What has often been considered to be one of the most heavily litigated privacy laws over the last decade, the Telephone Consumer Protection Act’s (“TCPA”) applicability (or lack thereof) to many modern text message dialing technologies has been significantly curtailed as a result of the United States Supreme Court’s narrow definition of what constitutes an automatic telephone dialing system (“ATDS”) in Facebook v Duguid. However, this is still a very active area, and we expect 2024 to reshape the contours of TCPA litigation. In this post, we provide a summary of noteworthy developments in federal and state telemarketing privacy laws as well as our predictions on what may be around the corner in 2024.
New FCC Rules Implementing the TCPA
On December 13, 2023, the FCC adopted a new rule amending its regulations implementing the TCPA, closing the “lead generator loophole.” This new rule, which will likely take effect in the summer of 2024, will require lead generators (e.g., comparison shopping websites) to obtain consumer consent on a seller-by-seller basis (i.e., one seller at a time) as opposed to a batch consent process. The loophole was a pathway for multiple businesses to send robocalls and robotexts to consumers on the basis of a single grant of consent. This rule will amend the TCPA’s definition of “prior express written consent” to mean:
an agreement, in writing, that bears the signature of the person called that clearly and conspicuously authorizes no more than one identified seller to deliver or cause to be delivered to the person called advertisements or telemarketing messages using an automatic telephone dialing system or an artificial or prerecorded voice. Calls must be logically and topically associated with the interaction that prompted the consent, and the agreement must identify the telephone number to which the signatory authorizes such advertisements or telemarketing messages to be delivered.
Additionally, the rule will require the consent to follow a clear and conspicuous disclosure that the consumer will receive calls or text messages from that seller. Further, the consent must be logically and topically associated with the website where the consumer gave the consent. As an example, the FCC indicates that the provision of consent on a car loan comparison shopping website would not constitute consent to receive robotexts about loan consolidation.
Other key changes include an expansion of the National Do-Not-Call Registry regulations to apply to text messaging and a requirement for terminating mobile wireless providers to block text messages that are sent from invalid, unallocated, or unused numbers.
We will publish a more comprehensive analysis of these new rules separately.
Review of ATDS Definition
Two and a half years after the Supreme Court’s narrow interpretation of what constitutes an ATDS, some courts are still struggling to find consensus on how to apply the definition to modern dialing systems. Although the results are mixed, an increasing number of federal courts across the U.S. have adopted the Supreme Court’s narrow interpretation in Facebook that the use of a random or sequential number generator is prerequisite to being considered an ATDS.
In July 2023, a plaintiff filed a petition for writ of certiorari with the Supreme Court to challenge the Ninth Circuit’s application of the Facebook decision. Pascal v. Concentra, Inc. In that case, Concentra used Texedly to send text messages with job advertisements. The district court rejected the plaintiff’s claims at the summary judgment stage, holding that Textedly was not an ATDS because the phone numbers were obtained in a non-random way and were texted in the same order they were uploaded to the service. Reinforcing its narrow interpretation in Borden v. eFinancial, LLC, the Ninth Circuit affirmed the district court’s ruling, stating that the service did not store or produce random or sequential telephone numbers. The Ninth Circuit has followed the letter and spirit of Facebook, consistently holding that an ATDS must randomly or sequentially generate telephone numbers, not just any random or sequential number such as a numeric order to dial phone numbers. The Supreme Court denied this petition as well as other petitions seeking to reopen the door to one of the broadest categories of TCPA litigation.
We will continue to monitor this evolving threshold question closely.
On July 20, 2023, major changes took effect amending the TCPA.
- Informational calls made to residential (landline) telephone numbers are no longer fully exempt from the TCPA’s prior consent requirements. Any calls using an artificial or prerecorded voice that exceed the following limits require prior express consent:
- The new rules limit the number of exempted artificial or prerecorded voice calls to residential numbers to three within a 30-day period. This limit applies to non-commercial calls, commercial calls without an advertisement or telemarketing content, and calls made from tax-exempt nonprofit organizations.
- HIPAA-related calls using an artificial or prerecorded voice that are made to a residential number are capped at one call per day and up to three calls within a 30-day period.
- All artificial or prerecorded voice calls made to a residential number must:
- include an automated, interactive voice and/or key-press opt-out mechanism;
- state the business’s telephone number, which must also permit individuals to submit a do-not-call request during regular business hours.
- be accompanied by brief instructions explaining how to use the optout mechanism, which must be played within two seconds of providing the organization’s name: and
- include a toll-free number that the recipient can call back to connect to the opt-out mechanism if the message is left on a recipient’s voicemail.
- Robocalls to residential numbers using an artificial or prerecorded voice must implement do-not-call procedures:
- Provide a written policy addressing the organization’s maintenance of its do-not-call list, which must be made available upon demand.
- Train personnel on the policy.
- Record opt-out requests on the caller’s do-not-call list (including number, date and time of request, and the called party’s name).
- Honor the request within a reasonable time (not to exceed 30 days) and for not less than five years from the time of the request.
- During calls, identify the caller, the entity on whose behalf they are calling, and the phone number at which the caller may be contacted.
- An opt-out request can be limited to the specific calling party (not its affiliates), unless the called party makes a request to the contrary.
State Mini-TCPA Laws
As we have reported over the years, a growing number of states have enacted or proposed mini-TCPA laws, particularly in the wake of the Facebook decision. We’ve seen laws passed or proposed in at least 10 states, including, for example, Florida, Oklahoma, Washington, Michigan, Maryland, Mississippi, Tennessee, New Jersey, Georgia and Arizona. A number of states, including Arizona and Tennessee, amended existing telemarketing laws to specifically include text messaging. Other states, like Georgia and Washington, amended existing telemarketing laws to provide for a private right of action with statutory damages.
Some of these state laws typically include either an expansive or undefined term for the type of regulated technology used to make calls. For example, the Oklahoma Telephone Solicitation Act (“OTSA”), which was initially a near carbon copy of the Florida Telemarketing Solicitation Act (“FTSA”), applies broadly to “automated systems used for the selection or dialing of phone numbers.” That was also the standard in Florida until May 25, 2023, when Governor Ron DeSantis signed into law a balanced amendment to the FTSA that, among other things, clarified that a lawsuit can be brought only if the ATDS both selects and dials the phone number. While not specifically defining what constitutes an ATDS, this two-part test has helped reduce the flow of FTSA litigation by greatly narrowing the present standard.
The amended FTSA also created a new pre-suit condition that must be satisfied in order for a consumer to bring suit against the sender. Specifically, consumers must reply “stop” to unwanted text message solicitations, after which the recipient would need to show that the sender failed to stop sending messages within 15 days of receiving the opt-out request.
We expect 2024 to be a busy year as plaintiffs attempt to develop creative arguments to counter the overwhelming impact of Facebook and as states continue to enact mini-TCPA laws with broader applicability than the current federal standard under the TCPA. Additionally, the Supreme Court has been asked to revisit its landmark autodialer ruling under Facebook in a number of petitions. There is a chance the Supreme Court will take one of these petitions.
Lastly, we may also see Congress introduce legislation to modernize the TCPA. We’ve already seen at least one attempt last year, when six House Democrats introduced H.R. 8334, the Robotext Scan Prevention Act, which would expand the TCPA to explicitly cover text messaging. That bill would have struck the key phrase “using a random or sequential number generator” and instead inserted the phrase “or sent a text message” to make clear that text messages are within the scope of the TCPA. We may see additional attempts to revive this bill or to propose something similar.
Either way, implementing robust procedures around obtaining consent and tracking opt-out requests remain critical to maintaining an agile program that is able to weather this uncertainty at both the federal and state level.