Privacy telecommunications issues concern specific communications channels and methods
Telemarketing, texts and electronic mail
U.S. law has specific rules that regulate how organizations can communicate with individuals for direct marketing and related purposes.
Marketing issues concerns the rules that apply to personal information (PI) collected by the companies themselves in the course of providing their services
Statutes that govern the commercial use of that type of telephone, cable and Internet activity
Telemarketing Federal and state laws
Place legal limits on the manner in which organizations can call individuals for marketing and fund-raising purposes.
Background - Response to complaints by families about
Deceptive marketing practices
Unwanted marketing calls
Intrusions
Telemarketing laws in the United States provide considerable detail about what types of “intrusions” are permitted under federal law.
FTC
Implemented the Telemarketing and Consumer Fraud and Abuse Prevention Act (1995)
Telemarketing Sales Rule (TSR) 1995
TSR defines telemarketing as “a plan, program, or campaign which is conducted to induce the purchase of goods or services or a charitable contribution, by use of one or more telephones
Defines telemarketing as “a plan, program, or campaign which is conducted to induce the purchase of goods or services or a charitable contribution, by use of one or more telephones and which involves more than one interstate telephone call.
Who Can Be Called: The U.S. National Do Not Call Registry
U.S. residents to register residential and wireless phone numbers that they do not wish to be called for telemarketing purposes
require sellers and telemarketers to access the registry prior to making any phone-based solicitations.
Violations of the TSR
Place any call to a consumer (absent an exception) unless the registry is checked
DNC rules apply to for-profit organizations and cover charitable solicitations placed by for-profit telefunders.
Existing Business Relationship Exception
Existing business relationship (EBR),
Sellers (and telemarketers calling on their behalf) may call a consumer with whom a seller has EBR
Restriction The consumer has not asked to be on the seller’s entity-specific DNC list
Exception Based on Consent The TSR allows sellers and telemarketers to call consumers who consent to receive such calls.
Exception Based on Consent
The Do Not Call Safe Harbor
Sellers and telemarketers can use to reduce the risk of liability
The seller or telemarketer has established and implemented written procedures to honor consumers’ requests that they not be called,
The seller or telemarketer has trained its personnel, and any entity assisting in its compliance, in these procedures
The seller, telemarketer, or someone else acting on behalf of the seller . . . has maintained and recorded an entity-specific Do Not Call list
Violations outside of Safe Harbor $40K per call
Rules Governing How Calls Can Be Made Under Telemarketing Laws
TSR provides detailed rules about many aspects of how telemarketing calls can be made.
Call only between 8 a.m. and 9 p.m.
Screen and scrub names against the national DNC list
Display caller ID information Identify themselves and what they are selling
Disclose all material information and terms
Required Disclosures
before delivering any sales content, telemarketers disclose:
The identity of the seller
That the purpose of the call is to sell goods or services
The nature of those goods or services
In the case of a prize promotion
That no purchase or payment is necessary to participate or win
That a purchase or payment does not increase the chances of winning
Disclosures must be truthful
Misrepresentations and Material Omissions
TSR prohibits misrepresentations during the sales call.
Telemarketers must provide accurate and complete information about the products and services being offered.
They may not omit any material facts about the products or services.
There are ten broad categories of information that must always be disclosed:
Cost and quantity
Material restrictions, limitations, or conditions
Performance, efficacy, or central characteristics
Refund, repurchase or cancellation policies
Material aspects of prize promotions
Material aspect of investment opportunities
Affiliations, endorsements, or sponsorships
Credit card loss protection
Negative option features
Debt relief services
Transmission of Caller ID Information
The TSR requires entities that make telemarketing calls to transmit accurate call identification information so that it can be presented to consumers with caller ID services.
Prohibition on Call Abandonment
The TSR expressly prohibits telemarketers from abandoning an outbound telephone call with either “hang-ups” or “dead air.”
Abandonment Safe Harbor
According to the FTC guidance, the abandoned call Safe Harbor provides that a telemarketer will not face enforcement action for violating the call abandonment prohibition if the telemarketer:
Uses technology that ensures abandonment of no more than three percent of all calls answered by a live person, measured per day per calling campaign
Allows the telephone to ring for 15 seconds or four rings before disconnecting an unanswered call
Plays a recorded message stating the name and telephone number of the seller on whose behalf the call was placed whenever a live sales representative is unavailable within two seconds of a live person answering the call
Prohibition on Unauthorized Billing
The detailed rules in the TSR have been amended
the TSR strictly prohibits telemarketers from billing consumers for any goods or services without the consumer’s “express, informed consent.”
Updates to the TCPA Rules Concerning Robocalls and Autodialers
FCC revised its Telephone Consumer Protection Act (TCPA)
Governed prerecorded calls (robocalls)
Use of automatic telephone dialing systems (autodialers)
Updates on the FCC Approach to Robotexts
FCC issued an order explicitly stating that text messages sent to wireless devices are subject to the same consumer protections as voice calls under the TCPA
TCPA prohibits companies from sending text messages via equipment that sends the messages without human intervention, known as “robotexts”—absent express consent.
The FCC, prohibits unsolicited commercial fax transmissions.
Penalties include a private right of action and statutory damages of up to $500 per fax
Failures
Hooters of Augusta (Georgia) was found to have violated the act and ordered to pay out $12 million in a class- action suit.
The FCC approved a $5.4 million fine against Fax.com for violations of the act
Junk Fax Prevention Act (JFPA) in part to clarify whether consent was required for commercial faxing (passed in 2005)
The JFPA specifically provides that consent can be inferred from an EBR
Permits sending of commercial faxes to recipients based on an EBR, as long as the sender offers an opt- out in accordance with the act
CAN-SPAM Act-Applies to anyone who advertises products or services by electronic mail directed to or originating from the United States.
CAN-SPAM
Enforced by FTC
Not intended to eliminate all unsolicited commercial email,
Provides a mechanism for legitimate companies to send emails to prospects and respect individual rights to opt out of unwanted communications.
Details of Act
Prohibits false or misleading headers
Prohibits deceptive subject lines
Requires commercial emails to contain a functioning, clearly and conspicuously displayed return email address that allows the recipient to contact the sender
Requires all commercial emails to include clear and conspicuous notice of the opportunity to opt out along with a cost-free mechanism for exercising the opt-out.
Prohibits sending commercial email (following a grace period of 10 business days) to an individual who has asked not to receive future email
Requires all commercial email to include
Clear and conspicuous identification that the message is a commercial message (unless the recipient has provided prior affirmative consent to receive the email)
Valid physical postal address of the sender (which can be a post office box)
Prohibits “aggravated violations” relating to commercial emails such as
address-harvesting and dictionary attacks
The automated creation of multiple email accounts
The retransmission of commercial email through unauthorized accounts
Requires all commercial email containing sexually oriented material to include a warning label (unless the recipient has provided prior affirmative consent to receive the email)
Enforcement
The FTC enforces and carries penalties of fines of up to $40,654 per violation.
Authority granted to state attorneys general
Deceptive commercial email is subject to laws banning false or misleading advertising.
The FTC has the authority to issue regulations implementing the CAN-SPAM
Applicabilities
Commercial Email messages
Wireless Message Rules Under CAN-SPAM
Mobile service commercial messages (MSCMs)
Includes many commercial text messages.
Commercial electronic mail message that is transmitted directly to a wireless device that is utilized by a subscriber of a commercial mobile service
CAN-SPAM Act prohibits senders from sending any MSCMs without the subscriber’s “express prior authorization
Wireless Domain Registry
To help senders of commercial messages determine whether those messages might be MSCMs (rather than regular commercial email), the FCC has created a registry of wireless domain names (available on the FCC website).49 It is updated on a periodic basis, as new domains are added.
Senders are responsible for obtaining this list and ensuring that the appropriate authorizations exist before sending commercial messages to addresses within the registry.
These focus on rules affecting the telecommunications companies themselves in connection with personal information.
Telecommunications Act of 1996 was a major piece of legislation that reshaped numerous aspects of telecommunications markets.
Scope.
Privacy of customer information provided to and obtained by telecommunications carriers.
Prior to the act, carriers were permitted to sell customer data to third-party marketers without consumer consent.
Customer proprietary network information (CPNI).
CPNI is information collected by telecommunications carriers related to their subscribers.
What are examples
Includes call log data such as time, date, destination and duration of calls
Applied to
Telecommunications carriers
Voice-over-Internet protocol (VoIP) providers that are interconnected with telephone service.
Traditionally did not apply to Broadband Internet service providers (ISPs) but now are subject to Section 222 of general CPNI requirements. In 2016 FCC issued a detailed regulation, which was repealed by the Trump administration.
Requirements
Carriers must notify law enforcement when CPNI is disclosed in a security breach within seven business days of that breach
Customers must provide a password before they can access their CPNI via telephone or online account services.
Enforcement
FCC
Process of Breech - CPNI
Must pass
Actions
Regulates the notice a cable television provider must furnish to customers
The ability of cable providers to collect PI
The ability of cable providers to disseminate PI
The retention and destruction of PI by cable television providers
Provides a private right of action for violations of the aforementioned provisions
FYI
Exceptions - update
Why?
Passed in response to the disclosure and publication of then-Supreme Court nominee Robert Bork’s video rental records.
Applies to
Video tape service providers
Defined as anyone “engaged in the business, in or affecting interstate or foreign commerce, of rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials”
Individuals who receive PI in the ordinary course of a videotape service provider’s business or for marketing purposes.
Netflix and the 2012 Amendment
Allowed for one-time consumer consent that was valid up to 2 years, replacing contemporaneity requirement.
Enforcement
California Law
Self-Regulation for Online Advertising
Two prominent examples are the Digital Advertising Alliance (DAA) and the Network Advertising Initiative (NAI) Code of Conduct.
Federal Regulation:
FCC Broadband Privacy Rule
In 2015, FCC reclassified broadband internet service as public utility a part of its “Open Internet” or net neutrality rule.
An important effect of this is that broadband internet providers (Verizon/Comcast etc.) also because subject to other requirements of the Telecommunications Act, including CPNI privacy requirements.
FCC adopted rule:
Requires
opt-in for sensitive PI
allows user opt- out for non sensitive PI
Permitted inferred consent for providing the underlying services.
Provided guidelines for data security and breach notifications.
2017 – Rescinded by Congress and Trump.
State Regulation: CA Do Not Track Requirements
Requires websites/phone apps to post a privacy policy if the collect PII from those living in CA.
Cal Online Privacy Protection Act (CalOPPA).