FCC Adopts and Proposes New Stir/Shaken Rules to Improve Tracebacks and Blocking
You must be logged in and authorized to view this content.
You must be logged in and authorized to view this content.
The FTC recently announced that National Do Not Call (DNC) Registry access fees for telemarketers will increase incrementally in FY 2022.
The first five area codes will still be free to download, but the cost of accessing an additional area code will be $69 in the fiscal year 2022, which represents an increase of $3 from over current fees. The maximum charge to any single entity for accessing all area codes nationwide will increase to $19,017 (up from $18,044 ). The fee for accessing an additional area code for a half year will increase to $35 (up from $33). Organizations that are exempt, such as some charitable organizations, may continue to obtain the entire list for free.
All telemarketers calling consumers in the United States are required to download the numbers on the National DNC Registry to ensure they do not call consumers whose numbers are listed on the DNC. Telemarketers must renew their subscriptions on an annual basis to continue accessing DNC numbers.
The revised fees will become effective October 1, 2021.
You must be logged in and authorized to view this content.
As detailed in prior articles, the recent amendments to the Florida Do-Not-Call Act and the Florida Telemarketing Act (the “Florida Amendments) created a state-level “mini TCPA.” The Florida Amendments went into effect on July 1st, 2021, and the state lawsuits now made possible under the new private right of action have already started to trickle in.
In an effort to thwart this endeavor, an organization called the Enterprise Communications Advocacy Coalition (ECAC), which describes itself as the “only coalition dedicated exclusively to advocacy on behalf of the contact center industry,” recently filed a Petition for Declaratory Ruling with the Federal Communications Commission. In the Petition, the ECAC requested the FCC to preempt those portions of the Florida Amendments that “relate to interstate telemarketing to the extent that they are more restrictive than” the FCC’s rules and regulations implementing the federal TCPA.
What is Federal Preemption?
The doctrine of federal preemption is based upon the Supremacy Clause of the Constitution, which states that federal law is “the supreme Law of the Land” notwithstanding any state law to the contrary. Under the federal preemption doctrine, federal law supersedes conflicting state laws. This can happen when a federal statute or regulation contains explicit preemptive language, or by implication, when Congress’s preemptive intent is implicit in the relevant federal law’s structure and purpose. The ECAC’s petition relies upon the implied intent of Congress in granting the FCC the power to enact uniform rules enforcing the TCPA.
The Petition
In its Petition, the ECAC points out that in 2003 the FCC itself observed that “any state regulation of interstate telemarketing calls that differs from our rules almost certainly would conflict with and frustrate the federal scheme and almost certainly would be preempted,” and that “any party that believes a state law is inconsistent with section 227 (the TCPA) or our rules may seek a declaratory ruling from the Commission.”
The ECAC argues that four specific aspects of the Florida Amendments create a more restrictive environment applicable to interstate telemarketing laws than the TCPA and its associated regulations and must therefore be preempted. The four aspects are as follows:
Call Time Restrictions – The Florida Amendments narrow the permissible calling time window for telephone solicitations (which ends at 9:00 p.m. under the FCC’s rules) to 8:00 p.m. The Petition argues that this imposes increased compliance costs on telemarketers that make interstate calls to Florida residents and “frustrates the federal objective of creating national rules.”
Call Frequency Limits – The Florida Amendments restrict the number of “commercial solicitation phone calls” that a telemarketer may make from any number to any person over a 24-hour period to three (3) calls. The Petition claims that this restriction places an enormous burden on telemarketers that initiate interstate calls to track this data, and infringes telemarketers’ rights to free speech.
Caller ID Restrictions – The Florida Amendments ban commercial telephone solicitors from using technology that “deliberately displays a different caller identification number than the number the call is originating from to conceal the true identity of the caller.” In the Petition, the ECAC notes that the FCC’s TCPA regulations “specifically permit the telemarketer to substitute the name of the seller on whose behalf the telemarketing call is placed as well as the seller’s customer service telephone number, provided that a call recipient may call the telephone number provided to make a do-not-call request during regular business hours.” Thus, the revised Florida laws, in this respect, are “expressly at odds with the TCPA regulations.”
Automated Equipment/Automatic Telephone Dialing System – The Florida Amendments restrict telephonic sales calls involving an “automated system for the selection or dialing of telephone numbers or playing of a recorded message when a connection is completed to a number….” In its Petition, the ECAC notes that the TCPA restricts calls initiated with “an automatic telephone dialing system” – a term defined in the TCPA and the FCC’s regulations, and that “automated system” as used in the Florida Amendments is undefined, and goes on to argue that to the extent the undefined term in the Florida Amendments “includes equipment that is not within the definition of automatic telephone dialing system, the statute must be preempted”
What Comes Next
Under Section 5(d) of the Administrative Procedure Act, the FCC may issue declaratory rulings terminating a controversy or removing uncertainty with respect to its rules. After a petition requesting such a is submitted, the next step in the process is for the FCC to issue a notice seeking public comments on the petition. After the notice submission period, the FCC considers the comments and issues a ruling. The entire process can take months or longer, depending upon the matter and the agency’s timeframe.
<p>
</p>
<p><strong>You must be logged in and authorized to view this content.</strong></p>
<p>
The Centennial State recently enacted a comprehensive new privacy law. The Colorado Privacy Act (ColoPA) will become effective on July 1, 2023, six months after the California Privacy Rights Act (CPRA) and the Virginia Consumer Data Protection Act (VA CDPA), which both take effect on January 1, 2023. ColoPA is substantially similar to existing state privacy laws and the EU’s General Data Protection Regulation (GDPR), but there are some key differences. The remainder of this article summarizes the important aspects of ColoPA and how they compare to existing state privacy laws.
Definitions
ColoPA defines “consumer” to mean a natural person who is a Colorado resident acting only in an individual or household context in providing personal data, which is analogous to the VA CDPA’s definition of consumer and is narrower than the comparable definitions used in the CCPA and the GDPR. ColoPA specifically excludes an individual acting in a commercial or employment context, as a job applicant, or as a beneficiary of something acting in an employment context.
Under ColoPA “personal data” means any information that is linked or reasonably linkable to an identified or identifiable natural person and does not include de-identified data or publicly available information.
Application
ColoPA applies to legal entities that conduct business in, or produce products or services that are targeted to Colorado consumers and that either (1) control or process personal data or more than 100,000 Colorado consumers per calendar year; or (2) derive revenue or receive a discount on the price of goods or services from the sale of personal data, and control or process the personal data of at least 25,000 Colorado consumers.
ColoPA’s applicability standards are similar to those in the VA CDPA, although ColoPA’s second applicability standard is broader, encompassing the receipt of discounts as well as revenue from the sale of personal data.
Compliance Roles
ColoPA is similar to the GDPR and the VA CDPA in that it defines two main compliance roles: controllers and processors. Controllers are required to perform a data protection assessment of any processing activities that present a heightened risk of harm to consumers, which includes processing for targeted advertising, profiling, and the sale of personal or sensitive data.
Those acting as a processor of data are to be governed by a contract that describes the type of data subject to processing, confidentiality obligations, subcontracting requirements, security measure, and audit rights.
Consumer Rights
Like existing state privacy laws, ColoPA grants consumers the right to make requests to (1) opt-out of certain types of processing; (2) access their personal data; (3) correct inaccuracies in their personal data; (4) delete their personal data; and (5) obtain a copy of their personal data in a portable format.
ColoPA’s opt-out rights are similar to those in the VA CDPA, in that they allow consumers to opt-out of processing of their personal data for purposes of targeted advertising, the sale of personal data, or for profiling the consumer in a way that produces legal or similarly significant effects on the consumer. A controller has 45 days to respond to a consumer request, which may be extended once by an additional 45 days when reasonably necessary. Like under the VA CDPA, a controller must also provide consumers with an appeals process if it denies a consumer’s request.
Rules and Enforcement
The Colorado Attorney General will promulgate rules for a universal opt-out mechanism under ColoPA by July 1, 2023, and will further promulgate rules for issuing opinion letters and interpretative guidance to develop an operational framework, including a safe harbor for compliance, by July 1, 2025.
Thankfully, there is no private right of action under ColoPA. Instead, the Colorado Attorney General and district attorneys have exclusive enforcement rights. Upon receipt of a notice of violation, a controller has 60 days to cure the violation. However, the right to cure will be repealed on January 1, 2025.
Conclusion
As state after state introduces its own privacy legislation, the compliance challenges mount, which will increase the pressure on Congress to enact a single, comprehensive privacy law at the federal level that will preempt conflicting state law. Until that happens, those companies that may be subject to ColoPA should start planning for compliance, however challenging that might be.
You must be logged in and authorized to view this content.
In its infinite wisdom, when drafting the TCPA Congress included two separate and distinct grounds upon which to base a private cause of action.
§227(b) Claims
First, there’s 47 USC §227(b)(1)(A), which makes it unlawful “for any person within the United States, … to make any call… using any automatic telephone dialing system or an artificial or prerecorded voice … to any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other radio common carrier service” or (under §227(b)(1)(B), “to initiate any telephone call to any residential telephone line using an artificial or prerecorded voice… without the prior express consent of the called party…”
§227(c) Claims
Then, there’s 47 USC §227(c), which codified the creation of the national DNC registry, and prohibits telephone solicitations to any number listed on the registry absent consent or other exemption. Subsection (c) includes a private right of action under §227(c)(5), which states that any “person who has received more than one telephone call within any 12-month period by or on behalf of the same entity in violation of the regulations prescribed under this subsection may, if otherwise permitted by the laws or rules of court of a State, bring, in an appropriate court of that State…an action to recover actual monetary loss or to receive statutory damages of up to $500 for each violation.”
Both §227 subsections (b) and (c) state that a “person or entity may bring, in an appropriate court of that State…an action to recover actual monetary loss or to receive statutory damages of up to $500 for each violation,” and give courts the discretion to treble damages for willful or knowing violations §227(b) or (c).
So when bringing a TCPA claim under §227(b), the “violation” upon which the claim is based refers to calling a cellular line using an ATDS, or placing a prerecorded call to a residential line without the recipient’s prior express written consent. With a §227(c) claim, the “violation” consists of calling a number listed on the national DNC registry more than once in a calendar year without the recipient’s prior express written consent.
Despite the fact that “violations” upon which to base a TCPA suit are limited to the grounds stated above, TCPA plaintiffs frequently claim that other elements of the statute and its accompanying regulations also constitute “violations” that justify litigation. Once such violation is the failure to produce a written internal DNC policy upon demand, as required by FCC regulation 47 C.F.R. 64.1200(d).
Many plaintiffs demand a written copy of a company’s internal DNC policy and sometimes file suit based on a failure to comply. Because they are unsupported by statute, courts often dismiss these “No DNC Policy” claims, but not always.
A company’s failure to produce a written DNC policy upon request recently resulted in a Massachusetts Court awarding damages based on that “violation.” In Perrong v. All Star Chimney Solutions, Inc., professional TCPA plaintiff Andrew Perrong filed a lawsuit that involved four automated calls placed to a number listed on the national DNC registry in violation of 47 U.S.C.§227(c), and also claimed that the defendant “did not have a written policy, available on demand, pertaining to do-not-call requests”
Perrong obtained a default judgment the Court awarded $500 for each call but did not grant Perrong’s request for an additional $500 for each call based on the defendant’s lack of a written do-not-call-policy. Instead, the court determined that “the failure to maintain a written policy, available on demand, pertaining to do-not-call requests” designated only “one violation”, and awarded Perrong $500 rather than the $2,000 he requested.
Naturally, the Court should not have awarded anything for the “No DNC Policy” violation, but you can never count on a Court doing the right thing, especially when the presentation of a simple one-page document can prevent that outcome altogether.
The defendant’s failure to present a policy “on demand” only cost them $500 in this case, but it could have been far worse. Perrong’s lawsuit was not brought as a class action, and there is nothing preventing another court from mistakenly including a “No DNC Policy” award as an element of class action damages, which would increase potential liability by orders of magnitude.
The lesson is simple. Have a written DNC policy on hand and produce a copy whenever someone requests it. It’s not a very high burden to meet and doing so can save you a considerable amount of headache. Sample DNC policies are available for download on the Blacklist Academy platform.
You must be logged in and authorized to view this content.
On July 1st, the recent amendments to Florida’s telemarketing statutes discussed in a prior article were signed into law. The amendments included with SB 1120 essentially transforms Florida’s existing telemarketing laws into a “mini TCPA,” by incorporating many of the same elements found in the Telephone Consumer Protection Act (including a private right of action with $500 statutory damages, which can be tripled for willful violations).
However, although it substantially mirrors the TCPA, the new Florida law includes some important distinctions from equivalent provisions found in the federal law, which include the following:
A Broader ATDS Definition: The Florida law applies to “automated system[s] for the selection or dialing of telephone numbers or the playing of a recorded message when a connection is completed.” Many dialing platforms that may be excluded from TCPA coverage under the Supreme Court’s recent Facebook ruling will nevertheless qualify as automated dialing systems under this definition.
A Broad Definition of Covered Calls: The new law makes no distinctions between calls, texts, or ringless voicemails. Instead, it applies to “telephonic sales calls,” which are broadly defined as “a telephone call, text message, or voicemail transmission to a consumer for the purpose of soliciting a sale of any consumer goods or services, soliciting an extension of credit for consumer goods or services, or obtaining information that will or may be used for the direct solicitation of a sale of consumer goods or services or an extension of credit for such purposes.”
Narrower Call Hours: The new law restricts the hours in which a telephonic sales call can be placed, from 8 am to 8 pm (previously calls could be made until 9 pm).
Call Attempt Limitation: The new law makes it unlawful to place more than three telephonic sales calls from any number to a person over a 24-hour period on the same subject matter or issue, regardless of the phone number used to make the call. Remember, a “telephonic sales call” includes calls, texts, and ringless voicemails.
Narrower Definition of Called Party: The new law specifies that a “called party” is only the “regular user” of the phone (unlike the federal standard, which also includes the subscriber to the phone).
Like the TCPA, the new Florida law includes an exemption for calls placed with the prior express written consent (PEWC) of the called party, and defines PEWC in a similar manner as the applicable federal rules. Under the Florida law, “Prior express written consent” means a written agreement that:
You must be logged in and authorized to view this content.
The United States is not unique in its efforts to combat illegal robocalls. Consumers in other countries are dealing with the same issue. In a step towards combining enforcement efforts across international borders, the Federal Communications Commission (FCC) recently signed a Memorandum of Understanding (MOU) with the Australia Communications and Media Authority (ACMA) to “work together to develop and coordinate a global approach to addressing unlawful robocalls or robotexts, and the unlawful use of inaccurate caller ID information or ‘spoofing’”.
The MOU does not create additional rights or legally binding obligations under international or domestic law. Instead, its stated purpose is to promote the exchange of information and mutual assistance between the participants “for the purpose of enforcing and securing compliance with Covered Violations.”
According to definitions included in the MOU, a “Covered Violation” refers to practices that violate or potentially violate the applicable laws of one country that are substantially similar to practices prohibited by any provision of the applicable Law of the other country. These laws include the following US laws and their Australian equivalents:
US LAWS
AUSTRALIAN LAWS
The MOU, which was executed by FCC Acting Chairwoman Jessica Rosenworcel and ACMA Chair and Agency Head Nerida O’Loughlin, bears the weighty title, the “Mutual Assistance in the Enforcement of Laws on Certain Unlawful Communications Agreement,” and can be reviewed here: https://docs.fcc.gov/public/attachments/DOC-372922A1.pdf.
You must be logged in and authorized to view this content.
You must be logged in and authorized to view this content.