Category: Consumer Protection

Texas Attorney General Launches Investigation into 15 Tech Companies

Texas Attorney General Ken Paxton recently launched investigations into Character.AI and 14 other technology companies on allegations of failure to comply with the safety and privacy requirements of the Securing Children Online through Parental Empowerment (“SCOPE”) Act and the Texas Data Privacy and Security Act.

The SCOPE Act places guardrails on digital service providers, including AI companies, including with respect to sharing, disclosing and selling minors’ personal identifying information without obtaining permission from the child’s parent or legal guardian. Similarly, the Texas Data Privacy and Security Act imposes strict notice and consent requirements on the collection and use of minors’ personal data.

Attorney General Paxton reiterated the Office of the Attorney General’s (“OAG’s”) focus on privacy enforcement, with the current investigations launched as part of the OAG’s recent major data privacy and security initiative. Per that initiative, the Attorney General opened an investigation in June into multiple car manufacturers for illegally surveilling drivers, collecting driver data, and sharing it with their insurance companies. In July, Attorney General Paxton secured a $1.4 billion settlement with Meta over the unlawful collection and use of facial recognition data, reportedly the largest settlement ever obtained from an action brought by a single state. In October, the Attorney General filed a lawsuit against TikTok for SCOPE Act violations.

The Attorney General, in the OAG’s press release announcing the current investigations, stated that technology companies are “on notice” that his office is “vigorously enforcing” Texas’s data privacy laws.

Copyright © 2024, Hunton Andrews Kurth LLP. All Rights Reserved.
For more on Texas Attorney General Investigations, visit the NLR Communications Media Internet and Consumer Protection sections.

“Don’t You Have to Look at What the Statute Says?” – IMC’s Oral Arguments

As we noted earlier on TCPAWorld, the IMC odds against the FCC might be better than initially thought due to the panel of judges from the Eleventh Circuit hearing the oral arguments. Oral argument recordings are available online.

And the panel did not disappoint in pushing back on the FCC.

The conversation hinged on the FCC’s power to implement regulations in furtherance of the TCPA’s statutory language. This is important because the FCC is limited to implementation, and they are do not have the authority “to rewrite the statute” as was mentioned in the oral arguments.

Judge Luck (HERE) had some concerns with the FCC’s limitations on the consumer’s ability to consent. The statute, according to Luck, intends to allow consumers to agree to receive calls. If that is the case, then a limitation of the consumer’s ability to exercise their rights is an attempt to rewrite the statute.

Luck agreed that implementing the statute is fine, but limiting the right of consumers to receive calls they consent to receive is over reach. Luck continued “Just because you [the FCC] are ineffective at enforcing the authority doesn’t mean you have the right to limit one’s right, a statutory right, or rewrite those rights to limit what it means.”

The FCC attempted to argue that implementation of statute by their very nature is going to lead to restriction, but Judge Luck pushed back on that. According to Luck, there are ways to implement statutes that don’t restrict a consumer’s statutory rights. This exchange was also telling:

LUCK: Without the regulation do you agree with me that the statute would allow it?

FCC: Yes.

LUCK: If so, then it’s not an implementation. It’s a restriction.

Luck was not the only Judge who pushed back on the FCC. Judge Branch (I believe because she was not identified) also strongly pushed back on the FCC’s restriction on topically and logically associated as an element of consent. Branch stated that the FCC was looking at consumer behavior and essentially stated too many consumers didn’t know what they were doing in giving consent. The FCC stated “I think we have to look at how the industry was operating…” only to be interrupted by Branch who questioned that statement by asking “Don’t you have to look at what the statute says?”

YIKES.

Finally, the FCC’s turn in oral argument ended with this exchange:

JUDGE: Perhaps the question should be “We have a problem here. We should talk to Congress about it.”

FCC: Congress did task the agency to implement here.

JUDGE: It’s given you power to implement, not carte blanche.

DOUBLE YIKES.

There was also a conversation around whether or not the panel should issue a stay in this case. The IMC argued that yes – a stay was appropriate due to the uncertainty in the market.

It’s pretty clear that the judges questioned the statutory authority of the FCC to implement the 1:1 consent and the topically and logically related portions of the definition of prior express written consent.

While we don’t have a definitive answer yet on this issue, we do know this is going to be a lot more interesting than everyone thought before the oral arguments.

We will keep you up to date on this and we will have more information soon.

© 2024 Troutman Amin, LLP
For more on the TCPA, visit the NLR Communications Media Internet section

Old Standard, New Challenges: The NLRB Restores ‘Clear and Unmistakable Waiver’ Standard

The National Labor Relations Board issued its decision in Endurance Environmental Solutions, LLC, 373 NLRB No. 141 (2024), in which it announced a major precedential shift: a return to the “clear and unmistakable waiver” standard. This shift may make it more difficult for employers to make changes to employee working conditions without union approval.

This decision overturns the NLRB’s 2019 decision in MV Transportation, Inc., 368 NLRB No. 66 (2019), in which the NLRB jettisoned the long-standing “clear and unmistakable waiver” standard in favor of the more employer-friendly “contract-coverage” standard. Under the latter rule, an employer could make changes to workplace conditions–without engaging in collective bargaining–as long as those changes generally aligned with the management-rights clause of a collective bargaining agreement, even if the disputed employer action was not mentioned specifically in the contract’s text.

While the clear and unmistakable waiver rule might be familiar territory, an old standard can raise new challenges for employers.

Under this more stringent and labor-friendly standard, an employer may only make a unilateral change to workplace conditions if there is clear and unmistakable language in the collective bargaining agreement permitting the proposed action. In other words, an employer is now required to demonstrate that a union has given a “clear and unmistakable waiver” of its right to bargain over specific changes being implemented for its unilateral change to survive NLRB review.

The NLRB champions its return to this standard as one that better accomplishes the goals of the National Labor Relations Act: to promote industrial peace by “encouraging the practice and procedure of collective bargaining.” The NLRB touts this decision as more consistent with U.S. Supreme Court and NLRB precedent.

Employers negotiating collective bargaining agreements should carefully evaluate their management-rights provisions and consider whether those provisions are now insufficient to enable them to implement unilateral changes without bargaining.

Notably, with the upcoming change in presidential administrations, the effect of Environmental Solutions, LLC may be ephemeralIf (or when) the NLRB comprises a Republican majority, we may be in store for another seismic shift as the NLRB looks for more employer-friendly opportunities, like a potential return to the contract-coverage standard.

Today, the Board issued its decision in Endurance Environmental Solutions, LLC. and restored the “clear and unmistakable” waiver standard for evaluating employers’ contractual defenses to allegations that they have unlawfully changed the working conditions of union-represented employees without first giving the union notice and an opportunity to bargain.
© 2024 BARNES & THORNBURG LLP
For more on the NLRB, visit the NLR Labor Employment section

Senate Subcommittee Holds Hearing on Public Health Impacts of PFAS Exposures

On December 5, 2024, the Senate Environment and Public Works (EPW) Subcommittee on Chemical Safety, Waste Management, Environmental Justice, and Regulatory Oversight held a hearing on “Examining the Public Health Impacts of PFAS Exposures.” The Subcommittee heard from the following witnesses (written testimony is not available at this time):

  • Laurel Schaider, Ph.D., Senior Scientist, Environmental Chemistry and Engineering, Silent Spring Institute;
  • Sue Fenton, Ph.D., Director of the Center for Human Health and the Environment, Professor of Biological Sciences, North Carolina State University; and
  • Michael D. Larrañaga, Ph.D., P.E., President and Managing Principal, R.E.M. Risk Consultants, on behalf of the American Industrial Hygiene Association (AIHA).

Schaider testified that there needs to be a comprehensive strategy to address all per- and polyfluoroalkyl substances (PFAS), including fluorinated polymers, as a class. Schaider described how the manufacture of PFAS can expose workers and nearby communities to PFAS and how the disposal of products that contain PFAS can contaminate the environment. Fenton offered a number of suggestions for possible legislation, including: limiting the production and use of PFAS; requiring health insurance companies to pay for PFAS testing in susceptible populations; phasing out PFAS in firefighting foams (FFF); requiring manufacturers to provide standards in purified forms of their PFAS; and requiring PFAS manufacturers to fund the development of safe destruction methods for PFAS. Larrañaga stated that PFAS are part of our critical infrastructure and are used in the manufacture of products such as semiconductors, electronics, medical equipment, pharmaceuticals, herbicides, insecticides, plastics, airplanes, automobiles, and buildings. Larrañaga urged that the use of PFAS be balanced against the risk of alternatives.

The hearing included discussion of the use of PFAS in consumer products, including non-stick pans and waterproof mascara, versus other products, such as cell phones and semiconductors. Schaider stated that the issue is not only non-essential uses of PFAS, as in cookware, but also the lifecycle of products that contain PFAS. There may be environmental contamination in communities where PFAS are manufactured, workers may be exposed during manufacture, and at the end of the lifecycle of the product, the PFAS could end up in a landfill or in emissions when incinerated.

During the hearing, Senator Roger Wicker (R-MS) asked whether all PFAS cause the same level of harm and noted the common definition of PFAS as “any compound containing at least one fully fluorinated carbon atom.” Larrañaga responded that although fluoropolymers contain one fully fluorinated carbon atom, they are less bioavailable than other PFAS of concern. There could be an issue if heating them, but by removing that use from the marketplace, instead of banning all PFAS, there would be no adverse effect to critical infrastructure or defense. Schaider stated that, to her knowledge, no PFAS is completely safe. According to Schaider, newer PFAS replacement chemicals raise many of the same health concerns. Schaider suggested that an essential uses framework could be used to identify where PFAS uses can be reduced immediately.

The hearing included discussion of the best way to move forward. Fenton noted that even for essential uses, there is potential exposure to the waste and that proper disposal is important. According to Fenton, labeling products with intentionally added PFAS would allow consumers to make more informed choices. Subcommittee Chair Jeff Merkley (D-OR) suggested that there may be product categories where labeling is more important because the contamination pathway is more significant. Merkley concluded that Congress should continue to explore how to reduce the risk of PFAS to citizens.

There is much discussion, seemingly everywhere, about PFAS, but no easy answers to the questions the Subcommittee considered. In a perfect world, PFAS would be comprehensively addressed as Schaider recommends, and all the unknowns about disposal, exposure, and toxicity would be known. But we do not live in that world, and many hard questions remain to be answered. The Subcommittee gets points for raising key issues, but did little to move the needle.

All eyes are now on the new kids in town — the incoming Trump Administration and U.S. Environmental Protection Agency (EPA) Administrator-Designate Lee Zeldin. We expect in 2025 a decidedly different focus on PFAS, but beyond this, much remains to be seen.

©2024 Bergeson & Campbell, P.C.
For more on the PFAS, visit the NLR Environmental Energy Resources section

CFPB Takes Aim at Data Brokers in Proposed Rule Amending FCRA

On December 3, the CFPB announced a proposed rule to enhance oversight of data brokers that handle consumers’ sensitive personal and financial information. The proposed rule would amend Regulation V, which implements the Fair Credit Reporting Act (FCRA), to require data brokers to comply with credit bureau-style regulations under FCRA if they sell income data or certain other financial information on consumers, regardless of its end use.

Should this rule be finalized, the CFPB would be empowered to enforce the FCRA’s privacy protections and consumer safeguards in connection with data brokers who leverage emerging technologies that became prevalent after FCRA’s enactment.

What are some of the implications of the new rule?

  • Data Brokers are Now Considered CRAs. The proposed rule defines the circumstances under which companies handling consumer data would be considered CRAs by clarifying the definition of “consumer reports.” The rule specifies that data brokers selling any of four types of consumer information—credit history, credit score, debt payments, or income/financial tier data—would generally be considered to be selling a consumer report.
  • Assembling Information About Consumers Means You are a CRA. Under the rule, an entity is a CRA if it assembles or evaluates information about consumers, including by collecting, gathering, or retaining; assessing, verifying, validating; or contributing to or altering the content of such information. This view is in step with the Bureau’s recent Circular on AI-based background dossiers of employees. (See our prior discussion here.)
  • Header Information is Now a Consumer Report. Under the proposed rule, communications from consumer reporting agencies of certain personal identifiers that they collect—such as name, addresses, date of birth, Social Security numbers, and phone numbers—would be consumer reports. This would mean that consumer reporting agencies could only sell such information (typically referred to as “credit header” data) if the user had a permissible purpose under the FCRA.
  • Marketing is Not a Legitimate Business Need. The proposed rule emphasizes that marketing is not a “legitimate business need” under the FCRA. Accordingly, CRAs could not use consumer reports to decide for an advertiser which consumers should receive ads and would not be able to send ads to consumers on an advertiser’s behalf.
  • Enhanced Disclosure and Consent Requirements. Under the FCRA, consumers can give their consent to share data. Under the proposed rule, the Bureau clarified that consumers must be provided a clear and conspicuous disclosure stating how their consumer report will be used. It would also require data brokers to acknowledge a consumer’s right to revoke their consent. Finally, the proposed rule requires a new and separate consumer authorization for each product or service authorized by the consumer. The Bureau is focused on instances where a customer signs up for a specific product or service, such as credit monitoring, but then receives targeted marketing for a completely different product.

Comments on the rule must be received on or before March 3, 2025.

Putting It Into Practice: With the release of the rule so close to the end of Director Chopra’s term, it will be interesting to see what a new administration does with it. We expect a new CFPB director to scale back and rescind much of the informal regulatory guidance that was issued by the Biden administration. However, some aspects of the data broker rule have bipartisan support so we may see parts of it finalized in 2025.

Listen to this post

Copyright © 2024, Sheppard Mullin Richter & Hampton LLP.
For more on the CFPB, visit the NLR Financial Institutions Banking section

…But Wait, There’s More!

In 2025, eight additional U.S. state privacy laws will go into effect, joining California, Colorado, Connecticut, Montana, Oregon, Texas, Utah, and Virginia:

  1. Delaware Personal Data Privacy Act (effective Jan. 1, 2025)
  2. Iowa Consumer Data Protection Act (effective Jan. 1, 2025)
  3. Nebraska Data Privacy Act (effective Jan. 1, 2025)
  4. New Hampshire Privacy Act (effective Jan. 1, 2025)
  5. New Jersey Data Privacy Act (effective Jan. 15, 2025)
  6. Tennessee Information Protection Act (effective July 1, 2025)
  7. Minnesota Consumer Data Privacy Act (effective July 31, 2025)
  8. Maryland Online Data Privacy Act (effective Oct. 1, 2025)

While many of these eight state privacy laws are similar to current privacy laws in effect, there are some noteworthy differences that you will need to be mindful of heading into the New Year. Additionally, if you did not take Texas, Oregon and Montana into consideration in 2024, now is the time to do so!

Here is a roadmap of key considerations as you address these additional state privacy laws.

1. Understand What Laws Apply to Your Organization

To help determine what laws apply to your organization, you need to know the type and quantity of personal data you collect and how it is used. Each of the eight new state laws differ with their scope of application, as their thresholds vary based on the 1) number of state residents whose personal data controlled or processed and 2) the percentage of revenue a controller derives from the sale of personal data.

Delaware, New Hampshire, and Maryland have the lowest processing threshold – 35,000 consumers.

Nebraska’s threshold requirements are similar to Texas’ threshold requirements: the law applies to any organization that operates in the state, processes or sells personal data, and is not classified as a small business as defined by the U.S. Small Business Administration.

Notably, Maryland and Minnesota will apply to non-profits, except for those that fall into a narrow exception.

See our chart at the end of this article for ease of reference.

2. Identify Nuances

Organizations will need to pay particular attention to Maryland’s data minimization requirements as it is the strictest of the eight. Under Maryland, controllers will have unique obligations to meet, including the following:

  • Limit the collection or processing of sensitive data to what is “reasonably necessary and proportionate to provide or maintain a specific product or service requested by the consumer to whom the data pertains.”
  • Cannot process minors’ (under 18 years old) personal data for targeted advertising.
  • A broad prohibition on the sale of sensitive data.

If a controller engages in the sale of sensitive data, under Texas’ privacy law, which went into effect in July 2024, requires controllers to include the following notice in the same place your privacy policy is linked: “NOTICE: We may sell your sensitive personal data.” Similarly, if a controller engages in the sale of biometric personal data, the following notice must be included in the privacy policy: “NOTICE: We may sell your biometric personal data.” Nebraska requires companies to obtain opt-in consent before selling sensitive data. Maryland prohibits the sale of sensitive data altogether.

Minnesota takes data inventory a step further, requiring companies to maintain an inventory of personal data processed and document and maintain a description of the policies and procedures that they adopt to comply with the act.

3. Refine Privacy Rights Management

All states provide consumers with the right to access, delete, correct (except Iowa), and obtain a copy of their personal data.

Minnesota’s law provides consumers with two additional rights:

  1. The right to request the specific third parties to whom a business has disclosed personal data. Controllers may choose to respond to such a request either by providing the names of the specific third parties to which it has disclosed the consumer’s personal data or the name of third parties to which it has disclosed any personal data.
  2. The right to question the results of a controller’s profiling, to the extent it produced legal effects. Consumers will have the right to be informed of the reason that the profiling resulted in a specific decision and be informed of the actions the consumers may take to secure a different decision in the future.

Aligning with California and Utah, Iowa requires controllers to provide notice and an opportunity to opt out of the processing of sensitive data.

Interestingly, Iowa does not affirmatively establish a right to opt-out of online targeted advertising.

4. Conduct Data Privacy Impact Assessments

Most state privacy laws require controllers to conduct data privacy impact assessments for high-risk processing activities such as the sale of personal data, targeted advertising, profiling, and sensitive data processing. Nebraska, Tennessee, Minnesota, and Maryland follow Oregon by including any processing activities that present a heightened risk of harm to a consumer. Maryland takes this a step further in requiring the assessment include an assessment of each algorithm that is used.

5. Update Privacy Notices

All state privacy laws require privacy notices at the time of collecting personal data. It is essential you keep your privacy notice up-to-date and ensure (at a bare minimum) it covers data categories, third-party sharing, consumer privacy rights options, and opt-out procedures. Minnesota also requires controllers to provide a “reasonably accessible, clear, and meaningful” online privacy notice, posted on its homepage using a hyperlink that contains the word “privacy.”

As state privacy laws stack up, having a structured, adaptable, and principles-based approach paves the path to sustainable compliance.

Make 2025 the year your privacy program doesn’t just meet the minimum—it excels.

Click here to view the 2025 US State Privacy Laws Applicability Chart

Copyright © 2024 Womble Bond Dickinson (US) LLP All Rights Reserved.
For more on Privacy Laws, visit the NLR Communications Media Internet section

FDA Affirms Its Decision to Remove 25 Plasticizers From the Food Additive Regulations

In a continuation of the US Food and Drug Administration‘s efforts to conduct post-market reviews evaluating the continued use and safety of chemicals authorized in its regulations, the agency is removing decades-old clearances for food-contact materials based on evolving toxicology concerns. Specialty chemical companies should take note of the development as an example of the way FDA may respond when safety concerns evolve for cleared substances.

Specifically, on October 2024, the Food and Drug Administration (FDA) responded to an objection to its 22 May 2022 final rule amending the food additive regulations (the Final Rule) and affirmed its decision to remove 25 ortho-phthalate plasticizers from 21 C.F.R. Parts 175, 176, 177, and 178. The FDA issued the Final Rule on 20 May 2022 in response to a food additive petition submitted by the Flexible Vinyl Alliance. Several non governmental organizations filed an objection to the FDA’s Final Rule, and in the FDA’s response, the FDA stated that the objection did not provide a basis for modifying the FDA’s Final Rule. While the FDA affirmed its decision, the FDA noted that it is working on an updated safety assessment that will include the remaining authorized uses for phthalates that were not removed from the food additive regulations. The FDA will consider, in part, information it received through its “Ortho-phthalates for Food Contact Use” Request for Information in its evaluation. The FDA’s response explained why the FDA’s action with respect to the Final Rule was reasonable.

The FDA also received objections to the agency’s denial of a separate food additive petition (food additive petition 6B4815) in which the National Resource Defense Council (NRDC) requested that the FDA revoke authorized food contact uses of 28 phthalates due to alleged safety concerns. The FDA concluded that the NRDC did not establish a basis for modifying or revoking the denial order as requested in their objections. According to the FDA, the NRDC failed to establish sufficient support to take the requested action of grouping the 28 phthalates as a class and revoking their authorizations for the 28 phthalates on the basis that they were unsafe as a class. The FDA took issue with reviewing all 28 phthalates together as a class by applying data from one chemical to the entire group as the NRDC suggested. The FDA found that available information did not support grouping the phthalate chemicals into a single-class assessment and noted that 23 of the 28 phthalates were no longer in use and had been revoked in the Final Rule issued at the same time as the denial of the safety-based petition.

The FDA’s forthcoming post-market assessment(s) of the ortho-phthalates whose uses remain the subject of applicable food additive clearances may be an example of the procedures that the FDA will utilize for its post-market assessment of chemicals in food that is currently under development. The proposed post-market assessment process was the subject of a recent public meeting, attended by our Senior Scientific Advisor, Dr. Peter Coneski, at the FDA’s White Oak Campus on 25 September 2024. The public comment period for the FDA’s proposal for an enhanced systematic process for the post-market assessment of chemicals in food remains open until 6 December 2024. We are monitoring these and other developments affecting the regulation of food contact materials in the United States and other jurisdictions.

Copyright 2024 K & L Gates
For more on the FDA, visit the NLR Biotech Food Drug section

Upcoming Telephone Consumer Protection Act (TCPA) Changes in 2025

The Telephone Consumer Protection Act (TCPA), enacted in 1991, protects consumers from unwanted telemarketing calls, robocalls, and texts.

New FCC Consent Rule

On January 27, 2025, the Federal Communications Commission’s (FCC) new consent rule for robocalls and robotexts will take effect. The FCC aims to close the “lead generator loophole” by requiring marketers to obtain “one-to-one” consumer consent to receive telemarketing texts and auto-dialed calls. While the rule primarily targets lead generators, it could affect any business that relies on consumer consent for such communications or purchases leads from third parties.

Under the rule, businesses must clearly and conspicuously request and obtain written consumer consent for robocalls and robotexts from each individual company. Companies can no longer rely on a single instance of consumer consent that links to a list of multiple sellers and partners. Instead, individual written consent will be required for each marketer. Additionally, any resulting communication must be “logically and topically related” to the website where the consent was obtained.

To meet this requirement, businesses may allow consumers to affirmatively select which sellers they consent to hear from or provide links to separate consent forms for each business requesting permission to contact them.

New Consent Revocation Rules

Another change takes effect on April 11, 2025, when the FCC’s new consent revocation rules for robocalls and robotexts are implemented. These rules allow consumers to revoke prior consent through any reasonable method, and marketers may not designate an exclusive means for revocation. Reasonable methods include replying “stop,” “quit” or similar terms to incoming texts, using automated voice or opt-out replies, or submitting a message through a website provided by the caller.

Marketers must honor revocation requests within a reasonable timeframe, not exceeding 10 business days. After that period, no further robocalls or robotexts requiring consent may be sent to the consumer.

Preparing for Compliance

To comply with the January 27, 2025, one-to-one consent rule and the April 11, 2025, consent revocation rule, lead generators and businesses that use or facilitate robocall and robotext communications should:

  • Review their current consent and revocation practices.
  • Ensure compliance by updating policies before the deadlines.
  • Examine where consumer leads are being obtained and adjust policies for using this information to meet the new requirements.

This advisory provides only a summary of the upcoming changes to the Telephone Consumer Protection Act.

© 2024 Varnum LLP
For more on the TCPA, visit the NLR Communications Media Internet section

NSA Wants Industry to Disclose Details of Telecom Hacks in Light of Chinese Involvement

On November 20, 2024, the director of the National Security Agency, General Timothy Haugh, urged the private sector to take swift, collective action to share key details about breaches they have suffered at the hands of Chinese hackers who have infiltrated US telecommunications.

Gen. Haugh said he wants to provide a public “hunt guide” so cybersecurity professionals and companies can search out the hackers and eradicate them from telecommunications networks.

US authorities have confirmed Chinese hackers have infiltrated US telecommunications in what Senator Richard Blumenthal, a Connecticut Democrat, this week described as a “sprawling and catastrophic” infiltration. AT&T Inc., Verizon Communications Inc. and T-Mobile are among those targeted.

Through those intrusions, the hackers targeted communications of a “limited number” of people in politics and government, US officials have said. They include Vice President Kamala Harris’ staff, President-elect Donald Trump and Vice President-elect JD Vance, as well as staffers for Senate Majority Leader Chuck Schumer, according to Missouri Republican Senator Josh Hawley.

Representatives of the Chinese government have denied the allegations.

“The ultimate goal would be to be able to lay bare exactly what happened in ways that allow us to better posture as a nation and for our allies to be better postured,” – Gen. Tim Haugh.
©2024 Katten Muchin Rosenman LLP
For more on Telecom, visit the NLR Communications Media Internet section

SPAM FROM HOME?: Home Shopping Network (HSN) Hit With New TCPA Class Action Over DNC Text Messages

TCPA class actions against retailers arising out of SMS channel communications continue to roll in, despite Facebook severely limiting the availability of TCPA ATDS claims.

The issue, of course, is the DNC rules that prevent SMS messages to residential phones for marketing purposes absent prior express invitation or permission or an established business relationship.

For instance a consumer in Florida filed a TCPA class action lawsuit against HSN (home shopping network) yesterday in federal court claiming the company sent him promotional text messages without his consent and despite the fact he was on the national DNC list.

Complaint here: HSN COmplaint

The Complaint alleges HSN had a “practice” of sending text messages to consumers on the DNC list and seeks to represent a class of:

All persons throughout the United States (1) who did not provide their
telephone number to HSN, Inc., (2) to whom HSN, Inc. delivered, or
caused to be delivered, more than one call or text message within a 12-
month period, promoting HSN, Inc. goods or services, (3) where the
person’s residential or cellular telephone number had been registered
with the National Do Not Call Registry for at least thirty days before
HSN, Inc. delivered, or caused to be delivered, at least two of the calls
and/or text messages within the 12-month period, (4) within four years
preceding the date of this complaint and through the date of class
certification.

As these cases continue to roll in it is critical that retailers and brands keep the DNC rules in mind. Most companies only seek to contact consumers that sign up for their messages but numerous challenges to compliance exist:

  1. Third-party lead suppliers often provide false information;
  2. Consumers enter the wrong phone numbers on POS systems and online; and
  3. Phone numbers change hands regularly.

While tools exist to help limit exposure on these challenges it is critical to maintain a strong DNC policy and attendant training to provide a defense. And don’t forget about the new revocation rules!

© 2024 Troutman Amin, LLP
For more on the TCPA, visit the NLR Communications Media Internet section