Cybersecurity and data protection is front and center on the Federal Communications Commission’s (FCC) agenda. The latest manifestation of this is the FCC’s issuance of a Notice of Proposed Rulemaking (NPRM) on August 25, 2023, which seeks comments on a proposed voluntary cybersecurity labeling program for Internet of Things (IoT) devices or products.

Companies that volunteer to join the proposed program would have their qualifying products bear a new “U.S. Cyber Trust Mark,” which the agency believes would help consumers identify trustworthy products and make informed purchasing decisions, incentivizing better cybersecurity standards. There are a couple of aspects of the NPRM that are worth highlighting.Continue Reading What’s in a Label? FCC Begins Rulemaking Procedure for Cybersecurity Labeling on IoT Devices

Last week, the Federal Communication Commission’s (FCC) issued a Notice of Apparent Liability for Forfeiture proposing a $20 million forfeiture, essentially a fine, against two telecommunications service providers for failing to properly authenticate customers’ identity before providing online access to Customer Proprietary Network Information (CPNI). CPNI includes sensitive data, such as called phone numbers, the length and time of calls, and service features. FCC rules mandate that companies handling such information use “reasonable measures” to guard access to CPNI.

Because it would be easy for third parties to impersonate customers and gain access to their CPNI, FCC rules prohibit the use of readily available biographical information or account information. “Readily available biographical information” includes “information drawn from the customer’s life history and includes such things as the customer’s social security number . . . mother’s maiden name; home address; or date of birth.” Account information is “information that is specifically connected to the customer’s service relationship with the carrier, including such things as an account number or any component thereof, the telephone number associated with the account, or the bill’s amount.” FCC rules thus requires service providers to authenticate customer identity without the use of the above information and then require a password.Continue Reading FCC Proposes $20 Million Forfeiture Against Telecommunications Service Providers for Failing to Protect User Data

As we recently previewed, the Federal Communications Commission (FCC) published its Proposed Rule that would codify its updated guidance on the Telephone Consumer Protection Act (TCPA). The TCPA regulates calls and text messages sent using automated technology and is frequently litigated. Below are the major proposed rule changes on which the FCC seeks comment.Continue Reading FCC Releases Proposed Rule for Codifying Updates to the TCPA

On Tuesday the FCC released a Notice of Proposed Rulemaking proposing to require cable operators and direct broadcast satellite (DBS) providers to specify an “all-in” total price for their video service, both in their promotional materials and on subscribers’ bills.

The proposal is intended to help consumers understand the complete cost of video service, to provide consumers with the ability to comparison shop among competing service providers and to compare programming costs against those of alternative programming providers, such as streaming services.

The proposal builds upon the recently implemented Broadband Nutrition Label requirement, which demands that broadband Internet providers display easy-to-understand service performance labels akin to food labels. The proposal is also consistent with the broader federal effort driven by the White House to eliminate so-called junk fees across a variety of industries. Such fees are service provider mandatory fees that are not fully disclosed in provider marketing/advertisements and that later surprise consumers when they are billed.Continue Reading FCC Proposes “All-In” Video Service Advertising Rules for Cable and Satellite TV

The Federal Communications Commission (FCC) has issued a Notice of Proposed Rulemaking intending to strengthen consumers’ ability to revoke consent to receive both robocalls and robotexts, in addition to strengthening callers’/texters’ obligations to honor such requests in a timely manner.

The Telephone Consumer Protection Act (TCPA) restricts callers from making robocalls and robotexts unless they have received the prior express consent of the called party, subject to a couple of exemptions. The FCC’s proposed action would broaden a consumer’s ability to revoke consent in “any reasonable way.” For example, simply using words such as “stop,” “revoke,” “end,” or “opt out” in response to a call or text would create a presumption, absent contrary evidence, that the consumer has revoked consent.Continue Reading FCC Proposes Codifying New TCPA Consent Rules in Notice of Proposed Rulemaking

As part of a broader campaign to go after “robocall” violations, the Federal Communications Commission (FCC) has announced a $5,134,500 fine against a company and its owners for making 1,141 robocalls in 2020 that violated the Telephone Consumer Protection Act (TCPA). The company told recipients of the robocalls that if they voted by mail, their personal information would “be part of a public database that will be used by police departments to track down old warrants and be used by credit card companies to collect outstanding debts.” The case is a strong reminder that political calling campaigns are also subject to the TCPA.

Both the TCPA and the FCC’s rules prohibit prerecorded voice calls to wireless telephone numbers without the recipients’ prior express consent, and this is true regardless of the caller’s intent. These restrictions apply equally to both telemarketing and informational calls, including all non-commercial and political calls. The only exception is for calls that are made for an emergency purpose.Continue Reading FCC Levies $5 Million Fine for Political Calling Campaign That Violated the TCPA

Last week, the Federal Communications Commission (FCC) issued a Notice of Proposed Rulemaking proposing to “ban the practice of obtaining a single consumer consent as grounds for delivering calls and text messages from multiple marketers on subjects beyond the scope of the original consent.”

According to the FCC, the proposed rule’s intent is to prevent lead generators from obtaining consent to receive calls and texts from multiple “partner companies” identified through a hyperlink rather than on the same page where consent is obtained. Implementing this rule could drastically change the way lead generators obtain consent for marketing calls and texts under the Telephone Consumer Protection Act (TCPA).Continue Reading FCC Proposes Rule to “Close the Lead Generator Loophole,” with Business-Changing Ramifications

Last week, a magistrate judge in U.S. District Court for the Western District of North Carolina dismissed a Telephone Consumer Protection Act (TCPA) lawsuit brought by a plaintiff who claimed calls made by an insurance lead generator to her cell phone number, which was registered on the national Do Not Call (DNC) registry, were unlawful. The decision takes a view contrary to that of at least one other district court in the Fourth Circuit, but sides with a district court in Texas in finding that the do not call prohibitions of the TCPA do not encompass cell phones.

Does this latest decision, Gaker v. Q3M Insurance Solutions et al., mean that telemarketing calls to cellphone numbers listed on the national DNC list are actually OK? Probably not. For starters, since 2003, the Federal Communications Commission (FCC) has allowed cell phone numbers to be registered on the DNC list and interpreted the TCPA’s do-not-call prohibitions to encompass cell phone numbers. Other courts have followed the FCC’s lead in this matter. However, the judge’s reasoning in the Gaker case is interesting to consider, particularly for anyone following a textualist reading of Congress’s laws.Continue Reading North Carolina Judge Says Cell Phones Not Subject to Federal Do-Not-Call Protections

For years, lead generators have obtained telephone numbers for their clients to call by obtaining the consumer’s consent to receive calls from certain entities specifically identified by the lead generator. A typical model uses language that asks for the consumer’s consent, via a checkbox or otherwise, to receive marketing calls from a few of the lead generator’s marketing partners named in the consent request.

A popular variation of this model is to include, instead of a list of partners by name, a clickable reference to “marketing partners” in the consent language. The specific marketing partners are visible only when the consumer clicks the link and views whatever list of marketing partner names the lead generator has provided.

Sometimes, the marketing partners list has several dozens, hundreds, or thousands of names.  With such long lists, one might ask: How many names on the marketing partners list is too many to evidence meaningful consent by the consumer to receive calls or texts? As recently declared by the Federal Communications Commission (FCC), the answer is 5,329.  As a practical matter, the number might be a whole lot less.Continue Reading Telemarketing Lead Generators: How Many “Marketing Partners” Is Too Many?