Our Privacy, Litigation and Telephone Consumer Protection Act (‘TCPA’) practice groups are increasingly called upon to advise regarding sophisticated marketing campaigns involving text and e-mail solicitations. In some cases, there is a GPS element to the situation where communications via text or email are targeted to persons in range of the sender based upon GPS data from their phone. In other cases, there are issues associated with the use of an intermediary specializing in such programs.

We are often asked to address remedial action and/or defend litigation from the increasingly vigilant plaintiffs’ class action bar when something has or is alleged to have gone awry. We are also pleased to assist clients who are seeking to avoid such legal challenges. We are taking this opportunity to share some of what we have learned regarding the most helpful proactive steps concerning location-based targeted texts and emails. While as a formal matter, most of these steps are applicable to consumer communications, it is often difficult to properly distinguish B2B communications, and because the TCPA makes no distinction, even those intended for that space should be compliant with the following.

Our observations fall into three major categories:

  • Need for prior express consent;
  • Proper disclosure of nature of solicitation and use of information; and
  • Allocation of responsibility between intermediary and client.

Prior express consent.

Under laws such as the TCPA and as a practical matter, leaving aside certain exceptions which may be asserted in litigation, the CAN-SPAM act, sales or marketing communications via text, phone or e-mail must be preceded by express – not implied – consent of the recipient. This means proper disclosure of what is contemplated and who is making the request, followed by a putative recipient’s affirmative act, such as checking an I AGREE box. Actions such as making a purchase, downloading a phone app or even inaction such as failure to object when communications are received are prescriptions for trouble. The same is true of consent preceded by misleading communication as to who is involved or why the request is being made. If a request is intended to cover several members of an affiliated group of entities, this must be made explicit.

As a legal matter, the technical nature of a digital marketing campaign may have major implications. For example, different requirements will apply to solicitations sent through a phone app as opposed to direct text messages. Clients planning any sort of campaign in this space should consult with counsel at the design stage to address the best way to mitigate legal risk. However, it is normally prudent to obtain express prior consent to any sort of merchant-initiated solicitations, regardless of their technical nature.

Those involved with design of computer systems should also take into account the need in formal proceedings to readily demonstrate to lay judges and jurors the provision of consent and the time this was done.

Proper disclosure.

As noted above, proper disclosure is critical. In the first instance, even actual consent is subject to challenge if the recipient did not properly understand what was being requested (possibly even if a reasonable person would have understood). Perhaps more importantly, even if the original consent is legally sufficient under the TCPA and CAN-SPAM laws, if consumers were not properly apprised of what is to be done with the information they expressly or implicitly provide, there will be problems under applicable privacy law and regulation, which are altogether separate from the TCPA and CAN-SPAM obligations. This is the case whether the issue is locational data through phone GPS functions or data created through online forms or even the fact of site visitation. For example, there is legal exposure if consumers properly gave consent to receipt of text messages pertaining to promotions, but were not told that the resulting information would be shared with data brokers or marketing ‘partners’.

To facilitate compliance with this obligation, it is essential that privacy policies and terms of use posted electronically (on websites and through apps) and physically (disseminated on paper), properly indicate how material is to be used and be broad enough to cover not only what is happening today, but potential new practices. For example, a policy that truthfully at the time states that consumer information will not be shared with other companies, becomes a problem if there is a subsequent desire to start sharing such material. Of course, strict compliance with such policies is required as well.

While this discussion is intended to address US obligations, those with any connection with the European Union or consumers located there – even absent a physical office – must be mindful of the dictates of the General Data Protection Regulation of the EU insofar as, among other things, specification of contact persons to deal with problems or objections and consumer rights to request changes in or deletion of files maintained by marketers.

Intermediary responsibility.

Generally speaking, the use of a digital marketing service to conduct a campaign may not allow the marketer to avoid responsibility for failure to comply with applicable law. By the same token, an intermediary that runs afoul of legal obligations cannot simply point to its client as the ultimate decision-maker.

However, the parties can negotiate formal contractual provisions governing handling of legal claims and related fines, fees and judgments, no matter where they initially fall as well as response and remediation procedures pertaining to potential wrongful access to data and/or defective communications, and insurance coverage potentially backstopping some of these commitments. Parties who are already subject to such agreements need to consult them when issues arise so that they maintain their rights by providing timely notice of claims and offering required cooperation. In incident response and/or legal proceedings proper negotiation of such provisions so that all concerned maintain a reasonable balance between risk and reward in each case is also called for.

Our Privacy, Litigation and TCPA partners can assist with both proactive risk mitigation efforts and handling of disputes and litigation.

If you would like additional information, please contact any of the following FisherBroyles partners:

Dallas/Austin
William J. Akins
(214) 924-9504
william.akins@fisherbroyles.legal 

Palo Alto
Kimberly Booher
(650) 636-5958
kimberly.booher@fisherbroyles.legal

 

Chicago
Marty Robins
(847) 277-2580
martin.robins@fisherbroyles.legal 

Chicago
Mark E. Wilson
(312) 498-8078
mark.wilson@fisherbroyles.legal

 

FisherBroyles, LLP – Cloud-based. Not Virtual™

Founded in 2002, FisherBroyles, LLP was the first in the U.S., and now the largest full-service, cloud-based law firm in the world. The Next Generation Law Firm® has grown to approximately 200 attorneys in 21 offices nationwide. The FisherBroyles’ efficient and cost-effective Law Firm 2.0® model leverages talent and technology instead of unnecessary overhead that does not add value to our clients, all without sacrificing BigLaw quality. Visit our website at www.fisherbroyles.legal to learn more about our firm’s unique approach and how we can best meet your legal needs.

These materials have been prepared for informational purposes only, are not legal advice, and under rules applicable to the professional conduct of attorneys in various jurisdictions may be considered advertising materials. This information is not intended to create an attorney-client or similar relationship. Whether you need legal services and which lawyer you select are important decisions that should not be based on these materials alone.

© 2018 FisherBroyles LLP