- This survey begins with developments at the FTC concerning consumer protection for digital consumers and reviews the FTC’s updates of its Disclosures and Endorsement Guides and recent TCPA and CFAA developments.
This survey begins with developments at the Federal Trade Commission (“FTC”) concerning consumer protection for digital consumers (Part II). It continues with a review of the FTC’s updating of its .com Disclosures and Endorsement Guides (Part III). With respect to Telephone Consumer Protection Act (“TCPA”) and telemarketing developments, focus is given to recent actions by the Federal Communications Commission (“FCC”) and FTC (Part IV.A and B). Lower courts have continued to piece through the elements of a TCPA claim since the Supreme Court’s Facebook decision (Part IV.C). The survey concludes with updated guidance regarding the Computer Fraud and Abuse Act and the Ninth Circuit’s decision in hiQ Labs, Inc. v. LinkedIn, Inc. (Part V).
In early 2021, the FTC issued a complaint against Tapjoy, Inc., an advertising platform operating within mobile gaming applications, alleging that Tapjoy engaged in deceptive acts and practices in violation of Section 5(a) of the Federal Trade CommissionTapjoy would offer “currency” used in-game, such as jewels or diamonds, to the games’ users in exchange for the user performing various tasks, including watching a video, completing a survey, or downloading another Third parties paid Tapjoy to have their products, the subject of the tasks, promoted
The FTC’s complaint alleged that Tapjoy often failed to deliver the currency to consumers following the consumers’ successful completion of theWithout telling its consumers, Tapjoy required users to wait twenty-four hours following the completion of a task before allowing complaints about non-receipt of currency. Consumers would be asked to provide evidence of the completed task, with Tapjoy closing complaints when consumers went over seventy-two hours without responding to Tapjoy’s request for evidence. Consumers who complained to Tapjoy reported little success in resolving their complaints. Despite telling consumers with closed complaints that another email would reopen the complaint, many consumers were unable to reopen a complaint following Tapjoy’s Other consumers who responded within seventy-two hours reported that Tapjoy closed their Finally, an internal presentation in 2017 acknowledged “poor customer experience” and “inconsistent user rewarding,” while other internal emails acknowledged a widespread understanding that Tapjoy’s consumers were unhappy with its offers requesting personal
Tapjoy settled with the FTC. As a condition of settlement, Tapjoy was required to change the interface of its service by clearly and conspicuously, and “in close proximity” to each currency offer, disclosing (i) that the advertiser determines whether a reward will issue and (ii) when customers are likely to receive theFurther, Tapjoy is to provide a “prominently disclosed and easy-to-use method” for consumers to send complaints, promptly investigate consumer complaints about not receiving currency, and follow recordkeeping and other compliance provisions sought by the
Fast-fashion retailer Fashion Nova and the FTC reached a settlement following allegations Fashion Nova misledThe FTC’s complaint alleged that Fashion Nova’s third-party online product review interface excluded reviews with less than four stars, hiding hundreds of thousands of negative reviews from the This was despite its website inviting customers to “WRITE A REVIEW,” with the option to “POST” the review for each of its Indeed, the complaint alleged that if no reviews were available for a product, the customer was invited to “BE THE FIRST TO WRITE A
The FTC finalized its settlement order with Fashion Nova in MarchThe order prohibits Fashion Nova from misrepresenting its product reviews, requires all relevant reviews previously censored to be released, and orders Fashion Nova to pay the Federal Trade Commission $4.2
In 2013, the FTC published a guidance titled .com Disclosures: How to Make Effective Disclosures in Digital AdvertisingThe guidance, which updated a previous similarly named FTC advises businesses on how to advertise and market online without running afoul of consumer protection laws. In June 2022, the FTC issued a press release asking for public input to help strengthen the agency’s .com Disclosures in light of evolving In its release, the FTC signaled that some practices, such as placing FTC disclosures behind a hyperlink, “wrongly cite[d] the guides to justify practices that mislead consumers Further, the FTC sought comments on various issues, including disclosures accessed through hyperlinks and multiple web pages, advertising on social media and mobile devices, and “manipulative user interface designs used on websites and mobile The public comment period closed on August 2,
In May 2022, the FTC released proposed revisions to its Endorsement Guides following a comment period that began in FebruaryThe FTC proposed changes in recognition of the increased use of social media to advertise, particularly to The proposals include a new Section 255.6, titled Endorsements Directed to Children, which emphasizes that practices acceptable in advertising to adults may be questioned if in an advertisement directed to The proposals also include more examples demonstrating the application of the existing law to modern, digital endorsement practices, such as when an individual’s product review must contain a disclosure of Finally, the notice warns social media platforms that they may create liability for their influencers or the platforms themselves, depending on the adequacy of the platform’s disclosure tools and
In May 2022, the FCC adopted new rules designed to limit the scope of foreignThe new regulations include (1) a requirement that gateway providers submit traffic mitigation plans to the Robocall Mitigation Database, (2) a requirement that gateway providers apply STIR/SHAKEN caller ID authentication protocols and validate the identity of the providers whose traffic they are routing to help weed out and (3) requirements that gateway providers respond to traceback requests—which are trigged by belief that phone traffic is coming from a prohibited source or is otherwise improper—within twenty-four hours, block calls that are conduits for illegal traffic, and take steps to ensure their immediate upstream foreign providers are not trafficking a “high volume” of illegal robocalls into the United Previously, the FCC required providers to respond to traceback requests merely “fully and in a timely Providers within the Robocall Mitigation Database—a certification database maintained by the FCC to monitor efforts to fight illegal robocalls—may not accept calls from providers not listed within the database. Additionally, gateway providers failing to meet these compliance standards can be subject to removal from the Robocall Mitigation
Additionally, the FCC announced it would seek additional public comment on proposed rules applying to U.S.-based intermediate providers to strengthen robocall mitigationCurrently, these providers are not required to file a certification and mitigation plan in the Robocall Mitigation Under the proposed rules, all U.S. intermediate providers would need to authenticate caller ID consistently with STIR/SHAKEN and file a mitigation plan in the Robocall Mitigation
The FTC announced in April 2022 proposed rules increasing the recordkeeping obligations of sellers andSince 1995, the FTC has regulated telemarketing through the Telemarketing Sales Rule Currently, sellers and telemarketers are required to keep records such as telemarketing scripts and transactions with customers for twenty-four months, but there is no requirement to keep a record of each call’s State and federal law enforcement agencies, as well as numerous consumer advocacy groups, previously pushed for an expansion of recordkeeping requirements in public
The proposed amendments include a requirement in Section 310.5(a)(1) that telemarketers and sellers keep a record of each unique, prerecorded message used, including those made using soundboard technology, requirements in Sections 310.5(a)(5) and (6), respectively, that records are kept demonstrating an established business relationship and that a consumer was a previous donor, and a requirement in Section 310.5(a)(9) that records are kept “of all service providers the telemarketer uses to deliver outbound calls in each telemarketing
Finally, a proposed new Section 310.5(a)(2) requires detailed records of each call by the seller orThese must include the calling number, the called number, the exact time and duration of the call, and an indication of the call’s outcome, such as “answered, dropped, transferred, or connected,” including details of the phone number, IP address, or company name to which calls were Additionally, the proposed amendments to Section 310.5(a)(2) would require records of the identity of each telemarketer in the call, the seller or charitable organization for which the call is made, the subject of the call, whether the recipient was a consumer or business, whether robocalls or outbound calls were used, and the telemarketing script and robocall used in the
The plaintiff, Meier, brought suit against Allied Interstate, LLC, alleging violation of theAllied Interstate called Meier seventy-seven times to reach a different individual who owed money to the client of Allied The calls were placed using the LiveVox Human Call Initiator, a dialing system that shows phone numbers from outside dialers to “clicker agents,” or human workers, who manually click a phone number to initiate a If a person answers the call, it is rerouted to a “closer agent,” or individual authorized by LiveVox’s client to answer the Holding that the manual work of the “clicker agent” in placing each call constituted human intervention, the district court granted summary judgment for Allied The Ninth Circuit stayed Meier’s pending the Supreme Court’s decision in Facebook, Inc. v. Duguid
In Facebook, the Supreme Court held that “a device must have the capacity either to store a telephone number using a random or sequential generator or to produce a telephone number using a random or sequential number generator” to qualify as an automatic telephone dialing systemFollowing Facebook, Meier argued the LiveVox Platform constituted an ATDS because the telephone numbers stored in the LiveVox system via the uploaded file were produced to operators to be dialed “sequentially,” i.e., the same way they were ordered in the The Ninth Circuit rejected this argument, stating it would bring “virtually any system” storing pre-produced lists into the scope of an ATDS, so long as the system could automatically dial the Additionally, the Ninth Circuit held that only the Human Call Initiator, as opposed to the entire LiveVox Platform, should be considered equipment subject to the
Plaintiffs, former and potential customers of the defendant bars, brought suit against the defendants claiming violations of thePreviously, the plaintiffs had given their cell phone numbers to the defendant bars. Because the defendants used the marketing software Txt Live, which is not capable of generating phone numbers, the bars’ employees manually entered the numbers, with demographic data, into the Txt Live From there, Txt Live allowed the defendants to filter the number of recipients of a text and the individual recipients based on demographic When an employee hits “send,” the recipients were shuffled based on a random number generator, and when the number of potential recipients exceeded the number of intended recipients, those potential recipients who were the first sequentially in the randomly generated list received the The U.S. District Court for the Western District of Missouri granted summary judgment for the defendants, finding the defendants’ use of Txt Live was Specifically, it held Txt Live was not an ATDS as the manually entered phone numbers were “merely stored” rather than “generate[d]” by the Txt Live
The Eighth Circuit affirmed the lower court’s textual approach, holding that the term “produce” within the TCPA should be read as akin to “generate” since the subject it modifies is a “random or sequential numberThe Eighth Circuit found this was in line with the Supreme Court’s decision in Facebook, stating that the Court in Facebook emphasized that Section 227 targets only telemarketing equipment that “risks dialing emergency lines randomly or tying up all the sequentially numbered lines at a single Because the customers gave the defendant their phone numbers, which were then manually entered into Txt Live’s list, the Eighth Circuit found that the numerically based randomizer did not transform Txt Live away from the “equipment that merely stores and dials telephone numbers” excluded by Facebook from section Finally, the Eighth Circuit joined other courts in rejecting the notion that footnote 7 of the Supreme Court’s Facebook opinion indicates that systems randomly selecting from pre-produced, non-random lists must be prohibited
In Shank v. Givesurance Insurance Services, Inc., the Southern District of Ohio joined a growing number of courts allowing a putative TCPA class action past the pleadingThe plaintiff alleged he received a single telemarketing call and automated text message from SimpleTexting, a mass text messaging service, on behalf of defendant Givesurance, an insurance The defendants moved for judgment on the pleadings, challenging the sufficiency of the plaintiff ’s complaint and his Article III Finding that the common law “recognizes claims based on privacy and nuisance” and that Congress referred to “unrestricted telemarketing” as “an intrusive invasion of privacy” and “nuisance” in the TCPA, the court held that the receipt of a single text message is sufficient to establish injury in fact and, therefore, Article III In so doing, the court followed the Second, Fifth, Seventh, and Ninth Circuits, and rejected the Eleventh Circuit’s holding that the receipt of a single text message is too minimal to warrant “injury in fact” capable of supporting
Additionally, the court found the plaintiff ’s complaint adequate to survive the pleading stage. In Facebook, the Supreme Court held that Facebook’s automatic text messages to targeted subscribers or contacts did not fall within the meaning of the TCPA since its equipment did not store or produce numbers using a random or sequential numberThe defendants in Shank argued that because SimpleTexting’s website stated users must “import any existing contacts,” and because the plaintiff ’s complaint alleged Givesurance used a service allowing it to reach “subscribers,” the defendants could not have used an ATDS prohibited by the The court, however, found the following allegations of the plaintiff sufficient to support a plausible claim under the TCPA: 1) the call was made from an SMS code, 2) SMS codes are evidence of use of an ATDS, 3) SimpleTexting’s website advertised its “mass text messaging” ability, 4) the generic and non-personalized text message was “part of a ‘nationwide telemarketing campaign,’” and 5) the plaintiff did not consent to receive the Accordingly, the defendants must wait for summary judgment to argue they did not use a prohibited, automatic dialer.
The plaintiff, a licensed California insurance agent, filed a class action against the defendant, Senior Life Insurance Company, alleging violations of theThough Miholich was on the National Do-Not-Call Registry, he received text messages allegedly sent by Senior Life Insurance advertising its Specifically, the parties disputed whether the text messages were sent to Miholich’s business telephone and thus excluded from the reach of the TCPA’s “do-not-call” provisions. Senior Life Insurance countered by primarily arguing that the court lacked subject matter jurisdiction because Miholich lacked Article III
As evidence, Senior Life Insurance showed Miholich’s telephone number is listed as the “Business Phone” number for Miholich on his license with the California Department ofMiholich submitted a declaration stating the number was his “personal cellular telephone number” and that it was used for a variety of calls, including those with “family members and The court found it could not conclude as a matter of law that Miholich did not fall within the protection of the TCPA as the FCC previously recognized that the TCPA could protect a telephone used for business and personal
The court similarly rejected Senior Life Insurance’s request for dismissal for failure to state aSenior Life Insurance pled that its text messages were attempts to recruit Miholich as an independent contractor rather than a prohibited telephone Miholich alleged that the messages he received advertising “Financed Leads” and a link to a Senior Life Insurance webinar constituted “an attempt to promote or sell Defendant’s Again, the court sided with Miholich, allowing his TCPA class action to pass the pleadings
In Barnes v. Allsup Employment Services LLC, the Southern District of Florida rejected class certification for a putative class of individuals who received a telemarketing call from the defendant and for whom the defendant’s call records indicate a voicemail message wasThe plaintiff brought suit against the defendant under the TCPA on behalf of herself and two putative Though the Eleventh Circuit requires that an individual receive more than a single unwanted telemarketing call to suffer an injury-in-fact and thus have Article III standing, the plaintiff survived the defendant’s challenge on account of having received and listened to four telemarketing
In addition, the defendant challenged class certification on the ground that determining the standing of the putative class members was a predominating individualizedThe court agreed, finding that within the Eleventh Circuit, an individualized inquiry would be necessary into each class member to determine if she suffered injury-in-fact by receiving more than one Further, even if that individual received only one voicemail, the court reasoned that the individual could still have standing under Eleventh Circuit law if she answered two or more calls separate from the Accordingly, the Eleventh Circuit’s standing requirements under the TCPA may raise a barrier against class certification.
In May 2022, the U.S. Department of Justice released an updated policy to guide its attorneys in charging violations of the Computer Fraud and Abuse ActThe new charging policy clarifies the meaning of impermissible access “without authorization” and “exceeding authorized access” under Section 1030 of the The updated policy describes when charges under both theories should be brought and explicitly recommends against prosecution “if available evidence shows the defendant’s conduct consisted of, and the defendant intended, good-faith security Further, in response to some concerned courts and commentators, the updated policy clarifies that individuals will not be federally criminally charged for minor infractions where a user continues to use a service after access is withdrawn under terms of the contract or other For example, even if the terms of a dating website only allow access to users who do not embellish their profiles, under the updated policy, an embellishing user cannot be charged with an offense under the CFAA unless expressly informed they are no longer permitted to use the
The appeal then turned on whether, after LinkedIn sent hiQ a cease-and-desist letter, hiQ’s continued scraping of LinkedIn’s profiles was “without authorization” under theRelying on the “gates-up-or-down” inquiry from Van Buren the Ninth Circuit held that hiQ did not improperly bypass any “gate” in scraping data from LinkedIn’s publicly available profiles. Instead, by leaving the data publicly accessible LinkedIn had failed to construct any Accordingly, in the Ninth Circuit, a person must circumvent generally applicable rules for access permissions to violate the CFAA’s “without authorization” It is yet to be seen how this rule will interact with the Department of Justice’s new charging policies and examples.
Richik thanks Nathan J. Hall, Washington University School of Law, J.D. candidate 2022, for his immense contribution to this survey.