Ad Law Access https://www.kelleydrye.com/viewpoints/blogs/ad-law-access Updates on advertising law and privacy law trends, issues, and developments Thu, 28 Nov 2024 00:32:16 -0500 60 hourly 1 Supreme Court Hears Oral Argument Over the TCPA’s Definition of an Autodialer https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/supreme-court-hears-oral-argument-over-the-tcpas-definition-of-an-autodialer https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/supreme-court-hears-oral-argument-over-the-tcpas-definition-of-an-autodialer Wed, 09 Dec 2020 17:39:43 -0500

For the second time this year, the TCPA came before the Supreme Court via teleconference oral argument in Facebook, Inc. v. Duguid, et al, Case No. 19-511 (2020). The Supreme Court’s disposition of Facebook’s petition is expected to resolve a widening Circuit split over what qualifies as an automatic telephone dialing system (“ATDS”) under the TCPA, 47 U.S.C. § 227, et seq., and thus determine much of the scope of the TCPA’s calling restrictions.

Question Presented

The Supreme Court granted review of the question: “Whether the definition of ATDS in the TCPA encompasses any device that can “store” and “automatically dial” telephone numbers, even if the device does not “us[e] a random or sequential generator”?”

Six Circuits have previously answered the question. The Second, Sixth and Ninth held that a predictive dialer or system that dials from a stored list can qualify as an ATDS under the TCPA. The Third, Seventh, and Eleventh require that technology must have the capacity to generate random or sequential telephone numbers to qualify as an ATDS. The Seventh Circuit decision, Gadelhak v. AT&T Services, Inc., was penned by then-Judge Barrett, who participated in today’s argument. In addition, the D.C. Circuit’s 2018 remand in ACA International v. FCC questioned whether a broad reading of ATDS was lawful.

This case arises out of the Ninth Circuit’s broad approach to the definition of an automatic telephone dialing system under the TCPA.

Procedural History

The controversy comes before the Supreme Court on the basis of text messages that plaintiff Duguid allegedly received from Facebook in 2005. Duguid alleged that Facebook had violated the TCPA by maintaining a database of numbers on its computer and transmitting text message alerts to selected numbers from its database using an automated protocol. Facebook filed a motion to dismiss, arguing that Duguid had failed to plead the use of an ATDS. The district court held that the ATDS allegations were insufficient because they “strongly suggested direct targeting rather than random or sequential dialing” and dismissed the case. Soon after, the Ninth Circuit issued its decision in Marks v. Crunch San Diego, holding that an ATDS definition includes devices with the capacity to store numbers and to dial numbers automatically. Duguid appealed the prior dismissal of his claims and, applying Marks, the Ninth Circuit reversed. Facebook asked the Supreme Court to review the Ninth Circuit’s decision.

Briefing

Duguid, Facebook, and the United States have fully briefed the issue. Duguid argues for a broad definition of ATDS based on the statutory text and two canons of construction, the distributive-phrasing canon and last-antecedent canon, that he alleges show the adverbial phrase “using a random or sequential number generator” modifies the verb “to produce” but not the verb “to store.” Facebook, on the other hand, posits that the statutory language “using a random or sequential number generator” is an adverbial phrase that modifies both the verbs “store” and “produce.” Under that approach, the statutory text limits the definition of an ATDS to technology that uses a random- or sequential-number-generator. The United States filed a brief agreeing with Facebook that the plain text of the TCPA limits the definition of an ATDS to random- or sequential-number-generators. The government’s grammatical analysis focuses on the comma that precedes the adverbial phrase, pointing to past Supreme Court decisions and canons of statutory interpretation that advise such a comma is evidence that the phrase is meant to modify all antecedents (in this case, both the verbs “store” and “produce”).

Oral Argument

Argument in the case went over the scheduled hour by about 20 minutes. Facebook and the United States split the first 30 minutes and Duguid took the remaining time, excluding Facebook’s brief rebuttal. While oral argument does not always foretell the Court’s decision, certain trends developed.

  • Grammatical Construction: A majority of Justices seemed to agree that Facebook and the United States had a stronger grammatical reading of the statute, but struggled with both the awkwardness of the construction, and the surplusage problem that their interpretation creates.
    • Justice Alito, for example, asked both Facebook and the United States whether it made sense to talk about random or sequential number generators as a device that can “store” numbers, wondering if their interpretation rendered the verb “store” superfluous. In response, the United States suggested that Congress was likely taking a “belt-and-suspenders” approach to drafting.
    • The Chief Justice, noting that most speakers do not resort to statutory canons of interpretation to understand language, suggested that the “sense” of the provision was more important than its syntax.
    • Justice Kavanaugh repeatedly asked about the different scope of the prohibition on artificial or prerecorded voice calls and “live” calls using an ATDS, as a way to understand the ATDS language.
    • Justice Gorsuch asked Facebook and the United States to address an alternate interpretation, offered by then-Judge Barrett in her decision in Gadelhak, that the clause “using a random or sequential number generator” could modify the phrase “telephone numbers to be called” instead of the verbs “store” and/or “produce.” Both parties asserted this interpretation would lead to their preferred outcome.
  • Broader Questions on TCPA Scope: The Justices also pressed the parties on questions unrelated to the grammatical construction the statute.
    • Justice Thomas asked why “text messages” were covered by the TCPA at all, given that the statute’s language only regulates calls and later called the statute an “ill fit” for current technology. Justice Thomas’s question is indicative of a broader concern, shared expressly by Justices Sotomayor, Alito and Kavanaugh, that the TCPA may be ill-suited to regulate technology that looks very different from the technology available in 1991 when the TCPA was passed.
    • Justices Sotomayor, Barrett, Breyer, and Gorsuch each questioned whether the Ninth Circuit’s broad definition of an ATDS would expose all smartphone users to potential liability.
    • Justice Barrett was concerned specifically with the call-forwarding function and seemingly “automated” functions that modern cellphones are equipped with.
    • Duguid seemed unable to provide the Justices with a satisfactory answer on several of the non-grammatical issues and gave conflicting answers concerning the role for, and level of, human interaction necessary to remove technology from the definition of an ATDS.
In sharp contrast to the Supreme Court’s oral argument in Barr v. American Association of Political Consultants, none of the Justices mentioned the TCPA’s popularity among the American public in interpreting the statutory language. Justice Alito went so far as to suggest that the TCPA may in fact be obsolete, and although the Court has not claimed the power to declare a statute null on that basis, the TCPA might be a good candidate.

The Court is expected to issue its ruling by Spring 2021. To learn more about the background of the case, the Circuit Courts’ varying definitions of an ATDS, and the potential implications for the Court’s ruling, consider listening to Kelley Drye’s preview podcast of Duguid or Kelley Drye’s monthly TCPA Tracker.

Ad Law Access Podcast

]]>
Supreme Court to Weigh-in on the Definition of an Autodialer Under TCPA https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/supreme-court-to-weigh-in-on-the-definition-of-an-autodialer-under-tcpa https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/supreme-court-to-weigh-in-on-the-definition-of-an-autodialer-under-tcpa Fri, 10 Jul 2020 13:37:14 -0400 On July 9, 2020, the Supreme Court granted Facebook’s petition for certiorari in a case with potentially broad implications for both class action litigation and business communications with their current and potential customers. The Supreme Court’s disposition of Facebook’s petition may settle the complex question of what qualifies as an automatic telephone dialing system (“ATDS”) under the Telephone Consumer Protection Act, 47 U.S.C. § 227, et seq. (“TCPA”).

The TCPA prohibits telemarketing calls to be placed using an ATDS without the requisite level of prior consent. Thus, the definition of what technology qualifies as an ATDS is often a fundamental, threshold question upon which TCPA litigation turns. Prior to 2015, the FCC had offered various, sometimes vague, interpretations of the term. In 2015, the FCC offered an expansive definition, which was set aside in March 2018 in the ACA International decision. While the issue has been before the FCC on remand for over two years now, courts nevertheless engaged in their own analysis of the statute, resulting in a broadening Circuit split on how the law is interpreted and applied and divergent outcomes based on the court in which the case is filed. Now the Supreme Court is poised (potentially) to resolve that dispute.

DEFINITION OF AN ATDS

Since the March 2018 decision of the Court of Appeals for the D.C. Circuit in ACA International set aside the FCC’s overbroad and expansive definition of an ATDS, two distinct interpretations of an ATDS have emerged. In Marks v. Crunch San Diego, the Ninth Circuit held that any equipment that dials telephone numbers from a stored list qualifies as an ATDS under the TCPA. That expansive approach threatens to encompass ordinary smartphones on the market within the TCPA’s ambit. This approach is also employed by the Second Circuit. In contrast, the Third, Seventh, and Eleventh Circuits have opted for a narrower, more textually honest and logical interpretation, that requires a showing that equipment has the present capacity to generate numbers using randomly or sequentially and dial them. (Arguably, the D.C. Circuit’s decision also called for an interpretation closer to the Third, Seventh and Eleventh Circuit interpretations). District Courts in the remaining Circuits (as well as some where the Circuit Courts have spoken) have generally (but inconsistently) adhered to one of these two approaches. Some of our prior discussions of these issues can be found here and here.

FACEBOOK SEEKS AN END TO TCPA CONFUSION

In Facebook, Inc. v. Noah Duguid, et al, Case No. 19-511 (2020), plaintiff Noah Duguid alleges that defendant Facebook had contacted him via text messages without appropriate levels of consent using an ATDS, as that term is defined under the TCPA. Mr. Duguid is not a Facebook customer and alleges that he received repeated login notification text messages from Facebook. Plaintiff alleges that he never provided the company with his cellphone number, much less prior express written consent to be contacted by text. Plaintiff’s original complaint was filed in the Northern District of California in March 2015 and dismissed without prejudice for failure to properly allege that an ATDS was used to send the texts at issue. In his Amended Complaint, Duguid added factual allegations that Facebook used an ATDS by maintaining a database of numbers on its computer and transmitting text message alerts to selected numbers from its database using an automated protocol.

Facebook again moved to dismiss Duguid’s allegations arguing that the TCPA was unconstitutional and that Duguid failed to plead the use of an ATDS. On February 16, 2017, the District Court granted Facebook’s motion to dismiss, finding the ATDS allegations were insufficient. Because of that finding, the court never reached the constitutional question. The court reasoned that Duguid’s ATDS allegations “strongly suggested direct targeting rather than random or sequential dialing,” which did not indicate the use of an ATDS. Importantly, the District Court rendered its opinion before the Ninth Circuit’s interpretation of the ATDS definition in Marks v. Crunch San Diego in September 2018.

On June 13, 2019, the Ninth Circuit reversed the lower court’s dismissal. Applying the Marks standard, the Ninth Circuit reasoned that Duguid had sufficiently alleged that Facebook used an ATDS by alleging the equipment “had the capacity to store numbers to be called and to dial such numbers automatically.” The Ninth Circuit separately addressed Facebook’s constitutional challenge to the TCPA and agreed that, although the TCPA included content- and speaker-based restrictions on speech, the overall statute could be salvaged by severing what it saw as the most offensive aspect—the government debt exception.

ISSUES BEFORE THE COURT

Facebook appealed and in its petition to the Supreme Court presented both the constitutional challenge and definitional question for review.

On July 6, 2020, the Supreme Court upheld the constitutionality of the TCPA in William P. Barr et al. v. American Association of Political Consultants et al., Case No. 19-631 (2020), thus mooting the constitutional challenge in Facebook’s petition. Our analysis of that decision can be found here.

On July 9, 2020, three days after it released its decision in Barr, the Supreme Court granted certiorari on the following question: Whether the definition of ATDS in the TCPA encompasses any device that can “store” and “automatically dial” telephone numbers, even if the device does not “us[e] a random or sequential generator”?

CONCLUSION

The Supreme Court’s resolution of this circuit split has the potential to forever change business communications by making it more or less difficult for businesses to reach their customers. As noted, a threshold question in TCPA litigation is whether equipment used to originate a call or text is an ATDS. The D.C. Circuit, in remanding the FCC’s 2015 expansive definition, noted that definition’s “eye-popping sweep.” Just how far the 29-year-old TCPA’s definition should reach into modern dialing technology has been a central question in litigation since the D.C. Circuit remand. How the Supreme Court addresses this could affect the methods businesses use to provide notifications and reminders to customers as well as how they obtain new customer and collect debts.

In addition to resolving the question of an ATDS, the Supreme Court’s acceptance of Facebook’s petition has other implications. In the short term, companies and practitioners are likely to see stays across the robust and active TCPA docket as lower courts await direction on this core (often threshold) legal question from the Supreme Court. While the decision in ACA International returned the ATDS definition to the FCC for consideration, the Supreme Court’s grant also makes it less likely that the FCC will take any additional affirmative steps on the definition of an ATDS until the Facebook case is decided.

The Supreme Court’s next term opens on October 5, 2020, and oral argument will be scheduled for a date sometime thereafter. A decision can be expected to be published sometime between the argument and when the terms recesses in late June/July 2021.

]]>
What Facebook’s Next 20 Years Will Look Like: Is This the Future of US Privacy? https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/what-facebooks-next-20-years-will-look-like-is-this-the-future-of-us-privacy https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/what-facebooks-next-20-years-will-look-like-is-this-the-future-of-us-privacy Fri, 26 Jul 2019 07:00:11 -0400 Even in her extensive dissent, FTC Commissioner Rebecca Slaughter labeled the Order “exceptional.”

And it is. The terms of the Federal Trade Commission’s (FTC) $5 billion, twenty-year settlement Order reached with Facebook on Wednesday is the agency’s most prescriptive privacy and data security agreement ever. The Order comes just three days shy of the seventh anniversary of the FTC’s original 2012 settlement with Facebook, where the FTC ordered Facebook to comply with its privacy commitments.

This week, the FTC confirmed what was already widely reported – from the Cambridge Analytica scandal to a series of other press reports on privacy mishaps – the agency’s determination that Facebook’s data practices did not comply with the FTC’s 2012 Order.

Almost immediately, the Order was attacked by critics insisting that the Commission let Facebook off the hook too easily, for, among other reasons, not obtaining an admission of guilt or liability, not restricting data flows or integration among its companies, and not obtaining an even higher monetary penalty. Commissioner Slaughter wrote that although the Order is exceptional, the “facts and defendant before us are exceptional as well,” and that she did not believe the “combined terms would effectively deter Facebook from engaging in future law violations and send the message that order violations are not worth the risk.” Supporters of this view are likely to point to Facebook’s second quarter earnings results indicating a 28 percent revenue increase compared with 2018.

In contrast, Commissioner Noah Phillips, who supported the settlement, defended the outcome. “I am absolutely certain that the deal we struck today is better than the relief that we might have achieved had we gone to court,” Commissioner Phillips told CNN. In particular, Phillips and other Republican Commissioners point to extensive, precedent-setting monetary relief, as well as injunctive relief that dictates a new detailed accountability process for how Facebook’s privacy (and information security) decisions and oversight will function for the next twenty years.

Here’s a rundown of key terms in the Order:

#1: Liability Limitations

  • Terms: Facebook neither admits nor denies any of the allegations against it. In exchange for agreeing to the Order and paying $5 billion in civil penalties, the FTC agrees that the Order resolves “any and all claims that Defendant, its officers, and directors” violated the 2012 settlement order and Section 5 of the FTC Act.
  • Context: In his dissent, Commissioner Rohit Chopra criticized the liability terms because Facebook received what he characterized as a “legal shield” covering a wide range of conduct not addressed in the Complaint or Order. “I have not been able to find a single Commission order – certainly not one against a repeat offender – that contains a release as broad as this one,” Chopra wrote.
  • Exceptional? In 2012, Commissioner J. Thomas Rosch dissented because the FTC’s 2012 settlement allowed Facebook to expressly deny the allegations in the Complaint. In the 2019 Order, Facebook neither admitted nor denied the allegations. Kelley Drye View: Not exceptional.
#2: Privacy Prohibitions / Restrictions
  • Terms: Facebook may not make misrepresentations about privacy and information security in connection with its products and services. The Order sets limits and rules around how Facebook may use telephone numbers provided for account authentication, facial recognition templates, and private user information. Facebook is required to ensure that when a consumer deletes information or content, the data are in fact deleted and not accessible to third parties.
  • Context: These are familiar terms. When the FTC identifies a violation of its Act or a prior Order, the FTC seeks settlement terms that directly prohibit a company from re-engaging in the offending activity. In its statement in support of the settlement, the majority of commissioners led by Chairman Joe Simons wrote, “Collectively, these requirements will not only alter the way Facebook does business, but also send an important signal to the marketplace about privacy and security best practices.” The majority also pointed out that this is “the first FTC order to address biometric information, requiring Facebook to get consumers’ opt-in consent before using or sharing” facial recognition templates.
  • Exceptional? The 2012 settlement mirrored many of these terms, especially with regard to misrepresentations in privacy statements and deletion of personal information. The FTC has also conveyed its expectations that when collecting and using sensitive personal information (such as biometric information) in a manner that may surprise consumers, a company should obtain an opt-in. Kelley Drye View: Not exceptional.
#3: New Data Security Terms
  • Terms: Facebook will be required to maintain an information security program to protect the security of user information, including passwords. The company will be required to scan for plaintext files with user passwords, and report to the government any data breaches impacting 500 or more users.
  • Exceptional? The FTC regularly mandates information security programs, especially in cases involving data breaches. Earlier this year, in the Lightyear Dealer Technologies case involving exposure of personal information, the FTC mandated a detailed information security program complete with regular independent evaluations, internal assessments, and annual certifications. What is exceptional here is that, now, every Facebook data compromise involving 500 or more users’ information will be closely reviewed by both the DOJ and FTC. Kelley Drye View: Exceptional.
#4: Oversight agencies (DOJ & FTC)
  • Terms: The Order indicates that aside from providing documents to the FTC, Facebook must provide copies of reports, assessments, notifications, certifications, and other mandated filings to the Department of Justice.
  • Context: The FTC has limited manpower and staff (and more importantly, a constrained budget) to address every concerning privacy and data security matter. Adding a second government agency increases oversight (and enforcement) potential. Kelley Drye View: Neutral (and potentially Exceptional if the settlement were to motivate Congress to increase allotted FTC Budget, in which case extra oversight and resources likely would translate to more active enforcement).
#5: Safeguards
  • Terms: The FTC mandates that Facebook implement safeguards to ensure protection of user information. These safeguards require Facebook to conduct extensive privacy reviews prior to rolling out new services, with a more in-depth review required for services that present a “material risk to the privacy, confidentiality, or Integrity of” user information. The settlement also requires Facebook to develop safeguards regarding facial recognition technology and affiliate sharing.
  • Context: The terms respond to ongoing concerns that Facebook rolls out new products or services without sufficiently considering the impact on privacy. These safeguards do not restrict Facebook from taking actions with new, material privacy implications, but slows down and opens the process to a deliberative review. Kelley Drye View: Neutral.
#6: Third Party Monitoring
  • Terms: Facebook is required to design and implement safeguards that require vetting, monitoring and enforcement against third parties that use Facebook user information for their own consumer applications and websites. These safeguards include mandating each such party to provide a self-certification on compliance with Facebook’s terms. They also require Facebook to conduct ongoing compliance monitoring and to enforce compliance terms, including by restricting access to Facebook data if there are instances of non-compliance, and to take other appropriate disciplinary measures that are commensurate with the violation gravity and prior history of compliance.
  • Exceptional? The extent and specificity of the FTC’s third party vetting terms are unique to this case and go beyond the FTC’s prior examples. It remains to be seen if these are more robust “fencing-in relief,” or if they are a preview of what FTC will demand in other cases involving third party compliance, including with respect to telemarketing and lead generation. Kelley Drye View: Exceptional.
#7: Overlapping Channels of Compliance
  • Terms: The FTC has implemented overlapping “channels of compliance” to hold Facebook accountable for privacy and data security related decisions and practices. First, Facebook must create an independent privacy committee. Second, Facebook’s CEO and compliance officers will be required to submit quarterly compliance certifications vouching for the company’s compliance with the Order. Third, Facebook will face monitoring by independent assessors (who Facebook cannot claim privilege over their work product) and the FTC.
  • Exceptional? The FTC’s majority statement emphasizes the overlapping channels of compliance, and they are no small feat. Facebook has agreed to twenty years of extensive auditing at multiple levels. While many FTC decisions may include some of these compliance checks, the Order’s inclusion of all of these is significant. Kelley Drye View: Exceptional.
  • Caveat: Earlier this week, the FTC settled charges with Equifax over a data breach that impacted 147 million people. That agreement included yet another channel of compliance: it set up its own FTC email hotline for Equifax employees to submit complaints or concerns about the company’s information security practices to the FTC, and a process for reviewing, addressing, and escalating those complaints. This type of process is notably absent from the Facebook settlement.
#8: Heavy Handed Corporate Governance Terms
  • Terms: In a remarkable example of government intervention in a public company’s operations, the FTC includes as Exhibit 1 to the Order a new article to be inserted into the Facebook corporate charter. The article states that no director serving on the independent privacy committee may be removed for reasons related to their duties on that committee.
  • Exceptional? This is a unique provision designed to protect the integrity of the independent privacy review process that is a cornerstone of the settlement agreement. Kelley Drye View: Exceptional.
Whether precedent setting or a one-off, the Facebook settlement sets a new standard in the United States for privacy accountability and government oversight of a company’s data practices. Given the third-party monitoring and enforcement program that is part of this settlement, its effects also may be felt by many others in the online space. On the day of the settlement’s announcement, public reports also noted that Facebook is the subject of a current FTC antitrust investigation. While it may be many months (or longer) to know how that matter resolves, its outcome too will be of great interest and could materially affect the digital ecosystem.

At bottom, there is no longer a status quo in the United States when it comes to data practices and standards. This settlement, the California Consumer Privacy Act’s looming compliance deadline, and the ongoing debate over whether there should be a comprehensive federal privacy law are all developments that underscore one take-away: most companies’ data practices can benefit from a fresh review and consideration for how to plan for the future.

To discuss how the settlement could impact your business, please contact attorneys in the Privacy and Information Security practice at Kelley Drye.

]]>
Supreme Court Rules in Favor of Facebook in Class Action Cy Pres Challenge https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/supreme-court-rules-in-favor-of-facebook-in-class-action-cy-pres-challenge https://www.kelleydrye.com/viewpoints/blogs/ad-law-access/supreme-court-rules-in-favor-of-facebook-in-class-action-cy-pres-challenge Thu, 07 Nov 2013 09:54:21 -0500 On Monday, the Supreme Court ruled that Facebook’s $9.5 million settlement of privacy claims did not violate federal rules that require class action settlements to be “fair, reasonable and adequate.”

The suit (Marek v. Lane, 13-136) involves Facebook’s former use of its Beacon advertising program that tracked the activity of logged-in Facebook members and shared their purchases with their friends on Facebook. This resulted in a class action lawsuit alleging that Facebook violated federal and state privacy laws. The settlement requires $6.5 million (of the $9.5 million total settlement) to be paid in the form of cy pres relief to a foundation that would be formed to promote online privacy. Nothing would go to absent class members and plaintiffs' counsel will receive $2.36 million in fees and expenses. The settlement was appealed, but the federal appeals court upheld the terms as a legitimate type of agreement given that the number of plaintiffs involved in the class action would make the payments so small they would be impractical. Instead the class members receive an indirect benefit, rather than a small sum of money.

The Supreme Court agreed with the lower court’s decision, and while the ruling yesterday came without a dissent, Chief Justice John Roberts made his sentiments known. While Marek was not the right vehicle for addressing the issue because "Marek's challenge is focused on the particular features of the specific cy pres settlement at issue," another case, might "afford[] the Court an opportunity to address more fundamental concerns surrounding the use of [cy pres] remedies in class action litigation." Among his stated concerns: "when, if ever, such relief should be considered" and "how closely the goals of any enlisted organization must correspond to the interests of the class." The Chief Justice made clear that this issue is far from resolved given that "[c]y pres remedies ... are a growing feature of class action settlements." He concluded that "[i]n a suitable case, this Court may need to clarify the limits on the use of such remedies."

For those critics of the Ninth Circuit’s holding in Marek and previously in Dennis, stay tuned. Undoubtedly, more to come on this issue.

]]>