Contact Center Compliance Watch – March 2023
We aim to highlight the importance of due diligence in lead campaigns and to keep our customers and industry associates up-to-date with the compliance news reported from our industry. These articles are reprinted here for our readers, courtesy of dnc.com, TCPA World, and Mac Murray and Shuster LLP.
A busy month at the FCC: lead gen practices, texting, and nominees under scrutiny
There was a lot going on at the FCC this past month as the regulatory body steps up its ongoing campaign against unwanted calls and texts. Hugely consequential new rules are both on the way and under consideration. Here’s what you need to know.
Can’t miss news: committee considers daunting rules to close “lead-gen loophole”
Many have speculated for some time that the FCC may attempt to close the “lead generation loophole” that arguably allows multiple businesses to obtain prior express written consent for marketing communications under the TCPA. You may have seen lead forms set up with this model, usually with a consent disclosure that names the provider of the website you are on and its “marketing partners” or “affiliates” with those terms linked to a list of other companies that could be dozens or hundreds of companies long.
If passed without amendment, the FCC’s new definition of prior express written consent would require the lead form to obtain consent for only one entity, or if the form obtains consent for multiple entities, those entities must be “logically and topically associated.”
Further, the entire list of entities must be clearly and conspicuously disclosed to the consumer, meaning at a minimum, “displayed on the same web page where the consumer gives consent.” Because of prior case law and regulatory guidance around the phrase “clear and conspicuous,” this latter requirement likely means listing the entities in the consent disclosure itself or in close proximity, not in a footnote or buried in an inconspicuous part of the webpage.
Rules on robocalling and texting are passed
Back when the FCC started its ongoing campaign against illegal robocalls, it enabled voice providers to automatically block calls claiming to come from a so-called Do Not Originate (DNO) list. This list consists of specific types of phone numbers that would never make a call for various reasons.
With a newly passed Report and Order, the FCC will implement a similar approach for robotexting. As with call blocking, providers will be obligated to designate a single point of contact for receiving and addressing complaints about incorrect blocking.
Just as we’ve seen with the enforcement of blocking and flagging for calls in the wake of STIR/SHAKEN, this rule has the potential to disrupt legitimate businesses’ texts to consenting consumers.
“The phone numbers that are unallocated or are inbound-only—those types of things are easy [to regulate]. But once it gets beyond that, it gets much more complicated, and so I think there really needs to be some clarity about what the FCC means when they’re talking about messages that are ‘highly likely’ to be illegal,” said Michele Shuster.
Biden FCC nominee Gigi Sohn withdraws
The long, unusual saga of President Joe Biden’s attempts to fully staff the Federal Communications Commission (FCC) has taken another unexpected twist with Gigi Sohn’s announcement that she has withdrawn her nomination to fill the long vacant fifth commissioner seat. Sohn announced that she was withdrawing after Democratic Senator Joe Manchin stated that he would not vote for her confirmation. Combined with a unified rejection by the republicans in the Senate, this essentially assured that Sohn did not have enough votes for confirmation.
Other federal compliance news
As usual, the FCC wasn’t the only place where contact center compliance news was unfolding. Here’s what was happening in the courts.
Supreme court to hear case on CFPB funding mechanism
The Supreme Court just granted cert to review whether or not the CFPB is unconstitutionally funded—and this is a huge deal. For the uninitiated, the CFPB is the primary regulator for banks and finance companies that extend credit to consumers. The organization was created as part of the Dodd Frank Act following the financial meltdown in 2008. It is funded in a really weird way–ironically drawing life from fees it assesses on the banks it regulates by way of the treasury–and not in the normal way government agencies are funded, i.e. via appropriations bills.
Five9 under fire in third circuit ATDS case
So, it seems, that under Panzarella everything is an ATDS and nothing is an ATDS—all systems will have the capacity to engage in the regulated functions when functionalities are viewed through the lens of integrated software components, which stretch as far as the eye can see on any given operating system. But NO ONE, it seems, uses those functionalities in connection with a typical dialing campaign.
No one, that is, except for Five9 according to a Plaintiff’s expert. And that can be a MASSIVE setback for Five9 (again.) [In the recent case of Smith v. Vision Solar], The Court found a triable issue existed not only as to whether Five9 has the capacity to call using an ROSNG [“random or sequential number generator”], but also as to whether that capacity was actually used to call in the given case.
It means at least one Court has found that Five9 MIGHT be an ATDS—even in the most restrictive Third Circuit Court of Appeals footprint. And you put this ruling together with Morgan and you REALLY need to consider NOT using Five9 as your manual dialer if you are using it as a predictive solution.
State telemarketing rules and privacy law updates
Last, but certainly not least, there was plenty of action unfolding in state legislatures across the country. See what you can’t miss from March.
Georgia senate’s DNC bill passes unanimously, heads to house
Sponsored by Senator Blake Tillery, Senate Bill 73 would, in Tillery’s words, ensure the “Georgia Do Not Call Act actually has teeth.” The bill strives to do that by enabling Georgians to pursue class-action lawsuits, with damages of up $1,000 per call, against any entity that either made a call themselves.
Importantly, the bill makes entities on whose behalf calls are made by third-parties liable as well. While the current law states that entities are prohibited from knowingly making or causing telemarketing calls to individuals on the Georgia Do-Not-Call list, the new bill would eliminate this “knowing” element. As a result, would no longer skirt liability “by contracting with companies outside of state lines and even our nation’s borders” to make calls, says Tillery.
Amendments to Florida Mini-TCPA on the way?
The Florida’s Telephone Solicitation Act’s Section 501.059 (“FTSA”) current autodialer definition includes any system that automatically dials OR selects a number to be called. This makes click-to-dial systems and everything but the most sophisticated human selection dialers subject to the FTSA’s harsh $500.00 per call statutory penalties—with no EBR protections.
On the other hand, if the definition were changed to use the word “AND” in place or OR, then only true automated dialers that both select and fire away at numbers automatically would be subject to the statute.
TCPAWorld sources are confirming that the amendment to “AND” has PASSED critical Florida House subcommittee over a vicious dissent by 3 nay-saying Democrats.
With this significant hurdle passed it looks like there is real momentum for this amendment to clear the house and then meet with likely approval in the business-friendly Florida Senate.
Final rules posted for Colorado Privacy Act
Colorado passed the Colorado Privacy Act (CPA) back on July 7, 2021, becoming the third state, at the time, to enact its own state privacy laws. Since then, two other states have passed similar laws and many others are lining up with bills of their own…The Final Rules were filed with the Colorado Secretary of State on March 15th, after a series of public comment periods. CPA goes into effect this year on July 1st.
The Final Rule includes the long-awaited guidance around the technical specification for the Universal Opt-Out Mechanisms the CPA requires controllers to comply with. Along with outlining a comprehensive catalog to navigate all things CPA, from Privacy Notice Principles, Consent, all the way down to Data Protection Assessments for Profiling, it’s a glorious 44 pages. If these new laws affect your business it’s crucial that you read, understand, and ensure you are applying them correctly to your operations.
Get a recap of the latest contact center compliance news delivered monthly to your inbox. subscribe here >
DISCLAIMER: The information on this page, and related links, is provided for general education purposes only and is not legal advice. Convoso does not guarantee the accuracy or appropriateness of this information to your situation. You are solely responsible for using Convoso’s services in a legally compliant way and should consult your legal counsel for compliance advice. Any quotes are solely the views of the quoted person and do not necessarily reflect the views or opinions of Convoso.