TCPA

By Meena Harris and Caleb Skeath

  1. Data Breaches
  • Studies show increase.  Amidst a flurry of high-profile breaches during 2014, several studies confirmed that data breaches as a whole have risen significantly over the past few years.  The California Attorney General released a study showing a 28% increase in breaches in 2013 as compared to 2012.  Another study, which examined the volume of data breaches during the first quarter of 2014, found an increase of 233% compared to the same time period in 2013.
  • State laws.  In April, Kentucky became the 47th state to enact a data breach notification law.  Florida and Iowa each amended their data breach notification laws in 2014 to, among other changes, enhance regulator notification requirements.  California amended its data breach notice law to expand the types of information covered and to require certain companies to provide one year of free credit monitoring to affected individuals (although the statutory language on the latter point is subject to multiple interpretations).
  • Federal legislation.  Numerous data breach bills, including the Data Security Breach Notification Act of 2014 and the Personal Data Protection and Breach Accountability Act, were introduced in Congress, although none passed during 2014.  The Senate Judiciary Committee, the Senate Commerce Committee, and the House Energy and Commerce Subcommittee on Commerce, Manufacturing, and Trade, among others, held hearings during 2014 to discuss the need to address data breaches and the possibility of enacting federal legislation.
  • Federal enforcement.  In the enforcement arena, the Federal Trade Commission (“FTC”), the Department of Health and Human Services (“HHS”), and state attorneys general pursued enforcement action during 2014 against companies that had suffered data breaches.  The Securities and Exchange Commission also announced in April that it would conduct over 50 cybersecurity examinations of publicly traded companies.  The Federal Communications Commission (“FCC”), for its part, levied a $10 million fine in October against two telecommunications carriers for exposing customer data, which represented the FCC’s first enforcement action in the wake of a data breach.
  • Continued attention in 2015.  Legislative interest in data breach issues has only increased in early 2015.  Since President Obama proposed national data breach legislation, additional data breach notification bills have been introduced in the House and Senate.  The House Subcommittee on Commerce, Manufacturing, and Trade also held a hearing on crafting a national data breach bill, debating the harm that should trigger notification obligations and the appropriate window for providing notifications.

Continue Reading Top 10 U.S. Privacy Developments of 2014

Last week, a federal judge in the Northern District of California dismissed a putative class action lawsuit under the Telephone Consumer Protection Act (“TCPA”), ruling that an automated telephone dialing system or “autodialer” is not used when a third party group inviter has provided the number that resulted in the initiation of the automated text by a company to a consumer.

Plaintiff Brian Glauser sued the group messaging application GroupMe, alleging that GroupMe violated the TCPA when GroupMe transmitted two texts notifying Glauser that he had been added to a GroupMe group called “Poker.”  Glauser argued that the group creator never asked GroupMe to send the texts, did not send the texts himself, and was not informed that the texts would be sent.  GroupMe argued that the sending of the texts was triggered by the Poker’s group creator’s addition of Glauser to the group.

The court found that even if it were to accept Glauser’s description of the process by which the texts were sent, there was no basis for Glauser’s argument that the texts were sent without human intervention.  In its 2003 TCPA Order, the Federal Communications Commission (FCC) described the “basic function” of autodialer equipment as having the “capacity to dial numbers without human intervention.”  The court held that because GroupMe obtained group members’ numbers through the actions of the group’s creator, the texts were sent as a direct response to the intervention of the group’s creator and therefore did not violate the TCPA.

Before reaching the question of whether the conduct in question involved human intervention, the court examined two threshold issues:  (1) whether TCPA liability depends on the present or actual capacity of a defendant’s equipment to function as an autodialer, as opposed to the potential capacity of that equipment function as autodialer, and (2) whether the TCPA’s definition of autodialer includes predictive dialers.Continue Reading Federal Court Narrows ATDS Definition

The FCC recently agreed to grant limited waivers for violations of its “opt out notice” rule for solicited faxes (i.e., faxes sent with the recipient’s prior express invitation or permission).  That rule requires that senders of faxes include opt-out notices on fax transmissions that contain advertisements or promotions.  The FCC
Continue Reading Parties Involved in TCPA Fax Litigation May Qualify for Relief

By Ani Gevorkian

Last week, the U.S. District Court for the Southern District of California issued an opinion regarding the definition of  an “Automatic Telephone Dialing System” (“ATDS”) under the Telephone Consumer Protection Act (“TCPA”).  The opinion follows a small but growing number of cases holding that courts have their own ability to interpret the statutory definition of ATDS and need not follow the Federal Communication Commission’s interpretation of that term.

The case, Marks v. Crunch San Diego, involved a class action suit against gym-operator Crunch San Diego (“Crunch”) for its use of a third-party web-based platform to send promotional text messages to current and prospective member mobile phones.  The plaintiff claimed he had received three unwanted text messages from Crunch over the course of about a month, in violation of the TCPA.  The motion for summary judgment turned on the issue of whether the platform Crunch used could be classified as an ATDS.  The court held that it could not.Continue Reading Another Court Finds That an Automated SMS Platform is Not an ATDS

Last week, the Federal Communications Commission announced plans to fine Dialing Services, LLC, nearly $3 million for making illegal “robocalls” to cell phones. The FCC has specific rules for automatic telephone dialing systems, also known as “autodialers,” that have the capacity to produce, store, and dial telephone numbers using a random or sequential number generator. The Telephone Consumer Protection Act (“TCPA”) prohibits the transmission of robocalls to mobile phones except for (1) calls made for emergency purposes, or (2) calls made with the “prior express consent” of the call recipient. (In 2012, the FCC promulgated a rule to require “prior express written consent” for such calls that contain a “telemarketing” or “advertisement” component.) The FCC alleged that Dialing Services transmitted automated or prerecorded voice messages on behalf of political campaigns and candidates without the prior express consent of the call recipients. Neither the TCPA nor the FCC’s rules contains a general exception from the autodialer prohibition for political calls.

This is not the first time that Dialing Services has heard from federal regulators. In March of last year, the FCC issued a citation to Dialing Services for making millions of calls to cell phones during the 2012 election cycle without authorization. The citation required Dialing Services to certify within fifteen days that it had ceased making robocalls without permission. It also came with a clear warning from the FCC Enforcement Bureau that, “These citations set the stage for significant monetary penalties if violations continue,” including fines up to $16,000 per call. Finding that Dialing Services failed to comply with the requirements of the citation and continued its practices by making 184 additional calls, the FCC last week announced plans to fine Dialing Services $2,944,000 – the maximum penalty for those 184 calls.Continue Reading FCC Fines Company $2.9 Million for Political Robocalls to Cell Phones

Last week, the FCC issued two TCPA rulings that shed further light on whether and under what circumstances an individual can provide “prior express consent”—or convey such consent—for another in the context of automated or prerecorded informational calls or text messages to mobile phones.  One of these rulings came in response to a Petition for Declaratory Ruling filed by the Cargo Airline Association (CAA), and the other came in response to a Petition for Declaratory Ruling filed by GroupMe, Inc./Skype Communications S.A.R.L. (GroupMe).  Coincidentally, the Eleventh Circuit issued its own opinion last week in Osorio v. State Farm Bank that touched on a similar issue.  A summary of each can be found after the jump.Continue Reading FCC and 11th Circuit Address “Prior Express Consent” by a Third Party Under the TCPA

The Seventh Circuit Court of Appeals recently held that the application of Indiana’s Automated Dialing Machine Statute to interstate calls was not preempted by the federal Telephone Consumer Protection Act or its implementing regulations (“TCPA”).  The case, Patriotic Veterans v. Indiana,  highlights the importance of considering both the TCPA

Continue Reading Seventh Circuit: Indiana Telemarketing Statute Not Preempted by TCPA

Earlier today, the FCC placed on public notice two petitions requesting that the agency clarify or forbear from enforcing certain aspects of its new TCPA regulations that went into effect on October 16, 2013.  Those regulations, which we summarized here, created, among other things, a new “prior express written

Continue Reading FCC Seeks Comment on Petitions to Forbear or Clarify New TCPA Rules

Earlier today, two entities — the Direct Marketing Association (“DMA”) and a Coalition of Mobile Engagement Providers (“Coalition”) — filed petitions at the FCC asking the agency to stay and forbear from enforcing, or clarify, certain aspects of the “prior express written consent” requirement that went into effect yesterday for prerecorded calls

Continue Reading Petitions to Forbear or Clarify New FCC TCPA Rules Filed

Last week, I spoke on a panel at the IAPP Privacy Academy about upcoming changes to FCC regulations governing the “prior express consent” requirement for, among other things, autodialed promotional text message and prerecorded call programs under the Telephone Consumer Protection Act (TCPA).  These changes will take effect next week

Continue Reading New Rules for Autodialed Promotional Text Messages and Prerecorded Call Programs Come Into Effect Oct. 16