Alert

Recommended Alerts

Sign Up For Alerts

Ransomware – How Should Organisations Respond?

It seems that, in recent months, not a day goes by without reports appearing in the media of another significant ransomware attack, with such incidents posing an ever-increasing threat to both private sector businesses and public services alike (including hospitals and health services, schools and local government organisations, among others). It has been reported that ransomware attacks increased threefold last year and are not showing any signs of abating.

Read More

Supreme Court Narrows Potential Scope of the Telephone Consumer Protection Act


Time to Read: 5 minutes Practices: Data, Privacy & Cybersecurity

Printer-Friendly Version

Thursday, in a unanimous decision, the Supreme Court narrowed the potential scope of the Telephone Consumer Protection Act (“TCPA”), which has been fertile ground for plaintiffs’ attorneys seeking class-wide damages. Justice Sotomayor wrote the opinion in Facebook v. Duguid, which found that for telephone dialing equipment to constitute an “automatic telephone dialing system” (“ATDS”) under the TCPA, “a device must have the capacity either to store a telephone number using a random or sequential generator or to produce a telephone number using a random or sequential number generator.” The upshot of this distinction is that computer systems that simply store phone numbers, not generated randomly or sequentially, for later dialing are not an ATDS.

While the decision itself turned on a narrow question of statutory interpretation, it has enormous implications for companies using telephone-dialing technology. As the Court explained, almost all telephone dialing equipment, including most cell phones, “store” numbers to be dialed later. The courts of appeals, however, split over the issue. The Ninth, Second, and Sixth Circuits previously held that the language “using a random or sequential number generator” modified only “produce” (not store) in the definition of ATDS (the “Ninth Circuit’s position”), while the Seventh and Eleventh Circuits held that the phrase modified both “store” and “produce” (the Third Circuit assumed that was the case without expressly addressing the question). Under the Ninth Circuit’s position, almost any electronic phone system could constitute an ATDS, potentially subjecting many companies that do not make random calls to damages for violations of the TCPA.

The case matters in large part because TCPA damages can be significant, and the statute allows for a private cause of action with statutory damages of up to $500 per violation or $1,500 for each intentional violation. As each call potentially constitutes a violation, class-wide damages can be enormous. As described in our post here, in a recent decision in September of last year, a court upheld $925 million in damages awarded in a TCPA class action. With the potential for such enormous damages, companies subject to a TCPA lawsuit have a substantial incentive to settle, often for high dollars.

Background

The TCPA was passed in the 1990s in response to a wave of nuisance robocalls. New technology at the time allowed telemarketers and others to randomly dial numbers in quick succession and also to pre-record the calls. The TCPA banned some of these practices. Among other things, subject to exceptions, it prohibits making phone calls using an artificial or pre-recorded voice to residential lines or cellular phones without first obtaining prior express consent. It also prohibits calls or texts to cellular phones using an ATDS, again, without first obtaining prior express consent. The TCPA defines an ATDS as “equipment which has the capacity—(A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers.” 47 U.S.C. § 227(a)(1).

Facebook v. Duguid

In Duguid, Facebook was alleged to have sent text messages to the plaintiff using an ATDS without first obtaining his consent. Facebook would send text messages to users alerting them if their Facebook account was logged into from an unknown device or account. Users of the feature were required to provide and verify their cellphone numbers.

Plaintiff, however, did not have a Facebook account and did not provide Facebook with his number. Facebook speculated that he must have received the texts because his cellphone number was recycled from another Facebook user and remained in their database. Nevertheless, plaintiff sued.

Facebook moved to dismiss, arguing that it had not dialed numbers using a system that produced or stored random or sequential telephone numbers. Rather, Facebook maintained a database of numbers specifically associated with its users and auto-dialed them only when it detected unusual account activity. Facebook argued that its dialing technology, although automatic, was therefore not an ATDS because the numbers were neither stored nor produced randomly. The U.S. District Court for the Northern District of California found in favor of Facebook, but the Ninth Circuit overturned the decision. Facebook appealed to the Supreme Court.

Before the Court, Facebook argued that conventions of grammar, punctuation, and statutory interpretation all required the Court to find that the language “using a random or sequential number generator” applies to both “store” and “produce” under the definition of ATDS. In an opinion drafted by Justice Sonya Sotomayor, the Court agreed, finding that both the text and statutory context supported Facebook’s argument. A concurring opinion by Justice Alito cautioned against some of the ways the Court’s opinion used one of the canons of statutory interpretation.

Notably, at the end of its decision, the Court addressed Duguid’s policy argument that the TCPA was adopted at a time when particular technology was in place that is no longer widely used today. The TCPA, Duguid argued, should be interpreted, consistent with Congressional intent, in a way that adapts to the times. Businesses today, after all, still make robocalls. The Court disagreed, explaining that “Duguid’s quarrel is with Congress,” and that “[t]his Court must interpret what Congress wrote.”

Political Reaction

Political response to the decision has been swift. Sen. Markey, an original author of the TCPA, called the decision “disastrous.” He pledged to “soon introduce legislation to amend the TCPA, fix the Court’s error, and protect consumers. If the Justices find their private mobile phones ringing non-stop from now until our legislation becomes law, they’ll only have themselves to blame.” While texts like those at issue in Duguid do not raise these concerns, it is important for companies to continue to monitor political developments in this area.

Conclusion

While the Court adopted a narrow definition of an ATDS, it did not materially curtail the TCPA’s protections against random dialers, and related state and federal statutes and regulations on telemarketing remain in place. Businesses must still, for example, obtain prior express consent prior to making calls using artificial or prerecorded voices. Restrictions on telemarking calls to numbers on both federal and state “do not call” lists will also continue to be actively enforced, as well as restrictions on the time and manner of such communications. Businesses are well advised to implement or maintain robust telephone privacy compliance programs, although they should now fear fewer frivolous TCPA class actions.

Printer-Friendly Version

Cookie Settings