscriber (or current non-subscriber customary user of the phone), not the previous subscriber. Businesses, however, may have properly obtained prior express consent from the previous wireless subscriber and will not know that the number has been reassigned. The FCC thus allows a business to make one additional call to a reassigned wireless number without incurring liability, provided the business did not know the number had been reassigned and had a reasonable basis to believe the business had the intended recipient’s consent.

Is Consent Revocable?

The TCPA is silent as to whether, or how, a called party can revoke his or her prior express consent to be called. Given that silence, one entity petitioned the FCC to request that the Commission clarify that prior consent to receive non-telemarketing calls and text messages was irrevocable or, in the alternative, set forth explicit methods of revocation. In response, the FCC ruled that consent is revocable (with regard to both telemarketing and non-telemarketing calls), and that such revocation may be made “in any manner that clearly expresses a desire not to receive further messages.” Consumers may use “any reasonable method, including orally or in writing,” to communicate that revocation and callers may not designate an exclusive means of revocation.

The “Urgent Circumstances” Exemption to Consent Requirement Notwithstanding the FCC’s rulings regarding prior express consent, the FCC took this opportunity to create several new exemptions to that requirement with regard to certain non-marketing calls made to cellular phones. The FCC exempted the following types of calls:

  • Calls concerning “transactions and events that suggest a risk of fraud or identity theft”;
  • Calls concerning “possible breaches of the security of customers’ personal information”;
  • Calls concerning “steps consumers can take to prevent or remedy harm caused by data security breaches”;
  • Calls concerning “actions needed to arrange for receipt of pending money transfers”; and
  • Calls “for which there is exigency and that have a healthcare treatment purpose, specifically: appointment and exam confirmations and reminders, wellness checkups, hospital pre-registration instructions, pre-operative instructions, lab results, post-discharge follow-up intended to prevent readmission, prescription notifications, and home healthcare instructions.”First and foremost, the consumer must not be charged for the calls.
  • Further, such calls must be limited to no more than three calls over a three-day period, must be concise (generally 1 minute or 160 characters, if sent via text message), cannot include marketing or advertising content (or financial content, in the case of healthcare calls), and must have some mechanism for customer opt-out be provided.
  • The FCC reasoned that all of the aforementioned types of calls involved urgent circumstances where quick, timely communication with a consumer was critical to prevent financial harm or provide health care treatment. Although prior express consent is not required, such calls are still subject to a number of limitations.

Other Consent Issues

In addition to the points above concerning consent, the FCC also ruled on a number of specific consent issues, described here in brief:

  • Provision of Phone Number to a Health Care Provider. Clarifying an earlier ruling, the FCC ruled that the “provision of a phone number to a healthcare provider constitutes prior express consent for healthcare calls subject to HIPAA by a HIPAA-covered entity and business associates acting on its behalf, as defined by HIPAA, if the covered entities and business associates are making calls within the scope of the consent given, and absent instructions to the contrary.”
  • Third-Party Consent on Behalf of Incapacitated Patients. The FCC ruled that consent to contact an incapacitated patient may be obtained from a third-party intermediary, although such consent terminates once the patient is capable of consenting on his or her behalf.
  • Ported Phone Numbers. In response to a request for clarification, the FCC ruled that porting a telephone number from wireline service (i.e., a land line) to wireless service does not revoke prior express consent.
  • Consent Obtained Prior to the Current Rules. In response to petitions requesting relief from or clarification of the prior-express-written-consent rule that went into effect on October 16, 2013, the FCC ruled that “telemarketers should not rely on a consumer’s written consent obtained before the current rule took effect if that consent does satisfy the current rule.”
  • Consent via Contact List. In response to a petition concerning the use of smartphone apps to initiate calls or text messages, the FCC ruled that the mere fact that a contact may appear in a user’s contact list or address book does not establish consent to receive a message from the app platform.
  • On Demand Text Offers. In response to a petition concerning so-called “on demand text offers,” the FCC ruled that such messages do not violate the TCPA as long as they (1) are requested by the consumer; (2) are a one-time message sent immediately in response to that request; and (3) contain only the requested information with no other marketing information. Under such conditions, the messages are presumed to be within the scope of the consumer’s consent.

Calls Placed by Users of Apps and Calling Platforms

The FCC also addressed a number of petitions seeking guidance as to who “makes” or “initiates” a call under the TCPA (and is thus liable for TCPA violations) in a variety of scenarios involving calls or text messages made by smartphone apps and calling platforms.

The FCC offered no clear rule, and instead held that to answer this question “we look to the totality of the facts and circumstances surrounding the placing of a particular call to determine: 1) who took the steps necessary to physically place the call; and 2) whether another person or entity was so involved in placing the call as to be deemed to have initiated it, considering the goals and purposes of the TCPA.”

The FCC noted that relevant factors could include “the extent to which a person willfully enables fraudulent spoofing of telephone numbers or assists telemarketers in blocking Caller ID” as well as “whether a person who offers a calling platform service for the use of others has knowingly allowed its client(s) to use that platform for unlawful purposes.”

Authorization of “Do Not Disturb” Technology

Finally, at the request of petitioning state attorneys general, the FCC affirmed that nothing in the Communications Act or FCC rules or orders prohibits telephone carriers or VoIP providers from implementing call-blocking technology to stop unwanted “robocalls.” The FCC explained that such carriers “may legally block calls or categories of calls at a consumer’s request if available technology identifies incoming calls as originating from a source that the technology, which the consumer has selected to provide this service, has identified.”  The FCC “strongly encourage[d]” carriers to develop such technology to assist consumers.

From our sister blog, MoFo Tech

The FCC’s revised rules for telemarketers and text marketers, which took effect on October 16, 2013, could signal a big shift in how companies direct market, posits Julie O’Neill, a Morrison & Foerster attorney specializing in privacy issues.  One section prohibits the use of an autodialer to call or text cell phones for marketing purposes, unless the caller has the called party’s signed, written consent.  “It’s almost impossible to tell which numbers on a call list are cell phones, so [almost] every list will have to be scrubbed,” she says.

The new consent obligations also require new disclosures.  Because the new rules will apply retroactively, even companies with agreements in place must re-sign every customer if their agreements don’t meet the new rules’ disclosure and signature requirements.  “Companies that want to continue marketing by phone or text message are working hard to come into compliance by the rules’ mid-October effective date,” she says.

Complying with these rules could prove cumbersome and costly, adds John Delaney, a partner in Morrison & Foerster’s New York office and co-editor of the Socially Aware blog.  He predicts more companies will ditch the dialup and focus on social media marketing.  “It’s a natural transition for the industry because social media is a much more engaged interaction with potential customers,” he says.

In the latest issue of Socially Aware, our Burton Award-winning guide to the law and business of social media, we look at recent First Amendment, intellectual property, labor and privacy law developments affecting corporate users of social media and the Internet. We also recap major events from 2012 that have had a substantial impact on social media law, and we take a look at some of the big numbers racked up by social media companies over the past year.

To read the latest issue of our newsletter, click here.

For an archive of previous issues of Socially Aware, click here.

Waves of class actions have recently alleged that the delivery of an opt-out confirmation text message violates the Telephone Consumer Protection Act (TCPA). Thus, a Federal Communications Commission (“Commission”) Declaratory Ruling finding that a single opt-out confirmation text does not violate the TCPA comes at a crucial time. The Commission’s decision, issued on November 29, 2012, is a welcome relief to companies facing these cases.

The TCPA generally permits the delivery of text messages to consumers after receiving prior express consent to do so. Numerous plaintiffs have taken the position that an opt-out confirmation message violates the TCPA because it is delivered after consent has been revoked. In its ruling, however, the Commission found that a consumer’s prior express consent to receive a text message can be reasonably construed to include consent to receive a final, one-time message confirming that the consumer has revoked such consent. Specifically, delivery of an opt-out confirmation text message does not violate the TCPA provided that it: 1) merely confirms the consumer’s opt-out request and does not include any marketing or promotional information; and 2) is the only message sent to the consumer after receipt of his or her opt-out request. In addition, the Commission explained that if the opt-out confirmation text is sent within five minutes of receipt of the opt-out, it will be presumed to fall within the consumer’s prior express consent. If it takes longer, however, “the sender will have to make a showing that such delay was reasonable and the longer this delay, the more difficult it will be to demonstrate that such messages fall within the original prior consent.”

The Commission’s ruling brings the TCPA into harmony with widely followed self-regulatory guidelines issued by the Mobile Marketing Association, which affirmatively recommend that a confirmation text be sent to the subscriber after receiving an opt-out request. The ruling also comes on the heels of, and is consistent with, at least two recent decisions in putative class action cases filed in the Southern District of California. In Ryabyshchuck v. Citibank (South Dakota) N.A., the court held that Citibank did not violate the TCPA by sending a text message confirming that it had received the customer’s opt-out request. The court went as far as to say that “common sense renders the [opt-out] text inactionable under the TCPA.” The court reasoned that the TCPA was intended to shield consumers from the proliferation of intrusive, nuisance communications, and “[s]uch simple, confirmatory responses to plaintiff-initiated contact can hardly be termed an invasion of privacy under the TCPA.” Likewise, in Ibey v. Taco Bell Corp., the court dismissed a lawsuit alleging that Taco Bell had violated the TCPA by sending an opt-out confirmation message. Noting that the TCPA was enacted to prevent unsolicited and mass communications, the court held, “[to] impose liability … for a single, confirmatory text message would contravene public policy and the spirit of the statute—prevention of unsolicited telemarketing in a bulk format.”

The Commission’s ruling should bring an end to the rash of class actions brought in recent months challenging the legality of confirmatory opt-out messages.

According to press reports, a growing number of employers require job applicants to disclose their login information for Facebook or other social media accounts as a condition of employment.  While this practice may very well fall on the wrong side of the law, lawyers and lawmakers are still in the process of establishing the framework for legal analysis and of spreading the word about the legal risks involved with demanding this type of private information from current employees and employee-applicants alike.  

State and federal legislatures have been quick to respond to recent publicity concerning this controversial employment practice.  A number of state bills are in or emerging from the pipeline (including bills in California, Illinois, Maryland, Massachusetts, Michigan, Minnesota, and New Jersey), all seeking to ban employers from requesting confidential login information as a condition of employment.  At the federal level, Democratic Congressman Ed Perlmutter proposed amending the Federal Communications Commission Reform Act to specifically empower the Federal Communications Commission (FCC) to stop employers nationwide from asking current and prospective employees for access to this type of private information.  While this proposed federal amendment was rejected in the U.S. House of Representatives, the state bills appear to be gaining momentum, with Maryland being the first state to pass a bill into law preventing employers from requesting login information to social media accounts. 

Even without specific laws in place prohibiting it, employers nationwide could find themselves liable under a variety of different legal theories for requiring access to private login information.  Among these potential theories of liability are common law invasion of privacy, violation of state constitutional rights to privacy, interference with employee rights to engage in protected, concerted activity under the National Labor Relations Act, discrimination on the basis of protected characteristics which an employer may learn about through accessing employee social media, and, for public employees, violation of the Fourth Amendment right to be free from unreasonable searches and seizures.  In addition to considering the risk of liability under these and other legal theories, employers should also consider the statement issued by Facebook’s Chief Privacy Officer, Erin Egan, who warned that sharing or soliciting Facebook passwords is a violation of the company’s Statement of Rights and Responsibilities and that Facebook will “take action to protect the privacy and security of [its] users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges.”

Beyond the legal concerns in connection with requesting private login information from current and prospective employees, as this issue continues to get attention in the press, employers should consider the practical implications, such as effect on company reputation, before engaging in this type of employment practice.