Last week, the Federal Communications Commission (FCC) released the text of its long-awaited order addressing certain aspects of the Telephone Consumer Protection Act (TCPA) and related FCC rules.  The order addressed a total of 21 petitions seeking “clarification or other actions” regarding the TCPA, principally in connection with automated calls and text messages.

Although the order purports only to “clarify” existing FCC precedent, there is widespread debate over whether the order imposed new requirements on entities that transmit automated calls and text messages.  The order already has been appealed by one party and other appeals are expected.  Nevertheless, because the FCC claims the order only clarifies existing precedent, its provisions became effective when the order was released on July 10, 2015.

The order focuses on ten key areas, which are summarized after the jump.

1. Definition of Autodialer:  Absent an emergency, the TCPA prohibits the “mak[ing]” of a call (which the FCC defines to include a text message) using an “automated telephone dialing system” (“autodialer”) or a prerecorded voice without the “prior express consent” of the “called party.”  If the call or text message contains an advertisement or other form of telemarketing, this “prior express consent” must be in writing (or its electronic equivalent) and incorporate certain FCC-prescribed disclosures.  The TCPA defines an “autodialer” as equipment “which has the capacity . . . to store or produce telephone numbers to be called, using a random or sequential number generator” and “to dial such numbers.”  Although several courts have held that such equipment must have the “present” capacity to store, produce, and dial such numbers to meet the TCPA’s definition, the FCC’s order states that “the capacity of an autodialer is not limited to its current configuration but also includes its potential functionalities.”

The order acknowledges that there are “outer limits” to this interpretation of “capacity,” and that “the outer contours of the definition of ‘autodialer’ do not extend to every piece of malleable and modifiable dialing equipment that conceivably could be considered to have some capacity.”  However, the order does not elaborate much beyond this statement, except to note that the theoretical  modification of a rotary phone would be “too attenuated” to support a finding that the device could have the requisite capacity to meet the “autodialer” definition.  The order declines to address whether a smartphone can qualify as an “autodialer,” claiming that “there is no evidence in the record that individual consumers have been sued based on typical use of smartphone technology.”

2. “Make” or “Initiate” a Call or Text Message:  The autodialer prohibition applies only to a person or entity that “makes” or “initiates” a call or text message.  According to the FCC, to identify that person or entity, “we must look to the totality of the facts and circumstances surrounding the placing of a particular call to determine: (1) who took the steps necessary to physically place the call; and (2) whether another person or entity was so involved in placing the call as to be deemed to have initiated it, considering the goals and purposes of the TCPA.”

The FCC applied this framework to determine that an app developer “does not make or initiate a call when one of its app users uses its service to send an automatic text in response to a voicemail left by someone who called the . . . app user.”  Using the same framework, the FCC also determined that an app developer “does not make or initiate a call when one of its app users sends an invitational text message” using the app platform.  However, where an app developer accesses the contacts in an app user’s mobile telephone to “automatically send[]” invitational text messages to the individuals in that contact list, the FCC found the app developer to be the maker or initiator of those messages because those transmissions involved “little or no obvious control by the user.”

The order employed a similar analysis to find that “collect calling service providers that use prerecorded messages, on a single call-by-call basis, to provide call set-up information when attempting to connect a call to a residential or wireless telephone number” do not require “prior express consent” from the called party.  The FCC based this finding on the theory that “a person who dials the number of the called party or the number of a collect calling service provider in order to reach the called party . . . ‘makes’ the call for purposes of the TCPA.”

3. Establishing and Revoking Consent:  The order confirms earlier guidance that “persons who knowingly release their phone numbers have in effect given their invitation or permission to be called at the number which they have given, absent instructions to the contrary.”  However, the order clarifies that a “wireless telephone number . . . in the contact list on a wireless phone, standing alone, does not demonstrate that the person whose number is so listed has granted prior express consent as required by the TCPA.”  The order also confirms “that porting a telephone number from wireline service to wireless service does not revoke prior express consent,” though it cautions that the earlier-obtained consent has to meet the requirements of the “prior express consent” or “prior express written consent” standard, as the case may be, in order to be relied upon today in the wireless context.

Separately, the order appears to set a new standard for revoking consent, though it claims to ground its thinking in recent FCC precedent and common law principles.  Specifically, the order purports to clarify that “consumers may revoke consent through any reasonable means.”  Although the FCC’s order does not describe in detail what that means other than to ascribe to it a “totality of the facts and circumstances” test, it states, by way of example, that consent can be revoked through “a consumer-initiated call, directly in response to a call initiated or made by a caller, or at an in-store bill payment location.”  It also notes that designating an exclusive means of revocation can, “in some circumstances, materially impair” the consumer’s ability to revoke consent.

4. Reassigned Telephone Numbers:  Because of the way the TCPA was drafted, there has been debate in TCPA circles over whether a call to a telephone number that had been reassigned (without the knowledge of the caller) from a consenting consumer to a new consumer can be actionable under the statute.  The FCC addressed a number of petitions that raised this question by “clarify[ing] that the TCPA requires the consent not of the intended recipient of the call, but of the current subscriber (or non-subscriber customary user of the phone)” that actually receives the call.  The FCC acknowledged, however, that because callers cannot always know that a telephone number has been reassigned, liability for the first call to a reassigned number does not necessarily lead to TCPA liability.  In so finding, the FCC acknowledged that it “do[es] not presume that a single call to a reassigned number will always be sufficient for callers to gain actual knowledge of the reassignment,” but it nevertheless found “that the one-call window provides a reasonable opportunity to learn of the reassignment.”  Callers “may reasonably be considered to have constructive knowledge” of the reassignment if “the caller makes the first call without reaching that original subscriber.”

5. Prior Express Written Consent:  In a previous TCPA order released in October 2013, the FCC held that automated telemarketing calls and text messages to mobile telephone numbers require the “prior express written consent” of the call recipient.  In last week’s order, the FCC rejected arguments that consents secured before the effective date of this October 2013 order should be considered valid even if they did not meet the “prior express written consent” standard.  Instead, the FCC clarified that  “telemarketers should not rely on a consumer’s written consent obtained before the current [October 2013] rule took effect if that consent does satisfy the current rule.”  Since the FCC recognized that its October 2013 order led to some confusion regarding this issue, the agency granted the petitioners that raised this issue a 90-day grace period to come into compliance with the “prior express written consent” rule.

6. Immediate One-Time Text Messages.  The FCC clarified that a one-time automated text message sent immediately after a consumer’s request for information as part of an ad campaign does not violate the TCPA.  According to the FCC, this sort of text message is not a “telemarketing” or “advertisement” message but instead merely the “fulfillment of the consumer’s request” for information.  The FCC clarified that in order to qualify for this exception, the one-time automated text message must (1) be requested by the consumer, (2) be sent immediately in response to a specific consumer request; and (3) contain only the information requested by the consumer with no other marketing or advertising information.

7. Internet-to-Phone Messaging:  The FCC addressed the status of Internet-to-phone text messaging, which allows a party to send an email to an address that combines a recipient’s mobile telephone number with the provider’s domain name (e.g., 5551212@randomcarrierdomain.com) and results in the delivery of the e-mailed message as a text message to the recipient’s mobile telephone.  According to the FCC order, this technology (as specifically described in the petition in which the issue was presented) qualifies as an autodialer under the TCPA.

8. Exception for Certain Free “Pro Consumer” Financial Messages:  The FCC’s order granted limited exceptions to TCPA liability for certain free “pro-consumer” calls or text messages about time-sensitive financial issues.  Under these exceptions, financial institutions may transmit free fraud and security alerts, as well as money transfer notifications, to recipients in the absence of “prior express consent,” subject to certain specified limitations.  These limitations specify that (1) the messages may be sent only to the wireless telephone number provided by the customer of the financial institution; (2) the messages must state (at the beginning of the call for voice calls) the name and contact information of the financial institution; (3) the messages must be limited strictly to specific fraud, security and money transfer purposes and may not include any telemarketing, cross-marketing, solicitation, debt collection or advertising content; (4) the messages must be concise, generally one minute in length for voice calls and 160 characters or less for text messages; (5) no more than three messages per event over a three-day period may be sent to the owner of an affected account; (6) the messages must offer an easy means of opting out of future messages; and (7) opt-out requests must be honored immediately.  The FCC’s order presumes that financial institutions will work with mobile phone carriers to ensure that these types of messages will be delivered free of charge to consumers.

9. Exceptions for Certain Healthcare Providers and Free “Pro Consumer” Healthcare Messages.  The order purports to make three clarifications for healthcare messages.  First, it clarifies that the “provision of a phone number to a healthcare provider constitutes prior express consent for healthcare calls subject to HIPAA by a HIPAA-covered entity and business associates acting on its behalf, as defined by HIPAA, if the covered entities and business associates are making calls within the scope of the consent given, and absent instructions to the contrary.”

Second, the order clarifies “that where a party is unable to consent because of medical incapacity, prior express consent to make healthcare calls subject to HIPAA may be obtained from a third party — much as a third party may consent to medical treatment on an incapacitated party’s behalf.”

Third, similar to financial institutions, healthcare providers were granted an exemption from the “prior express consent” requirement for free automated “pro consumer” calls and text messages to mobile phones “for which there is an exigency and that have a healthcare treatment purpose, specifically:  appointment and exam confirmations and reminders, wellness checkups, hospital pre-registration instructions, pre-operative instructions, lab results, post-discharge follow-up intended to prevent re-admission, prescription notifications, and home healthcare instructions.”  However, these calls and text messages are subject to the following limitations:  (1) they must be sent only to the wireless telephone number provided by the patient; (2) they must state (at the beginning of the call for voice calls) the name and contact number of the healthcare provider; (3) they must be limited strictly to the above-described purposes and cannot include any telemarketing, solicitation or advertising; may not include accounting, billing, debt-collection or other financial content; and must comply with HIPAA privacy rules; (4) they must be concise, generally one minute in length for voice calls and 160 characters or less for text messages; (5) they must be limited to one message per day, and up to a maximum of three messages per week from a specific healthcare provider; (6) they must offer an easy means of opting out of future messages; and (7) opt-out requests must be honored immediately.

10. Call-Blocking Technology:  The order clarifies that there is no legal prohibition on telephone carriers offering call-blocking technology that allows a consumer to direct which incoming calls he or she wishes to block.  It is not clear whether or to what extent carriers will make these technologies available.

Correction (March 16, 2018): An earlier version of this post misstated the release date of the FCC’s order.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Yaron Dori Yaron Dori

Yaron Dori has over 25 years of experience advising technology, telecommunications, media, life sciences, and other types of companies on their most pressing business challenges. He is a former chair of the firm’s technology, communications and media practices and currently serves on the…

Yaron Dori has over 25 years of experience advising technology, telecommunications, media, life sciences, and other types of companies on their most pressing business challenges. He is a former chair of the firm’s technology, communications and media practices and currently serves on the firm’s eight-person Management Committee.

Yaron’s practice advises clients on strategic planning, policy development, transactions, investigations and enforcement, and regulatory compliance.

Early in his career, Yaron advised telecommunications companies and investors on regulatory policy and frameworks that led to the development of broadband networks. When those networks became bidirectional and enabled companies to collect consumer data, he advised those companies on their data privacy and consumer protection obligations. Today, as new technologies such as Artificial Intelligence (AI) are being used to enhance the applications and services offered by such companies, he advises them on associated legal and regulatory obligations and risks. It is this varied background – which tracks the evolution of the technology industry – that enables Yaron to provide clients with a holistic, 360-degree view of technology policy, regulation, compliance, and enforcement.

Yaron represents clients before federal regulatory agencies—including the Federal Communications Commission (FCC), the Federal Trade Commission (FTC), and the Department of Commerce (DOC)—and the U.S. Congress in connection with a range of issues under the Communications Act, the Federal Trade Commission Act, and similar statutes. He also represents clients on state regulatory and enforcement matters, including those that pertain to telecommunications, data privacy, and consumer protection regulation. His deep experience in each of these areas enables him to advise clients on a wide range of technology regulations and key business issues in which these areas intersect.

With respect to technology and telecommunications matters, Yaron advises clients on a broad range of business, policy and consumer-facing issues, including:

  • Artificial Intelligence and the Internet of Things;
  • Broadband deployment and regulation;
  • IP-enabled applications, services and content;
  • Section 230 and digital safety considerations;
  • Equipment and device authorization procedures;
  • The Communications Assistance for Law Enforcement Act (CALEA);
  • Customer Proprietary Network Information (CPNI) requirements;
  • The Cable Privacy Act
  • Net Neutrality; and
  • Local competition, universal service, and intercarrier compensation.

Yaron also has extensive experience in structuring transactions and securing regulatory approvals at both the federal and state levels for mergers, asset acquisitions and similar transactions involving large and small FCC and state communication licensees.

With respect to privacy and consumer protection matters, Yaron advises clients on a range of business, strategic, policy and compliance issues, including those that pertain to:

  • The FTC Act and related agency guidance and regulations;
  • State privacy laws, such as the California Consumer Privacy Act (CCPA) and California Privacy Rights Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, the Virginia Consumer Data Protection Act, and the Utah Consumer Privacy Act;
  • The Electronic Communications Privacy Act (ECPA);
  • Location-based services that use WiFi, beacons or similar technologies;
  • Digital advertising practices, including native advertising and endorsements and testimonials; and
  • The application of federal and state telemarketing, commercial fax, and other consumer protection laws, such as the Telephone Consumer Protection Act (TCPA), to voice, text, and video transmissions.

Yaron also has experience advising companies on congressional, FCC, FTC and state attorney general investigations into various consumer protection and communications matters, including those pertaining to social media influencers, digital disclosures, product discontinuance, and advertising claims.

Photo of Caleb Skeath Caleb Skeath

Caleb Skeath advises clients on a broad range of cybersecurity and privacy issues, including cybersecurity incident response, cybersecurity and privacy compliance obligations, internal investigations, regulatory inquiries, and defending against class-action litigation. Caleb holds a Certified Information Systems Security Professional (CISSP) certification.

Caleb specializes in assisting…

Caleb Skeath advises clients on a broad range of cybersecurity and privacy issues, including cybersecurity incident response, cybersecurity and privacy compliance obligations, internal investigations, regulatory inquiries, and defending against class-action litigation. Caleb holds a Certified Information Systems Security Professional (CISSP) certification.

Caleb specializes in assisting clients in responding to a wide variety of cybersecurity incidents, ranging from advanced persistent threats to theft or misuse of personal information or attacks utilizing destructive malware. Such assistance may include protecting the response to, and investigation of an incident under the attorney-client privilege, supervising response or investigation activities and interfacing with IT or information security personnel, and advising on engagement with internal stakeholders, vendors, and other third parties to maximize privilege protections, including the negotiation of appropriate contractual terms. Caleb has also advised numerous clients on assessing post-incident notification obligations under applicable state and federal law, developing communications strategies for internal and external stakeholders, and assessing and protecting against potential litigation or regulatory risk following an incident. In addition, he has advised several clients on responding to post-incident regulatory inquiries, including inquiries from the Federal Trade Commission and state Attorneys General.

In addition to advising clients following cybersecurity incidents, Caleb also assists clients with pre-incident cybersecurity compliance and preparation activities. He reviews and drafts cybersecurity policies and procedures on behalf of clients, including drafting incident response plans and advising on training and tabletop exercises for such plans. Caleb also routinely advises clients on compliance with cybersecurity guidance and best practices, including “reasonable” security practices.

Caleb also maintains an active privacy practice, focusing on advising technology, education, financial, and other clients on compliance with generally applicable and sector-specific federal and state privacy laws, including FERPA, FCRA, GLBA, TCPA, and COPPA. He has assisted clients in drafting and reviewing privacy policies and terms of service, designing products and services to comply with applicable privacy laws while maximizing utility and user experience, and drafting and reviewing contracts or other agreements for potential privacy issues.