Last week, the US Court of Appeals for the DC Circuit issued a long-awaited decision on an omnibus challenge to the FCC’s interpretation of the TCPA. While the decision provides some relief for businesses, it does not eliminate the prospect of TCPA liability and leaves important TCPA interpretive questions unresolved. Businesses should continue to be vigilant regarding consent and opt-out procedures when sending automated text messages and automated or pre-recorded calls to consumers.
On March 16, 2018, the United States Court of Appeals for the DC Circuit issued a long-awaited decision on an omnibus challenge to the Federal Communications Commission’s (FCC’s) interpretation of the Telephone Consumer Protection Act (TCPA). The court struck down two key portions of the FCC’s 2015 Declaratory Ruling and Order as arbitrary and capricious, while rejecting challenges to other portions of the 2015 Order.
Overall, the decision is good news for those frustrated by the FCC’s expansive (and at times confusing) application of the TCPA. It struck down the FCC’s definition of “automatic telephone dialing system” (ATDS, or autodialer) and the FCC’s ruling on reassigned telephone numbers from the 2015 Order. However, the court left in place the FCC’s rulings on revocation of consent and the exigent health care exemption for certain calls.
This decision will provide some relief from the most aggressive arguments that TCPA plaintiffs have wielded to spur large settlements and should encourage the FCC to tread more carefully before departing from bounds of the plain language of the statute. But—as usual in TCPA jurisprudence—important questions remain open, and clients that use automated texting or calling to communicate with their customers or patients should not let their guard down.
Issue 1: The Definition of “Automatic Telephone Dialing System”
With limited exceptions, the TCPA requires prior express consent before making a call to a wireless number using an ATDS or a pre-recorded/artificial voice. The question of what constitutes an ATDS is critical when analyzing potential TCPA liability.
The TCPA defines an ATDS as “equipment which has the capacity (A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.” In the 2015 Order, the FCC declared that a phone may qualify as an ATDS merely because it could be updated or configured so as to store or produce numbers and then dial them. This is a stunningly broad interpretation that could render almost any modern telephone system an ATDS.
In analyzing the FCC’s position, the court emphasized that the FCC’s interpretation would mean that any modern smartphone would be an ATDS, because the user could download software to the phone that would allow it to have the capabilities of an ATDS. In practice, this would mean that if an iPhone user sent text messages (or placed calls) to five contacts without their prior express consent, the user would be liable for between $2,500 and $7,500 in statutory penalties. This, the court ruled, simply cannot be the law.
In an effort to clarify the definition of an ATDS, the court focused on two questions: (1) when does a device have the “capacity” to perform the functions discussed above; and (2) what precisely are those functions? On both counts, the court found that the FCC’s views failed to satisfy the criteria for “reasoned decision-making.” Indeed, any rule that renders every modern smartphone an ATDS is simply unsupported by reason.
The court also took aim at the FCC’s varied explanations of what it means for a device or phone to have the capacity “to store or produce telephone numbers to be called, using a random or sequential number generator” and “to dial such numbers.” As the court explained, the FCC’s interpretation of this test over the years has amounted to little more than policy statements about certain dialing functions and practices that likely meet the test, without explaining which are necessary conditions, which are sufficient conditions, or how these conditions tie back to the language of the statute. The court held that this does not amount to reasoned decision-making.
The bottom line: While the court reversed a number of the FCC’s expansive pronouncements about what technology triggers TCPA liability, it did not (and perhaps could not) provide concrete answers about what does constitute an ATDS. Now, the response from the FCC and from lower courts applying this ruling will be critical. Nonetheless, the ruling sends a clear message that the FCC is not empowered to expand the statutory definitions of the TCPA without regard for the consequences of its interpretations and without a reasoned basis in the law.
Issue 2: Reassigned Numbers
Each year, millions of wireless numbers are reassigned from one user to another—the subscriber might stop paying the bill, might change phone numbers intentionally, might leave the country, or otherwise abandon his or her assigned phone number. This creates a conundrum under the TCPA: what happens when a caller has prior express consent to call one user, but (unbeknownst to the caller) the number has been reassigned to someone else (who has not given consent)?
There are two interrelated legal questions here: does the requirement for prior express consent from the “called party” refer to the person the caller intended to call, or the person whom the called actually called (due to the reassigned number)? And does the law hold callers strictly liable when they call the new owner of phone line, without any reason or way to know that the number was reassigned?
The FCC’s answer to the first question is that “called party” really means “called party”—the person called, not who the caller intended to call. Consistent with an earlier decision from the Seventh Circuit, the court took no issue with this reasoning.
But this strict interpretation puts callers in a tough spot. As both the court and the FCC recognize, there is often no way for a caller to know that a number has been reassigned. The FCC’s earlier solution was a “one strike” rule: the FCC ruled that callers are not liable for their first call to the new subscriber (unless they have reason to know the number changed hands). But under the FCC’s interpretation, the caller is liable for each subsequent call, even if the caller has no way to know that there is now a different subscriber assigned to the number.
The court held that the FCC’s one strike rule fails as a matter of law and common sense: “the Commission needed to give [a] reasoned (and reasonable) explanation of why its safe harbor stopped at the seemingly arbitrary point of a single call or message. The Commission did not do so.” Applying a severability analysis, the court set aside the FCC’s treatment of reassigned numbers entirely. It could not simply remove the one strike safe harbor, leaving in place the FCC’s interpretation of “called party.” This would result in a strict liability standard for callers. The court noted that the FCC is already designing a solution to address the reassigned number problem, seeking comments on proposed methods for “requir[ing] service providers to report information about number reassignments for the purposes of reducing unwanted robocalls.” One such approach currently under review is proposed rulemaking to develop a database of reassigned numbers, along with a safe harbor for callers that choose to use the database.
The bottom line: This will continue to be an area of substantial litigation. On one hand, the court suggested that “called party” likely means the new subscriber; this position (and the Seventh Circuit’s similar ruling) will likely be persuasive to other courts. But the court largely left open the question of whether and when a caller is liable for calls to a new subscriber made in reasonable reliance on consent from the previous user.
Issue 3: Revoking Consent
The third issue the court reviewed was how a user may revoke his or her prior express consent to receiving calls or texts. The FCC has received petitions asking for clarification as to whether a caller can unilaterally prescribe the exclusive means by which a called party can revoke consent to receive calls or messages. To date, the FCC has rejected these requests—and held that a called party “may revoke consent at any time and through any reasonable means . . . that clearly expresses a desire not to receive further messages.” In determining whether a called party used reasonable means to revoke consent, the FCC prescribes that one must consider the totality of the circumstances, including: (1) whether the caller could have implemented mechanisms to effectuate a requested revocation without incurring undue burdens; and (2) whether the called party had a reasonable expectation that he or she could effectively communicate the request in that circumstance.
Here, the court upheld the FCC’s reasoning and rulemaking. The court found that under the FCC’s interpretation, callers have every incentive to implement clearly defined and user-friendly methods for a called party to revoke consent, and any effort by called parties to circumvent such methods “in favor of idiosyncratic or imaginative revocation request might well be seen as unreasonable.” The court also left open the question whether callers and called parties can agree contractually to the means by which the latter can revoke consent.
The bottom line: Callers must continue to collect, respect, and act on reasonable requests to revoke consent. The caller cannot unilaterally prescribe how a user can opt-out. But the court’s ruling will likely be a useful defense in abusive cases where plaintiffs try to engineer TCPA violations by revoking consent in obscure or idiosyncratic ways.
Issue 4: Calls by HIPAA Covered Entities
In 2012, the FCC issued a broad exception for calls to landline phones by covered entities under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Next, in its 2015 Order, the FCC created a markedly narrower exception for calls placed by health care providers to mobile phones. In its decision, the court analyzed arguments challenging the FCC’s position on the grounds that it was arbitrary and capricious (1) to have a narrower carve-out for mobile phones, and (2) not to exempt all health care related calls under the TCPA’s emergency purposes exception.
In a much shorter discussion, the court rejected both arguments, holding that HIPAA does not preempt or displace the TCPA, and the FCC had sound reasons for creating a different policy for calls to landlines and mobile phones. As to the second question, the court simply noted that calls by HIPAA covered entities that meet the “emergency purposes” exception likely fit within the FCC’s 2015 safe harbor. Interestingly, the court did not address the onerous technical requirements included in the 2015 safe harbor, which are not present in the statutory “emergency purposes” exception. Likewise, the court also did not address the more fundamental question of why it matters if a call meets the 2015 regulatory safe harbor if it is exempt under the statute’s emergency purposes provision.
The bottom line: the interaction between the TCPA and HIPAA is an area of substantial ambiguity. Here, the court’s decision leaves the state-of-play unchanged. This means that, in practice, callers in this space will continue to wrestle with overlapping and ambiguous provisions in the statute and the FCC’s regulations. In particular, the scope and applicability of the “emergency purposes” exception will likely remain an area of focus in TCPA litigation.
* * *
The court’s decision will provide important perspective (and useful arguments and defenses in a litigation context) for callers facing the prospect of TCPA liability. However, this ruling is unlikely to abate the flow of TCPA litigation and enforcement activity, and TCPA compliance should remain a priority for all organizations with large-scale calling or texting operations. We expect further guidance from the FCC on these issues, and we will continue to monitor these developments.
McDermott’s litigation, health care, and data privacy teams have substantial experience advising clients on TCPA compliance and representing clients facing class action claims under the TCPA. Please reach out to one of the authors of this article to discuss these issues or for assistance in developing strategies to manage litigation risk.