Inside Privacy - Updates on Developments in Global Privacy & Data Security

Last week, a district court declined to stay a lawsuit against Google Inc. and group-texting service Slide, Inc. alleging a violation of the Telephone Consumer Protection Act (“TCPA”).  The court found that a related, ongoing proceeding at the Federal Communications Commission relating to the scope of the definitions of “consent” and “automatic telephone dialing system” under the Act did not compel the court to stay the case.  Applying the doctrine of primary jurisdiction, the court concluded that it was as competent to determine the scope of the definitions of these terms as the FCC.

In a separate, but related proceeding, the FCC has requested public comments on the question of whether a company violates the TCPA when it sends a text message to a subscriber’s mobile device to confirm that the subscriber has opted out of receiving text messages ― a practice that is endorsed under the Mobile Marketing Association’s best practices guidelines.  This issue is also the subject of ongoing court proceedings:  there are more than a dozen lawsuits pending against companies for sending such confirmation messages.

The FCC received initial comments yesterday, including comments from industry participants, such as the Mobile Marketing Association and the CTIA―The Wireless Association, urging the Commission to find that one-time, precise opt-out confirmation text messages are not prohibited by the TCPA.  While the National Association of Consumer Advocates argued that even one-time confirmatory text messages should be understood to violate the TCPA, the Future of Privacy Forum agreed with industry commenters, stating that one-time opt-out confirmation text messages help protect individual privacy.  Reply comments are due to the FCC May 15, 2012. 

As we previously have reported, Congress also is considering the need for legislation to amend the TCPA to clarify the scope of limitations under the Act.

Today, the Federal Communications Commission adopted new rules that strengthen its restrictions on autodialed or prerecorded telemarketing calls.  The FCC billed the new rules as an effort to maintain consistency with the Federal Trade Commission’s telemarketing sales rule, which also governs telemarketing calls, and to give consumers control over the calls that they receive.

Under the new rules, companies will need to obtain prior express written consent from consumers before making prerecorded or autodialed telemarketing calls to consumers.  The FCC’s rule changes also eliminate the “established business relationship” exemption in its existing rule, which allows these calls to residential “landline” phones without consent.  The new restrictions will require written consent even for companies that have done business with the call recipient in the past. 

One area of dispute over the new rules related to whether the “written” consent requirement could be satisfied electronically and what steps were necessary to make the consent effective.  Consistent with the FTC’s approach, the FCC concluded that “written” consent can be provided electronically, such as through a website form.  However it is provided, though, the FCC requires “clear and conspicuous disclosure” about what the consumer is consenting to and an “unambiguous” agreement to receive calls at a phone number designated in the consent document.  Like the FTC, the FCC also warned that consents would not be effective if the consent is a condition of purchasing goods or services.

An additional change to maintain consistency with the FTC’s rule is a requirement that telemarketing calls that use a prerecorded voice include an interactive “opt-out” mechanism, which would allow the call recipient to opt out of future calls by pressing a button.  Finally, the FCC imposed new restrictions on so-called “call abandonment,” which occurs when there is no live telemarketer available to take an autodialed call.

Although the FCC’s rule changes have a broad impact on the telemarketing business, they do not impact non-telemarketing calls, even if they are made using an autodialer or include a prerecorded voice.  As a result, prior written consent is not required for autodialed calls that do not advertise a product or service, including calls by nonprofits or for political purposes.  Also, the new restrictions do not apply to informational calls that may be commercial in nature, such as calls from an airline informing passengers that their flights have been delayed or calls from a bank informing a customer of fraudulent charges to her account, and exclude certain health care-related calls that are regulated under HIPAA, which already imposes a written consent requirement.

The new FCC rules will not be effective until they are approved by the Office of Management and Budget.  Once that happens, companies will have a year to obtain prior written consent to covered telemarketing calls and to stop covered calls to consumers with whom they have established business relationships.  The other rule changes have shorter timetables:  the interactive opt-out requirement will go into effect after 90 days, and the abandonment restrictions after 30 days.

The Federal Communications Commission has adopted rules implementing the Protecting Children in the 21st Century Act. Like the Act, the FCC's rules require elementary and secondary schools that have applied for discounted Internet access services through the FCC's E-rate program to certify that the school's Internet safety policy provides for the education of minors about appropriate online behavior, including interacting with other individuals on social networking websites and in chat rooms and increasing cyberbullying awareness.

This requirement builds off existing rules that schools participating in the E-rate program certify that their Internet safety policy includes a technology protection measure, such as filtering software, that protects against Internet access through the school's facilities to visual depictions that are (1) obscene, (2) child pornography, or (3) harmful to minors.  An earlier audit administered by the Universal Service Administrative Company (which administers the E-rate program) had found that a school violated this requirement by allowing access to certain social networking websites.  In its Order, the FCC clarified that social networking websites are not per se "harmful to minors," noting that a contrary conclusion would be inconsistent with the Protecting Children in the 21st Century Act's focus on educating minors about how to interact with others on social networking websites.  The FCC also quoted a recent U.S. Department of Education report, which found that social networking websites have the potential to support student learning. 

On Thursday, July 14, 2011 two Subcommittees of the House Energy and Commerce Committee (Commerce, Manufacturing, and Trade and Communications and Technology) will hold a joint hearing entitled “Internet Privacy:  The Views of the FTC, the FCC, and NTIA."  The hearing, which is the first in a series of anticipated dialogues aimed at examining how information is collected, protected, and utilized in the online ecosystem, will feature witness testimony from FCC Chairman Julius Genachowski, FTC Commissioner Edith Ramirez, and NTIA Assistant Secretary Lawrence Strickling.  These federal regulators were called to testify about existing federal laws and practices to protect online consumer privacy and are expected to provide an overview of the existing federal privacy framework and help identify key issues to address.

On March 16, 2011, FTC Chairman Jon Leibowitz and Strickling testified in a Senate Commerce Committee hearing on “The State of Online Consumer Privacy.”  As we wrote about here, Strickling made news at the last hearing by stating that Obama administration supports comprehensive privacy legislation, which represented a shift in Administration policy.  Given the topic of this week’s hearing, we would expect Strickling to discuss the Administration’s position in the context of the current federal framework.

Check back after Thursday’s hearing for Inside Privacy’s summary and analysis of the discussion.

The Federal Communications Commission is seeking public comment on the use of location-based services in connection with a forthcoming staff report.  Comments are due to the FCC by July 8, 2011.

The agency also is teaming up with the Federal Trade Commission to host an educational forum on June 28, 2011, to help consumers understand the privacy implications of location-based services.  Representatives from mobile phone carriers, technology companies, consumer advocacy groups, and academia will discuss how these services work; their benefits and risks; industry best practices; and what parents should know about location tracking when their children use mobile devices.  

Location-based services have been the topic of a number of recent Congressional hearings.  Part of the focus at the most recent of these hearings was on children’s privacy.  Senator Rockefeller, Chairman of the Senate Commerce Committee, has sent letters to Apple, Google, and the Association for Competitive Technology with questions to help determine whether the applications running on their mobile platforms comply which the Children's Online Privacy Protection Act (COPPA).

Earlier this week, Comcast -- the largest cable operator in the U.S. -- stated in a filing to the Federal Communications Commission that it would commit to limit interactive advertising in children's programming as a condition of obtaining approval of its acquisition of NBC Universal.  Specifically, as long as they have control over the program's advertising, Comcast and NBCU will not insert interactive advertising into broadcast and cable programming that targets an audience of children 12 years old and younger.  Comcast defined "interactive advertising" to mean:

advertising for commercial products that is primarily targeted to children 12 and under and includes: interactive, overlap pop-up advertising; telescoping; long-form advertising (but does not include enabling the consumer to 'telescope' to additional linear or on demand programs); voting or polling requests that promote a product or service or gain information about consumer commercial preferences; T-Commerce that enables a consumer to purchase advertised products using a remote; and branded, interactive gaming which promotes a product.

In 2004, the FCC released a Notice of Proposed Rulemaking on interactive advertising, but the Commission hasn't taken any further action to adopt any new rules in this area.  In its Notice, the FCC tentatively concluded that it should prohibit interactivity during children's programming that connects viewers to commercial matter unless parents opt in to such services.  As noted by FCC staff during a recent ABA program on marketing to minors, however, industry and even some consumer groups have urged that requiring opt-in consent for interactive advertising in children's programming might not be the right approach.   As technology improves and interactive advertising becomes more widely used, marketers should pay attention to this ongoing proceeding.    

Last week, President Obama signed into law the "Truth in Caller ID Act," which prohibits the practice of providing false caller ID information in order to deceive the call recipient (better known as caller ID "spoofing").  Specifically, the Act prohibits the use of "misleading or inaccurate caller identification information with the intent to defraud, cause harm, or wrongfully obtain anything of value[.]"  The Act amends section 227 of the Communications Act of 1934 (47 U.S.C.  § 227) and gives the FCC six months to create implementing regulations.  Violators of the statute could face civil forfeiture penalties or, if the violation is willful and knowing, criminal fines and even jail time. 

"Truth in Caller ID" appears to be part of a larger government effort to reign in caller ID abuses that have grown more prevalent as the service has become more widely used to avoid telemarketing calls.  As we discussed in a previous post, the FTC currently is considering whether to strengthen its rules requiring telemarketers to disclose their identities through caller ID.