APA Comments
EPIC, NCLC, and Partner Organizations Comments on FTC Telemarketing Sales Rule (TSR) NPRM
FTC-2022-0034-0023 (Aug. 2022)
Comments to the Federal Trade Commission
regarding the
Telemarketing Sales Rule Regulatory Review
16 CFR Part 310-NPRM
Project No. R411001
RIN 3084-AB19
87 Fed. Reg. 33677 (June 3, 2022)
Notice of Proposed Rulemaking
submitted by
Electronic Privacy and Information Center and
National Consumer Law Center (on behalf of its low-income clients), and
Center for Digital Democracy,
Consumer Action,
Consumer Federation of America,
FoolProof,
Mountain State Justice,
National Consumers League,
New Jersey Citizen Action,
Patient Privacy Rights,
Public Good Law Center,
Public Justice Center,
Public Knowledge,
South Carolina Appleseed Legal Justice Center,
Cathy Lesser Mansfield (Senior Instructor in Law, Case Western Reserve University School of Law)
August 2, 2022
INTRODUCTION
The Federal Trade Commission has released a Notice of Proposed Rulemaking (NPRM) to update the Telemarketing Sales Rule (TSR).[1] We applaud the Commission for proposing changes to its rules that will strengthen enforcement and better protect consumers from misconduct. The undersigned consumer and privacy advocacy organizations[2] submit these comments to emphasize the importance of the Commission’s proposals and to suggest further improvements, including recordation of a Campaign ID for calls, requirements for authenticating consent, safeguards against defendants raising cost objections to avoid record production, requirements regarding the format of records, and protections for consumer data kept by companies pursuant to the Commission’s recordkeeping requirements.
Our comments proceed as follows:
- Recordkeeping Requirements
A. The Commission should strengthen the TSR by adopting the proposals in its NPRM.
i. We strongly support the requirement to retain more detailed records of each call.
ii. The Commission should adopt its requirement for five-year record retention.
iii. We support the Commission’s treatment of recordkeeping violations as TSR violations.
B. The Commission should propose further improvements to the TSR.
i. The Commission should require sellers and telemarketers to include a Campaign ID for each call.
ii. The Commission should require sellers and telemarketers to record the originating or gateway telecommunications provider for each campaign.
iii. The Commission should require both the seller and the telemarketer to retain call campaign records.
iv. Regarding consent provisions, the Commission should require the legal name of the specific seller, clarify its statement about verbal consent, require more than an IP address to authenticate consent, and clarify that the TSR’s consent requirements do not lower the bar below what the TCPA requires.
v. The Commission should ensure that cost objections are not used to avoid production of records.
vi. The Commission should impose more specific requirements as to the format of the records.
vii. The Commission should require more detailed records regarding the established business relationship (EBR) exemption.
C. The Commission should establish additional safeguards for consumer data. - The Commission should adopt its proposed definition of “previous donor.”
- The Commission should adopt its proposed prohibitions on misrepresentations during Business-to-Business (B2B) calls.
I. Recordkeeping Requirements
We strongly support the Commission’s proposals to bolster the TSR’s recordkeeping requirements.[3] For all the reasons cited in the Notice of Proposed Rulemaking, fraudulent and abusive telemarketers and the entities whose products they sell too often fail to keep the records necessary to hold them accountable. The experiences of non-government attorneys attempting to enforce the TSR and other laws against unwanted calls[4] confirm the Commission’s description[5] of the problems caused by the current TSR’s inadequate recordkeeping requirements.
We also urge the Commission to tighten the proposed recordkeeping requirements in several important ways, by (i) adding a requirement to Proposed § 310.5(a)(2) to record a Campaign ID for each call; (ii) including a requirement to keep records of which telecommunications service provider acted as the originating or gateway provider for each campaign; (iii) prohibiting sellers from delegating responsibility for recordkeeping to their telemarketers; (iv) strengthening the requirements for documenting consent and clarifying that the TSR’s consent requirements do not lower the bar below what the TCPA requires; (v) ensuring that cost and burden objections are not used to evade the obligation to produce call records; (vi) imposing specific requirements as to the format of records; and (vii) requiring more detailed records regarding established business relationships (EBRs).
Finally, we urge the Commission to consider how these records might constitute consumer data that could be sold to advertisers or to other third parties.
A. The Commission Should Strengthen the TSR by Adopting the Proposals in its NPRM.
i. We Strongly Support the Requirement to Retain More Detailed Records of Each Call.
The proposed rule would bring much more specificity to the requirements regarding what information must be recorded and preserved. A major weakness of the existing rule is that, while it requires records to be kept of prizes awarded and sales made, it does not require records to be kept of all the calls made. The result is that the records are of little use in identifying violations of the do-not-call rule.
We applaud the Commission’s Proposed 16 C.F.R. § 310.5(a)(2), which would remedy these deficiencies. It will, for the first time, require the telemarketer or seller to keep records of all calls made and the disposition of each call. Among other things, it will require the telemarketer’s records to identify the seller on whose behalf the call was made, whether the call utilizes a prerecorded message, the seller or person for which the call was placed, and the good, service, or charitable purpose of each call.
We particularly applaud the proposed requirement that the records include the originating telephone number (the “calling number,” required by Proposed § 310.5(a)(vii)), the caller ID telephone number and name that were transmitted to the consumer, and documentation of the caller’s authorization to use that telephone number and name. Misuse and manipulation of caller ID numbers to trick consumers into answering unwanted calls is an enormous problem. Not only do these tactics foster fraud,[6] but they also lead many consumers not to answer phone calls from unknown numbers,[7] making it hard for emergency calls to reach consumers and reducing faith in the U.S. telecommunications system.[8] Requiring sellers and telemarketers to keep these records will help enforcement agencies get to the bottom of this problem and stamp it out.
ii. The Commission Should Adopt Its Requirement for Five-Year Record Retention.
The proposed rule would require the seller or telemarketer to keep records for five years from the date each record is produced.[9] Under the current rule, records must be kept for only 24 months.
We strongly support the Commission’s proposal to increase the retention period to five years. Bad actors are adept at destroying records at the earliest possible moment as a way of evading liability. For example, in a recent complaint against TCA VoIP, a telecom provider that profited from transmitting millions of fraudulent calls originating overseas, the Vermont Attorney General alleged: “Despite the Vermont Attorney General requesting TCA VOIP to place a litigation hold on CDRs [call detail records] during this investigation, TCA VOIP is deliberately allowing its CDRs during the investigation to be destroyed as part of a very short retention policy.” The complaint cites the following message, which the defendant sent to a vendor/provider on January 10th: “The AG’s have gotten faster. The latest request is for Dec 13th forward. Can you verify that the oldest is rolling off and I have 90 days of [Call Detail Records] data?”[10]
iii. We Support the Commission’s Treatment of Recordkeeping Violations as TSR Violations.
The Commission has proposed to continue the existing provision, currently found in 16 C.F.R. § 310.5(b), that a violation of the rule’s recordkeeping requirements is a violation of the TSR, but to tighten it in a number of ways.[11] Specifically, the proposed rule specifies that failure to keep the records in a complete and accurate manner, and in compliance with all the new specific requirements regarding the contents of the records, is a TSR violation.
Inaccurate or incomplete records are of little use. We support this amendment, which clearly puts sellers and telemarketers on notice that they will be held liable if they fail to keep complete and accurate records.
B. The Commission Should Propose Further Improvements to the TSR.
i. The Commission Should Require Sellers and Telemarketers to Include a Campaign ID for Each Call.
We urge the Commission to tighten Proposed 16 C.F.R. § 310.5(a)(2)[12] by requiring records to identify the particular calling campaign in which calls were made by means of a Campaign ID. The failure of the current rule to require records tying calls to a specific campaign is one of its significant weaknesses, as it may allow sellers and telemarketers to produce undifferentiated records that are difficult to tie to the campaign that an enforcement action or private suit alleges was conducted in violation of the TSR or other law.
Adding this requirement will make it easier for enforcement agencies and consumer litigants to request, and telemarketers and callers to produce, the call records that relate to the particular campaign(s) alleged to have violated the rule. It will moot any objection that it is too burdensome or expensive to identify the calls that relate to a particular claim, as the rule will require each call to be tagged to a specific campaign.
This requirement is particularly important where a particular seller conducts several different campaigns for the same product, only one of which violates the TSR. Without a Campaign ID, it will be difficult to identify the calls that relate to the campaign that violates the TSR.
ii. The Commission Should Require Sellers and Telemarketers to Record the Originating or Gateway Telecommunications Provider for Each Campaign.
Proposed 16 C.F.R. § 310.5(a)(9) would require the telemarketer or seller to keep:
(9) A record of each service provider a telemarketer used to deliver an outbound telephone call to a consumer on behalf of a seller for each good or service the seller offers for sale through telemarketing. For each such service provider, a complete record includes the contract for the service provided, the date the contract was signed, and the time period the contract is in effect.
We strongly support this proposal.[13] Based on our experience with scam robocalls,[14] we think it is particularly important that the Commission explicitly require telemarketers to identify the telecommunications service provider used as the originating or gateway provider for the telemarketer’s campaign calls for each Campaign ID.[15] The Commission has pursued VoIP providers who are complicit or complacent when it comes to illegal calls,[16] and has collaborated with the Federal Communications Commission and state Attorneys General in combatting America’s robocall scourge.[17] These agencies frequently report that unwanted and illegal calls are the top complaint they receive from consumers.[18] Bringing to light which telecom providers are most commonly used for violative campaigns can assist all of these agencies, as well as private enforcement actors, in their efforts to address one of America’s biggest and most tenacious consumer protection issues—scam robocalls. Requiring the telemarketer or seller to keep these records may narrow the number of voice providers who must be sent a CID[19] and also narrow the reviewable records to only those containing telemarketing calls associated with the violative campaign.[20]
We therefore applaud the Commission’s proposal to require sellers and telemarketers to keep records of the telecommunications service providers they use for outbound calls. However, we urge the Commission to tighten the requirement by also requiring them to keep records of which originating or gateway provider(s) they use for each campaign, not merely which providers they have contracted with during a given period. When illegal calls are made, it is important for enforcement purposes to be able to identify which provider transmitted those particular calls. As written, the proposed rule is not entirely clear about whether merely having contracts on file is sufficient or whether the seller or telemarketer must also keep records showing which provider transmitted which calls. We urge the Commission to make it clear that the records must identify which originating or gateway provider(s) the seller or telemarketer used for each calling campaign.
iii. The Commission Should Require Both the Seller and the Telemarketer to Retain Call Campaign Records.
The proposed rule provides:[21]
e) The seller and the telemarketer calling on behalf of the seller may, by written agreement, allocate responsibility between themselves for the recordkeeping required by this section. When a seller and telemarketer have entered into such an agreement, the terms of that agreement will govern, and the seller or telemarketer, as the case may be, need not keep records that duplicate those of the other. If by written agreement the telemarketer bears the responsibility for the recordkeeping requirements of this section, the seller must establish and implement practices and procedure to ensure the telemarketer is complying with the requirements of this section. If the agreement is unclear as to who must maintain any required record(s), or if no such agreement exists, both the telemarketer and the seller are responsible for complying with this section.
This provision is identical to existing 16 C.F.R. § 310.5(c) except for the italicized portions, requiring the seller to establish procedures to ensure that telemarketers are complying with the recordkeeping requirements that have been delegated to them, and consolidating compliance responsibilities.[22]
We strongly urge the Commission not to allow sellers to delegate to their telemarketers the duty to keep the required records.[23] We are very concerned that allowing delegation will result in sellers claiming that they cannot produce the records because the records are in the possession and control of their telemarketers. Given the reality that many telemarketers are based overseas, are undercapitalized, and pop in and out of corporate existence,[24] allowing the seller to delegate recordkeeping to the telemarketer is likely to result in records that are non-existent or inaccessible to law enforcement and private litigants. Bad actor sellers may expressly choose these types of telemarketers for precisely this reason. But even less malicious sellers should not be permitted to turn a blind eye to the violations of their telemarketer contractors.
Telemarketers—especially but not exclusively those located overseas and therefore beyond the traditional jurisdiction of U.S. regulators—may fail to respond to service of process, file bankruptcy, or simply close shop and pop up as another business entity. Sellers may claim that they are not in possession of the records and that only their telemarketer is contractually obligated to preserve and produce the records, resulting in no production of records. Moreover, we know from our experience with illegal robocalls[25] that merely requiring companies to have a policy or procedure in place, without enforcement to ensure that that policy or procedure is actually effective, is a recipe for failure. These are all outcomes that should be avoided if the TSR is to adequately protect consumers. Only by leveraging the seller’s position of authority over their telemarketers can the Commission protect consumers.
We urge the Commission to explicitly require both the seller and the telemarketer to keep all the records listed in the proposed rule. The records listed are essential to identify violations and consumers who are entitled to redress. Since both sellers and telemarketers can be held liable under the rule, both should be required to keep the records that are essential for imposing that liability.
If, however, the Commission decides that only one entity should be required to keep the listed records, that entity should be the seller. The seller is less likely to be overseas and outside the reach of U.S. law enforcement. And, at least as the market is currently structured, we believe that the sellers receive most of the proceeds of sales and are more likely to be solvent and able to pay consumer damages, restitution, or other compensation.[26] However, we are concerned that fraudulent players could manipulate those arrangements and move sellers overseas, so it would be far preferable for the Commission to require both the seller and the telemarketer to have possession and control of a complete set of all the records.
If the Commission opts instead to permit sellers to delegate recordkeeping responsibility solely to their telemarketers, we urge the Commission to require sellers to periodically audit compliance, including reviewing an actual production of preserved records, and to require sellers working with overseas telemarketers to work only with telemarketers who have a U.S.-based agent—i.e., those whose records would be subject to U.S. jurisdiction and process. In this scenario, it is imperative that the sellers be explicitly liable for the deficiencies of their telemarketers in all circumstances, not just when there is not agreement between them or the agreement is unclear, as the proposed rule would provide. We have seen TCPA cases[27] in which sellers attempted to escape liability by arguing that, because their contract with the telemarketer stipulated that the telemarketer would not violate any applicable laws, the seller cannot be held liable for TCPA violations. Sellers advanced this claim even in the face of facts that demonstrated the seller knew or should have known that the telemarketer was fabricating consent and contacting consumers in violation of the TCPA.[28] We reiterate that the simplest and most comprehensive solution is prohibiting a seller from delegating their recordkeeping responsibility to their telemarketer(s), but periodic auditing, U.S.-based agents, and seller liability might mitigate some of the consumer harms the Commission should anticipate if it decides otherwise.
iv. Regarding Consent Provisions, the Commission Should Require the Legal Name of the “Specific Seller,” Clarify its Statement About Verbal Consent, Require More Than an IP Address to Authenticate Consent, and Clarify that the TSR’s Consent Requirements Do Not Lower the Bar below What the TCPA Requires.
We largely support the Commission’s requirements for documenting consent.[29] However, we urge the Commission (1) to strengthen the Commission’s “specific seller” language to include the seller’s legal name; (2) to tighten its rules surrounding verbal consent; (3) to combat fabricated consent by requiring evidence of a visit to and webform completion at a website (not merely a record of the consumer’s IP address); and (4) to pre-emptively address challenges arising from differences in language between the TSR and the TCPA.
The proposed rule requires a telemarketer or seller to keep, inter alia, records of the information specified in four sections of the TSR: §§ 310.3(a)(3) [relating to billing information], 310.4(a)(7) [also relating to billing information], 310.4(b)(1)(iii)(B)(1) [relating to an express agreement by a person on the DNC list to receive calls], or 310.4(b)(1)(v)(A) [relating to an agreement to receive prerecorded calls].[30]
One of the information items specified in the last of these four sections, § 310.4(b)(1)(v)(A)(iii), requires that the consumer express willingness to receive prerecorded messages from (or on behalf of) a “specific seller.” We urge the Commission to specify that, for recordkeeping purposes, this means “the legal name of a specific seller whose goods are services are being promoted.” This will reduce obfuscation regarding what the scope of the consumer’s consent entails, and—if legal action is necessary—who the proper defendant is.
We are also concerned about the Commission’s reference in section III(B)(5) of the Federal Register notice to verbal consent. There, the Commission states that a copy of the caller’s telemarketing script for requesting consent will serve as a complete record. The statement is ambiguous as to whether it means that the script is an acceptable record of the language the caller used to request consent, or whether the Commission is also suggesting that it is an acceptable record of the consumer’s grant of consent. In either event, we have serious concerns about the statement. Even if the first, more narrow meaning is intended, the existence of a telemarketing script is no guarantee that the caller followed that script. If the second, broader meaning is intended, it would eviscerate the recordkeeping requirement, as the existence of a script by which the caller asks for consent is no evidence at all that consent was obtained. We note that proposed § 310.5(a)(8) requires not just that the request for consent be recorded (§ 3105(a)(8)(ii)), but also that “a copy of the Consent provided” be recorded (§ 310.5(a)(8)(iv)). If oral consent is recorded without recording the actual request for consent, it could be just the word “yes,” which would be meaningless out of context. We strongly urge the Commission to clarify these provisions.
We also urge the Commission to note explicitly that consent to receive telemarketing calls despite being on the DNC list and consent to receive prerecorded telemarketing calls must be written. (See § 310.4(b)(iii)(B)(1), (v)(A)). As a result, the reference to verbal consent applies only to payment information (§ 310.4(a)(7)). Even for payment information, other parts of the TSR already require recordation of the authorization,[31] except when the consumer uses a credit card subject to the protections of the Truth in Lending Act or a debit card subject to the protections of the Electronic Fund Transfer Act.[32] In addition, for transactions involving preacquired account information and a free-to-pay conversion feature, the rule requires recordation of the entire call.[33] We urge the Commission to reiterate these requirements when it publishes the final rule.
Another concern is that data brokers and lead generators are prone to falsifying records of consent.[34] To safeguard against this reality, the Commission’s requirements should include a record of the relevant webform completion, or of some other admissible evidence of the specific consumer providing consent via a specific webpage on a specific date/time. Merely providing an IP address is not sufficient,[35] as an IP address could be purchased from a lead broker in order to fill out a list of individuals from whom consent was purportedly obtained.[36] For similar reasons, the Commission should require sellers and telemarketers to retain records regarding the owner of the website where consent was purportedly obtained.
Finally, we urge the Commission to clarify the relation of the TSR’s language to the TCPA’s similar requirements. The TCPA’s signed writing provision reads “express invitation or permission,” while the TSR reads “express informed consent or express agreement.” Defendants may attempt to utilize the inconsistency in language to argue out of liability. The Commission should clarify explicitly that its requirement does not lower the bar below the current requirements of the TCPA.[37]
v. The Commission Should Ensure that Cost Objections Are Not Used to Avoid Production of Records.
The telemarketer’s or seller’s records often serve as the linchpin of a case enforcing the TSR or other laws against unwanted calls. Without the records, the number of calls made and the consumers who received them are usually impossible to identify. It is therefore not surprising that sellers and telemarketers often resist production of records, arguing that it is overly burdensome or expensive to produce them.
The Commission should require that records be kept in a format that is not burdensome or expensive to produce.[38] Placing the burden on the seller or telemarketer to design the recordkeeping methods in a way that will make it easy and inexpensive to produce the records will take much of the force out of the common objection that records are too difficult or expensive to produce.
The Commission should also make it clear in the regulation that the regulated party and not the consumer or the enforcement entity is responsible for costs associated with producing these records. Such a provision will give the regulated entity an additional incentive to keep the production process in mind as it decides what format it will use to preserve its records.
vi. The Commission Should Impose More Specific Requirements as to the Format of the Records.
Proposed 16 C.F.R. § 310.5(b) would require as follows:
(b) A seller or telemarketer may keep the records required by paragraph (a) of this section in the same manner, format, or place as they keep such records in the ordinary course of business. …
The proposed rule goes on to specify certain details for records of telephone numbers and the length of calls but says nothing else about the format of other required records.
We applaud the Commission for paying attention to the format of the required records. Keeping records in an obscure, unclear, or difficult-to-use format can render them impossible to use and useless for enforcement purposes. However, we recommend that the Commission be more specific about the general format requirement. Instead of just requiring the telemarketer or seller to use the same format as it uses in the “ordinary course of business,” the Commission should also require that the data be kept in a format that is commonly used to work with large data sets and is not burdensome or expensive to produce. The Commission should also specify that the data must be kept in an easily readable format (e.g., separate columns for separate data points rather than every data point within the same single data field). We urge the FTC to consult with data analysis experts to make sure that the rule specifies all the features of the recordkeeping format that will be important for analysis of the records in enforcement proceedings. It is particularly important for the rule to require the data to be kept in a way so that records regarding individual consumers (e.g., whether the consumer has consented to receive calls or has an EBR with the seller) can be cross-tabulated with call records.
vii. The Commission Should Require More Detailed Records Regarding the Established Business Relationship (EBR) Exemption.
Proposed 16 C.F.R. § 310.5(a)(5) requires a seller or telemarketer to keep:
(5) For each consumer with whom a seller asserts it has an established business relationship under §310.2(q)(2), a record of the name and last known telephone number of that consumer, the date that consumer submitted an inquiry or application regarding the seller’s goods or services, and the goods or services inquired about.
The established business relationship (EBR) exemption gives sellers and telemarketers an affirmative defense for calls to numbers on the Do Not Call registry.[39]
We applaud the Commission for its proposal to require specific records of EBRs. The existing rule requires only records of express informed consent and express agreement, even though sellers and telemarketers often claim that calls to consumers are justified by an EBR. We also applaud the phrasing of the requirement, which requires the EBR to be with the seller. This is consistent with the Commission’s explicit position that an EBR is between a seller and a consumer and is not necessarily between one of the seller’s subsidiaries or affiliates and that customer.[40]
We have several suggestions for improving this requirement, however. First, the proposed rule would only require records of consumer inquiries or applications, not records of consumer purchases or other transactions, which is a second basis for an EBR.[41] Consumer purchases or other transactions are likely to be at least as common a basis for a claimed EBR as inquiries. We urge the Commission to reconsider the narrowness of the EBR recordkeeping requirement. This is particularly important since sellers and telemarketers often claim that their calling campaigns reached consumers with whom the seller had an EBR, but their records do not make it easy to identify those consumers, who are mixed in with all the other called parties. If the Commission requires complete electronic records of both types of EBRs, it will be possible to cross-tabulate the list of called parties with the list of EBRs and identify the consumers for whom there is a documented EBR.
We also urge the Commission to require sellers and telemarketers to keep records documenting that a consumer was selected to receive a call because of an EBR. We have seen cases where sellers or telemarketers launched cold call campaigns to hundreds of thousands of consumers, and then defended against class certification on the ground that some tiny percentage of the called parties coincidentally had EBRs with the seller.[42] The Commission should also amend the definition of an EBR, or at least issue guidance, making the same point—that an EBR protects a seller or telemarketer only if the consumer was selected to receive a call because of an EBR.
C. The Commission Should Establish Additional Safeguards for Consumer Data.
As the Commission sets out to strengthen its recordkeeping requirements, we urge the Commission to account for sales of consumer data to advertisers and third parties, including the TSR records the Commission is requiring companies to keep (which include contact information and purchase history). While § 310.4(b)(2) considers it an abusive practice for any person “to sell, rent, lease, purchase, or use any list established to comply” with certain provisions of the Commission’s Do Not Call (DNC) List requirements “for any purpose except compliance with provisions of this Rule”, there does not appear to be a similar requirement for the additional records the Commission is proposing that companies keep in its NPRM. The Commission should implement a requirement similar to § 310.4(b)(2) to ensure that the records companies must keep pursuant to § 310.5 are not used to facilitate abusive telemarketing practices. Specifically, the Commission should explicitly require that a company not “sell, rent, lease, purchase, or use any list established to comply” with § 310.5.
When the data is transferred as part of the sale, assignment, or change in ownership of the business or the dissolution or termination of the telemarketer’s or seller’s business, the existing rule and the proposed rule provide that the successor business or the principal of the dissolved business must preserve the data. These provisions are important in light of the instability of many of the businesses involved in telemarketing, and we support them. However, we urge the Commission to specify that, as part of the transfer of the required records to a principal or a successor business, the transferee must acknowledge liability for any TSR violations regarding the calls that those records document. Such a provision would deter fraudulent sellers and telemarketers from going out of business and selling their assets, including customer lists, to a successor entity that differs from the original entity in name only, as a way of evading liability for TSR violations.
II. The Commission Should Adopt its Proposed Definition of “Previous Donor.”
The TSR currently defines a donor as any person solicited to make a charitable donation.[43] It also currently exempts calls to a “previous donor” from its prohibition of prerecorded calls, if the caller adheres to certain requirements regarding call abandonment, a disclosure about how to stop the calls, and an automated opt-out mechanism.[44] But it does not define the term “previous donor.” Given the broad definition of “donor,” the term “previous donor” could currently be construed to encompass anyone who was, at any time in the past, solicited to make a donation. (We would oppose such an interpretation, which would render the term meaningless and is clearly contrary to the intent of the exemption.)
The Commission’s Proposed § 310.2(aa)[45] resolves this ambiguity by creating a new definition of “previous donor” for purposes of § 310.4(b)(1)(v)(B). The new definition clarifies that the called party must have actually donated, not merely have been solicited for a donation, and puts a time limit on “previous donor” status—the previous donation must have occurred within the last two years. We support this clarification.
The term “previous donor” is used only in § 310.4(b)(1)(v), regarding prerecorded calls, not in § 310.4(b)(1)(iii)(A), which requires callers seeking to sell goods or services or soliciting a charitable solicitation to maintain company-specific do-not-call lists. As a result, there is no exception from this portion of the rule for calls to previous donors. This seems appropriate, as a consumer must affirmatively indicate that they do not wish to be contacted in order to be added to a DNC list, and there are other methods of communication a non-profit charitable organization can use to reach historical, current, and prospective donors. To avoid any misunderstanding, we urge the Commission to make the limited scope of the “previous donor” exception clear in the narrative accompanying its publication of the final rule.
III. The Commission Should Adopt Its Proposed Prohibition on Misrepresentations During Business-to-Business (B2B) Calls.
Proposed 16 C.F.R. § 310.6(b)(7) would provide that the TSR’s prohibitions of misrepresentations in §§ 310.3(a)(2) and (a)(4) apply to business-to-business (B2B) calls. Under the current rule, B2B calls are exempt from the TSR except that certain provisions apply to calls to business to sell nondurable office or cleaning supplies.[46]
There is no reason to believe that phone-based attempts to exploit small business victims have diminished since the pandemic began.[47] Moreover, as the Commission noted in its corresponding ANPRM, the changes in workforce dynamics brought about by the pandemic,[48] including working from home and gig work,[49] have resulted in blurred lines between work phones and personal phones,[50] creating potential ambiguity about whether a call—for example, a call to the operator of a home-based business to sell an internet upgrade—is for a business or personal purpose.[51]
Accordingly, we strongly support the Commission’s proposal to apply the TSR’s prohibitions of misrepresentations to B2B calls.
CONCLUSION
Thank you for the opportunity to comment on the proposed amendments to the Telemarketing Sales Rule and for considering these suggestions for strengthening the amendments. We would be happy to discuss these and any other issues with you.
[1] Telemarketing Sales Rule, 87 Fed. Reg. 33,677 (June 3, 2022), https://www.federalregister.gov/documents/2022/06/03/2022-09914/telemarketing-sales-rule (hereinafter “FR NPRM”).
[2] See the Appendix for descriptions of the organizations joining in these comments.
[3] FR NPRM at 33684-87, 33693-94; see also Consumer Federation of America et al., Comments to the Federal Trade Commission regarding the Telemarketing Sales Rule Regulatory Review, 79 Fed. Reg. 46,732, 79 Fed. Reg. 61,267 (Nov. 13, 2014), https://www.nclc.org/images/pdf/udap/comments-tsr-ftc-2014.pdf.
[4] See, e.g., Cordoba v. DirecTV, L.L.C., 2020 WL 5548767, at *6–8 (N.D. Ga. July 23, 2020) (holding that, because of defendant’s failure to keep a company-specific do-not-call list, consumers who received calls in violation of that requirement cannot be identified, so class action cannot be certified). See also Birchmeier v. Caribbean Cruise Line, Inc., 302 F.R.D. 240, 250 (N.D. Ill. 2014) (rejecting defendant’s arguments that contours of a TCPA class action should be defined by its own recordkeeping; noting that refusing to certify a TCPA class action because of the defendant’s failure to keep usable records of its calls—or limiting class to those individuals who could be identified by defendant’s records—“would create an incentive for a person to violate the TCPA on a mass scale and keep no records of its activity, knowing that it could avoid legal responsibility for the full scope of its illegal conduct”).
[5] FR NPRM at 33680-336891.
[6] See NCLC and EPIC, Scam Robocalls: Telecom Providers Profit (June 2022), at 8, available at: https://www.nclc.org/issues/energy-utilities-a-communications/scam-robocalls-will-continue-until-telecom-providers-no-longer-profit-from-them.html.
[7] Id. at 10.
[8] Id.
[9] Proposed 16 C.F.R. § 310.5(a). The Commission’s Question (B)(1) specifically asks about this proposed change: 1. Is 5 years an appropriate time period to require telemarketers and sellers to maintain records? If not, what is an appropriate time period and why?
[10] Complaint, State of Vermont v. Bohnett, Case No. 5:22-cv-00069 (D. Vt. Mar. 18, 2022) https://ago.vermont.gov/wp-content/uploads/2022/03/TCA-VOIP-Complaint.pdf at 33 ¶ 123.
[11] Proposed Rule 310.5(c).
[12] The Commission’s Question (B)(5) specifically asks about this proposed change: Do the proposed recordkeeping requirements of 310.5(a)(2) adequately identify all data categories a telemarketer or seller should retain from the call detail records of their telemarketing activities? If not, what data categories are missing? Alternatively, are there data categories that are overly burdensome or unnecessary to ensure the telemarketer and seller are complying with the TSR? If the data categories are overly burdensome, is there an alternative proposal on how a telemarketer or seller can retain the information from that data category in a less burdensome manner?
[13] The Commission’s Question (B)(10) specifically asks about this proposed change: Does the proposed amendment in Section 310.5(a)(9) requiring the telemarketer or seller to retain records of all service providers that a telemarketer uses to deliver an outbound call provide adequate guidance on which service providers are referenced in this provision? If not, is there an alternative description that would more accurately provide guidance on what service providers a telemarketer or seller would need to retain records of as required by this provision? Would such a description be flexible enough to account for changes in the telecommunications industry, including technological developments?
[14] See Scam Robocalls, supra note 6.
[15] See Section I.B.i. immediately above.
[16] See Press Release, FTC Warns 19 VoIP Service Providers That ‘Assisting and Facilitating’ Illegal Telemarketing or Robocalling Is Against the Law (Jan. 30, 2020), https://www.ftc.gov/news-events/news/press-releases/2020/01/ftc-warns-19-voip-service-providers-assisting-facilitating-illegal-telemarketing-or-robocalling; Press Release, FTC Takes Action to Stop Voice over Internet Provider from Facilitating Illegal Telemarketing Robocalls, Including Scams Related to the Pandemic (Apr. 26, 2022), https://www.ftc.gov/news-events/news/press-releases/2022/04/ftc-takes-action-stop-voice-over-internet-provider-facilitating-illegal-telemarketing-robocalls.
[17] See Press Release, FCC, FTC Demand Gateway Providers Cut Off COVID-19 Robocall Scammers (Apr. 3, 2020), https://www.fcc.gov/document/fcc-ftc-demand-gateway-providers-cut-covid-19-robocall-scammers.
[18] See, e.g., Prepared Statement, Fed. Trade Comm’n, Oversight of the Federal Trade Commission at 2 (Nov. 27, 2018), https://www.ftc.gov/system/files/documents/public_statements/1395770/p180101_commission_testimony_re_operation_chokepoint-related_businesses_07262018.pdf (“Illegal robocalls also remain a significant consumer protection problem and consumers’ top complaint to the FTC.”); Fed. Trade Comm’n, Biennial Report to Congress Under the Do Not Call Registry Fee Extension Act of 2007 (Dec. 2021), https://www.ftc.gov/system/files/documents/reports/biennial-report-congress-under-do-not-call-registry-fee-extension-act-2007/p034305dncreport.pdf (“consumer complaints about illegal calls—especially robocalls—have increased significantly. In the fourth quarter of 2009, the FTC received approximately 63,000 complaints about illegal robocalls each month. That number has more than quintupled—in the first three quarters of FY 2021, the FTC received an average of more than 300,000 robocall complaints per month.”); FCC, Declaratory Ruling and Order, Re: Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, CG Docket No. 02-278, WC Docket No. 07-135 (Jul. 10, 2015) at ¶ 5 , https://www.fcc.gov/ecfs/file/download/60001114787.pdf?file_name=FCC-15-72A1.pdf; Federal Communications Commission, Stop Unwanted Robocalls and Texts, available at https://www.fcc.gov/consumers/guides/stop-unwanted-robocalls-and-texts (“Unwanted calls—including illegal and spoofed robocalls—are the FCC’s top consumer complaint and our top consumer protection priority.”) (last accessed July 30, 2022); Press Release, Attorney General Phil Weiser urges FCC to block illegal robocalls from other countries, Phil Weiser Colorado Attorney General (Jan. 10, 2022), https://coag.gov/press-releases/1-10-22/(“We consistently see robocalls in the top 10 consumer complaints reported to our office, and many of these calls come from outside the United States”); What to Do About Robocalls, NBC10 Boston (Sept. 21, 2018), https://www.nbcboston.com/news/local/what-to-do-about-robocalls/56309/ (“Incessant, unwanted, automated calls are the Federal Communications Commission’s top consumer complaint and the top complaint to the office of Massachusetts Attorney General Maura Healey.”).
[19] See Fed. Trade Comm’n, 16 CFR Part 310 (RIN 3084-AB19), Notice of Proposed Rulemaking (Apr. 28, 2022), at 12, https://www.ftc.gov/system/files/ftc_gov/pdf/TSR%20NPRM%20v32.pdf (hereinafter “FTC NPRM”).
[20] See id. at 17.
[21] Proposed 16 C.F.R. § 310.5(e) (emphasis added).
[22] Currently the last sentence of 310.5(c) reads: “If the agreement is unclear as to who must maintain any required record(s), or if no such agreement exists, the seller shall be responsible for complying with §§ 310.5(a)(1)-(3) and (5); the telemarketer shall be responsible for complying with § 310.5(a)(4) [fictitious names for employees directly involved in telephone sales or solicitations].”
[23] The Commission’s Question (B)(13) specifically asks for comments about these provisions: 13. Should sellers and telemarketers be allowed to decide by contract which entity is responsible for retaining records under this Rule? If not, should both sellers and telemarketers be required to retain records under this Rule? Alternatively, should the Commission specify which entity should be required to retain specific categories of records?
[24] See FCC, Declaratory Ruling and Order, Re: The Joint Petition Filed by DISH Network, LLC, the United States of America, and the States of California, Illinois, North Carolina, and Ohio for Declaratory Ruling Concerning the Telephone Consumer Protection Act (TCPA) Rules, CG Docket No. 11-50 (Apr. 17, 2013) at ¶ 37 (“This
[leaving customers without an effective remedy for telemarketing intrusions]
would particularly be so if the telemarketers were judgment proof, unidentifiable, or located outside the United States, as is often the case.”) (internal citations omitted).
[25] See Scam Robocalls, supra note 6, at 19.
[26] 15 U.S.C § 6103(a); 15 U.S.C. § 6104(a).
[27] See, e.g., Br. for EPIC et al. as Amici Curiae Supporting Plaintiffs-Appellants and Reversal, McCurley v. Royal Seas Cruises, 2022 WL 1012471 (9th Cir. Apr. 5, 2022) (No. 21-55099), https://epic.org/documents/mccurley-v-royal-seas-cruises/.
[28] McCurley v. Royal Seas Cruises, Inc., 21-55099, 2022 WL 1012471 at *3 (9th Cir. Apr. 5, 2022), https://epic.org/wp-content/uploads/2022/04/McCurley-v-Royal-Seas-9th-Cir-Opinion.pdf (“These facts, in combination with the evidence of widespread TCPA violations in the cruise industry, would support a finding that Royal Seas knew facts that should have led it to investigate Prospects’s work for TCPA violations”); see also Complaint, State of Ohio v. Jones, et al., Case No. 2:22-cv-2700 (S.D. Oh. July 7, 2022) at 20 ¶ 69 (“For example, when a VoIP Provider of Sumco Panama had to respond to an ITG traceback request, Sumco Panama needed to ‘buy some time’ before responding in order to add ‘auto services’ language to the list of opt-in websites in the terms and conditions after many VSC robocalls were made based on the alleged ‘opt in’ from these websites”); id. at 19-20 ¶ 68-71.
[29] In Question (B)(7), the Commission specifically asks about this provision: 7. Does the proposed amendment to Section 310.5(a)(8) adequately describe the information the telemarketer or seller needs to retain to provide proof of verifiable authorizations, express informed consent, or express agreement? If not, what other information should the telemarketer or seller be required to retain to show proof of verifiable authorizations, express informed consent, or express agreement?
[30] Proposed 16 C.F.R. § 310.5(a)(8).
[31] § 310.3(a)(3)(ii).
[32] § 310.3(a)(3).
[33] § 310.4(a)(7)(i)(C).
[34] See, e.g., Fed. Trade Comm’n v. Simple Health Plans, L.L.C., 379 F. Supp. 3d 1346 (S.D. Fla. 2019) (telemarketer told consumers that some of the verification information would apply to them and some would not; during the verification process, telemarketer would turn off the recording when responding to consumers’ questions), aff’d, 801 Fed. Appx. 685 (11th Cir. 2020); Fed. Trade Comm’n v. NHS Sys., Inc., 936 F. Supp. 2d 520 (E.D. Pa. 2013) (defendants violated TSR by using inauthentic or altered recordings to authorize debits from consumers’ accounts); Inc21.com v. Flora, 2008 WL 5130415 (N.D. Cal. Dec. 5, 2008) (describing scheme by which telemarketers doctored audiotapes to insert digitized and recorded responses to verification questions as if consumers were answering them), later op. at Fed. Trade Comm’n v. Inc21.com Corp., 745 F. Supp. 2d 975 (N.D. Cal. 2010) (describing methods of falsification in detail; granting permanent injunction and ordering restitution), aff’d mem., 475 Fed. Appx. 106 (9th Cir. 2012); Fed. Trade Comm’n v. City W. Advantage, Inc., 2008 WL 2844696, at *3–*4 (D. Nev. July 22, 2008) (describing telemarketers’ statements that, to receive free gift, consumer had to answer “yes” to verification questions about other products but would not be charged for them); Magazine Subscription Solicitations, Office of Minnesota Attorney General Keith Ellison, https://www.ag.state.mn.us/consumer/Publications/MagazineSubscription.asp (last accessed July 30, 2022) (“Some telemarketers have gone so far as to splice or otherwise doctor recordings [purportedly showing consent] to make it sound like you ordered something that you did not.…Some unscrupulous telemarketers use deceptive and high-pressure sales pitches to trick people into paying for multi-year magazine packages that can cost more than $1,000.”). See also note 28, supra.
[35] The Commission has itself suggested as much. See FTC NPRM at 16.
[36] See Best IP Address Datasets, Databases & APIs, https://datarade.ai/data-categories/ip-address-data (last visited July 30, 2022).
[37] We address this concern more broadly in our comments in response to the ANPRM.
[38] See Section B.vi immediatelybelow.
[39] See FTC NPRM at 8.
[40] See “To whom does the established business relationship apply?”, FTC, Complying with the Telemarketing Sales Rule, https://www.ftc.gov/business-guidance/resources/complying-telemarketing-sales-rule#businessrelationship (last accessed July 29, 2022).
[41] 16 C.F.R. § 310(2)(q)(1).
[42] See, e.g., Opposition to Plaintiff’s Motion for Class Certification, Vance et. al. v. DirecTV, No. 5:17-cv-00179-JPB at 12 (N.D. Wv. June 10, 2022) (“…an individualized inquiry would still be necessary to account for call recipients who never told AC1 they were already DIRECTV customers, who never answered the phone, or who were former DIRECTV customers”) (emphasis original); Opposition to Plaintiff’s Motion for Class Certification, Krakauer v. Dish Network, No. 1:14-cv-00333-CCE-JJP at 2 (M.D. Nc. April 13, 2015) (“thousands of non-actionable calls were made to individuals with whom DISH had an established business relationship, cannot be resolved through classwide proof at trial, and require individualized inquiry”); Joint Response of Carnival Corporation & PLC, NCL (Bahamas) Ltd., and Royal Caribbean Cruises, Ltd., Charvat v. Valente, et al, No. 12-cv-5746 at 35 (N.D. Ill. Aug. 31, 2016) (“Unique issues and evidence relating to vicarious liability, prior consent and established business relationships require consideration of individual proof for more than 375,000 phone numbers on the List, which have never been matched to actual people.”).
[43] 16 C.F.R. § 310.2(p).
[44] 16 C.F.R. § 310.4(b)(1)(v)(B).
[45] See FTC NPRM at 59.
[46] Existing 16 C.F.R. § 310.6(b)(7). While other calls to businesses are actionable under Section 5 of the FTC Act, the Commission’s ability to seek restitution and disgorgement to provide monetary relief to consumers for bad actors is currently stronger for Rule violations than Section 5 violations. See Press Release, FTC Asks Congress to Pass Legislation Reviving the Agency’s Authority to Return Money to Consumers Harmed by Law Violations and Keep Illegal Conduct from Reoccurring (Apr. 27, 2021), https://www.ftc.gov/news-events/news/press-releases/2021/04/ftc-asks-congress-pass-legislation-reviving-agencys-authority-return-money-consumers-harmed-law.
[47] See Legal Library: Cases and Proceedings, filter: Consumer Protection Topic = Small Business, FTC, https://www.ftc.gov/legal-library/browse/cases-proceedings?sort_by=field_date&items_per_page=20&search=&field_competition_topics=All&field_consumer_protection_topics=1431&field_federal_court=All&field_industry=All&field_case_status=All&field_enforcement_type=All&search_matter_number=&search_civil_action_number=&start_date=&end_date= (last accessed July 29, 2022) (library of FTC proceedings for small business victims, many of which included phone contact with victims but not TSR claims). The BBB’s 2018 report noted telephone as the most prevalent contact method for scams attempted against small businesses (57%). See BBB, Scams and Your Small Business (2018), https://bbbfoundation.images.worldnow.com/library/71061ba0-018d-4c11-bdbe-a12950c1a2dd.pdf (hereinafter “BBB Scam Report”). Many of the top 10 scams reported by the BBB in April 2022 appeared in Table 4 of the BBB’s 2018 report as well, suggesting the risks of such harms are not dissipating. See BBB, BBB Business Tip: Top 10 scams targeting small businesses (Apr. 12, 2022), https://www.bbb.org/article/news-releases/19932-bbb-warning-businesses-dont-fall-for-that-scam. The BBB estimated in 2018 that more than $7 billion was lost by small businesses, not including intangible costs such as time and consumer trust. See BBB Scam Report at 15. AARP has reported on scams targeting small businesses. See AARP Fraud Resource Center: Small Business Scams, https://www.aarp.org/money/scams-fraud/info-2020/small-business.html (last accessed July 29, 2022). State AGs have taken notice of recent phone-initiated scams targeting small businesses as well, see, e.g. Florida Attorney General’s Office, How to Protect Yourself: Small Business Scams, http://myfloridalegal.com/pages.nsf/main/8be56222bbd1923b85256cc9005ecf4d!OpenDocument (last accessed July 29, 2022); Michigan.gov Consumer Alerts, Tax Scams Targeting Small and Midsized Businesses, https://www.michigan.gov/ag/consumer-protection/consumer-alerts/consumer-alerts/scams/tax-scams-targeting-small-and-midsized-businesses (last accessed July 29, 2022).
[48] See Kim Parker, Juliana Menasce Horowitz, and Rachel Minkin, COVID-19 Pandemic Continues To Reshape Work in America, Pew Research Center (Feb. 16, 2022), https://www.pewresearch.org/social-trends/2022/02/16/covid-19-pandemic-continues-to-reshape-work-in-america/ (60% who say their jobs can be done from home do so all or most of the time want to keep it that way, while 23% said they teleworked frequently before the coronavirus outbreak; 78% who work from home all or most of the time want to continue to do so). Even employers seem to be counting on more employees working remotely. See Susan Lund, Anu Madgavkar, James Manyika, Sven Smit, Kweilin Ellingrud, and Olivia Robinson, The future of work after COVID-19, McKinsey Global Institute (Feb. 18, 2021), https://www.mckinsey.com/featured-insights/future-of-work/the-future-of-work-after-covid-19 (“A survey of 278 executives by McKinsey in August 2020 found that on average, they planned to reduce office space by 30 percent.”).
[49] See Mark Bayles, Will Your Smartphone Get You a Job?, Page One Economics (Jan. 2019), https://research.stlouisfed.org/publications/page1-econ/2019/01/02/will-your-smartphone-get-you-a-job (“According to the Pew Research Center, in 2015, nearly one in ten Americans earned money from a job found through a digital platform.”).
[50] See Fed. Trade Comm’n, 16 CFR Part 310 (RIN 3084-AB19), Advance Notice of Proposed Rulemaking (Apr. 28, 2022), at 44, https://www.ftc.gov/system/files/ftc_gov/pdf/ANPR%20v%2030.pdf (“…unscrupulous telemarketers could take advantage of this rising trend to assert that the B2B exemption should apply if a person does have a dual purpose phone.”).
[51] 58% of gig workers report that the work is important or essential for meeting their basic needs, and 61% of those individuals are doing so to cover gaps or changes in their income. See Monica Anderson, Colleen McClain, Michelle Faverio, and Risa Gelles-Watnick, The State of Gig Work in 2021, Pew Research Center (Dec. 8, 2021), https://www.pewresearch.org/internet/2021/12/08/the-state-of-gig-work-in-2021/.
Support Our Work
EPIC's work is funded by the support of individuals like you, who allow us to continue to protect privacy, open government, and democratic values in the information age.
Donate