Third Party Liability in Unsolicited Fax Advertisements: Somehow, a Thing that Exists.

The Issue

Your beeper business has seen better days. Sure, it was doing great for a few years, but ever since Clinton left office, things haven’t quite been the same. You know it’s time for a big play to turn things around. I know it’s a bit flashy, but it’s time to start thinking about advertising. And not just any advertising. You need to bring out the big guns. Yeah, you know what I’m talking about.

Unsolicited mass faxes.

You’ve decided to send out fliers to every single fax machine within a 10-mile radius. But you don’t have the know-how for such techno-wizardry, so it’s time to bring in the reformed Phone Phreaks over at Sir FaxALot. You tell them the plan. You give them the money. They get to work.

Two weeks later, you get a knock on your door. It’s a process server. Turns out that sending out unsolicited advertising faxes is a violation of the Telephone Consumer Protection Act (TCPA) of 1991. It also turns out that the console jockeys down at Sir FaxALot misplaced a decimal point, and your ad went out to every single fax machine within a 100-mile radius.

So here’s the question: with whom does the liability lie? Is it all on you? Or is Sir FaxALot on the hook?

Surprisingly, the circuits are still split on this (somehow) pressing issue.

Background

The American consumer is protected by several different laws. Insofar as Americans are protected against abuses related to telecommunications, the TCPA has been a bedrock of consumer protection law for over three decades. Protections such as the Federal Do Not Call Registry, regulations against spammers, and the all-important ban on unsolicited advertising faxes can be traced to this act. Parties who violate the TCPA are subject to stiff penalties, which are keyed to the medium of the violation (e.g., telephone, SMS, fax, etc.) and each individual consumer affected by the infraction. In 2005, the TCPA was expanded and amended by the Junk Fax Prevention Act, the penalty for unsolicited advertising faxes is $500 per page per person.

Naturally, nobody wants to pay such a penalty should they get caught, so it becomes necessary to see which type of third party liability applies. Determining the extent to which each party is liable is where we find our split.

The Split

Here, we have the Sixth Circuit and the Seventh Circuit disagreeing over the extent to which third party liability for faxing violations applies.

Seventh Circuit

In Bridgeview Health Care Ctr. Ltd. v. Clark (2016), a small medical supply business instructed a third-party marketing firm to send roughly 100 faxed advertisements to local businesses within a 20-mile radius of Terre Haute, Indiana. Instead, the marketing firm sent 4,849 faxed advertisements across three states. In determining whether the medical supply business was liable for faxes sent out beyond the 20-mile radius, the Seventh Circuit applied three types of common law agency analysis: express actual authority, implied actual authority, or apparent authority.

First, express actual authority:

Because B2B expressly contradicted Clark’s actual instructions, this is clearly not express actual agency.

Second, implied actual authority:

While express actual authority is proven through words, implied actual authority is established through circumstantial evidence. Id. Nothing about fax marketing inherently calls for sending thousands of advertisements. And nothing about fax marketing inherently demands sending these ads to states where the advertiser does not do business. We thus find it impossible to conclude that implied actual authority exists here.

Third: apparent authority:

To create apparent authority, the principal must speak, write, or otherwise act toward a third party. His conduct must make the third party reasonably believe that he has consented to an action done on his behalf by someone purporting to act for him…In short, B2B made an independent decision to blast faxes across multiple state lines.

In short, the medical supply company could not be held liable for the violations of the TCPA committed by a third party.

The Sixth Circuit

In deciding Siding and Insulation Co. v. Alco Vending Inc., the Sixth Circuit split itself. First, the court held that a hybrid test to determine “on whose behalf” such faxes were sent would be more appropriate for faxes sent before 2006. Such a test involved balancing between common law agency principles (as outlined above) and certain policy considerations, such as “whether and to what extent each entity investigated the lawfulness of the fax broadcasts at issue.”

However, in dicta the court indicated that the standard post-2006 as established by the Federal Communications Commission’s (FCC’s) governing regulations applied a standard of strict liability. In other words, the small business that contracted out for the infringing advertising services would be on the hook for the full extent of the damages.

Looking Forward

This is going to be a brave new world for fax-based mass marketing. The split indicates that we may be headed for a showdown between common law agency analysis and strict liability. Depending on the jurisdiction one poor, outdated marketing decision could be a small business’s last.

Watching Big Brother on your Phone Means Big Brother’s Watching You: Limits on Consumer Privacy

The Battle for Privacy

If you have a smartphone, you probably have downloaded an application, such as a game or a social or news platform. When you open the app for the first time, sometimes it will prompt you to register or give permission to the developer to track your activity and send this data back to the developer or third parties. However, most of the time the app will not do this, because usage as written in the terms and conditions of the app provides implied consent, so that every time you access and use the app, you give silent permission for the app to track your usage.

So what may a consumer rely upon for protection of her privacy? The Video Privacy Protection Act of 1988 (“VPPA”) (codified at 18 U.S.C. 2710).

VPA

The VPPA was enacted in response to a newspaper’s published report of Supreme Court nominee Judge Robert H. Bork.

The report contained Judge Bork and his family’s video rental records. The VPPA was passed to “preserve personal privacy with respect to the rental, purchase, or delivery of video tapes or similar audio visual materials.” See Senate Report. In effect, a few important provisions include:

  • A general ban on the disclosure of personally identifiable rental information unless the consumer consents specifically and in writing.
  • Disclosure of “genre preferences” along with names and addresses for marketing, but allowing customers to opt out.
  • The VPPA does not preempt state law. That is, states are free to enact broader protections for individuals’ records.

See Electronic Privacy Information Center.

Privacy Protection Exists for the Consumer-Subscriber

Our interactions with applications today are far more developed than they were back in 2002 when the VPPA was first enacted. Today, video rental records containing someone’s name and what movies she has seen are not the main sources of identifying a person. Apps often pull information such as our GPS coordinates of where we open and use them as well as information of what kind of phone is accessing the app’s server. As a result, many different types of information in addition to the user’s name can easily identify a person.

Does downloading and using a free app make the user a subscriber under the Video Privacy Protection Act?

In Yershov v. Gannett Satellite Info. Network, Inc., (Apr. 29, 2016), the First Circuit found that it does, splitting with the Eleventh Circuit in Ellis v. Cartoon Network, Inc., (Oct. 9, 2015) that found that it does not.

The Split

Textually, the meaning of subscriber is limited to the definition of consumer in the VPPA. However, the Eleventh Circuit found that the definition of “subscriber” includes “some type of commitment, relationship, or association (financial or otherwise) between a person and an entity.” See Ellis at 11. Other aspects to subscribing include actual “payment, registration, commitment, delivery [expressed association,] and/or access to restricted content.” Id.

Additionally, the absence of the above factors including not signing up or establishing an account, making any payments, becoming a registered user, signing up for any periodic services or transmissions, or making any commitment or establishing any relationship that would allow [the user] to have access to exclusive or restricted content thus did not make someone a subscriber. See Ellis at 13-14. In effect, the Eleventh Circuit created a presumption that an application download “is the equivalent of adding a particular web site to one’s Internet browser as a favorite.” Id.

In Yershov v. Gannett Satellite Info. Network, Inc., No. 15-1719 (1st Cir., Apr. 29, 2016), Yershov downloaded and accessed the USA Today app on his smartphone. In his complaint, Yershov claimed that each time he used the app, Gannett, d/b/a USA Today, would send information such as the title of the video watched, an Android unique identifier number, and GPS coordinates to a third party.

In dismissing the complaint and reversing the district court’s ruling, the court broadened the definitions of PII and consumer, finding that (1) GPS coordinates and the unique identifier number of a device fall under the PII umbrella and (2) an app user qualifies as a consumer.

The First Circuit disagreed with the Eleventh Circuit’s ruling in Cartoon Network on the issue of a “subscriber” and its analogy of downloading an app to bookmarking/adding a website to a favorites folder.

In the First Circuit’s view, an app developer would not bother creating an app if bookmarking a website would create the same result. Instead, the court found that an app is a more cost effective version of a “hotline” that a subscriber could call to continuously order videos. The First Circuit found Yershov to be a subscriber because

[t]o use the App, Yershov did indeed have to provide Gannett with personal information, such as his Android ID and his mobile device’s GPS location at the time he viewed a video, each linked to his viewing selections.  While he paid no money, access was not free of a commitment to provide consideration in the form of that information, which was of value to Gannett…[Furthermore, downloading an app is] materially different from what would have been the case had USA Today simply remained one of the millions of sites on the web that Yershov might have accessed through a web browser.

Looking Forward

The First Circuit’s broad view may create issues for developers whose main source of app content includes video streaming, as “its ruling may expand the scope of PII to include situations where device IDs and GPS codes may be used to reverse engineer an individual’s identity using information collected from other sources”[1].

Additionally, since GPS coordinates are analogous to an individual’s street address, whether that is a broad view can be argued further if one compares online streaming and GPS coordinates to addresses pulled from the rental of video tapes and other audio visual materials.

App developers may soon face additional data collection and disclosure issues, and whether the appropriate level of consent is obtained when collecting and sharing precise data location information with third parties. A prima facie VPPA claim could be attached where apps share consumer data with third parties without expressed consent.

For further reading, see the blog posts of firms DWT: (1) and (2) and DLA Piper and the Technology and Marketing Law Blog.

[1] See Christin McMeley and John D. Seiver, 1st Circuit and FTC Address Definitions of “PII,” While Michigan Amends Privacy Law to Remove Statutory Damages, available at http://www.dwt.com/First-Circuit-and-FTC-Address-Definitions-of-PII-While-Michigan-Amends-Privacy-Law-to-Remove-Statutory-Damages-05-11-2016/