Reining in the FCC: DC Circuit overturns some (not all) of 2015 TCPA order
This article originally appeared in The International Association of Privacy Professionals' Privacy Tracker.
Last Friday, the D.C. Circuit issued a long-awaited TCPA decision, paving the way for organizations to obtain relief from what some argued were onerous aspects of the U.S. Federal Communications Commission’s 2015 order updating the way the law should be interpreted — although not immediately.
For the uninitiated, the Telephone Consumer Protection Act is the primary federal law that regulates telemarketing and non-marketing phone calls and text messages that incorporate a prerecorded voice or are delivered through an automatic telephone dialing system, more commonly known as an autodialer or ATDS.
In 2015, the FCC released a major TCPA order, which featured its interpretation of what constituted an “autodialer,” what is a “called party,” the Commission’s definition of “revoked consent,” and an exemption for certain health-related calls, among other things.
On Friday, the court vacated portions of that order. The court’s ruling was a bit of a mixed bag, and so we here break down the court’s ruling on each of the four issues it addressed, along with the implications.
The court rejected the FCC’s broad interpretation of what types of technologies qualify as an autodialer.
What the FCC did in its 2015 order: The TCPA defines an autodialer as “equipment which has the capacity — (A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.” In its 2015 order, the FCC sought to clarify the definition of autodialer. The FCC found (1) that a device’s “capacity” includes not only present functions but also “potential functionalities” with modifications such as software changes; and (2) that the basic function of an autodialer is to “dial numbers without human intervention.” Thus, according to the 2015 order, if a device had the present or potential capability (with modifications) to dial numbers without human intervention, the device is an autodialer under the TCPA. In response to criticism from dissenting commissioners, the Democratic majority conceded in the 2015 order that “there must be more than a theoretical potential that the equipment could be modified to satisfy the ‘autodialer’ definition,” noting that a rotary-dial phone would not be considered an autodialer.
The court’s ruling: The court reasoned that the definition of autodialer raised two questions: When does a device have the “capacity” to perform the two enumerated functions? And what precisely are those functions? As to the first question, the court found the FCC’s interpretation of “capacity” unreasonable and impermissibly expansive. Despite the FCC’s arguments, the court found the FCC’s interpretation would cover all smartphones and would subject ordinary consumers to liability for TCPA violations if they use a cellphone to place calls or send messages without the prior express consent of the recipient. The court stated that it was untenable, and clearly outside of congressional intent, to construe the term “capacity” in a manner to capture the most ubiquitous form of communication.
As to the second question, the court found that statements in the 2015 order supported two contradictory views: (1) That an autodialer must have the ability to generate random and sequential numbers and then dial them; and (2) that autodialers do not need to have the ability to generate random and sequential numbers. The court found that this inconsistency failed to rise to the standard of reasoned decision-making and could not stand.
Implications: This is a good result for anyone who uses a phone — even for non-marketing purposes. Several of the TCPA’s most onerous requirements apply to autodialers, including the requirement to obtain “prior express consent” for non-marketing calls transmitted via autodialer and “prior express written consent” for marketing calls transmitted via autodialer. That makes the definition of autodialer crucial because a call placed without using an autodialer will not be subject to these requirements under the TCPA. The FCC’s 2015 order was overbroad and expanded the scope of the TCPA far beyond the intent of the statute, potentially applying even to calls placed by ordinary smartphones. The court’s ruling should force the FCC to create a more precise standard.
With that said, the court did not explain what types of technologies do qualify as autodialers or offer much meaningful guidance on the scope of the TCPA. Instead, we only really know what isn’t covered: your ordinary, everyday cellphone. Until the FCC provides further clarification, organizations should continue to take a conservative approach to reduce legal risk by assuming that most technology platforms will be considered autodialers and applying internal compliance program rules accordingly.
Expect the FCC to take up this issue again. Note that the commission has flipped; instead of the 3–2 Democratic majority that issued the 2015 order, now there is a 3–2 Republican majority. As a member of the Republican minority in 2015, now-Chairman Ajit Pai strongly dissented from the FCC’s position in 2015 and would likely push for a much narrower interpretation. Thus, the agency is likely to narrow the scope of what qualifies an autodialer, which would be more in line with what courts have been doing — even after the 2015 order. It is possible that the agency will take the position that whether a device is an autodialer depends on how it is being used when the relevant call is made, which could allow an organization to switch a machine from “autodialer mode” to “non-autodialer mode” to avoid incurring the more onerous requirements applicable to autodialers. Until the FCC weighs in, look to courts to provide more concrete parameters on the scope of the autodialer definition as they deal with their TCPA-related dockets.
The court rejected the FCC’s approach to reassigned numbers and the one-call safe harbor the agency created.
What the FCC did in its 2015 order: The TCPA generally prohibits placing calls to wireless phones using an autodialer or prerecorded voice without the prior express consent of the “called party.” In its 2015 order, the FCC attempted to clarify the meaning of “called party,” which is undefined by the TCPA. The agency concluded that the term refers to the current subscriber (or non-subscriber customary user of the phone). The FCC recognized that this interpretation would create problems with respect to reassigned numbers (i.e., numbers originally assigned to one party that are later assigned to another). Since callers do not receive notice of reassignments, they could potentially call numbers for which the original subscriber provided consent, but for which the new subscriber had not consented. The FCC, therefore, construed the caller’s ability to rely on the recipient’s prior express consent to mean “reasonable reliance” and adopted a safe harbor. Under the agency’s safe harbor, a caller would not be liable for the first call made to the wireless number following reassignment. Thus, it seems that the FCC interpreted the caller’s reliance on the prior subscriber’s consent to be “reasonable” for the first call, but not for any subsequent call, regardless of whether the subsequent call resulted in any actual interaction with the call recipient.
The court’s ruling: The court agreed with the FCC’s reasoning in some respects, but nevertheless the court invalidated the FCC’s entire approach to reassigned numbers. The court first found that the FCC could permissibly interpret the term “called party” to mean the current subscriber. Additionally, the court did not take issue with the FCC’s “reasonable reliance” standard or the agency’s position that a caller’s reliance on the prior subscriber’s consent could be “reasonable.”
However, the court pointed out that the FCC provided no explanation for why reasonable-reliance considerations supported limiting the safe harbor to just one call. The court found that the FCC’s failure to clarify its position with respect to the safe harbor required the court to set aside the FCC’s entire position with respect to reassigned numbers since the court could not conclude that the FCC would have adopted its position with respect to reassigned numbers without the safe harbor. Indeed, the court noted that the FCC stated in the 2015 order that while it could impose a strict liability standard on callers with respect to reassigned numbers, it declined to impose a standard that severe. Eliminating the safe harbor would create a standard the FCC indicated that it did not intend to impose; therefore, the court struck the FCC’s entire treatment of reassigned numbers.
Implications: The D.C. Circuit invalidated the entirety of the FCC’s approach to reassigned numbers and the concept of who is the “called party.” As with the autodialer definition, expect the FCC to revisit reassigned numbers. (The agency has already sought comment on creating a reassigned number repository.) It is particularly notable that, in his dissent from the 2015 order, now-Chairman Pai argued that the term “called party” should be read as the person that the company intended to call; he also argued that a strict-liability approach to reassigned numbers should be rejected. When the FCC addresses reassigned numbers in the future, we think the result will be closer to what Chairman Pai advocated in his 2015 dissent due to the change in the composition of the Commission.
In the meantime, organizations must look to the courts for guidance. The safe harbor’s demise opens the door for courts to adopt a pure strict-liability approach, which could lead to a spate of lawsuits from opportunistic plaintiffs who had received only one errant text message or call. But, in many instances, the loss of the safe harbor will have a limited negative impact for organizations defending lawsuits in which plaintiffs received multiple calls or text messages after reassignment. Organizations may, however, have some success convincing courts to adopt a more lenient standard.
The court upheld the FCC’s approach to revocation of consent.
What the FCC did in its 2015 order: The agency expressly rejected a petition to allow callers to prescribe the methods by which called parties could opt-out. Instead, the FCC found that “a called party may revoke consent at any time and through any reasonable means,” so long as the called party “clearly expresses a desire not to receive further messages.” “Any reasonable means,” according to the 2015 order, would be determined based on “the totality of the facts and circumstances,” including “whether the caller could have implemented mechanisms to effectuate a requested revocation without incurring undue burdens” and “whether the consumer had a reasonable expectation that he or she could effectively communicate his or her request . . . in that circumstance.”
The court’s ruling: The ACA challenged the FCC’s standard, arguing that it would require businesses to take “exorbitant precautions.” The court rejected that argument, pointing to the FCC’s statements in the 2015 order absolving callers of adopting systems that would entail “undue burdens.” The court noted, for example, that callers would not need to train every retail employee regarding the nuances of opt-out requirements. Finally, the court rejected the ACA’s argument that the 2015 order improperly precluded callers and recipients from contractually agreeing to revocation mechanisms, finding that the order only prohibited callers from unilaterally imposing opt-out mechanisms.
Implications: The court’s ruling on this issue is disappointing for some organizations in that the FCC’s revocation-of-consent doctrine has increased legal risk and posed operational challenges. Plaintiffs have been able to leverage the FCC order in their favor. For example, in Schweitzer v. Comenity Bank, 866 F.3d 1273 (11th Cir. 2017), the court ruled that the plaintiff may have partially revoked her consent to receive calls at certain times of day when she made unclear statements during a collection call that she worked during the day, and could not respond to collection calls at that time. Accounting for these types of requests presents a heavy burden for organizations.
The opinion does, however, provide some positive take-aways for organizations. The court stated that when callers adopt clearly identified and easy-to-use opt-out mechanisms, “any effort to sidestep the available methods in favor of idiosyncratic or imaginative revocation requests might well be seen as unreasonable.” The court’s reasoning suggests that, when an organization provides a reasonable opt-out mechanism with clear instructions, an individual’s failure to follow the instructions or attempt to opt out through other irregular means would not be sufficient to revoke consent. A court took a similar position in Viggiano v. Kohl's Department Stores, Inc., 17–0243–BRM–TJB, 2017 WL 5668000 (D.N.J. Nov. 27, 2017), where the court ruled that the plaintiff had not effectively revoked consent due to her failure to follow clear instructions for opting out of text message notifications. Thus, even if a caller cannot unilaterally designate the exclusive means of opting out, it can control how individuals use particular opt-out channels. The D.C. Circuit opinion also suggests that, by providing several reasonable opt-out mechanisms, organizations can better position themselves to argue that an alternative opt-out method used by an individual is “unreasonable” — and therefore ineffective.
Another helpful take-away is the court’s recognition that the 2015 order does not limit parties’ ability to contractually agree on opt-out mechanisms. The court avoided calling into doubt the Second Circuit’s decision in Reyes v. Lincoln Auto. Fin. Servs., 861 F.3d 51 (2d Cir. 2017), in which that court held that “the TCPA does not permit a party who agrees to be contacted as part of a bargained-for exchange to unilaterally revoke that consent.” These are positive non-events for organizations seeking to use contracts to designate exclusive opt-out mechanisms or limit individuals’ ability to revoke consent.
The court upheld the FCC’s exemption for time-sensitive health care calls.
What the FCC did in its 2015 order: The TCPA permits the FCC to exempt certain calls to cellphones that are not charged to the called party, and it also empowers the FCC to impose any conditions on those exemptions that the FCC deems necessary to protect the privacy rights the TCPA is intended to cover. In its 2015 order, the FCC granted an exception for certain exigent, non-telemarketing calls having a “health care treatment purpose.” The FCC expressly declined to extend that exemption to calls that included “telemarketing, solicitation, or advertising content, or which include accounting, billing, debt-collection, or other financial content.”
The court’s ruling: The court rejected several Rite Aid challenges seeking to expand the scope of the exception. The court rejected Rite Aid’s argument that the exemption is impermissibly inconsistent with HIPAA, explaining that HIPAA does not supersede the TCPA and that calls permitted by HIPAA are still subject to the TCPA. The court rejected Rite Aid’s argument that the exemption was arbitrary and capricious because it treated residential and cellular lines differently, and the court also rejected Rite Aid’s argument that all health care-related calls satisfy the TCPA’s emergency purpose exception.
Implications: The exemption is still available for callers making certain health care–related calls in accordance with the conditions for the exemption established in the 2015 order. Further, it remains clear that HIPAA and the TCPA are separate and coequal legal regimes that can simultaneously regulate the same activities.
The TCPA defines “emergency purposes” as “calls made necessary in any situation affecting the health and safety of consumers.” It was fairly obvious that Rite Aid had an uphill battle convincing the court that calls including “telemarketing, solicitation, or advertising content” or “accounting, billing, debt-collection, or other financial content” would be “necessary” in a situation affecting the health and safety of consumers, so the result is hardly surprising. Organizations must continue evaluating health care calls on a case-by-case basis to determine whether the emergency exception applies and the calls can be made without obtaining prior express consent.
Overall, the court’s ruling was not the resounding victory that many organizations were hoping for, but the decision does make it highly likely that the FCC will revisit several of the more controversial aspects of the 2015 order. Perhaps most importantly, we could see the FCC sharply curtail the scope of the TCPA by more narrowly defining the types of technologies that qualify as an autodialer. Hopefully, the agency will develop a practical approach to the challenge posed by reassigned numbers, as well. In the meantime, organizations should continue to take a conservative approach to TCPA compliance. TCPA litigation is still very active, and with statutory damages available ranging from $500 to $1,500 per call or text message, now is not the time to ease up on TCPA compliance in anticipation of what the FCC may do in the future.
The International Association of Privacy Professionals
Percival, L., & Lopes, J. (2018, March 23). IAPP Privacy Tracker | Reining in the FCC: DC Circuit overturns some (not all) of 2015 TCPA order. Retrieved from https://iapp.org/news/a/reining-in-the-fcc-dc-circuit-overturns-some-not-all-of-2015-tcpa-order/