InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
FCC regulations target scam robotexts
On March 16, the FCC adopted its first regulations specifically targeting scam text messages sent to consumers. Recognizing that robotexts are generally covered under the TCPA’s limits against unwanted calls to mobile phones, the FCC stated that the new regulations will require mobile service providers to block certain robotexts that appear to be coming from phone numbers that are unlikely to transmit text messages, including invalid, unallocated, or unused numbers, as well as “numbers that the subscriber to the number has self-identified as never sending text messages, and numbers that government agencies and other well-known entities identify as not used for texting.” Mobile service providers will also be required “to establish a point of contact for text senders, or have providers require their aggregator partners or blocking contractors to establish such a point of contact, which senders can use to inquire about blocked texts.”
The FCC’s report and order also include a further notice of proposed rulemaking, which seeks to implement additional protections to further prevent illegal text messages. The proposal would “require terminating providers to block texts from a sender after they are on notice from the Commission that the sender is sending illegal texts, to extend the National Do-Not-Call Registry’s protections to text messages, and to ban the practice of marketers purporting to have written consent for numerous parties to contact a consumer, based on one consent.”
Comments are due 30 days after publication in the Federal Register.
FCC warns telecoms to stop carrying “mortgage scam” robocalls
On January 24, the FCC’s Enforcement Bureau announced it had ordered telecommunications companies to effectively mitigate robocall traffic originating from a Florida-based real estate brokerage firm selling mortgage scams. The FCC also sent a cease-and-desist letter to a voice service provider carrying the allegedly illegal robocall traffic. According to the FCC, several state attorneys general filed lawsuits late last year against the firm for allegedly using “misleading robocalls to ‘swindle’ and ‘scam’ residents into mortgaging their homes in exchange for small cash payments.” (See state AG press releases here, here, and here.) Additionally, last month, Senate Banking Committee Chairman Sherrod Brown (D-OH), along with Senators Tina Smith (D-MN) and Ron Wyden (D-OR) sent a letter to the FTC and the CFPB requesting a review of the firm’s use of exclusive 40-year listing agreements marketed as a “loan alternative.” (Covered by InfoBytes here.) In shutting down the robocalls, FCC Chairwoman Jessica Rosenworcel stressed that sending junk calls to financially-stressed homeowners in order to offer “deceptive products and services is unconscionable.” Enforcement Bureau Chief Loyaan A. Egal added that the voice service provider should have been applying “Know Your Customer” principles before allowing the traffic on its networks.
FCC announces July 20 as compliance date for amended TCPA rules
On January 23, the FCC announced that July 20 is the compliance date for amended telephone consumer protection act rules on prerecorded calls. As previously covered by InfoBytes, President Trump signed S. 151, the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act), which granted the FCC authority to promulgate rules to combat illegal robocalls and requires voice service providers to develop call authentication technologies. On December 30, 2020, the Commission released the TCPA Exemptions Order to implement section 8 of the TRACED Act. In that rulemaking, the Commission amended the TCPA rules related to exemptions for non-commercial calls to residential numbers and commercial calls to residential numbers that do not include an advertisement or constitute telemarketing, among other things. Specifically, the Commission adopted numerical limits on exempted artificial or prerecorded voice calls to residential lines and also required callers making such exempt calls to allow consumers to opt out of any future calls that they do not wish to receive. The Commission explained in the TCPA Exemptions Order that it would publish in the Federal Register a compliance date for the amended rules, which would be six months after publication.
FCC chair asks Congress to act on robocalls
In December, FCC Chair Jessica Rosenworcel sent a letter to twelve senators in response to their June 2022 letter inquiring about combating robocalls. In the letter, Rosenworcel highlighted the FCC’s efforts to combat robocalls by discussing the agency’s “important” proposed rules, adopted in May, to ensure gateway providers that channel international call traffic comply with STIR/SHAKEN caller ID authentication protocols and validate the identity of the providers whose traffic they are routing to help weed out robocalls (covered by InfoBytes here). She also highlighted the FCC’s enforcement efforts, such as a December action where the FCC announced a nearly $300 million fine against an auto warranty scam robocall campaign for TCPA and Truth in Caller ID Act violations—“largest robocall operation the FCC has ever investigated” (covered by InfoBytes here).
Rosenworcel requested additional authority from Congress to combat robocalls and robotexts more effectively. Specifically, Rosenworcel asked the senators to “fix the definition of autodialer” – since robotexts are neither prerecorded nor artificial voice calls, the TCPA only provides consumers protection from robotexts if they are sent from autodialers. She further noted that the Supreme Court's decision in Facebook v. Duguid (covered by a Buckley Special Alert) narrowed the definition of autodialer under the TCPA, resulting in the law only covering equipment that generates numbers randomly and sequentially. She wrote that as a result, “equipment that simply uses lists to generate robotexts means that fewer robotexts may be subject to TCPA protections, and as a result, this decision may be responsible for the rise in robotexts.” Among other things, she also requested that Congress update the TCPA to permit for administrative subpoenas for all types of non-content customer records, and for Congress to grant the FCC the authority and resources to increase court enforcement of fines.
FCC proposes new data breach notification requirements
On January 6, the FCC announced a notice of proposed rulemaking (NPRM) to launch a formal proceeding for strengthening the Commission’s rules for notifying customers and federal law enforcement of breaches of customer proprietary network information (CPNI). FCC Chairwoman Jessica Rosenworcel noted that “given the increase in frequency, sophistication, and scale of data leaks, we must update our rules to protect consumers and strengthen reporting requirements.” She commented that the “new proceeding will take a much-needed, fresh look at our data breach reporting rules to better protect consumers, increase security, and reduce the impact of future breaches.” The NPRM, which seeks to improve alignment with recent developments in federal and state data breach laws covering other sectors, would require telecommunications providers to notify impacted customers of CPNI breaches without unreasonable delay, thus eliminating the current seven business day mandatory waiting period for notifying customers of a breach.
Among other things, the FCC requests feedback on whether to establish a specific timeframe (e.g. a requirement to report breaches of customers’ data within 24 or 72 hours of discovery of a breach) or whether a disclosure deadline should vary based on a graduated scale of severity. The FCC also seeks comments on whether a carrier should “be held to have ‘reasonably determined’ a breach has occurred when it has information indicating that it is more likely than not that there was a breach,” and whether the Commission should publish guidance on what constitutes a reasonable determination or adopt a more definite standard. Feedback is also solicited on topics such as threshold triggers, what should be included in a security breach notification, the delivery method of these notifications, and whether to expand the definition of a data breach to also include inadvertent disclosures. Comments are due 30 days after publication in the Federal Register.
FCC proposes $300 million fine against auto warranty scam robocaller
On December 21, the FCC announced a nearly $300 million fine against an auto warranty scam robocall campaign for TCPA and Truth in Caller ID Act violations, “which is the largest robocall operation the FCC has ever investigated.” According to the announcement, the two individuals in charge of the operation ran a complex robocall sales lead generation scheme, which was designed to sell vehicle service contracts that were deceptively marketed as car warranties. This “scheme made more than 5 billion robocalls to more than half a billion phone numbers during a three-month span in 2021, using pre-recorded voice calls to press consumers to speak to a ‘warranty specialist’ about extending or reinstating their car’s warranty.” As previously covered by InfoBytes, in July, the FCC took initial action by ordering “phone companies to stop carrying traffic regarding a known robocall scam marketing auto warranties.” The FCC noted that the operation is also the target of an ongoing investigation by the FCC’s Enforcement Bureau and a lawsuit by the Ohio attorney general. The Ohio AG filed a complaint against multiple companies for participating in an alleged unwanted car warranty call operation (covered by InfoBytes here). The complaint, filed in the U.S. District Court for the Southern District of Ohio, alleged that the 22 named defendants “participated in an unlawful robocall operation that bombarded American consumers with billions of robocalls.” In addition to the fine, among other things, the individuals who allegedly ran the operations are prohibited from making telemarketing calls pursuant to FCC actions.
FCC affirms three-call limit but permits oral consent
On December 21, the FCC issued an order on reconsideration and declaratory ruling under the TCPA, affirming a three-call limit and opt-out requirements for exempted residential calls. According to the FCC, the ruling is in response to requests from industry trade groups related to a 2020 order implementing portions of the Pallone-Thune Telephone Robocall Abuse Criminal Enforcement and Deterrence Act (TRACED Act). The ruling upheld the three-call-limit for exempt calls made using automated telephone dialing systems to residential lines but revised the 2020 order’s requirement for “prior express written consent” to allow callers to obtain consent orally or in writing if they wish to make more calls than allowed. The FCC also granted a request to confirm that “prior express consent” for calls made by utility companies to wireless phones applies equally to residential landlines. The FCC noted that “limiting the number of calls that can be made to a particular residential line to three artificial or prerecorded voice calls within any consecutive thirty-day period strikes the appropriate balance between these callers reaching consumers with valuable information and reducing the number of unexpected and unwanted calls consumers currently receive.”
FCC orders companies to block student loan scam calls
On December 8, the FCC’s Enforcement Bureau ordered voice service providers to cease carrying robocalls related to known student loan scams and specifically designated a service believed to account for more than 40 percent of student loan robocalls in October. The FCC’s order provides written notice to all voice service providers regarding suspected illegal robocalls that have been made in violation of the TCPA, the Truth In Caller ID Act of 2009, or the TRACED Act. Specifically, the order “directs all U.S.-based voice service providers to take immediate steps to mitigate suspected illegal student loan-related robocall traffic.” The order further noted that if a provider fails to “take all necessary steps” to avoid carrying suspected illegal robocall traffic, the provider may be “deemed to have knowingly and willfully engaged in transmitting unlawful robocalls.” According to FCC Chairwoman Jessica Rosenworcel, the Commission is “cutting these scammers off so they can't use efforts to provide student loan debt relief as cover for fraud.”
FCC says consent is required for ringless voicemails
On November 21, the FCC issued a declaratory ruling that entities using ringless voicemail products must first obtain a consumer's consent prior to using the product to leave voicemails. According to the FCC, it receives “dozens of consumer complaints annually related to ringless voicemail.” The unanimous ruling establishes that ringless voicemails are “calls” that require consumers’ prior express consent, and further clarifies that a ringless voicemail is a form of a robocall, and therefore subject to the TCPA robocall prohibition, which prohibits making any non-emergency call with an automatic telephone dialing system or an artificial or prerecorded voice to a wireless telephone number without the prior express consent of the called party.
The FCC’s declaratory ruling denied a 2017 petition filed by a company that distributes technology that permits voicemail messages to be delivered directly to consumers’ voicemail services. The petitioner argued that ringless messages, and the process by which the ringless voicemail is deposited on a carrier’s platform, is neither a call made to a mobile telephone number nor a call for which a consumer is charged and, therefore, is a service that is not regulated. The FCC rejected the petitioner’s argument that ringless voicemail is not a TCPA call because it does not pass through a consumer’s phone line and that the TCPA protects only calls made directly to a wireless handset, and does not result in a charge to the consumer for the delivery of the voicemail message. The ruling noted that “consumers cannot block these messages and consumers experience an intrusion on their time and their privacy by being forced to spend time reviewing unwanted messages in order to delete them.” The ruling also noted that a “consumer’s phone may signal that there is a voicemail message and may ring once before the message is delivered, which is another means of intrusion. Consumers must also contend with their voicemail box filling with unwanted messages, which may prevent other callers from leaving important wanted messages.” According to a statement by FCC Chairwoman Jessica Rosenworcel, the rule makes it “crystal clear" that ringless voicemails are subject to the TCPA and that the Commission's rules "prohibit[] callers from sending this kind of junk without consumers first giving their permission to be contacted this way.”
9th Circuit says district court must reassess statutory damages in TCPA class action
On October 20, the U.S. Court of Appeals for the Ninth Circuit ordered a district court to reassess the constitutionality of a statutory damages award in a TCPA class action. Class members alleged the defendant (a multi-level marketing company) made more than 1.8 million unsolicited automated telemarketing calls featuring artificial or prerecorded voices without receiving prior express consent. The district court certified a class of consumers who received such a call made by or on behalf of the defendant, and agreed with the jury’s verdict that the defendant was responsible for the prerecorded calls at the statutorily mandated damages of $500 per call, resulting in total damages of more than $925 million. Two months later, the FCC granted the defendant a retroactive waiver of the heightened written consent and disclosure requirements, and the defendant filed post-trial motions with the district court seeking to “decertify the class, grant judgment as a matter of law, or grant a new trial on the ground that the FCC’s waiver necessarily meant [defendant] had consent for the calls made.” In the alternative, the defendant challenged the damages award as being “unconstitutionally excessive” under the Due Process Clause of the Fifth Amendment.
On appeal, the 9th Circuit affirmed most of the district court’s ruling, including upholding its decision to certify the class. Among other things, the appellate court determined that the district court correctly held that the defendant waived its express consent defense based on the retroactive FCC waiver because “no intervening change in law excused this waiver of an affirmative defense.” The appellate court found that the defendant “made no effort to assert the defense, develop a record on consent, or seek a stay pending the FCC’s decision,” even though it knew the FCC was likely to grant its petition for a waiver. While the 9th Circuit did not take issue with the $500 congressionally-mandated per call damages figure, and did not disagree with the total number of calls, it stressed that the “due process test applies to aggregated statutory damages awards even where the prescribed per-violation award is constitutionally sound.” Recognizing that Congress “set a floor of statutory damages at $500 for each violation of the TCPA but no ceiling for cumulative damages, in a class action or otherwise,” the appellate court explained that such damages “are subject to constitutional limitation in extreme situations,” and “in the mass communications class action context, vast cumulative damages can be easily incurred, because modern technology permits hundreds of thousands of automated calls and triggers minimum statutory damages with the push of a button.” Accordingly, the 9th Circuit ordered the district court to reassess the damages in light of these concerns.
Pages
Upcoming Events
- Keisha Whitehall Wolfe to discuss “Tips for successfully engaging your state regulator” at the MBA's State and Local Workshop
- Max Bonici to discuss “Enforcement risk and trends for crypto and digital assets (Part 2)” at ABA’s 2023 Business Law Section Hybrid Spring Meeting
- Jedd R. Bellman to present “An insider’s look at handling regulatory investigations” at the Maryland State Bar Association Legal Summit