Privacy and Security TidBits

The TCPA, Robocalls and a Meaningful Definition of Consent

Under the Telephone Consumer Protection Act (TCPA), in order for marketers to call or text a telephone subscriber via autodialer or prerecorded messages (robocalls), the subscriber must have given the robocaller “prior express consent” to do so.

What constitutes “express consent” under the TCPA?

The TCPA does not define “express consent.” Congress delegated to the FCC  the authority to make rules and regulations to implement the TCPA.

The FCC has defined “express consent” as follows:

“any telephone subscriber who releases his or her telephone number has, in effect, given prior express consent to be called by the entity to which the number was released. “

and “persons who knowingly release their phone numbers have in effect given their invitation or permission to be called at the number which they have given, absent instructions to the contrary.”

 

A recent case, (Murphy v. DCI Biologicals Orlando, LLC) decided on 12/31/2013, illustrates this type of consent requirement.

Plaintiff, a blood donor gave his cell phone number on a new donor information sheet to the defendants, a blood bank. He subsequently got a few automated, telemarketing text messages from the defendants in 2012, suggesting he give more blood, which he found quite offensive. Plaintiff claimed he had not given defendant, the blood bank, express consent to “robocall” him, as required under the TCPA. He only shared his cell phone number as a contact number for the blood bank to reach him. The US District Court for the Middle District of Florida ruled that giving his cell phone on the new donor information constituted his express consent to the defendants to robocall him at that number through marketers. The Court granted defendant’s motion to dismiss the case. The Court followed the definition of “express consent”, as defined by the FCC. (see above).

The Court decided that when the blood donor shared his cell phone number with the blood bank, he thereby gave “express consent” to the blood bank to share his sensitive health data with marketers and to have those marketers “robocall” him.

 

Most courts have followed this interpretation of “express consent” under TCPA, while other courts have argued that If consent is not manifested by explicit and direct words, it is not express consent. Rather, it is merely “implied consent.”.

 

On February 15, 2012, the FCC adopted additional protections for consumers concerning unwanted robocalls. One of the changes concerned the “consent” issue.

Effective October 16, 2013, in order for marketers to call or text a telephone subscriber via autodialer or prerecorded messages (robocalls), the subscriber must have given the robocaller “prior UNAMBIGUOUS written express consent” to do so.

Gone is the “implied-express consent” as previously defined by the FCC.

Unambiguous consent means that the consumer must receive a “clear and conspicuous disclosure” that he will receive future calls that deliver autodialed and/or pre-recorded telemarketing messages on behalf of a specific marketer.

In other words, the consent form to be signed by the consumer should look something like this:

“ I hereby consent to receive autodialed and/or pre-recorded telemarketing calls and/or texts from or on behalf of [marketer] at the telephone number provided above. “

Under this new definition of consent, our blood donor might have won his case.

Or, if the blood bank had given him a clear and informed choice, he might very well have agreed to share his cell phone number with marketers in order to be notified of future blood donor opportunities. He would have made an informed choice and the overburdened justice system might have had  fewer time-wasting and costly class-action law suits to deal with.

This new consent requirement resembles very closely the requirement of “unambiguous consent” of the data subject that forms one of the most important legal grounds for processing personal data by data controllers under the EU Data Protection Directive. (Article 7. (a) Directive 95/46/EC).

Article 2 (h) of Directive 95/46/EC defines consent as “any freely given specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.”

The validity of consent as a mechanism to regulate privacy in our era of big data, predictive algorithms and internet of things has been a subject of debate for a while now, and more recently, the cause of a heated polemic in privacy circles.(see: “I Never Said That”—A Response to Cavoukian et al. by Viktor Mayer-Schönberger)

The latest FCC implementation of the TCPA is one example of how the concept of consent is still alive and well.  Whether consent by the consumer is meaningful often depends on whether the term “consent” is defined in a meaningful way or not.