Privacy & Security Law Blog

Privacy & Security Law Blog

Legal Commentary and Resources for the Payment Industry

Insight & Commentary on Information Management and Protection

Category Archives: Marketing and Consumer Privacy

Subscribe to Marketing and Consumer Privacy RSS Feed

State AGs Looking to Crack Down on Telemarketers Press FCC and FTC

Posted in Communications/Media, Marketing and Consumer Privacy
FCC Logo

A majority of the nation’s state and territorial Attorneys General have collectively urged the Federal Communications Commission and Federal Trade Commission to revisit rules and policies in ways that would help law enforcement crack down on telemarketing practices.

Recently, the FCC issued a public notice seeking comment on a request by the National Association of Attorneys General and 39 undersigned state law enforcement executives (referred to collectively here as “NAAG”).  The petition seeks a formal FCC opinion on the legal ability of telephone providers to implement call-blocking technology to combat unwanted telemarketing. In their request, NAAG noted that while call-blocking technology such as “NoMoRobo,” “Call Control,” and “Telemarketing Guard” currently exist on the market, telecom companies are reluctant to employ such devices to stop unwanted telemarketing from reaching consumers due to perceived legal barriers. According to telecom industry representatives, “phone companies have a legal obligation to complete phone calls” and the current legal framework “does not allow [them] to decide for the consumer which calls should be allowed to go through and which should be blocked.”

The FCC’s notice asks for public comment on three major issues raised by NAAG and the Attorneys General:

Advisory Alert: Refill Reminders and the TCPA

Posted in Healthcare, Marketing and Consumer Privacy
Questionnaire

The Telephone Consumer Protection Act (“TCPA”) presents another challenge as health care providers continue to engage patients and seek to meet Meaningful Use reminder objectives. Over the past year, there have been several class action suits alleging pharmacies’ prescription refill reminders violated TCPA. One federal trial court recently opined that if the plaintiff provided his cell phone number only for verification purposes, that provision of the cell number cannot be equated to consent to receive automated refill reminders on his cell phone.

Click here to continue reading.... Continue Reading

Is Your Website Ready for California’s “Minor Eraser” Law?

Posted in Communications/Media, Marketing and Consumer Privacy, Technology
website

Starting on Jan. 1, 2015, California’s new “Minor Eraser” law goes into effect and allows minors in California to remove content or information that they have posted as a registered user on a website, online service, online application or mobile application (collectively, an “online service”).

Does this new law apply to your website? 

This new law will apply to online services in two instances – if your online service is directed to minors or if the operator has actual knowledge that a minor is using the online service.  This law defines “minor” as any person under 18 years old who resides in California.

The statute defines “directed to minors” as an online service, or any part thereof, that is “created for the purpose of reaching an audience that is predominately comprised of minors, and is not intended for a more general audience comprised of adults” (emphasis added); however, an online service is not “directed to minors” solely because it refers or links to another online service that is directed to minors, see Cal. Bus. & Prof. Code §22580(e).  It is important to note that a portion of an online service can be directed to minors if it ... Continue Reading

AgeCheq, Inc. Looking for Second Bite at the Parental Consent Apple

Posted in Marketing and Consumer Privacy
COPAA2

FTC Denies Company’s First Proposed COPPA Parental Consent Method, Seeks Public Comment on Second Proposal

The Federal Trade Commission announced that it has denied AgeCheq, Inc.’s proposed verifiable parental consent method application, which relied on existing verifiable consent methods but also utilized a third-party common consent administrator to allow for consent across multiple devices (see our discussion here). Under the FTC’s Children’s Online Privacy Protection Act (“COPPA”) Rule, interested parties can propose and request FTC approval for additional methods for obtaining verified parental consent not presently permitted by the Rule.  In its letter to AgeCheq, the FTC explained that its denial of AgeCheq’s application was because AgeCheq’s proposed method is already recognized by the Commission “as a valid means of obtaining verifiable parental consent in the Rule, and AgeCheq is free to pursue the development of a common consent mechanism without Commission approval.”

Meanwhile, the FTC announced that it is seeking public comment on a second proposed verifiable parental consent method from AgeCheq.  According to AgeCheq’s latest application, its newest proposed method would augment the traditional paper “sign and send” parental notification method for the mobile space, allowing parents to access and submit an online “sign and ... Continue Reading

Advisory Alert: California’s “Online Eraser” Law for Minors to Take Effect Jan. 1, 2015

Posted in Marketing and Consumer Privacy
trash bin

On Jan. 1, 2015, California’s “Online Eraser” law will take effect, requiring websites and other online service operators to delete on demand any content posted by minors.  The law also prohibits such operators from sharing minors’ personal information with third parties for the purpose of marketing particular products or services to them.  The new law, however, is ambiguous and possibly unconstitutional.

To read the full article, click here.... Continue Reading

FCC Reaffirms Fax Ads Sent With Recipients’ Prior Permission Require Opt-Out Notice

Posted in Marketing and Consumer Privacy, Policy and Regulatory Positioning
FCC Logo

But Grants Retroactive Waivers to Petitioners Who Sent Permission-Based Faxes Without Opt-Out Notices

The Federal Communications Commission has issued an Order sustaining its rule that even ads faxed with the permission of the recipient must include a notice with instructions for how to opt out of future faxes. The Order responds to a passel of petitions that argued the Telephone Consumer Protection Act’s (TCPA) “junk fax” provision and attendant opt-out requirement apply only to “unsolicited” fax advertisements, and thus do not cover faxes “solicited” by those who consent to receive the faxed ads.

However, while staunchly defending its statutory authority to adopt an opt-out notice rule for permission-based faxes, and that it was a logical outgrowth of its rulemaking notice, the FCC recognized that its order adopting the rule may have been confusing on this point. It accordingly granted retroactive waivers to petitioners with temporary relief from any past obligation to have opt-out notices on permission-based faxes. The waivers give petitioners who received them a six-month window to come into compliance with the opt-out requirement, and the FCC invited similarly situated parties to seek similar waivers, strongly suggesting that such requests must be on file within the next six months.... Continue Reading

California Attorney General Releases Breach Report with Key Findings and Recommendations for Retailers, Financial Institutions and Health Care Sectors

Posted in Data Protection, Marketing and Consumer Privacy
Breach

California Attorney General Kamala D. Harris has released a “California Data Breach Report,” which presents a series of findings and recommendations based on a review of breaches reported to the Attorney General’s office in 2012 and 2013.  It should come as no surprise that breaches are on the rise, but the Attorney General’s analysis of the reported breaches outlines the root causes of these breaches on an industry basis and recommends best practices to address the sources of those breaches.  For instance, the vast majority of retail breaches were the result of computer intrusions (malware and hacking), leading to recommendations such as the implementation of chip-and-pin technology, end-to-end encryption and tokenization of payment card data.  Similarly, in the healthcare industry, where 70% of the reported breaches were the result of physical loss or theft of hardware or portable media containing unencrypted data, the Attorney General recommends health care providers and institutions use strong encryption to protect covered information on laptops and other portable devices.

Key Findings

  • 28% year-over-year increase in breaches reported to the California Attorney General.
  • Excluding Target and LivingSocial breaches: a 35% year-over-year increase in the number of records breached.
  • Including Target and LivingSocial breaches:
  • ... Continue Reading

Improving Data Breach Security, from the Customer’s Wallet on Up: In Wake of Massive Breaches, It May be Time to Consider Enhancing Customer Security with Chip-Embedded Payment Cards

Posted in Data Protection, Marketing and Consumer Privacy
pinwhitegold

In early September, Home Depot announced that it had suffered a severe security incident, which resulted in a massive data breach that exposed the payment card information of Home Depot customers across the United States and Canada. The home improvement retailer later confirmed that the breach was the result of malware designed by hackers to evade the company’s security measures, and which subsequently compromised the integrity of its sales register systems. Once compromised, hackers were able to “scrape” customer payment information from the registers’ memory and transmit customer payment card data overseas.

All told, the breach exposed the payment card information of 56 million customers, making it one of the largest known retail data breaches to date. Home Depot’s announcement and the resulting disclosure of the number of customers affected adds the home improvement giant the ever-expanding list of major retailers that have found themselves victimized by cyber criminals.

As this blog noted earlier this summer, credit card and debit card fraud caused $11.27 billion in losses in 2012. Secured PoS devices are critically important for stemming the tide of payment card fraud, as they are the point where customer payment card information is commonly gathered. Accordingly, businesses that use ... Continue Reading

“Th-th-th-that’s All, Folks!” Federal Judge Dismisses Class Action against Cartoon Network, Finds Anonymous User IDs Don’t Qualify as Personal Information under VPPA

Posted in Communications/Media, Data Protection, Marketing and Consumer Privacy

On October 8, Georgia Federal District Judge Thomas Thrash, Jr., dismissed a putative class action against The Cartoon Network, Inc., where the plaintiff alleged that the animation company violated the Video Privacy Protection Act (“VPPA”) by sharing its mobile app users’ data with third parties without consent. Specifically, the plaintiff in Ellis v. The Cartoon Network claimed that the Cartoon Network shared the viewing histories and Android mobile device IDs (“Android IDs”) of individuals who used the company’s mobile Cartoon Network App (“CN App”) with Bango, a United Kingdom-based data analytics firm. Once Bango had this information, it was able to reverse engineer users’ true identities by using data collected from other unrelated sources. At the heart of his claim, the plaintiff alleged that the Android IDs by themselves that the Cartoon Network transmitted to Bango constituted Personally Identifiable Information (“PII”) under the VPPA, and that the Cartoon Network violated the statute by sharing it with Bango without users’ consent.

What is PII under the VPPA?

While Judge Thrash agreed that the plaintiff was a “consumer” under the VPPA as he was subscriber of the Cartoon Network’s services, the judge took issue with the plaintiff’s assertion that an Android ID ... Continue Reading

Second Circuit Adopts FCC’s Narrow Construction of “Implied” Express Consent for Autodialed Calls to Cell Phones

Posted in Marketing and Consumer Privacy, Policy and Regulatory Positioning

This updates our report last summer on a Federal Communications Commission (FCC) letter brief filed at the invitation of the U.S. Court of Appeals for the Second Circuit in Nigro v. Mercantile Adjustment Bureau, which observed the FCC taking a noticeably less generous view of its then-recent declaratory rulings on whether consumer provision of a cell number is deemed consent to autodial it under the Telephone Consumer Protection Act (TCPA). We noted at that time that, “It would be a shame if, in the FCC’s view, calls in the course of ‘normal, expected and desired business communications’ are permissible only if no one objects after-the-fact.” The Second Circuit has now issued an opinion adopting the view in the FCC’s letter brief, holding that because Nigro did not provide his phone number directly to the creditor in the context of the debt incurred (in respect to which Mercantile called), the TCPA prohibited the calls.

To recap, when Nigro contacted his recently deceased mother-in-law’s electric utility to stop service, he gave them a cell number, which Mercantile later called using an automatic dialing system to collect a remaining balance on the mother-in-law’s account. Nigro sued on grounds the calls violated the ... Continue Reading

Eleventh Circuit Reverses Refusal to Honor FCC’s TCPA Debt Collection Declaratory Ruling, Fosters Uniformity on TCPA’s Autodialing Exception

Posted in Marketing and Consumer Privacy, Policy and Regulatory Positioning

The U.S. Court of Appeals for the Eleventh Circuit has brought a bit of legal balance back to automated debt collection calls, and reminded lower courts that when it comes to claims under the Telephone Consumer Protection Act (TCPA), they must honor the validity of FCC rulings.

The Eleventh Circuit’s decision implicates a 2008 declaratory ruling by the FCC regarding automated debt collection calls under the TCPA.  The TCPA and FCC rules implementing it prohibit autodialed and/or prerecorded calls to cell phones, unless there is prior express consent from the call recipient.  The FCC’s Debt Collection Declaratory Ruling from early 2008 held that prior express consent exists where a consumer gives a company his/her cell phone number as part of a transaction, and the company later autodials/prerecorded-calls or texts the consumer in connection with a debt arising from that transaction.

In Mais v. Gulf Coast Collection Bureau, Mais alleged that defendants placed autodialed and/or prerecorded calls to his cellphone without consent, in violation of the TCPA.  The calls followed from Mais’ emergency room treatment, during which his wife completed hospital admission documents and provided her husband’s cellphone number and other information.  Defendants maintained before the U.S. District Court for ... Continue Reading

Google Street View Plaintiffs on the Hunt for “a Needle in a Haystack” to Demonstrate Standing, but District Court Grants Plaintiffs Greater Role in Examination of Google’s Data

Posted in Communications/Media, Data Protection, Marketing and Consumer Privacy

Back in April, Google filed a Petition for Certiorari with the U.S. Supreme Court in the Street View case, seeking review of the Ninth Circuit’s decision holding that unencrypted Wi-Fi signals are protected from interception by the federal Wiretap Act. Over the summer, the U.S. Supreme Court denied Google’s petition, thus allowing the plaintiffs to move forward with their putative class action.

With their foot in the door, plaintiffs now have to demonstrate standing, and are looking to Google’s collection of Street View data to do it. However, plaintiffs want access to Google’s data on their terms as well. Most recently, plaintiffs argued before U.S. District Judge Charles Breyer of the Northern District of California that the recommended jurisdictional discovery plan to control the search for evidence supporting plaintiffs’ standing was inadequate in several respects.

In August federal Magistrate Judge Maria-Elena James recommended that a Special Master be appointed to cull through Google’s Street data to hunt for evidence of plaintiffs’ communications. Judge James also recommended that Google’s Jurisdictional Discovery Proposal be used to help select the special master, develop protocols and rules for depositing information, and all related matters. Plaintiffs accepted the suggestion of a Special Master ... Continue Reading

Ninth Circuit Confirms Consultants and Other Middlemen May Be Vicariously Liable Under the TCPA

Posted in Communications/Media, Deals and Technology, Marketing and Consumer Privacy

The U.S. Court of Appeals for the Ninth Circuit issued a decision in Gomez v. Campbell-Ewald Company holding that the defendant marketing consultant could be liable under the Telephone Consumer Protection Act (TCPA) for unsolicited text messages that it arranged for a separate third-party to send on behalf of a client, the U.S. Navy.  The court’s holding clarifies that companies can be vicariously liable for TCPA violations if a called-party plaintiff establishes an agency relationship under federal common law between the defendant and a third-party caller, even if the content of the call was not on the defendant’s behalf and the defendant did not physically place the call.  The decision extends last year’s Federal Communications Commission (FCC) Dish Network declaratory ruling on violations of the TCPA and FCC rule provisions governing telemarketing and autodialing by third parties that a company authorizes to sell its goods/services, but does not directly ask or otherwise engage to telemarket.

The TCPA and regulations implementing it govern telemarketing and do-not-call issues, as well as automated calls to cell phones and prerecorded calls to residential lines and cells.  Under the TCPA, those who receive calls in violation of the statute or rules enjoy a private cause ... Continue Reading

FTC Seeks Public Comment on AgeCheq, Inc.’s Proposed Parental Consent Method under COPPA

Posted in Marketing and Consumer Privacy

The Federal Trade Commission announced Monday that it seeks public comment on a new verifiable parental consent method application proposed by AgeCheq, Inc., to enable apps, websites and advertisers to obtain parental consent to collect children’s personal information. Per COPPA’s final Rule, interested parties can propose and request FTC approval for additional methods for obtaining verified parental consent not presently permitted by the Rule. AgeCheq’s proposed consent method would allow parents to register themselves and their child’s devices with a third-party common consent administrator, which then would verify the parent’s identity via other methods permitted by the Rule and link that verification to their child’s devices. The FTC will accept public comments on AgeCheq’s proposal until Sept. 30, 2014.... Continue Reading

In Flight Catalog: Senator Rockefeller Opens Inquiry Into Consumer Data Practices by Airlines

Posted in Marketing and Consumer Privacy, Policy and Regulatory Positioning

Last week, Senator Jay Rockefeller (D-W.Va.) sent a letter to the top ten revenue generating passenger airlines in the United States, opening an inquiry into their practices related to charging additional fees for optional services and the collection of consumer data. With respect to consumer data, Sen. Rockefeller’s letter calls for greater transparency from airlines about how they collect, use, and disclose the personal information of consumers, citing concerns by consumer advocates that “airline policies can contain substantial caveats” and that “it is difficult for consumers to learn what information airlines and others in the travel sector are collecting, keeping, and sharing about them.” To assist the Senate Committee on Commerce, Science, & Transportation (“Committee”) in evaluating these concerns, Sen. Rockefeller has asked the airlines to provide the following information:

Do you retain personal information that your company obtains from consumers when they shop for airfares or from other sources? If yes:

a.  State the period of time your company retains such information and what specific data points you retain;

b.  State any specific sources for personal information or other such information your company obtains directly from consumers;

c.  Describe the privacy and security protections your company provides for personal ... Continue Reading

Consumer Privacy Legislation? All Sides Weigh In But Remain Far Apart in the Big Debate Over Big Data

Posted in Data Protection, Marketing and Consumer Privacy, Policy and Regulatory Positioning

Recent comments filed by various stakeholders in response to the U.S. Commerce Department’s National Telecommunications and Information Administration’s (NTIA) Request for Public Comment (RFC) on “Big Data and Consumer Privacy in the Internet Economy,” evidence a wide rift between consumer groups and most business interests regarding the need for additional consumer privacy law in the era of Big Data. NTIA issued its RFC back in June, in response to a recommendation in the May 1 White House report, “Big Data: Seizing Opportunities, Preserving Values” (hereinafter “Big Data Report”), which addressed how big data is transforming the lives of Americans.

In the Big Data Report, the White House recommended (among other things) that:

[t]he Department of Commerce should promptly seek public comment on how the Consumer Privacy Bill of Rights (“CPBR”) could support the innovations of big data while at the same time responding to its risks, and how a responsible use framework . . . could be embraced within the framework established by the [CPRB”]. Following the comment process, the Department of Commerce should work on draft legislative text for consideration by stakeholders and submission by the President to Congress.

The Consumer Privacy Bill of Rights and Big ... Continue Reading

FTC Undertakes Periodic Rule Review of Telemarketing Sales Rule

Posted in Marketing and Consumer Privacy, Policy and Regulatory Positioning

The Federal Trade Commission (FTC) has published in the Federal Register a Request for Comments on all aspects of its Telemarketing Sales Rule (TSR) as part of a routine review of the effectiveness, costs and benefits of its rules. Though the Request for Comments targets several TSR issues in particular (discussed below), it views the review as assessing generally whether the Rule is serving a “useful purpose,” and whether it can be improved to reflect changes in the marketplace since it was previously amended in 2003, 2008 and 2010. Comments are due October 14, 2014.

The Request for Comments does not itself propose specific changes to the TSR but rather invites input on several specific topics, as well as on any issues relevant to the TSR that commenters wish to address. Notably, the advent of the National Do-Not-Call Registry culminating in 2003 started as precisely this kind of “routine” review of the TSR. Here, the FTC specifically seeks comment on issues surrounding:

• Whether there is a need to expand the TSR’s recordkeeping requirements;

• The use of pre-acquired account information, i.e., that which a customer has previously provided to a seller or telemarketer to subsequently charge his or her ... Continue Reading

FTC Updates COPPA FAQs Again – Revisions to Part H Gives App Developers and Parents Welcomed Clarification on Parental Consent

Posted in Marketing and Consumer Privacy

Continuing our Blog’s updates on the Federal Trade Commission’s Frequently Asked Questions (FAQs) to the updated Children’s Online Privacy Protection Act (COPPA) Rule, we highlight that the FTC revised three portions of “Part H” this week, which concern how entities seeking to comply with COPPA may obtain verifiable parental consent.

COPPA requires that entities give notice to parents and obtain verifiable parental consent before collecting personal information from children under 13 years of age.  The FTC implements COPPA’s directives via its COPPA Rule, and has been issuing updates to the COPPA Rule FAQs intermittently over the past two years.  In April, the FTC made updates to Part M of the COPPA FAQs to clarify in what circumstances schools can consent to the disclosure of children’s personal information to third-party websites on behalf of their parents, when that information is used for the educational benefit of the students.

With its recent changes to sections of Part H of the FAQs, the FTC seeks to expand how websites and mobile apps can obtain verifiable parental consent.  Importantly, the FAQs tentatively ratify the use of data from parents’ credit and debit cards and third parties such as app stores, while adding ... Continue Reading

FCC Letter Brief to Second Circuit Narrowly Construes Recent TCPA Guidance

Posted in Marketing and Consumer Privacy

We reported last spring on two FCC declaratory rulings, GroupMe and Cargo Airline, that included some broad, business-friendly interpretations of rules implementing the Telephone Consumer Protection Act (TCPA), under which plaintiff class actions are thriving.  The rulings also reinvigorated an FCC statement from when it first adopted TCPA rules in 1992, that a consumer’s provision of a cell phone number in a transaction with a company may be deemed prior express consent to be called at that number.  But in a letter brief filed in Nigro v. Mercantile Adjustment Bureau (at the invitation of the U.S. Court of Appeals for the Second Circuit) the FCC seems to lean back the other way by narrowly construing its recent rulings and 1992 guidance.

 In Nigro, the plaintiff-appellant contacted his then recently deceased mother-in-law’s electric company to request discontinuance of her service, and at that time gave the company his cell number.  Mercantile Adjustment called Nigro’s cell phone using an automatic dialing system in connection with a balance due on the account that the electric company hired it to collect.  Nigro’s suit alleged that the collection efforts violated the TCPA’s ban on autodialed and/or prerecorded calls to cell phones made without ... Continue Reading

Federal Financial Institutions Examination Council Launches Cybersecurity Webpage and Begins Cybersecurity Assessments

Posted in Cyber and National Security, Data Protection, Financial Services, Marketing and Consumer Privacy

For cyber criminals, banks are especially tempting targets – not only because banks are where the money is, but also because of the vast amount of proprietary information banks have about their customers.” Thomas J. Curry, Comptroller of the Currency

In comments before the Risk Management Association’s Governance, Compliance, and Operational Risk Conference last month, Thomas J. Curry, Comptroller of the Currency and Chairman of the Federal Financial Institutions Examination Council [1] stated that “Attacks on our information infrastructure are everywhere. … For cyber criminals, banks are especially tempting targets – not only because banks are where the money is, but also because of the vast amount of proprietary information banks have about their customers. Some attackers target banks because they want to undermine confidence in our country’s financial system. Penetrating the information defenses of any one system may enable attackers to penetrate another, and that in turn could enable more widespread attacks on the broader economy.”

Comptroller Curry stated that helping to make banks less vulnerable and more resilient to cyber-attacks has been one of his top priorities as Comptroller and Chairman of the FFIEC. As part of this effort, he formed the Cybersecurity and Critical Infrastructure ... Continue Reading

FTC Releases 2014 Privacy and Data Security Update, Touting Its Efforts and Achievements in Protecting Consumer Privacy

Posted in Communications/Media, Data Protection, Marketing and Consumer Privacy

Last week, the Federal Trade Commission (FTC) released its 2014 Privacy and Data Security Update, summarizing the FTC’s major enforcement actions, policy initiatives, rules, reports, workshops, and outreach efforts in the privacy and data security arenas from approximately January 2013 until March 2014. In the 2014 Update, the FTC underscores its commitment to educating consumers, businesses and other stakeholders through its publications and roundtables on how to guard consumer privacy expectations and comply with applicable federal laws. Education, however, is accompanied by enforcement, and the FTC includes a long-list of recent actions against individuals and enterprises, which demonstrates that the FTC is not shy about using its broad regulatory authority to protect consumer privacy. Of major note were the FTC’s actions against companies for unfair or deceptive trade practices; its settlements with U.S. businesses for falsely asserting compliance with the U.S.-E.U. Safe Harbor Framework; the FTC’s updates to the COPPA regulatory rule; and its continued efforts to take telemarketers to task for violating the Do-Not-Call provisions of the Telemarketing Sales Rule.... Continue Reading

“Getting to Know You, Getting to Know All About You…” FTC Data Brokers Report Calls for More Industry Transparency, Regulation in How Data Brokers Use Consumers’ Personal Information

Posted in Data Protection, Marketing and Consumer Privacy, Policy and Regulatory Positioning

“You may not know them, but data brokers know you,” Federal Trade Commission (FTC) Chairwoman Edith Ramirez said when she announced the release of the Commission’s newest report on the data broker industry. And in the FTC’s opinion, Congress and the data brokerage industry need to take concerted action to bring transparency to the industry, protect consumers’ personally identifiable information (PII), and prevent abuse and discrimination. But will the FTC’s recommendations have any real effect? In light of recent statements about “actual” vs. “potential” harm and the expanding scope of the Agency’s Section 5 enforcement authority, the answer is a definite “maybe.”

Summary
On May 27, 2014, the FTC released “Data Brokers: A Call for Transparency and Accountability,” a report that marks the conclusion of the FTC’s two-year study into data broker industry practices. Coming on the heels of the White House’s own Big Data Report the FTC’s Data Brokers Report highlights that “[i]n today’s economy, Big Data is big business” with numerous positive effects for both companies and consumers. And data brokers specifically play an important role in driving our economy through increased targeted marketing, identity verification and fraud detection.

But the Data Brokers Report also rang ... Continue Reading

UPDATE on Breslow v. Wells Fargo – Same as the Old Boss: Eleventh Circuit Withdraws Opinion Just Four Days Later, But to Little Practical Effect

Posted in Communications/Media, Marketing and Consumer Privacy, Technology

Just a few days ago, we reported on the Eleventh Circuit’s decision in Breslow v. Wells Fargo, which reaffirmed precedent that strict liability can arise in autodialer, prerecorded-message and texting suits under the Telephone Consumer Protection Act (TCPA), if a caller or texter obtained consent from the intended recipient, but that party’s cell number was reassigned.  We noted how this reinforced the Eleventh Circuit’s prior decision in Osorio v. State Farm to the same effect, and which in turn aligned the Eleventh Circuit on this issue with the Seventh Circuit under its decision in the Soppet v. Enhanced Recovery case.  Now, just days after it issued its ruling, the Eleventh Circuit – acting on its own momentum and not at request of the any of the parties – has withdrawn its Breslow decision.

In a short order, the Circuit Judges who decided Breslow vacated their original opinion, and held instead the prior Eleventh Circuit Osorio decision should have controlled in Breslow.  Specifically, the replacement Breslow decision observes that Osorio concluded that the “called party” for purposes of whether consent exists for an autodialed call or text or a prerecorded message is the subscriber to the cell phone ... Continue Reading

Summertime Blues: Eleventh Circuit Doubles Down on Strict TCPA Liability for Texts and Autodialed and Prerecorded Calls to Cell Phones

Posted in Communications/Media, Marketing and Consumer Privacy, Technology

Over the Spring, we reported on how the Eleventh Circuit’s decision in Osorio v. State Farm brought that court into alignment with the Seventh Circuit on how restrictions in the Telephone Consumer Protection Act (TCPA) on automated and/or prerecorded calls and texts to cell phones can effectively impose strict liability, even if a calling party believed it had consent for the calls.  Now that Summer’s here, the Eleventh Circuit reaffirmed and reinforced its Osorio ruling, and aligned with the Seventh Circuit even more closely, by holding in Breslow v. Wells Fargo that where a company gets prior express consent to prerecorded-call and/or auto-dial or auto-text a cell phone, the caller can still be liable if at the time the call is made the cell number has been reassigned to a new subscriber who did not consent.

As in the Seventh Circuit case of Soppet v. Enhanced Recovery, which we discussed here, the calls at issue in Breslow involved efforts to collect on an overdue account, this time by Well Fargo, which believed it had consent to call the cell number which, at the time of the call, was used exclusively by Breslow’s minor son.  Wells Fargo called the ... Continue Reading