Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
On January 24, the FCC’s Enforcement Bureau announced it had ordered telecommunications companies to effectively mitigate robocall traffic originating from a Florida-based real estate brokerage firm selling mortgage scams. The FCC also sent a cease-and-desist letter to a voice service provider carrying the allegedly illegal robocall traffic. According to the FCC, several state attorneys general filed lawsuits late last year against the firm for allegedly using “misleading robocalls to ‘swindle’ and ‘scam’ residents into mortgaging their homes in exchange for small cash payments.” (See state AG press releases here, here, and here.) Additionally, last month, Senate Banking Committee Chairman Sherrod Brown (D-OH), along with Senators Tina Smith (D-MN) and Ron Wyden (D-OR) sent a letter to the FTC and the CFPB requesting a review of the firm’s use of exclusive 40-year listing agreements marketed as a “loan alternative.” (Covered by InfoBytes here.) In shutting down the robocalls, FCC Chairwoman Jessica Rosenworcel stressed that sending junk calls to financially-stressed homeowners in order to offer “deceptive products and services is unconscionable.” Enforcement Bureau Chief Loyaan A. Egal added that the voice service provider should have been applying “Know Your Customer” principles before allowing the traffic on its networks.
On January 23, the FCC announced that July 20 is the compliance date for amended telephone consumer protection act rules on prerecorded calls. As previously covered by InfoBytes, President Trump signed S. 151, the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act), which granted the FCC authority to promulgate rules to combat illegal robocalls and requires voice service providers to develop call authentication technologies. On December 30, 2020, the Commission released the TCPA Exemptions Order to implement section 8 of the TRACED Act. In that rulemaking, the Commission amended the TCPA rules related to exemptions for non-commercial calls to residential numbers and commercial calls to residential numbers that do not include an advertisement or constitute telemarketing, among other things. Specifically, the Commission adopted numerical limits on exempted artificial or prerecorded voice calls to residential lines and also required callers making such exempt calls to allow consumers to opt out of any future calls that they do not wish to receive. The Commission explained in the TCPA Exemptions Order that it would publish in the Federal Register a compliance date for the amended rules, which would be six months after publication.
In December, FCC Chair Jessica Rosenworcel sent a letter to twelve senators in response to their June 2022 letter inquiring about combating robocalls. In the letter, Rosenworcel highlighted the FCC’s efforts to combat robocalls by discussing the agency’s “important” proposed rules, adopted in May, to ensure gateway providers that channel international call traffic comply with STIR/SHAKEN caller ID authentication protocols and validate the identity of the providers whose traffic they are routing to help weed out robocalls (covered by InfoBytes here). She also highlighted the FCC’s enforcement efforts, such as a December action where the FCC announced a nearly $300 million fine against an auto warranty scam robocall campaign for TCPA and Truth in Caller ID Act violations—“largest robocall operation the FCC has ever investigated” (covered by InfoBytes here).
Rosenworcel requested additional authority from Congress to combat robocalls and robotexts more effectively. Specifically, Rosenworcel asked the senators to “fix the definition of autodialer” – since robotexts are neither prerecorded nor artificial voice calls, the TCPA only provides consumers protection from robotexts if they are sent from autodialers. She further noted that the Supreme Court's decision in Facebook v. Duguid (covered by a Buckley Special Alert) narrowed the definition of autodialer under the TCPA, resulting in the law only covering equipment that generates numbers randomly and sequentially. She wrote that as a result, “equipment that simply uses lists to generate robotexts means that fewer robotexts may be subject to TCPA protections, and as a result, this decision may be responsible for the rise in robotexts.” Among other things, she also requested that Congress update the TCPA to permit for administrative subpoenas for all types of non-content customer records, and for Congress to grant the FCC the authority and resources to increase court enforcement of fines.
On January 6, the FCC announced a notice of proposed rulemaking (NPRM) to launch a formal proceeding for strengthening the Commission’s rules for notifying customers and federal law enforcement of breaches of customer proprietary network information (CPNI). FCC Chairwoman Jessica Rosenworcel noted that “given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements.” She commented that the “new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.” The NPRM, which seeks to improve alignment with recent developments in federal and state data breach laws covering other sectors, would require telecommunications providers to notify impacted customers of CPNI breaches without unreasonable delay, thus eliminating the current seven business day mandatory waiting period for notifying customers of a breach.
Among other things, the FCC requests feedback on whether to establish a specific timeframe (e.g. a requirement to report breaches of customers’ data within 24 or 72 hours of discovery of a breach) or whether a disclosure deadline should vary based on a graduated scale of severity. The FCC also seeks comments on whether a carrier should “be held to have ‘reasonably determined’ a breach has occurred when it has information indicating that it is more likely than not that there was a breach,” and whether the Commission should publish guidance on what constitutes a reasonable determination or adopt a more definite standard. Feedback is also solicited on topics such as threshold triggers, what should be included in a security breach notification, the delivery method of these notifications, and whether to expand the definition of a data breach to also include inadvertent disclosures. Comments are due 30 days after publication in the Federal Register.
On December 21, the FCC announced a nearly $300 million fine against an auto warranty scam robocall campaign for TCPA and Truth in Caller ID Act violations, “which is the largest robocall operation the FCC has ever investigated.” According to the announcement, the two individuals in charge of the operation ran a complex robocall sales lead generation scheme, which was designed to sell vehicle service contracts that were deceptively marketed as car warranties. This “scheme made more than 5 billion robocalls to more than half a billion phone numbers during a three-month span in 2021, using pre-recorded voice calls to press consumers to speak to a ‘warranty specialist’ about extending or reinstating their car’s warranty.” As previously covered by InfoBytes, in July, the FCC took initial action by ordering “phone companies to stop carrying traffic regarding a known robocall scam marketing auto warranties.” The FCC noted that the operation is also the target of an ongoing investigation by the FCC’s Enforcement Bureau and a lawsuit by the Ohio attorney general. The Ohio AG filed a complaint against multiple companies for participating in an alleged unwanted car warranty call operation (covered by InfoBytes here). The complaint, filed in the U.S. District Court for the Southern District of Ohio, alleged that the 22 named defendants “participated in an unlawful robocall operation that bombarded American consumers with billions of robocalls.” In addition to the fine, among other things, the individuals who allegedly ran the operations are prohibited from making telemarketing calls pursuant to FCC actions.
On December 21, the FCC issued an order on reconsideration and declaratory ruling under the TCPA, affirming a three-call limit and opt-out requirements for exempted residential calls. According to the FCC, the ruling is in response to requests from industry trade groups related to a 2020 order implementing portions of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act). The ruling upheld the three-call-limit for exempt calls made using automated telephone dialing systems to residential lines but revised the 2020 order’s requirement for “prior express written consent” to allow callers to obtain consent orally or in writing if they wish to make more calls than allowed. The FCC also granted a request to confirm that “prior express consent” for calls made by utility companies to wireless phones applies equally to residential landlines. The FCC noted that “limiting the number of calls that can be made to a particular residential line to three artificial or prerecorded voice calls within any consecutive thirty-day period strikes the appropriate balance between these callers reaching consumers with valuable information and reducing the number of unexpected and unwanted calls consumers currently receive.”
On December 8, the FCC’s Enforcement Bureau ordered voice service providers to cease carrying robocalls related to known student loan scams and specifically designated a service believed to account for more than 40 percent of student loan robocalls in October. The FCC’s order provides written notice to all voice service providers regarding suspected illegal robocalls that have been made in violation of the TCPA, the Truth In Caller ID Act of 2009, or the TRACED Act. Specifically, the order “directs all U.S.-based voice service providers to take immediate steps to mitigate suspected illegal student loan-related robocall traffic.” The order further noted that if a provider fails to “take all necessary steps” to avoid carrying suspected illegal robocall traffic, the provider may be “deemed to have knowingly and willfully engaged in transmitting unlawful robocalls.” According to FCC Chairwoman Jessica Rosenworcel, the Commission is “cutting these scammers off so they can't use efforts to provide student loan debt relief as cover for fraud.”
On November 21, the FCC issued a declaratory ruling that entities using ringless voicemail products must first obtain a consumer's consent prior to using the product to leave voicemails. According to the FCC, it receives “dozens of consumer complaints annually related to ringless voicemail.” The unanimous ruling establishes that ringless voicemails are “calls” that require consumers’ prior express consent, and further clarifies that a ringless voicemail is a form of a robocall, and therefore subject to the TCPA robocall prohibition, which prohibits making any non-emergency call with an automatic telephone dialing system or an artificial or prerecorded voice to a wireless telephone number without the prior express consent of the called party.
The FCC’s declaratory ruling denied a 2017 petition filed by a company that distributes technology that permits voicemail messages to be delivered directly to consumers’ voicemail services. The petitioner argued that ringless messages, and the process by which the ringless voicemail is deposited on a carrier’s platform, is neither a call made to a mobile telephone number nor a call for which a consumer is charged and, therefore, is a service that is not regulated. The FCC rejected the petitioner’s argument that ringless voicemail is not a TCPA call because it does not pass through a consumer’s phone line and that the TCPA protects only calls made directly to a wireless handset, and does not result in a charge to the consumer for the delivery of the voicemail message. The ruling noted that “consumers cannot block these messages and consumers experience an intrusion on their time and their privacy by being forced to spend time reviewing unwanted messages in order to delete them.” The ruling also noted that a “consumer’s phone may signal that there is a voicemail message and may ring once before the message is delivered, which is another means of intrusion. Consumers must also contend with their voicemail box filling with unwanted messages, which may prevent other callers from leaving important wanted messages.” According to a statement by FCC Chairwoman Jessica Rosenworcel, the rule makes it “crystal clear" that ringless voicemails are subject to the TCPA and that the Commission's rules "prohibit callers from sending this kind of junk without consumers first giving their permission to be contacted this way.”
On October 20, the U.S. Court of Appeals for the Ninth Circuit ordered a district court to reassess the constitutionality of a statutory damages award in a TCPA class action. Class members alleged the defendant (a multi-level marketing company) made more than 1.8 million unsolicited automated telemarketing calls featuring artificial or prerecorded voices without receiving prior express consent. The district court certified a class of consumers who received such a call made by or on behalf of the defendant, and agreed with the jury’s verdict that the defendant was responsible for the prerecorded calls at the statutorily mandated damages of $500 per call, resulting in total damages of more than $925 million. Two months later, the FCC granted the defendant a retroactive waiver of the heightened written consent and disclosure requirements, and the defendant filed post-trial motions with the district court seeking to “decertify the class, grant judgment as a matter of law, or grant a new trial on the ground that the FCC’s waiver necessarily meant [defendant] had consent for the calls made.” In the alternative, the defendant challenged the damages award as being “unconstitutionally excessive” under the Due Process Clause of the Fifth Amendment.
On appeal, the 9th Circuit affirmed most of the district court’s ruling, including upholding its decision to certify the class. Among other things, the appellate court determined that the district court correctly held that the defendant waived its express consent defense based on the retroactive FCC waiver because “no intervening change in law excused this waiver of an affirmative defense.” The appellate court found that the defendant “made no effort to assert the defense, develop a record on consent, or seek a stay pending the FCC’s decision,” even though it knew the FCC was likely to grant its petition for a waiver. While the 9th Circuit did not take issue with the $500 congressionally-mandated per call damages figure, and did not disagree with the total number of calls, it stressed that the “due process test applies to aggregated statutory damages awards even where the prescribed per-violation award is constitutionally sound.” Recognizing that Congress “set a floor of statutory damages at $500 for each violation of the TCPA but no ceiling for cumulative damages, in a class action or otherwise,” the appellate court explained that such damages “are subject to constitutional limitation in extreme situations,” and “in the mass communications class action context, vast cumulative damages can be easily incurred, because modern technology permits hundreds of thousands of automated calls and triggers minimum statutory damages with the push of a button.” Accordingly, the 9th Circuit ordered the district court to reassess the damages in light of these concerns.
On October 12, a split U.S. Court of Appeals for the Ninth Circuit reversed a district court’s dismissal of a TCPA complaint, disagreeing with the argument that the statute does not cover unwanted text messages sent to businesses. Plaintiffs (who are home improvement contractors) alleged that the defendants used an autodialer to send text messages to sell client leads to plaintiffs' cell phones, including numbers registered on the national do-not-call (DNC) registry. The plaintiffs contented they never provided their numbers to the defendants, nor did they consent to receiving text messages. The defendants countered that the plaintiffs lacked Article III and statutory standing because the TCPA only protects individuals from unwanted calls. The district court agreed, ruling that the plaintiffs lacked statutory standing and dismissed the complaint with prejudice.
On appeal, the majority disagreed, stating that the plaintiffs did not expressly consent to receiving texts messages from the defendants and that their alleged injuries are particularized. In determining that the plaintiffs had statutory standing under sections 227(b) and (c) of the TCPA, the majority rejected the defendants’ argument that the TCPA only protects individuals from unwanted calls. While the defendants claimed that by operating as home improvement contractors the plaintiffs fall outside of the TCPA’s reach, the majority determined that all of the plaintiffs had standing to sue under § 227(b), “[b]ecause the statutory text includes not only ‘person[s]’ but also ‘entit[ies].’” With respect to the § 227(c) claims, which only apply to “residential” telephone subscribers, the appellate court reviewed whether a cell phone that is used for both business and personal reasons can qualify as a “residential” phone. Relying on the FCC’s view that “a subscriber’s use of a residential phone (including a presumptively residential cell phone) in connection with a homebased business does not necessarily take an otherwise residential subscriber outside the protection of § 227(c),” and “in the absence of FCC guidance on this precise point,” the majority concluded that a mixed-use phone is “presumptively ‘residential’ within the meaning of § 227(c).”
Writing in a partial dissent, one judge warned that the majority’s opinion “usurps the role of the FCC and creates its own regulatory framework for determining when a cell phone is actually a ‘residential telephone,’ instead of deferring to the FCC’s narrower and more careful test.” The judge added that rather than “deferring to the 2003 TCPA Order which extended the protections of the national DNC registry to wireless telephones only to the extent they were similar to residential telephones, a reasonable interpretation of the TCPA, the majority has leaped over the FCC’s limitations to provide its own, much laxer, regulatory framework and procedures that broadly allow anybody who owns a cell phone to sue telemarketers under the TCPA.”