The U.S. Court of Appeals for the D.C. Circuit on Friday issued a long-awaited ruling in a lawsuit challenging the Federal Communications Commission’s interpretations of key terms under the Telephone Consumer Protection Act of 1991 (“TCPA”), holding that the FCC in 2015 had adopted an unreasonably broad definition of the type of calling equipment subject to special restrictions under the TCPA — a definition so broad it would include any modern smartphone — and had failed to adequately justify its approach regarding liability for calls placed to cell phone numbers that have been reassigned to a new user.

The court upheld the FCC’s ruling that a party who has consented to receive calls may revoke that consent “through any reasonable means clearly expressing a desire to receive no further messages from the caller.”  The court also upheld the FCC’s decision to exempt from the TCPA’s consent requirements certain calls communicating urgent healthcare messages.

The D.C. Circuit’s unanimous decision addresses a consolidated set of petitions by various companies and trade associations — first filed in the summer and fall of 2015 and argued before the D.C. Circuit in 2016 — seeking review of a declaratory ruling released by the FCC in July 2015 (the “Omnibus Ruling”).  In the Omnibus Ruling, the FCC ruled on a total of 21 petitions seeking “clarification or other actions” regarding the TCPA, principally in connection with automated calls and text messages.

Petitioners sought court review of four aspects of the Omnibus Ruling:
Continue Reading D.C. Circuit Rejects Portions of FCC Decision Interpreting Key TCPA Terms

Customers’ allegations that they face a substantial risk of identity theft as a result of a 2014 data breach are sufficiently plausible to allow their suit against health insurer CareFirst to proceed, the U.S. Court of Appeals for the D.C. Circuit held in an August 1 decision.

CareFirst discovered in April 2015 — and announced a month later — that an unknown intruder had gained access in June 2014 to a database containing personal information about CareFirst’s customers.  Seven customers then brought a class-action lawsuit against CareFirst in the federal district court in Washington, D.C., alleging among other things that CareFirst was negligent in protecting customer data, and that customers as a result faced an increased risk of identity theft.

The district court dismissed the suit, finding that the plaintiffs had not alleged that hackers had accessed the plaintiffs’ social security numbers or credit card information, and that the risk of hackers stealing the plaintiffs’ identities without such information was too speculative to satisfy the requirements of Article III of the U.S. Constitution, which requires that federal courts hear only actual “cases or controversies.”  The Supreme Court has held that this requirement bars lawsuits where the plaintiffs have not alleged that they have suffered or imminently will suffer a concrete injury.
Continue Reading D.C. Circuit: Data Breach Plaintiffs Plausibly Allege ‘Substantial Risk’ of ID Theft Sufficient to Support Standing

A federal appeals court struck down key parts of the Federal Communications Commission’s Open Internet Order in a Jan. 14 decision, ruling that the FCC’s “net neutrality” rules improperly regulate broadband providers like “common carriers” — such as providers of traditional telephone service — even though the FCC has classified broadband providers as not subject to common-carrier obligations.   Importantly, however, the court held that the FCC has direct authority to impose restrictions on broadband providers as long as such rules do not amount to common carrier regulation. 

The FCC’s 2010 Open Internet Order generally prohibited both “fixed” and mobile broadband providers from blocking users’ access to lawful online content and services, with fixed providers — such as cable companies — subject to tighter restrictions than mobile operators.  In addition, the rules barred fixed broadband providers from “unreasonably” discriminating between different kinds of Internet traffic.

The FCC’s asserted goal was to prevent service providers from using their control of consumers’ broadband connections to prevent or discourage subscribers from using online voice, video, or other services that compete with the broadband provider’s own offerings.  The Commission concluded that such efforts would impair the spread of broadband, and the FCC found preventing such impairment was one of the mandates of the 1996 Telecommunications Act.   Verizon challenged the FCC’s rules as unnecessary, lacking in a statutory basis, and contrary to the Communications Act requirement that only traditional telephone companies can be subject to common carrier regulation. 

In Tuesday’s decision, the U.S. Court of Appeals for the D.C. Circuit upheld the FCC’s judgments on a number of points, including that the rules were a rational policy tool to promote broadband and that the rules had a statutory basis in Section 706 of the 1996 Act, which heretofore had been characterized by the FCC as simply hortatory.  However, the court concluded that the anti-blocking and anti-discrimination rules violated statutory prohibitions on imposing common carrier rules on non-carriers.   The court upheld a separate rule requiring broadband providers to disclose their network management practices.

Continue Reading Court Strikes Net Neutrality Rules, Leaves Path for Other Broadband Regulations