Telemarketing, texts, and the TCPA: An update on corporate liability

By Michael P. Barry, JD, CIPP, CCEP

Michael P. Barry (mbarry@connexionpoint.com) is Director of Compliance and Corporate Counsel at Connexion Point in Salt Lake City, Utah, USA.

When the Telephone Consumer Protection Act (TCPA) was originally enacted, it was intended as a consumer protection statute. Unfortunately, as the years have passed, the law has become a litigation nightmare and legal minefield for companies that use telephones or text messaging for marketing purposes. The U.S. Supreme Court recently decided a case that will reduce the risk of litigation for companies that communicate with customers with an automatic telephone dialing system. This article will review the Supreme Court case and discuss its implications.

The TCPA’s history

In 1991, US Congress passed the TCPA due in part to abusive practices by telemarketers that were considered an invasion of privacy. The TCPA requires companies to obtain prior, express consent from call recipients before making (1) telemarketing calls to residential phones using an artificial or prerecorded voice or (2) any nonemergency calls using an automatic telephone dialing systems (autodialer) or an artificial or prerecorded voice (robocall) to a wireless phone number.[1] If a call to a wireless phone “introduces an advertisement” or “constitutes telemarketing,” then such prior consent must be in writing.[2]

The US Federal Communications Commission (FCC) was charged with promulgating regulations to enforce the TCPA.[3] Although text messages are not addressed by the statute, the FCC has interpreted the TCPA to cover them.[4] Text messages sent to cell phones using an autodialer are prohibited under the TCPA unless made with the “prior express consent of the called party.”[5] Certain exceptions apply that are immaterial here.[6]

Although the drafters of the TCPA were well-meaning, the law spawned a massive wave of lawsuits against businesses in every industry, including health insurance plans and pharmaceutical companies. The reason for the flood of litigation is simple—the TCPA contains many ambiguous provisions that invite lawsuits. Additionally, violating the TCPA is expensive, with a minimum penalty of $500 per text message, and treble damages of $1,500 per violation for those who “willfully or knowingly” violate the TCPA.[7] For example, in recent years, Sirius XM Radio settled a TCPA lawsuit for $32.4 million,[8] and Wells Fargo agreed to a $18 million settlement.[9]

One significant area of TCPA litigation involves the use of autodialers by companies to dial random or sequential blocks of telephone numbers automatically. The impact of autodialers on business and the public can be significant; due to the sequential way they dial phone numbers, autodialers can tie up all the lines of a company with sequentially numbered phone lines. Autodialers are also a particular threat to public safety since they can occupy all the lines of public emergency services, such as hospitals or law enforcement. The TCPA defines an autodialer as “equipment which has the capacity – (A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.”[10]

Duguid v. Facebook

In 2014, Noah Duguid received several login-alert text messages indicating that someone was attempting to access a Facebook account associated with his cell phone number from an unknown browser. This sounds like a reasonable IT security feature by Facebook. The problem? Duguid never had a Facebook account, and he never gave Facebook his cell phone number. Facebook speculated that Duguid likely received the texts because his cell phone number was recycled from another Facebook user and remained in their database. Unable to stop the alert notifications, Duguid brought a class action lawsuit against Facebook. In the lawsuit he asserted that Facebook violated the TCPA by maintaining a database that stored phone numbers, and that Facebook programmed its system to send automated text messages to those numbers whenever an associated account was accessed by an unencrypted device or web browser.

Duguid filed his lawsuit in a federal district court in California. Facebook filed a motion to dismiss, and the court found in its favor. Duguid appealed the decision, and the Ninth Circuit federal appeals court determined that Duguid raised a valid TCPA claim by alleging that Facebook’s notification system automatically dialed stored numbers. Further, the appeals court noted, under the TCPA, an autodialer does not need to use a random or sequential generator to store numbers; it only must have the capacity to “store numbers to be called” and “to dial such numbers automatically.”[11] Under the Ninth Circuit’s reasoning, almost any electronic phone system could constitute an autodialer, potentially subjecting many companies that do not make random calls to damages for violations of the TCPA. The Second and Sixth Circuits have also interpreted the TCPA this way. The Seventh and Eleventh Circuits, on the other hand, determined that an autodialer must store and produce random or sequential numbers, and therefore limited the scope of TCPA liability. The Supreme Court accepted review of the Facebook case to resolve the split in federal circuits.

The Decision

In April 2021, in a 9-0 decision drafted by Justice Sotomayor, the court determined that the case turned on the statutory text of the TCPA. Under a plain meaning reading of the statute, the TCPA defines a autodialer by “what it must do” and “how it must do it.”[12] Based on this reading, Facebook’s login notification system is not an autodialer since it does not use a random or sequential number generator. The court noted that “expanding the definition of an autodialer to encompass any equipment that merely stores and dials telephone numbers would take a chainsaw to these nuanced problems when Congress meant to use a scalpel.”[13] In other words, the Ninth Circuit’s expansive reading of the TCPA would capture almost all modern cell phone usage—public, private, or corporate—within the TCPA’s regulatory net. The court was unwilling to make this leap; to rule otherwise would go beyond the “ordinary reading” of the text of the TCPA.[14]

The court’s determination is consistent with Congressional intent when the TCPA was passed. Regarding the law’s context, the court stated:

That Congress was broadly concerned about intrusive telemarketing practices, however, does not mean it adopted a broad autodialer definition. Congress expressly found that the use of random or sequential number generator technology caused unique problems for business, emergency, and cellular lines. Unsurprisingly, then, the autodialer definition Congress employed includes only devices that use such technology, and the autodialer prohibitions target calls to such lines.[15]

The court also noted that its decision does not affect the TCPA’s prohibition on calls using “an artificial or prerecorded voice” to home or cell phones, unless an exception applies.[16] The case also does not affect guidance that pertains to the TCPA’s Do Not Call registry. Justice Alito filed a concurring opinion. With this decision, the court overturned the U.S. Court of Appeals for the Ninth Circuit.

What does this mean for businesses?

The Facebook case has enormous implications for any business, regardless of industry. Because of the ubiquitous nature of cell phone use, wireless communication is a critical or even primary means of customer contact. Previously any company located within the geographic confines of the Second, Sixth, and Ninth federal circuits could have become the target of a TCPA lawsuit merely for having the capacity to (1) store telephone numbers and (2) dial those numbers, but because of the Supreme Court’s Facebook decision, this is no longer the case.

It is important to note, however, that the TCPA’s Do Not Call provisions and protections against random dialers remain in effect. Although companies that use autodialers will now face a decreased risk of TCPA lawsuits, businesses are well advised to include TCPA compliance in any annual risk assessments or internal audits. Telephone and marketing policies and procedures that involve the TCPA should also be reviewed and updated on an annual basis.

Finally, companies should also review their insurance policies for commercial or cyber liability to ensure that coverage is provided for alleged TCPA violations. This is particularly advisable for companies that engage in marketing that involves telephone calls or text messaging. Some insurance policies exclude TCPA coverage, and other policies avoid covering TCPA damages by arguing that TCPA violations fall under policy exclusions related to an invasion of privacy.

Remain vigilant

There should be a collective sigh of relief from businesses with the knowledge that TCPA liability has not expanded. The Facebook decision will likely result in a net decrease in federal class-action lawsuits. But at the same time, many state and federal laws and regulations regarding the TCPA and telemarketing remain in place. For example, the TCPA still requires companies to obtain prior, express consent from individuals before making any calls using artificial or prerecorded voices. Prudent business practice therefore requires companies to include or maintain telephone privacy compliance as part of a corporate compliance program.

Takeaways

  • The U.S. Supreme Court has narrowed liability under the Telephone Consumer Protection Act (TCPA).

  • Important TCPA provisions remain in effect, such as the Do Not Call registry.

  • The TCPA will continue to be a highly litigated law, so it should remain on a company’s compliance radar.

  • Remember to include TCPA compliance when conducting internal risk assessments or audits.

  • Companies should remain vigilant in monitoring TCPA guidance from the Federal Communications Commission and federal courts.

 
147 U.S.C. § 227(b)(1)(A); 47 C.F.R. §§ 64.1200(a)(1)-(2).
247 C.F.R. § 64.1200(a)(2).
347 U.S.C. § 227(c)(1).
4 Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, 18 FCC Rcd. 14014, 14115 (2003).
547 U.S.C. § 227(b)(1)(A).
6See 47 U.S.C. § 227(b)(1)(B).
747 U.S.C. § 227(b)(3).
8 Greg Land, “Sirius XM Settles Texas TCPA Class Action for $32.4M,” January 31, 2020, https://bit.ly/3ACA2IL.
9 Nicole Casperson, “Wells Fargo settles TCPA claims with 18M payout,” July 12, 2019, https://bit.ly/3s67xzS.
1047 U.S.C. § 227(a)(1).
11 Facebook, Inc. v. Duguid, 926 F.3d 1146, 1151 (9th Cir., 2019).
12 Facebook, Inc. v. Duguid, 592 U.S. __ (2021), Slip op. at 5.
13 Facebook, Inc. v. Duguid, 592 U.S. __ at 8.
14 Facebook, Inc. v. Duguid, 592 U.S. __ at 10.
15 Facebook, Inc. v. Duguid, 592 U.S. __ at 11 (internal citations omitted).
16 Facebook, Inc. v. Duguid, 592 U.S. __ at 12.
This publication is only available to members. To view all documents, please log in or become a member.
Become a Member Login

About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings