Last week, the US Court of Appeals for the DC Circuit issued a long-awaited decision on an omnibus challenge to the FCC’s interpretation of the TCPA. While the decision provides some relief for businesses, it does not eliminate the prospect of TCPA liability and leaves important TCPA interpretive questions unresolved. Businesses should continue to be vigilant regarding consent and opt-out procedures when sending automated text messages and automated or pre-recorded calls to consumers. Continue Reading
As one of the last states to retain highly restrictive (and arguably anti-competitive) telemedicine practice standards, health care providers, regulatory boards, technology companies, payors and other stakeholders have been actively monitoring Texas’ approach to telemedicine regulation and the related Teladoc case. Texas has eliminated its most restrictive requirement for delivering care via telemedicine in Texas, increasing opportunities for providers to reach patients using technology. Senate Bill 1107 was passed on May 11, 2017, and the House added an amendment in passing Senate Bill 1107, which was approved in the Senate on May 18. The bill was signed into law by Governor Abbott last weekend.
New York AG Settlement with App Developers Serves as a Warning for the Need for Evidence-Backed Commercial Claims
On March 23, 2017, the New York Attorney General’s office announced that it has settled with the developers of three mobile health (mHealth) applications (apps) for, among other things, alleged misleading commercial claims. This settlement highlights for mHealth app developers the importance of systematically gathering sufficient evidence to support their commercial claims.
The Joint Commission (TJC) recently clarified that licensed independent providers (LIPs) or other practitioners may not utilize secure text messaging platforms to transmit patient care orders. TJC’s earlier position provided that use of secure text messaging platforms was an acceptable method to transmit such orders, provided that the use was in accordance with professional standards of practice, law and regulation, and policies and procedures.
TJC identified the rationale for the reinstated prohibition against secure text messaging for patient care orders as one of patient safety—after “weighing the pros and cons” TJC and the Centers For Medicare and Medicaid Services (CMS) concluded that as the impact of the modality on patient safety remained unclear, and determined that approving its use was premature.
Read more here about how this clarification impacts health care organizations.
On the third anniversary of the EU Commission’s proposed new data protection regime, the UK ICO has published its thoughts on where the new regime stands. The message is mixed: progress in some areas but nothing definitive, and no real clarity as to when the new regime may come into force.
The legislative process involves the agreement of the European Commission, the European Parliament and the Council of Europe (representing the governments of the member states). So far the European Parliament has agreed its amendments to the Commission’s proposal and we are still waiting for the Council to agree it’s amendments before all three come together and try and find a mutually agreeable position.
The Council is guided by the mantra “nothing is agreed until everything is agreed”, and so even though there has been progress with the Council reaching “partial general agreement” on international transfers, risk-based obligations on controllers and processors, and the provisions relating to specific data processing situations such as research and an approach agreed on the one-stop shop principle (allowing those operating in multiple states to appointed and deal with a single authority), this progress means nothing until there is final agreement on everything. At this stage that means all informal agreements remain open to renegotiation.
It is noted that Latvia holds the presidency of the Council until June 2015. The Latvians have already noted that Anydata protection reform remains a key priority but progress has been slow and time may be against them. Where Latvia fails, Luxembourg will hopefully succeed as it takes up the presidency from June.
The ICO is urging all stakeholders to push on with the reform, although they see the proposed timetable of completion of the trilogue process by the end of 2015 as being optimistic. Instead a more reasonable timetable may be a final agreement by mid-2016 with the new regime up and running in 2018.
In 2014, regulators around the globe issued guidelines, legislation and penalties in an effort to enhance security and control within the ever-shifting field of privacy and data protection. The Federal Trade Commission confirmed its expanded reach in the United States, and Canada’s far-reaching anti-spam legislation takes full effect imminently. As European authorities grappled with the draft data protection regulation and the “right to be forgotten,” the African Union adopted the Convention on Cybersecurity and Personal Data, and China improved the security of individuals’ information in several key areas. Meanwhile, Latin America’s patchwork of data privacy laws continues to evolve as foreign business increases.
This report furnishes in-house counsel and others responsible for privacy and data protection with an overview of key action points based on these and other 2014 developments, along with advance notice of potential trends in 2015. McDermott will continue to report on future updates, so check back with us regularly.
Join Us at BAA’s Marketing Law Conference for a Panel Discussion on Developments in Mobile Marketing
For those Of Digital Interest readers attending the Brand Activation Association’s (BAA) 36th Annual Marketing Law Conference, please join McDermott partner – and Of Digital Interest editor – Julia Jacobson as she moderates a panel titled “New and Unexpected: Developments in Mobile Marketing – Mobile Tracking, Apps and Mobile Payments.” She will be joined by Ira Schlussel of HelloWorld, Inc., Paul Twarog of Google Inc. and co-moderator Terese Arenth. The panel session starts at 3:20 pm on Thursday, November 6. We hope to see you there.
Be Careful Who You Hire To Make Those Calls! Ninth Circuit Takes Expansive View of Vicarious Liability under the TCPA
A recent ruling by the Ninth Circuit took an expansive view of vicarious liability under the Telephone Consumer Protection Act (TCPA). Reversing the district court’s grant of summary judgment, the court in Gomez v. Campbell held that a marketing consultant could be held liable for text messages sent in violation of the TCPA, even though the marketing consultant itself had not sent the texts and even though the texts were sent on behalf of the marketing consultant’s client, not the consultant itself.
Among other things, the TCPA prohibits (with certain exceptions) the use of automatic telephone dialing systems in making calls to cellphones. Both the Federal Communications Commission (FCC) and the courts have interpreted this provision to bar the use of automated systems to send unsolicited texts to cellphones. In Gomez, the Campbell-Ewald Company had been hired by the Navy to conduct a multimedia recruiting campaign. Campbell-Ewald had then outsourced the text-messaging component of the campaign to a third party, Mindmatics. Mindmatics then allegedly sent text messages to the plaintiff and others who had not given consent.
On appeal, Campbell-Ewald raised two variations of the arguments that it should not be held liable for texts that it had not itself sent. First, Campbell-Ewald argued that it did not “make” or “initiate” any calls under the TCPA because Mindmatics had sent the texts. As the statue only provides for liability for those that “make” or “initiate” prohibited calls, Campbell-Ewald argued that it could not be held liable. Second, addressing another potential avenue of liability, Campbell-Ewald noted that the FCC had interpreted the TCPA to allow for liability against those “on whose behalf” unsolicited calls are made. But, Campbell-Ewald argued, it could not be held liable on this ground either because the texts had been sent on behalf of its client, the Navy, not Campbell-Ewald.
In the end, the Ninth Circuit sidestepped both these arguments and found Campbell-Ewald potentially liable on a third basis, “ordinary tort-related vicarious liability rules.” The court noted that where a statute is silent on vicarious liability—as the court judged the TCPA to be—traditional common law standards of vicarious liability apply. Thus, the court held, Campbell-Ewald could be liable under the TCPA based on the agency relationship between Campbell-Ewald and Mindmatics. The court further noted that FCC had stated that the TCPA imposes liability “under federal common law principles of agency,” and held that the FCC’s interpretation was entitled to deference.
Finally, the court noted that it made little sense to subject both the actual sender and the ultimate client to liability, while absolving the middleman marketing consultant, noting, “a merchant presumably hires a consultant in party due to its experience in marketing norms.”
The decision reinforces the importance for companies to closely monitor anyone sending texts or placing calls on their behalf or at their direction. Following Gomez, it is clear that any company that had a role in sending unsolicited calls or texts can potentially be held liable under the TCPA; and the company with the [...]