Federal Communications Commission

On May 4, 2016, the FCC issued a Notice of Proposed Rulemaking to exempt robocalls made to collect “a debt owed to or guaranteed by the United States” from the TCPA’s prior express consent requirement. The new rules will implement a provision of the Bipartisan Budget Act of 2015. In its Notice, the Commission seeks comment on a number of issues, including as follows:

What types of calls should be covered by the exemption? The Budget Act created the TCPA exemption for calls made “solely to collect a debt” owed to the United States.  The Commission seeks comment on the proper interpretation of that language.  It also proposes to allow debt servicing calls under the exemption because such calls “may provide a valuable service by offering information about options and programs designed to keep at-risk debtors from defaulting or becoming delinquent on their loans.”  Finally, the Commission seeks comment on the proper interpretation and scope of the phrase “owed to or guaranteed by the United States.”
Who can be called? The Commission proposes that the exemption will cover “only calls to the person or persons obligated to pay the debt.”  It would exclude calls to persons who the caller does not intend to reach, and would apply the “one-call window” rule for reassigned numbers.  The Commission seeks comments on these proposals and asks commenters to provide alternative approaches they feel would be appropriate.
Who may place the calls? The Commission proposes that the exemption would cover calls made by creditors and those calling on their behalf, including agents.  It seeks comment on whether it should adopt this approach, or consider a narrower or broader interpretation under the Budget Act exemption.
How should the Commission limit the number and duration of the calls? The Budget Act provides the Commission with discretion to restrict covered calls, including by limiting the frequency and duration of the calls.  Thus, the Commission has proposed a three-call-per-month maximum for autodialed, prerecorded, or artificial voice calls to wireless numbers.  The limit would apply regardless of whether a call went unanswered.  The Commission posits whether a different limitation would be appropriate for live agent calls.  Without setting forth specific proposals, the Commission also seeks comment on the appropriate duration for the calls, as well as other restrictions (i.e., limiting calls hours to 8:00 AM to 9:00 PM).
Should consumers be permitted to stop covered calls? The Commission proposes “that consumers should have a right to stop [covered] calls at any point the consumer wishes.”  It proposes that stop-calling requests would continue to apply even after the debt is transferred to other collectors.  It further proposes to require callers to inform consumers of their right to make a stop-calling request.

Comments on the Commission’s proposals are due on June 6, 2016 and replies are due on June 21, 2016. Following the comment period, we expect the proceeding to move quickly because the Commission is statutorily mandated to adopt rules to implement the exemption no later than August 2, 2016.

On March 31, 2016, the FCC voted along party lines (3-2) to issue a notice of proposed rulemaking (NPRM) to establish privacy rules for Broadband Internet Access Service (BIAS) providers. These proposals, if adopted, could impose prescriptive and complex privacy obligations that would be among the most extensive in the country.

As our Communications group’s client advisory explains, if adopted, the NPRM would:

  • Broadly define key terms. For example, the NPRM would define customer Proprietary Information as an umbrella term that includes both customer proprietary network information (CPNI) and personally identifiable information.
  • Impose detailed content, form, timing, and placement requirements for privacy policies, with separate notice requirements for material changes.
  • Adopt the legacy three-tiered consent framework from the voice-centric CPNI rules, with a few notable changes.
  • Impose prescriptive data security rules, which would address specific data security practices require that providers generally “protect the security, confidentiality and integrity of customer PI . . . by adopting security practices appropriately calibrated to the nature and scope of the BIAS provider’s activities, the sensitivity of the underlying data, and technical feasibility.”
  • Broaden the definition of breach to include inadvertent breaches and cover all customer personal information (not just CPNI), and expand breach notification obligations for both BIAS and voice providers.
  • Require that BIAS providers be accountable for third party misuse of customer personal information.
  • Prohibit BIAS providers from offering BIAS contingent on the waiver of privacy rights by consumers.

While the proposals are generally focused on broadband privacy, as the advisory explains, some of the issues on which the FCC seeks comment could have a far wider impact. Comments are due May 27, 2016, and reply comments are due June 27, 2016.

iStock_000036215158Large-335x251On January 11, 2016, the FCC’s Consumer and Governmental Affairs Bureau released an order denying a petition by a text message platform provider for a declaratory ruling that the Commission should evaluate TCPA liability for these types of entities under the same standard established for fax broadcasters.  In the Order, the Bureau explained that a separate liability standard for text message apps and platforms was laid out in the Commission’s July 2015 Omnibus TCPA Order and that “text broadcasters can be liable for TCPA violations based on the factors discussed in that decision.”

The petitioner, Club Texting, Inc., filed its request for a declaratory ruling in 2009.  In the petition, Club Texting asked the Commission to apply the fax broadcaster TCPA liability standard to text message platforms, such that “liability will attached only if a text broadcaster ‘demonstrates a high degree of involvement in, or actual notice of, the unlawful activity and fails to take steps to prevent such transmissions.’”  In support of this request, Club Texting claimed that if the Commission made an affirmative finding that text broadcasters are not “senders” for TCPA purposes, it would “promote compliance” by the broadcasters’ third party clients that “are in the best position to ensure that recipients have consented to receive the text messages.”

FCC TCPA Declaratory Ruling

Nearly six years after the petition was filed, the FCC released its July 2015 Omnibus TCPA Order, in which it responded to approximately two dozen petitions for clarification of a variety of TCPA-related issues, including the Commission’s definition of a “caller” for purposes of determining TCPA liability.  In the Order – which is currently being challenged in the U.S. Court of Appeals for the D.C. Circuit – the Commission determined that a calling or texting platform or application may face primary liability under the TCPA as the “caller” based on a case-by-case analysis of whether the entity takes the steps necessary to physically place the telephone call (or text), or is so involved in the placing of a call to have been deemed to initiate it (as opposed to merely having some role, however minor, in the causal chain that results in the making of the telephone call).  The Commission further explained that other relevant factors when making its determination could include “the extent to which a person willfully enables fraudulent spoofing of telephone numbers or assists telemarketers in blocking Caller ID, by offering either functionality to clients,” or whether the text broadcaster “has knowingly allowed its client(s) to use that platform for unlawful purposes.”

The FCC’s standard is similar to the “high degree of involvement” standard applicable to fax broadcasters, but the Commission made clear that it was not applying the fax broadcaster standardper se.  This raises the possibility that outcomes involving calls or texts will differ than they would if faxes were involved.  Until we see cases adjudicating liability, however, we will not know how much of a difference the standard makes in practice.

Club Texting Petition

Against this backdrop, the FCC’s order in Club Texting is primarily procedural.  In denying the Club Texting petition, the Bureau reaffirmed the position in the Order and noted that “the Commission has clarified the standard to be applied to text broadcasters and that standard is not the same standard as applies to fax broadcasters.”  It did not revise the standard, nor did it offer any meaningful clarifications of how the standard will be applied.  Indeed, the order explicitly states that it is not adjudicating the liability of any particular text broadcasting service at this time.

We note that the FCC has proposed to fine a “robocall broadcaster” previously.  The case involved Dialing Services, Inc., a developer of a software platform that allows customers to record their own messages and send them to a designated list of recipients.  The Commission issued a Notice of Apparent Liability against the company in May 2014, and proposed a $2.9 million penalty on the basis that Dialing Services had allowed its customers, through its platform, to make 184 unlawful prerecorded message calls to cell phones.  According to the Commission, because of the company’s involvement in the call process, Dialing Services made or initiated the calls.  The Commission has yet to convert the NAL to a Forfeiture Order, however.  Arguably, the Commission should apply the standard announced in the 2015 TCPA Declaratory Ruling to determine Dialing Services’ liability in the case.

For now, service providers should expect the Commission to continue in its efforts to cast a wide consumer protection net, and companies involved in activities regulated by the TCPA should take whatever steps are necessary to avoid unwanted attention from regulators or the plaintiffs’ bar.

New rules issued by the Federal Communications Commission ("FCC") last year are about to take effect. These rules will make it more difficult for businesses to make telemarketing calls and texts to wireless customers and to certain residential customers by requiring express written consent (1) to make telemarketing calls using an autodialer or prerecorded message to wireless callers, and (2) to send prerecorded message calls to residential subscribers. Previously, any form of consent was permitted for these calls, and, in the case of prerecorded messages to residential subscribers, a business could rely upon an "established business relationship" to place such calls.

With the rise in class action cases for alleged TCPA violations, businesses engaging in telemarketing should review their practices for obtaining customer consent prior to implementation of the new rules on October 16, 2013.

For more information, click to read our client advisory.

On May 9, 2013, the Federal Communications Commission ruled that sellers may be held vicariously liable under the Telephone Consumer Protection Act (“TCPA”) for unlawful telemarketing by third parties under certain circumstances. The FCC’s Declaratory Ruling addresses third-party liability for violations of the Do Not Call and prerecorded message restrictions of the Communications Act. The Commission ruled that, under both provisions, a seller may be held vicariously liable for violative calls placed by third-party marketing agents under principles of the federal common law of agency.

The Declaratory Ruling thus resolves a central question that is raised in a number of TCPA lawsuits: sellers may only be held liable for actions of those third party telemarketers that are determined to be agents, applying the federal common law of agency. Moreover, a manufacturer that simply puts a product in the chain of commerce that is later resold by a seller is not likely to be affected by this Ruling, provided that it does not otherwise trigger the TCPA’s seller definition.

With respect to how and under what circumstances the federal common law of agency will be applied to find a seller vicariously liable for the acts of third parties, the future is unclear – particularly with respect to claims based on alleged apparent authority and whether the FCC’s “illustrative examples” of such apparent authority set forth in the Ruling will influence courts in interpreting how the federal common law of agency should apply to the specific facts of a particular case.

For more on this decision, please reference the Kelley Drye client advisory.

Mobile marketing, sweepstakes and services, including location-based services, are governed by an alphabet soup of statutes and regulations: TCPA, COPPA, CAN-SPAM, CPNI, etc. To complicate compliance even further, numerous class action lawsuits in state and federal courts have addressed issues and nuances that the Federal Communications Commission, Federal Trade Commission, and state regulatory agencies or legislatures have not.

On November 16th, Kelley Drye held a webinar which discussed the new rules of the road for mobile communications, marketing, and sweepstakes, and offered suggestions for reaching consumers while mitigating the legal risks.

Click here to download the slides from the webinar and click here to watch the recording.

Data breaches caused by hackers or other forces outside the control of a business are a scary, and expensive, proposition for any organization that collects or retains personally identifiable information, or warehouses credit or financial information. According to a recent study by Symantec, an average data breach will cost an organization $5.5 million, including direct costs such as engaging forensic experts, outsourcing hotline support and providing free credit monitoring subscriptions, discounts for future products and services, and indirect costs such as in-house investigations and communication. These costs are in addition to the costs of potential litigation (often in the form of a class action) by customers alleging that the company failed to take adequate measures to protect their data, and investigations by government agencies, such as the Federal Trade Commission, that frequently become involved when breaches affect a large number of consumers.

Like any potentially catastrophic problem, insurance can be at least a partial solution. A new article in The Corporate Counselor examines insurance coverage for data breaches. In-house counsel may be surprised to learn that coverage for data breaches is not limited to specialty policies, and can often be found under standard CGL or property insurance policies. Any time a potential data breach occurs, it is essential for an insured to consider all forms of insurance that it carries and to provide prompt notice to its insurer(s) of any policy that even potentially could apply.

The article, “Insurance Coverage for Data Breach Claims,” was co-written by Cameron R. Argetsinger.

Last year, a CBS radio station in North Carolina ran a “Carolina Cuties” contest in which listeners were invited to submit pictures of their babies on the station’s website. The grand prize winner was be determined by public votes. Although broadcast announcements for the contest stated that voting would end on September 5, 2011, the station’s website and e-mails to the finalists stated that voting would end by September 4, 2011. One of the contestants complained to the FCC about the discrepancies.

The FCC requires broadcast licensees to disclose the material terms of their promotions — including when and how winners will be selected — and to conduct their promotions substantially as advertised. The agency wasn’t persuaded by the station’s argument that the discrepancies were due to inadvertent errors, holding that inadequate oversight of staff does not excuse a failure to run the promotion as advertised. The agency also rejected the station’s argument that the errors did not put any consumers at a disadvantage. Instead, the FCC noted that there was a potential for harm, and that a showing of actual harm is not necessary in determining whether a violation occurred. Accordingly, the FCC proposed a fine of $10,000.

This case demonstrates that companies can be held responsible for discrepancies between how they advertise a promotion and how the promotion is actually run. If you are running a promotion, make sure that your rules and marketing materials are in sync with how you actually run the promotion.  

The FCC has issued a notice seeking public comment on a petition filed in February by SoundBite Communications seeking a declaratory ruling on text messaging. SoundBite asked FCC to issue a ruling that sending a one-time text message to confirm a consumer’s request that no further messages be sent does not violate the Telephone Consumer Protection Act (“TCPA”) or the FCC’s implementing regulations.

Under the TCPA, a person is prohibited from making non-emergency calls, including sending text messages, with an automatic telephone dialing system or an artificial or pre-recorded voice to a cell phone without prior consent. Industry best practice includes confirming receipt of an opt-out request via text message. However, several companies, including SoundBite, are the subject of class action lawsuits for sending the confirmations. SoundBite has asked FCC to expedite a declaratory ruling on the matter on the grounds that the confirmation messages are sent within the grace period established by FCC and that SoundBite does not use an automatic dialing system, as that term is defined in the TCPA. All companies that follow the same practice of sending confirmation of an opt-out request via text message should review the FCC notice and decide whether to comment on the petition. Comments are due to FCC by May 15, 2012.
 

Changes to privacy regulations, such as proposed revisions to the Children’s Online Privacy Protection Act (COPPA), and continuously evolving technologies, including mobile apps with location-based services, can make it difficult for businesses to ensure their privacy practices are up to par.

On February 16, Kelley Drye will gather government leaders from the FTC and FCC, and thought leaders in the industry, for a discussion about new regulations, enforcement trends, and best practices to avoid consumer privacy risks. Please join us for "Privacy in 2012: What to Watch Regarding COPPA, Mobile Apps, and Evolving Law Enforcement and Public Policy Trends."

Email dcevents@kelleydrye.com to register for the live seminar or teleconference.

KEYNOTE SPEAKER

Peter Swire, Professor of Law, Ohio State University; former Clinton Administration Chief Counselor for Privacy, U.S. Office of Management and Budget

PANEL 1:  COPING WITH COPPA: CHILDREN’S PRIVACY AND PROPOSED REVISIONS TO THE COPPA RULE

Ellen Blackler, Vice President – Global Public Policy, The Walt Disney Company

Mamie Kresses, Senior Attorney, Division of Advertising Practices, Federal Trade Commission

Saira Nayak, Director of Policy, TRUSTe

Moderated by partners Dana Rosenfeld and Alysa Hutnik of Kelley Drye & Warren LLP

PANEL 2:  MOBILE APPS: A PRIVACY AND CONSUMER PROTECTION HOT SPOT

Michael Altschul, Senior Vice President and General Counsel, CTIA

Jessica Rich, Associate Director, Division of Financial Practices, Federal Trade Commission

Jennifer Tatel, Associate General Counsel, Federal Communications Commission (invited)

Moderated by partners John Heitmann and Gonzalo Mon of Kelley Drye & Warren LLP

When:
February 16, 2012,  2:30 PM – 5:30 PM EST

Location:
Kelley Drye & Warren LLP
3050 K Street, NW, Suite 400
Washington, DC 20007-5108

And via audio webcast

RSVP:
Email dcevents@kelleydrye.com or contact Cassidy Russell at 202.342.8400.

This seminar is free of charge, but space is limited. Reserve your place today.

CLE and CPE credit may be available in certain jurisdictions.