In September, 40 state attorneys general wrote to the U.S. Food and Drug Administration (FDA) asking the agency to take all available measures to issue regulations on the advertising, ingredients, and sale to minors of electronic cigarettes, also known as e-cigarettes or e-cigs. The full text of the letter is available here. The FDA has set a deadline of October 31 to issue proposals to regulate e-cigarettes, but the agency has delayed action in the past.
E-cigarettes are battery-operated nicotine delivery devices that are meant to replicate the flavor and sensation of smoking a tobacco cigarette. The sales of these products are rapidly growing and have doubled every year since 2008. In 2013, the industry is projected to reach $1.7 billion in sales. Tobacco giants Altria, which owns Philip Morris, and R.J. Reynolds, both of which have not previously been involved in the e-cigarette industry, are now launching their own brands.
E-cigarettes have been available for several years, but there has been very little regulation of the industry since its inception. However, the calls for the FDA to explore regulation are becoming louder, and momentum is growing to have the FDA take action. Last month, Rep. Henry Waxman (D-Calif.) and three other House Democrats sent a letter to FDA Commissioner Dr. Margaret Hamburg urging the agency to take action on regulating e-cigarettes. Those same representatives also sent a letter to the Chairman of the House Committee on Energy and Commerce, Subcommittee on Oversight and Investigations, and the Subcommittee on Health urging the subcommittees to hold a hearing on the increased use and health impact of e-cigarettes.
In the past, the FDA has stated that it would not feel compelled to regulate e-cigarette companies unless they overtly advertised their products as smoking cessation devices. We have previously looked at Federal Trade Commission regulation of e-cigarette advertising claims. The FTC has jurisdiction to regulate advertisements for any product, but has yet to flex enforcement muscle with regard to e-cigarettes. There are currently no federal rules about advertising e-cigs to young people, but the attorney general letter asked the FDA to “ensure that companies do not continue to sell or advertise to our nation’s youth.”
There has been very little regulation of the industry since its inception– partially because the extent of the FDA’s authority to regulate e-cigarettes is not clearly defined. In 2010, the U.S. Court of Appeals for the D.C. Circuit issued an opinion in Sottera, Inc. v. Food & Drug Administration, affirming the district court’s decision that the FDA could not regulate e-cigarettes as a medical device under the Food, Drug & Cosmetic Act and finding that the FDA’s authority is limited to traditional tobacco products. The FDA also has authority to regulate e-cigarettes under the Tobacco Control Act of 2008, but that authority is limited. Specifically, the Tobacco Control Act authorizes the FDA to regulate “tobacco products,” giving the agency authority to impose restrictions on their sale, advertising and promotions, and establish other standards for their distribution and production.
It remains to be seen what actions will be taken by the FDA in response, but it does seem as if some type of regulation may be on the horizon. The industry will need to adapt to these changes and be active in the rule making and comment process to make sure that the regulations proposed are fair. We will continue to monitor developments on e-cigarette regulations here.
Google recently announced that it would be taking action to demote websites that profit from the use of mugshot photos. These mugshot sites compile booking photographs taken after people’s arrests and publish them along with the arrestees’ names and information concerning the charges against them. Individuals who want their mugshot and arrest record deleted from the site usually must pay a fee ranging anywhere from $10 to $400. Until recently, when a Google user searched the Internet for the name of a recent arrestee, the search hits would include, and often prioritize, mugshot sites. Owners of those sites were content with that outcome; many others were not.
New York Times writer David Segal was one of the latter. In a recent article, Segal took Google to task for not penalizing mugshot sites, which many believe traffic in exploitation. Segal argued that Google should take corrective action because it had prioritized the sites in contravention of its own stated corporate goal that favors original web content. Mugshots do not offer original content; instead, they gather and use images and text from third-party sources.
Before his article ran, Segal contacted Google to discuss the issue. Google responded that it had been working to address the problem in a consistent way. Days later, a Google spokesperson confirmed that mugshot sites do not comply with one of the search giant’s guidelines. To address the problem, Google amended its algorithm, presumably to disfavor sites without original content.
Consequently, mugshot sites are now pushed off the front page of Google search results. People digging for dirt now have to look a little bit harder.
Others who object to mugshot sites have taken the fight to regulators and legislators. On October 7, the Maryland Consumer Protection Division settled its case against the owner of Joomsef.net for false and deceptive advertising. Joomsef’s owner, Stanislav Komsky, published information on the site about traffic offenses, but added statements falsely suggesting there had been an arrest. Persons identified on the site had to pay $40 to $90 to have the information removed. As part of the settlement, Komsky must take down the site, return all payments to consumers, and pay a penalty of $7,500.
Other states are addressing the problem through legislation. Segal points out that Oregon and Georgia have passed laws this year giving site owners 30 days to take down an image, free of charge, if an individual proves that he or she was exonerated or that the individual’s record has been expunged. Utah attacked the problem another way. There, sheriffs are prohibited from giving out headshots to websites that charge for deleting them. Lawmakers in other states, like Florida Representative Carl Zimmerman, have introduced legislation targeting the sites, but many of those bills died from lack of support.
These acts of government are constrained, as they should be, in view of free-speech guarantees under the First Amendment. By contrast, the private sector is not so limited and, therefore, may end up striking the decisive blow against mugshot sites. Things are heading in that direction. MasterCard, Discover, American Express, and PayPal recently pledged to sever all ties with mugshot sites, and Visa has asked merchant banks to investigate the practices of the sites.
A great way to make money is to develop a product or service that responds to a consumer want or demand, and then to stay ahead of prospective competitors by offering better pricing or quality. A not-so-great way to make money is to convince consumers to buy a product or service that they don’t really want or need, at inflated rates. A highly dubious way to make money is to trick consumers into paying for something they didn’t want and didn’t mean to buy.
Businesses operating in this third category, which may include a scareware marketer or two, have to consider risk versus reward. Is the reward of temporary profits worth the risk of legal action; what is the likelihood of legal action; and what is the potential cost of such action?
Someone who operates on tricks over treats, or by pure scareware tactics, may expect business to dry up as consumers learn to avoid their traps. Such an operator must also face the looming threat of consumer legal action, government intervention, or run-ins with credit card companies alarmed by high chargeback rates.
For these types of businesses in the mobile marketing space, the cost of potential government intervention is going up. A recent settlement between the Federal Trade Commission and Jesta Digital LLC points to the severe penalties a business may face for operating on the sidelines of fair play. The consequences include a hefty fine, consumer refunds, restricted billing practices and stringent compliance measures for years to come.
Jesta (which also does business as Jamster) is known mostly for its marketplace of ringtones, photos, videos and apps. Starting in 2011, it ran a scareware campaign, purportedly for anti-virus software, that the FTC asserts crossed the line into deceptive advertising. The ads ran on the free version of the Angry Birds app for Android. Using a graphic that looks like the Android robot logo, the banner ad displayed a warning that viruses had been detected on the device – even though no virus scan was conducted. According to the FTC, when the consumers clicked on the “remove [virus]” button, or similar “warning” buttons, Jesta directed them through a number of pages about virus protection that left to very fine print a monthly service fee for ringtones and other content.
The FTC alleges that consumers were even charged at the instant of pressing a “Protect Your Android Today” button. Through the use of Wireless Access Protocol (WAP) billing, the company was able to charge consumers through their cell phone numbers without needing to obtain express authorization. (It may be that the use of the billing practice actually spurred the FTC into action as wireless carriers initiated their own penalties against Jesta for the large number of consumers demanding refunds.) The FTC also alleges that the anti-virus software often failed at download (apparently at one point, only 372 people out of 100,000 subscribers actually received some sort of anti-virus app download link).
The FTC describes numerous deceptive practices: mimicking the Android logo to confuse consumers into believing the virus warnings were credible, charging consumers without their knowledge or consent, failing to provide services charged for. The company apparently was aware that its scareware tactics crossed the line, as an email correspondence among company executives noted that the chief marketing officer was “anxious to move our business out of being a scam and more into a valued service.”
So now the company must pay the FTC a $1.2 million penalty and offer to refund consumers. The process of identifying and notifying consumers of their refund options and tracking all this to show to the FTC will be a costly undertaking. Another major cost will be the stringent and detailed billing practices that the company – and all participants, including principals and agents – must adhere to, disclosures it must make, and compliance monitoring and recordkeeping requirements it must adhere to, for 20 years. The settlement agreement is far more than a hand slap; its terms keep Jesta (and its principals!) beholden to the FTC for the foreseeable future.
Mobile marketers who may calculate risk versus reward and decide that a get-rich-quick scheme is worth the risk should think again. The FTC is making deceptive marketing tactics, like many scareware campaigns, a priority. We have seen strong action from the agency in the recent past, including hefty penalties for the company Innovative Marketing and its principal Marc D’Souza. Moreover, the newly-appointed head of consumer protection at the FTC, Jessica Rich, has noted that the FTC is expanding digital enforcement, increasing the risk of getting caught in the agency’s cross-hairs.
On October 3, 2013, the Consumer Financial Protection Bureau announced it had filed a complaint in federal district court in Washington state against a leading debt-settlement payment processor, Meracord LLC, and its CEO. The CFPB contends that Meracord helped third parties collect millions of dollars in illegal upfront fees from consumers.
The complaint alleged violations of the Federal Trade Commission’s Telemarketing Sales Rule (TSR) and the Consumer Financial Protection Act of 2010. The CFPB contended that Meracord maintained accounts and processed payments for consumers who had contracted with providers of debt-relief servicers and mortgage assistance relief services. As is often the case, when consumers enroll in a debt-relief program, they also enter into a separate agreement with a payment processor, which establishes and maintains a “dedicated account” for the consumer. At the time of enrollment, the debt-relief service provider instructs the consumer to stop paying his or her unsecured debts and, instead, to make monthly payments to the payment processor. The processor can later pay renegotiated debts to the creditor and also pay the debt-relief servicers’ fees.
The CFPB alleged that, since October 27, 2010, Meracord processed payments for more than 250,000 consumers receiving debt-relief services from more than 250 debt-relief service servicers. According to the agency, consumers paid debt-relief service providers before any debts were settled. The Telemarketing Sales Rule has special requirements for debt reduction services. In particular, providers are not allowed to request or take fees for services before providing debt-relief services resulting in actual renegotiation or other settlement of a consumer’s debt and a payment by the consumer to a creditor. The FTC asserted that Meracord processed payments for debt reduction services which routinely charged advanced fees to consumers in violation of the TSR.
The TSR also makes it unlawful for third parties to assist others in violating the TSR. The CFPB used this section of the TSR against Meracord. Since Meracord collected the payments from consumers and would know whether or not they had been disbursed to creditors, and when they had been disbursed to the debt-relief servicers, Meracord would have knowledge that the debt-relief servicers were violating the TSR by collecting fees prior to delivering debt-relief services that resulted in payments to creditors.
Meracord and its CEO have agreed to settle the case. In the Stipulated Final Judgment and Order, Meracord and its CEO, Linda Remsberg, agree that they will permanently enjoined from providing account-maintenance or payment-processing services to any provider of a debt-relief service or a mortgage assistance relief service. The proposed settlement (which must be approved in court) also provides for a civil money penalty of $1.37 million and compliance reporting and monitoring, as well as ongoing recordkeeping requirements.
The CFPB’s action signals that it will use its authority to reach organizations that it believes provide substantial assistance to others allegedly violating consumer protection laws within its jurisdiction. CFPB Director Richard Cordray said, “By taking a stand against those who facilitate illegal activity, we can root out harmful behavior across the debt-settlement industry and better protect consumers.” Thus, it is not only those companies dealing directly with consumers who need to be cognizant of the CFPB’s reach. In particular, organizations within the “chain” of industries such as debt-settlement and credit repair, should review their compliance with laws and rules the CFPB may enforce (usually shared with other agencies such as the FTC), and which include the Fair Debt Collections Practices Act, the Fair Credit Reporting Act, the Telemarketing Sales Rule, the Business Opportunities Rule, and other consumer financial-related statutes.
It’s quite clear that the Federal Trade Commission and the Federal Communications Commission view existing federal consumer protection and communications statutes as fully applicable to new modes of communication such as texting. One excellent recent example is the FTC’s stipulated settlement, including a payment of $1 million, with a debt collection agency that had sent out text messages in order to collect debts.
The FTC had filed suit under the Fair Debt Collection Practices Act (FDCPA) against National Attorney Collection Services, Inc., National Attorney Services LLC, and Archie Donovan (as an individual). This appears to be the first FTC complaint alleging the illegal use of text messaging to collect consumer debts. In addition, the defendants were also alleged to have violated the FDCPA in more traditional ways by publicly revealing consumer debts to family members and co-workers, sending mailings that had a picture on the envelope of an outstretched arm shaking out an upside-down consumer to empty the money in their pockets, and falsely portraying themselves as law firms or attorneys in phone calls and mailings, as well as in text messages. Of course, the “older” methods of violations were troublesome in and of themselves, but there were two specific points that we see as trend-setting in FTC enforcement.
The first point is the FTC’s emphasis that the medium of text messages does not change disclosure obligations under the FDCPA. The FTC has continued to crack down on illegal behavior that may be carried out by non-traditional means. As Jessica Rich, director of the FTC’s Bureau of Consumer Protection, has said, “No matter how debt collectors communicate with consumers — by mail, by phone, by text or some other way — they have to follow the law.”
The consumer protections in the FDCPA that require the disclosure in initial communications that the company is a debt collector and that any communications may be used to collect a debt apply equally to text messages, even though there may be significant space and size limitations. Likewise, any follow-up text message must state that the communication comes from a debt collector.
The second noteworthy point was the level of consent required by the stipulated order. The stipulated order provides that “express consent” shall mean that prior to sending a text message to a consumer’s mobile telephone: “(i) the Defendants . . . shall have clearly and prominently disclosed that the debtor may receive collection text messages on mobile phone numbers . . . in connection with the transaction that is the subject of the text message; and (ii) the individual has taken an additional affirmative step, including a signature or electronic signature, that indicates their agreement to receive such contacts.”
The FTC appears to have adopted a more stringent definition of consent (similar to the FCC) and is using the stipulated order as a means of notifying companies and consumers of the higher standard. Of course, it is possible to argue that the FTC is only requiring these particular defendants to meet the higher standard because of their alleged prior bad acts. However, we believe it more likely that the FTC is attempting to enforce a standard of express consent similar to that which the FCC has recently promulgated. Consequently, all companies are well advised to meet this higher standard of consent.
The FTC has now put the industry on alert to ensure that their text messages comply with any applicable law. The idiosyncrasies of modern methods of communication do not limit the compliance obligation. Ignorance is not a defense, even though Donovan’s attorney said that “the companies are now in compliance,” and that “nobody was intending to violate the law.”
A company that markets video cameras that are designed to allow consumers to monitor their homes remotely has agreed to settle charges with the FTC that it failed to properly protect consumers’ privacy. This marks the FTC’s first enforcement action against a marketer of a product with connectivity to the Internet and other mobile devices, commonly referred to as the “Internet of Things.”
The FTC’s complaint alleges that TRENDNet marketed its cameras for uses ranging from baby monitoring to home security and that TRENDNet told customers that its products were “secure.” In fact, however, the devices were compromised by a hacker who posted links on the Internet to live feeds of over 700 cameras. Additionally, TRENDNet stored and transmitted user credentials in clear unencrypted text.
Under the terms of its settlement with the FTC, TRENDnet is prohibited from misrepresenting the security of its cameras or the security, privacy, confidentiality, or integrity of the information that its cameras or devices transmit. The company must also establish a comprehensive security program and notify customers about security issues with the cameras and must provide a software update to customers to address security issues.
“The Internet of Things holds great promise for innovative consumer products and services,” FTC Chairwoman Edith Ramirez said. “But consumer privacy and security must remain a priority as companies develop more devices that connect to the Internet.”
The FTC’s authority to regulate and penalize companies that the agency claims do not protect consumers with sufficient data security is being challenged in federal court in New Jersey by The Wyndham Hotel Group. Wyndham has argued, among other things, that the FTC has not published any formal rules on data security and therefore cannot penalize companies that it deems have not protected consumer information. That case is pending.
This is the first time the FTC has brought an enforcement action involving the “Internet of Things,” but the FTC has already signaled it will be carefully watching how the Internet of Things develops. In particular, the FTC will be hosting a workshop in November to explore these new technologies. The agency previously sought comment from interested stakeholders on the Internet of Things – including the privacy and data security implications of interconnected devices. We expect that the FTC will continue to explore these issues, with a particular emphasis on how these devices collect and share information, particularly sensitive and personal information, such as health information.
The U.S. Court of Appeals for the Fourth Circuit recently ruled that the Telephone Consumer Protection Act (TCPA) does not violate the First Amendment by requiring robocallers to identify themselves when making calls.
Three months before the Maryland gubernatorial election in 2010, political consultant Julius Henson and his company Universal Elections, Inc., were hired to assist with efforts for the Republican candidate. On Election Day, Universal Elections made 112,000 robocalls to voters that did not identify the campaign as the source of the message, nor did the calls include the campaign’s phone number. The State of Maryland filed a civil suit against Henson and Universal Elections for violating the TCPA. The state alleged that the defendants violated the TCPA by failing to identify the campaign as the sponsor of the message as required under the statute.
The TCPA and its implementing regulations require that automated and prerecorded messages state clearly at the beginning of the message the identity of the business, individual, or other entity that is responsible for initiating the call. If a business or other corporate entity is responsible, the prerecorded voice message must contain that entity’s official business name. In addition, the telephone number of the business must be provided either during or after the prerecorded voice message. This disclosure applies regardless of the content of the message.
Political calls are exempt from some of the TCPA’s requirements, but other requirements do apply — including the disclosure requirement at issue here and the restrictions on autodialed or prerecorded calls or texts to wireless phones, which require prior express consent. Last year the Federal Communications Commission issued an enforcement advisory regarding political robocalls to cellphones and cited two marketing companies for making millions of illegal robocalls.
In its supplemental motion to dismiss, the defendants asserted a First Amendment defense, arguing that the TCPA is a content-based burden on political speech that cannot withstand a high strict-scrutiny standard of review. The United States intervened to defend the constitutionality of the TCPA. The district court ruled in favor of Maryland, holding that the TCPA withstands First Amendment challenges, and granted a $1 million judgment in favor of the state.
The Fourth Circuit affirmed the district court. The appeals court had previously issued the opinion in July, but as an unpublished opinion. The court issued an order amending its previous opinion to change it to a published opinion after a request from the government that it be published.
The Fourth Circuit held that the TCPA provisions requiring all automated and prerecorded telephone messages to disclose the source of the message are content-neutral and thus subject to an intermediate scrutiny level of review. Content-neutral laws that regulate speech are valid if they further a substantial governmental interest. The Fourth Circuit noted that at least three important governmental interests are advanced by the TCPA’s identity disclosure provision, including protecting residential privacy, promoting disclosure to avoid misleading recipients of recorded calls, and promoting effective law enforcement. Since the TCPA advances important governmental interests and the appellants did not raise an argument to the contrary, the Fourth Circuit affirmed that the TCPA’s identity disclosure provisions are constitutional.
TCPA litigation continues to increase, and potential liability can be significant. All businesses should review their TCPA compliance policies carefully to ensure that their procedures and scripts comply with all requirements. In addition to the identification requirements that have been in effect for many years, companies should make sure that they are prepared for the upcoming TCPA rule changes. These changes will require a called party’s prior express written consent for autodialed or prerecorded calls to wireless phone numbers and for prerecorded telemarketing calls to residential lines, among other requirements.
The Federal Trade Commission recently filed another complaint against a company for alleged data security lapses. As readers of this blog know, the FTC has initiated numerous lawsuits against companies in various industries for data security and privacy violations, although it is facing a backlash from Wyndham and large industry organizations for allegedly lacking the appropriate authority to set data security standards in this way.
The FTC’s latest target is LabMD, an Atlanta-based cancer detection laboratory that performs tests on samples obtained from physicians around the country. According to an FTC press release, the FTC’s complaint (which is being withheld while the FTC and LabMD resolve confidentiality issues) alleges that LabMD failed to reasonably protect the security of the personal data (including medical information) of approximately 10,000 consumers, in two separate incidents.
Specifically, according to the FTC, LabMD billing information for over 9,000 consumers was found on a peer-to-peer (P2P) file-sharing network. The information included a spreadsheet containing insurance billing information with Social Security numbers, dates of birth, health insurance provider information, and standardized medical treatment codes.
In the second incident, the Sacramento, California Police Department found LabMD documents in the possession of identity thieves. The documents included names, Social Security numbers, and some bank account information. The FTC states that some of these Social Security numbers were being used by multiple individuals, indicating likely identity theft.
The FTC’s complaint alleges that LabMD did not implement or maintain a comprehensive data security program to protect individuals’ information, that it did not adequately train employees on basic security practices, and that it did not use readily available measures to prevent and detect unauthorized access to personal information, among other alleged failures.
The complaint includes a proposed order against LabMD that would require the company to implement a comprehensive information security program. The program would also require an evaluation every two years for 20 years by an independent certified security professional. LabMD would further be required to provide notice to any consumers whose information it has reason to believe was or could have been accessible to unauthorized persons and to consumers’ health insurance companies.
LabMD has issued a statement challenging the FTC’s authority to regulate data security, and stated that it was the victim of Internet “trolls” who presumably stole the information. This latest complaint is yet another sign that the FTC continues to monitor companies’ data security practices, particularly respecting health, financial, and children’s information. Interestingly, the LabMD data breaches were not huge – with only 10,000 consumers affected. But, the breach of, and potential unauthorized access to, sensitive health information and Social Security numbers tend to raise the FTC’s attention.
While industry awaits the district court’s decision on Wyndham’s motion to dismiss based on the FTC’s alleged lack of authority to set data security standards, companies should review and document their data security practices, particularly when it comes to sensitive personal information. Of course, in addition to the FTC, some states, such as Massachusetts, have their own data security standards, and most states require reporting of data breaches affecting personal information.
Since 2003, online marketers and merchants have been gathering twice a year to take part in the Affiliate Summit Conferences. In recent years, Ifrah Law has become a fixture at these shows, and our associate Rachel Hirsch is not only widely recognized as the face of the Ifrah Law Power Booth station, but also as a well-respected and preferred attorney counseling online advertisers on compliance-related matters and representing them in nationwide litigation.
After Rachel recently returned from this year’s Affiliate Summit East conference in Philadelphia, we interviewed her about new and emerging trends at this conference and in the industry.
Q. What struck you about the crowd at the conference this year?
A. In addition to the new venue, there were plenty of new faces at the conference this year. Surprisingly, however, despite the conference’s name, there weren’t as many affiliates there as there have been in the past. Traditionally, affiliates, sometimes known as “publishers,” are independent third-parties who generate or “publish” leads either directly for an advertiser or through an affiliate network. This year, with a reported crowd of about 4,000 people, the conference included more individuals representing networks, brokers, and online merchants than affiliates. (Official conference statistics bear this out. Only 29 percent of attendees were affiliates.)
Q. What about vendors?
A. According to the organizers, one out of every 10 people there was a vendor. The term “vendor,” however, is something of a misnomer. A vendor can be another term for an online merchant – someone who is actually selling a product on the market – or it can be a generic category for marketers who do not fit into the traditional categories of affiliates, merchants, or networks.
Q. What new industry trends did you notice?
At every conference, one or two markets always seem to have a dominant presence. At the Las Vegas conference in January, there was a large turnout of marketers in the online dating space. This year, two different markets emerged– diet/health and downloads.
Some of the exhibitors this year were manufacturers of neutraceuticals, which can include weight-loss products or testosterone-boosting products. The trend seems to be for online marketers to “white label” or “private label” neutraceuticals from bigger manufacturers. What this means is that online marketers or advertisers actually attach their brand names to a product and product label that they purchase from a manufacturer, either based on their own formulations or based on the manufacturer’s product specifications. Well-known products that would fall into this category include Raspberry Ketone, Green Coffee Bean, and Garcinia Cambogia.
There were also a lot of individuals and companies there in the so-called “download” space. This often means the use of browser plug-ins that the consumer can download himself or herself. These can install targeted advertising (often pop-ups or pop-under ads) on an existing web page.
Q. Are there any risks involved in private labeling?
A. Definitely. If your name is on the label, it doesn’t matter that you didn’t manufacture the product. Your company and your label are subject to FTC scrutiny to the extent that you make claims about the product that you cannot substantiate. And beyond that, the Food and Drug Administration will also flex its enforcement power to the extent you or your manufacturer fail to institute good manufacturing practices, or “GMPs.” While many companies claim that they are GMP-certified, many do not have practices and processes in place to account for defective product batches, serious adverse events resulting from product use, or product recalls.
Q. What are some other hot areas of enforcement by the federal government?
A. Well, how you market your product may be as closely scrutinized as the underlying message. Online marketers who make outbound calls to consumers, or who engage third-party vendors (such as call centers) to make these calls can run afoul of the Telephone Consumer Protection Act. Under the TCPA, anyone who calls customers without their express advance consent, or who hires anyone else to do so, can be hit with a $500 fine for each violation. That adds up, and the TCPA can be enforced by the Federal Communications Commission or by private plaintiffs. Upcoming changes in the TCPA, which will be effective in October 2013, make it even harder to stay on the right side of the law.
Q. How would you put it all together as far as the legal issues?
A. It’s not just the FTC any more. These days, online marketers need to be aware of other agencies with broad enforcement powers, such as the CFPB, the FDA, and the FCC. And don’t forget about the threat of private consumer litigation.
On August 22, 2013, the U.S. Court of Appeals for the Third Circuit ruled unanimously that under the Telephone Consumer Protection Act (TCPA), consumers may withdraw their consent to have robo-callers call them. The full text of the opinion is available here.
The appeals court ruled in favor of Ashley Gager, who was contacted by Dell Financial Services after she revoked her prior express consent to be contacted. In 2007, Gager applied for a line of credit from Dell, which she received and upon which she later defaulted. Gager’s application for a credit line required that she provide her home phone number. In that place in the application she listed her cell phone number. After she defaulted on her credit line, Dell began calling Gager from an automated telephone dialing system. In 2010, Gager sent Dell a letter listing her phone number, which she did not indicate was a cell number, asking Dell not to call her anymore. Gager alleged that after receiving her letter, Dell called her cell phone using an automated dialing system approximately 40 times over a three week period. The TCPA, among other things, bars companies from using an automatic telephone dialing system or a prerecorded voice to call mobile phones, absent prior express consent or an emergency.
The district court granted Dell’s motion to dismiss the complaint for failure to state a claim, holding that Gager could not revoke her prior express consent to receive calls. The district court held that because Dell did not qualify as a “debt collector,” the revocation rules under the Fair Debt Collection Practices Act (FDCPA) did not apply. Thus, the court reasoned that since the revocation rules were inapplicable and the TCPA is silent on revocation of consent, such a right did not exist. The court also noted that the Federal Communications Commission, which has the power to implement rules and regulations under the TCPA, had not issued any advisory opinions at the time that specifically addressed the right to revoke consent.
The Third Circuit reversed the district court’s ruling and found that consumers do have a right to revoke consent. The court rejected Dell’s argument that because the TCPA is silent as to whether a consumer may revoke consent to be contacted via an autodialing system, such a right to revoke did not exist. The Third Circuit’s opinion emphasized that the TCPA is a remedial statute that was passed to protect consumers from unwanted calls and should be construed to benefit consumers. Preventing consumers from revoking their consent to receive calls would not be consistent with the purpose of the statute.
The Third Circuit also noted that the FCC issued a declaratory ruling In the Matter of Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, SoundBite Communications Inc., after the district court dismissed Gager’s claim, which primarily addresses other issues under the TCPA, but also touched on the issue of the right of consumers to revoke express consent. The SoundBite decision notes that neither the text of the TCPA, nor the legislative history, directly addresses how prior express consent can be revoked, but also notes that “consumer consent to receive . . . messages is not unlimited.” The Third Circuit relied on the SoundBite decision in finding that a consumer may revoke informed consent after it has been given and that there is no temporal limitation on the revocation period.
Dell will still be able to call Gager regarding her delinquent account, but the TCPA prohibits Dell from using an automated dialing system to do so, since the TCPA prohibits autodialed or prerecorded calls to mobile phones without express written consent (or in an emergency). Presumably, Dell can still contact Gager via live calls or through technology that does not amount to an automatic telephone dialing system.
In light of this decision in the Third Circuit, businesses should review their TCPA policies to ensure that they are complying with all rules and regulations. Additionally, on October 16, two additional changes to the TCPA rules will go into effect that impose stricter requirements on claiming exceptions to TCPA liability and all TCPA policies should be reviewed to account for these changes. Businesses should also specifically review their TCPA policies to endure that there is a procedure in place for consumers to opt out of receiving calls and text messages, even if they have previously provided consent. Taking and respecting opt-out requests is an important compliance practice that, if not followed, can lead to significant litigation — and potential damages and penalties.