The Secure Times

An online forum of the ABA Section of Antitrust Law's Privacy and Information Security Committee


Leave a comment

The Third Circuit Rules Consumers May Opt-Out of Autodialed Calls at Any Time

For the first time, a federal court of appeals ruled that a consumer may at any time revoke prior consent to receive autodialed or prerecorded calls to a cell phone number.  Gager v Dell Financial Services, LLC (3d Circuit, No. 12-2823, filed Aug. 22, 2013).  Under the Telephone Consumer Protection Act (“TCPA”), any person making a call to a cell phone using automatic telephone dialing equipment must have the prior express consent of the person called, unless there is an emergency. 47 U.S.C. §227(b)(1)(A).   The TCPA is silent as to what constitutes prior express consent or when express consent may be revoked.  In addition, the Federal Communication Commission (“FCC”) has not clearly defined when consent may be revoked.

The plaintiff in the case sued Dell Financial Service (“Dell”) for violating the TCPA by repeatedly placing debt collection calls to her cell phone after she sent a written letter to Dell listing asking Dell to stop making calls to her number.  The plaintiff had listed her cell phone number as her home phone on the credit application, but never informed Dell that it was her cell phone.

The Third Circuit’s ruling reverses the district court’s dismissal of the case.  The district court granted Dell’s motion to dismiss on the grounds that the TCPA does not provide for “post-formation revocation of consent” and that, although the plaintiff had the right to instruct Dell not to place autodialed calls to her cell phone, the request should have been made at the time she filled out her credit application.

On appeal, Dell argued that the TCPA’s silence on the right to revoke consent indicates that no such right exists.  In support of its argument, Dell pointed to the difference between the TCPA and the Fair Debt Collection Act, which expressly provides a right for consumers to stop unwanted debt collection calls.

The Third Circuit rejected this argument, reasoning that if Congress intended to displace the common law principle that consent may be revoked at any time, it would have done so clearly.  In addition, the court ruled that since the TCPA was enacted as a remedial statute to protect individuals from unwanted phone calls, it should be construed to benefit consumers.  Finally, the court reasoned that the FCC’s SoundBite Communications declaratory ruling last year implicitly supports the principle that consent may be revoked at any time.  In the SoundBite ruling, the FCC held that a one-time text message confirming a consumer’s request to opt-out of receiving text messages does not violate the TCPA if it is sent within five minutes of the opt-out request and does not contain any marketing consent.

Dell also argued that debt collection calls should not be subject to the prior express consent requirement because they are not telemarketing calls, but are an informational call and not covered by the TCPA.  The court rejected this argument because the TCPA does not distinguish between autodialed telemarketing and informational calls to cell phones.  Rather, the TCPA clearly prohibits any call to a call phone made using automatic equipment without the prior express consent of the called party, unless it is an emergency.  The exception for informational calls only applies to calls made to residential lines.

Importantly for businesses which may not know whether customers have provided cell phone numbers, the court also rejected Dell’s argument that the plaintiff’s number should be treated as a residential number because the plaintiff provided it as a home number and never informed Dell it was for her cell phone.  The court noted in a footnote that “Callers have a continuing responsibility to check the accuracy of their records to ensure that they are not inadvertently calling mobile numbers.” (citing In the Matter of Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, 19 FCC Rcd. 19215, 19219-20 ¶ 11 (Sept. 21, 2004)).

Finally, the court rejected Dell’s arguments that it would be unfair to allow the plaintiff to revoke consent.  Dell first argued it would be unfair because the consent was part of the original contract to extend credit.  Second, Dell argued it would be unfair to allow creditors to revoke consent because the inability of a creditor to use autodialing equipment would make it “difficult, if not impossible” for creditors to contact borrowers regarding their loan.  The court rejected these arguments because the ability to use autodialers to contact borrowers is not an essential term to a credit agreement and because the creditor could still contact borrowers with live calls.

Takeaways

Although the result of the Gager decision may not be surprising, it serves as a reminder of the breadth of the TCPA and important compliance steps:

  1. The TCPA requires prior express consent to make any call to a cell phone using automatic dialing equipment or prerecorded messages.
  1. It is the responsibility of the person making the calls to determine whether they are is placing calls to a cell phone.   Businesses should either scrub call lists to remove cell phone numbers or implement procedures to obtain and keep records of consent from their customers prior to placing autodialed or prerecorded calls.
  1. Businesses must have in place procedures to honor requests to stop making autodialed or prerecorded calls to cell phones.  These opt-out requests may be made by individuals through any means.  Additionally, there is no grace period for processing opt-out requests under the TCPA or the FCC’s rules, thus they should be processed as soon as possible.

It is also important to note that the Gager case comes less than two months before new FCC rules under the TCPA will come into effect.   As of October 16, 2013, the TCPA rules will require the following types of consent:

  1. Telemarketing Calls:  Autodialed or prerecorded calls to cell      phones and prerecorded calls to residential lines require prior express      written consent.  The request      for written consent must: (i) clearly and conspicuously disclose that      the consumer is consenting to receive future autodialed or prerecorded      calls, as applicable, to the number provided for telemarketing purposes;      (ii) include the recipient’s signature (which can be an electronic      signature if consistent with E-SIGN or state law); and (iii) not make the      consent to receive such calls a condition of purchasing any goods or      services.
  1. Informational Calls:  Autodialed or prerecorded calls to cell phones require prior express consent (which may be oral or written), but autodialed or prerecorded calls to residential lines do not require prior consent.

 

Obtaining, and retaining proof of, proper consent is important because the TCPA provides a private right of action for actual damages or statutory damages of up to $500 per violation (and up to $1,500 per knowing or willful violation).  As a result, TCPA violations can create significant liability.  For example, last year a Jiffy Lube franchisee settled a TCPA for between $35 and $47 million for sending text messages to customers without proper consent.


Leave a comment

Article 29 Working Party Publishes Letter Criticizing the Proposed Online Behavioral Advertising Self-Regulatory Framework.

Earlier this week, the Article 29 Working Party published a letter it sent to the Interactive Advertising Bureau Europe (IAB Europe) and the European Advertising Standards Alliance (EASA) regarding their proposed self-regulatory framework for online behavioral advertising (OBA) to satisfy the EU’s ePrivacy Directive.   The letter referred to a meeting between the Working Party and the OBA industry scheduled for sometime in September and was sent in advance of the meeting to inform the OBA industry of the Working Party’s main concerns with the proposed framework.

Continue reading


Leave a comment

Class action filed against comScore over alleged privacy violations.

            A putative class action was filed yesterday (8/23/11) against comScore, Inc., an internet research and analytics company.  The plaintiffs allege that comScore violated federal law and the Illinois mini-FTC Act by collecting personal information from consumers’ computers without the consumers’ knowledge or consent.  The complaint was filed in the federal district court for the Northern District of Illinois, Dunstan et al. v comScore, Inc. (No. 1:11-cv-05807).

            The complaint alleges that comScore induced consumers to download its surveillance software by bundling the software with third-party free software products such as screensavers, games, and CD burning software, but failed to clearly disclose the extent to which the surveillance software will monitor a consumer’s internet activity and the access the software will have to change privacy and security settings.   The complaint also alleges that comScore intentionally made the surveillance software difficult to disable or uninstall by not deleting it when the freeware with which it was bundled was deleted. 

The claims asserted include violations of the federal Stored Communications Act (18 U.S.C. § 2701 et seq.),  Electronic Communications Privacy Act (18 U.S.C. § 2510 et seq.), Computer Fraud and Abuse Act (18 U.S.C. § 1030 et seq.),  the Illinois Consumer Fraud and Deceptive Practices Act (815 ILCS 505/1 et seq.), and common law unjust enrichment.  The plaintiffs are seeking actual, statutory and punitive damages, an injunction to stop comScore’s  illegal practices, disgorgement of profits, and attorneys’ fees.


Leave a comment

Draft Regulations Issued for Canada’s Anti-Spam Legislation

The Canadian Radio-Television and Telecommunications Commission (“CRTC”) and Industry Canada both recently published draft regulations, referred to as the Electronic Commerce Protection Regulations, under the authority of the anti-spam legislation enacted last year. The legislation, which is now being referred to as “Canada’s Anti-Spam Legislation” (“CASL” or “the Act”), is available here. In addition to amending several existing laws, CASL specifically establishes rules for sending commercial electronic messages (“CEMs”) to recipients in Canada and prohibits sending CEMs to electronic addresses without the recipient’s prior express or implied consent.
 
CASL has a wide scope, especially when compared to CANSPAM in the United States. CASL covers all “commercial electronic messages” sent to an “electronic address,” not only email communications. “Electronic message” is defined to mean a message sent over any means of telecommunications, including text, sound, voice or image, and “electronic address” is defined to cover email, instant messaging, text messages, and messages to “any similar account,” which could include social media websites such as Facebook and Twitter.
 
            The CRTC’s regulations: (1) prescribe the form and required information to be included in a CEM; (2) specify that a clear and prominent link to the required information can be used where it is not practicable to include all information in the CEM (e.g., character limited CEMs); and (3) the information required to be in a request for express consent to send CEMs. The CRTC notice announcing the regulations is available here. Comments can be submitted to the CRTC through August 29, 2011
 
            Industry Canada’s regulations: (1) define the meaning of personal relationship and family relationship under the Act; (2) prescribe the requirements allowing an individual to withdraw consent which was given to a third party; and (3) provide definitions related to implied consent based upon an “existing non-business relationship.” Industry Canada’s proposed regulations are available here. Comments can be submitted to Industry Canada through September 7, 2011. 


Leave a comment

Rep. Bono Mack Releases Discussion Draft of Data Security & Breach Notification Law and Holds Hearing

Earlier in the week, Representative Mary Bono Mack (R-CA) released a discussion draft of her “Secure and Fortify Electronic Data Act” (the “SAFE Data Act”). In a statement released about the draft, Bono Mack claimed the SAFE Data Act will establish uniform national standards for data security and data breach notification. 
 
Highlights of the proposed SAFE Data Act include:
 
·         Requiring the FTC to implement regulations that require companies holding personal information to establish and maintain a reasonable information security policy;
 
·         Requiring companies to establish a plan and procedures to minimize retention of personal information that is no longer needed for business or legal purposes;
 
·         Requiring the notification of law enforcement within 48 hours after discovery of a breach;
 
·         Requiring companies to begin notifying consumers within 48 hours after taking steps to prevent further breach and determining who has to be notified if there is a reasonable risk of harm.
 
·         Expanding the jurisdiction of the FTC to cover non-profits under the Act; 
 
·         Granting enforcement power to the FTC and to State Attorneys General if the FTC is not pursuing an action, but no private right of action; and
 
·         Preemption of the various state data security and breach notification law. 
 
Bono Mack is the chair of the House Subcommittee on Commerce, Manufacturing and Trade, which held a hearing earlier today on the proposed SAFE Data Act.  Testimony was given by FTC Commissioner Edith Ramirez, Jason Goldman(Telecommunications and e-Commerce Counsel, U.S. Chamber of Commerce), Robert Holleyman (President and CEO, Business Software Alliance), Stuart Pratt (President and CEO, Consumer Data Industry Association), and Marc Rotenberg (Executive Director, Electronic Privacy Information Center). Information on the hearing, including written testimony, is available on the House Energy and Commerce Committee’s webpage.   
 


Leave a comment

FTC Extends Deadline to Submit Comments on its “Dot Com Disclosures” Guide

The FTC recently announced that it has extended the deadline to submit comments on its guidance document regarding online advertising, "Dot Com Disclosures: Information About Online Advertising"  for 30 days until August 10, 2011. The invitation to submit comments was reported on this blog last month here

 

 


Leave a comment

Virtual World Operator’s COPPA Violations Result in a $3 Million Settlement with the FTC

The Federal Trade Commission announced a proposed settlement today with Playdom, Inc., a developer of online virtual world multi-player games, and an executive of the company. The $3 million settlement is the largest civil penalty imposed under the FTC’s COPPA Rule.

Continue reading