TCPA Requirements FAQ

TCPA Requirements FAQ

The federal Telephone Consumer Protection Act (TCPA; 47 U.S.C. § 227) and its implementing regulations (47 C.F.R. § 64.1200) regulate the use of automatic telephone dialing systems (ATDS) and artificial or prerecorded voices (“prerecorded messages”) in telephone communications. Generally speaking, the TCPA prohibits using an ATDS or prerecorded message to contact cell phones, and prerecorded telemarketing messages to contact residential phones, unless the recipient has provided and not revoked “consent” to receive the call or text.

This FAQ provides an overview of the TCPA’s requirements. Because every type of calling campaign raises different concerns and the TCPA is significantly more complicated than can be presented here, M&S recommends that businesses consult with an experienced TCPA attorney before conducting any type of call or text campaign.

What is an ATDS?

An ATDS is “equipment which has the capacity to store or produce telephone numbers to be called, using a random or sequential number generator, and to dial such numbers.” The FCC previously held that a predictive dialer also constitutes an ATDS. When determining whether a system is an ATDS, the FCC and courts often focus on whether it has “the capacity to dial numbers without human intervention.” For example, if a representative must click to dial each number, then the system may not be an ATDS because human intervention is required for dialing each number.

How Did the 2021 Supreme Court Ruling in Facebook v. Duguid Impact the Definition of an ATDS?

On April 1, 2021, the Supreme Court issued its highly anticipated ATDS ruling in Facebook, Inc., v. Noah Duguid, et al. The Supreme Court unanimously held that “[t]o qualify as an automatic telephone dialing system under the Telephone Consumer Protection Act, a device must have the capacity either to store a telephone number using a random or sequential number generator, or to produce a telephone number using a random or sequential number generator.”

Facebook successfully argued for this narrow definition of an ATDS, that a dialing system must use a random or sequential number generator to store or produce numbers. Duguid’s broader definition, that an ATDS must only be capable of producing numbers from a stored list, was rejected by the Court. Had the Court followed Duguid’s interpretation, nearly any modern dialing equipment would have fallen within the definition of the ATDS interpretation.

Though it resolved the circuit split over the definition of an ATDS, the Court’s ruling did not tie up all loose ends. Plaintiffs are using ambiguous language in footnote 7 of Facebook and a new focus on Do Not Call violations to keep many TCPA cases alive. While courts resolve these loose ends, companies using dialer technology should consult with counsel to understand risk mitigation strategies for dialing under this new framework.

Where do State “Mini-TCPA” laws fit in?

The Supreme Court’s Facebook ruling had other broad reaching effects. Under the new narrower ATDS definition, many states have revisited their own telemarketing laws, updating regulations with new measures and introducing new laws. In some states, including Maryland and Oklahoma, the requirements of these “mini-TCPA” laws are even more expansive than the TCPA. Some state telemarketing laws even carry criminal penalties.

What Consent is Required for Telemarketing Calls?

Telemarketing or advertising calls made using an ATDS or prerecorded voice (which includes a synthesized voice) to cell phones, or by prerecorded voice to residential lines, require prior express written consent (PEWC). Both the FCC and courts have made it clear that these terms are to be construed broadly and that a sale need not occur during the telephone call for it to be considered a telemarketing call or a call that introduces an advertisement. Likewise, dual-purpose calls (i.e., calls made for both non-marketing and marketing purposes) are considered telemarketing calls under the TCPA. If a call is predicated in part by the desire to achieve a future sale, the call is likely to be deemed a telemarketing call, regardless of whether the sale takes place during the initial call, a future call, or a subsequent in-person meeting/transaction.

PEWC means an agreement, in writing, bearing the signature of the person called that clearly and conspicuously discloses that the person authorizes the seller to deliver or cause to be delivered telemarketing calls using an automatic telephone dialing system or an artificial or prerecorded voice to a specified telephone number. Furthermore, the person must be informed they are not required to sign the agreement, or agree to enter into such an agreement, as a condition of purchasing any property, goods, or services.

In December 2023, the FCC approved a new rule that sets additional standards for PEWC, including:

  1. PEWC must be obtained on a one-to-one basis, meaning that consent must be obtained separately for each seller. It is impermissible to use a “marketing partners” list or other technique that bundles consent for multiple sellers into a single consent action.
  2. The seller for whom PEWC is obtained must be logically and topically related to the interaction where the consumer provided consent. For example, it is likely impermissible to obtain consent for a home security seller via a webpage that only discusses opportunities for home insurance.
  3. PEWC obtained electronically must meet the requirements of the E-SIGN Act.

This new rule change will be effective January 27, 2025; however, plaintiffs may argue that some of the pronouncements, particularly those related to E-SIGN Act compliance, are merely interpretations of existing obligations and should be considered already in effect.

What Consent is Required for Non-Telemarketing Calls?

Non-telemarketing calls and texts to cell phones made using an ATDS or prerecorded message require prior express consent (PEC). The term “prior express consent” is not defined under the TCPA or FCC regulations. However, in 1992, the FCC addressed the issue of PEC in the context of calling wireless numbers by stating:

Persons who knowingly release their phone numbers to a caller have in effect given their invitation or permission to be called at the number which they have given, absent instructions to the contrary. […] However, if a caller’s number is “captured” by a caller ID or an ANI device without notice to the residential telephone subscriber, the caller cannot be considered to have given an invitation or permission to receive autodialer or prerecorded voice message calls.

The FCC’s broad language in discussing the express consent consumers provide by releasing their telephone numbers is important. The FCC could have limited the scope of the express consent to the specific purpose(s) for which the consumer provided their number (e.g., to be contacted when an item is ready to be picked up); however, the only limits placed on this method of obtaining PEC were:

  1. the call recipient must have provided the number to the business directly or via an intermediary (i.e., capturing it via caller ID or from a third party is not sufficient);
  2. there is no express consent if the call recipient provided “instructions to the contrary” (i.e., indicated that he/she doesn’t want to be contacted at that number);
  3. the call must be for “normal business communications;” and
  4. the call must be closely related to the purpose for which consent was given.

As recently as 2015, the FCC reiterated its PEC standard.

What are Special Considerations for Prerecorded Messages?

The TCPA requires that a caller have PEWC before calling a consumer’s wireless or landline number using a prerecorded message for telemarketing purposes. We use the term “prerecorded message” in this FAQ to mean artificial, synthetic, or prerecorded voices. All telemarketing prerecorded messages must include multiple identity and purpose disclosures, provide a phone number for Do Not Call requests, and an automated interactive voice or key-press operated opt-out mechanism.

TCPA regulations also generally require that non-marketing prerecorded messages sent to cell phones have PEC (limited exceptions apply). For non-marketing prerecorded messages to residential lines (aka landlines), TCPA regulations had traditionally not required PEC and did not place a limit on how many could be made. However, beginning in July 2023, FCC regulations now limit the number of such calls that can be made without PEC and impose opt-out requirements similar to those required for telemarketing prerecorded messages. These limits vary based on the type of prerecorded message and some limited exceptions apply.

Additionally, several states restrict the use of prerecorded messages and automatic dialing and announcing devices when used for marketing and non-marketing purposes.

What About Ringless Voicemail?

In 2022, the FCC declared that a ringless voicemail, which is a message delivered directly to a cell phone voicemail without ringing, is a call made using an artificial or prerecorded voice. Therefore, the caller must obtain the called party’s prior express consent or prior express written consent, as appropriate, before delivering a ringless voicemail, as well as comply with other prerecorded message requirements.

Who Must Comply with Do Not Call Laws?

In 2003, the Federal Trade Commission and FCC jointly issued rules that together created the National Do Not Call Registry (DNC Registry). Callers are generally prohibited from calling consumer numbers listed on the DNC Registry for telemarketing purposes. Telemarketers must download and scrub against the DNC Registry at least every 31 days unless an exemption applies. The two exemptions are when the caller has (a) written consent from the consumer, or (b) an Established Business Relationship (EBR) with the consumer. The term EBR includes business relationships where the consumer engaged in a transaction with the seller within the previous 18 months (“Transactional EBR”) or inquired about the seller’s goods/services within the previous 3 months (“Inquiry EBR”). Federal DNC laws do not apply to business-to-business calls (except the sale of nondurable office or cleaning supplies). Individual states may have more restrictive requirements.

Businesses that conduct telemarketing must also maintain an internal company-specific DNC list. In fact, no business may initiate any telemarketing call without having “instituted procedures for maintaining a list of persons who request not to receive telemarketing calls made by or on behalf of that [business].” Those procedures must include, at a minimum, a written DNC policy that complies with legal requirements and training of personnel in the use of the DNC list. Although the DNC regulations only require that company-specific DNC requests be honored for 5 years, many companies choose to honor the requests indefinitely for customer service purposes. Calls to consumers that previously made a company-specific DNC request are prohibited even if the seller has an EBR with the consumer or the consumer provided written consent for such calls prior to making a DNC request.

What are the Penalties for Noncompliance?

Penalties for TCPA violations are steep. The FCC can seek up to $16,000 per violation ($26,000 per intentional violation), but the greater practical risk of noncompliance comes from private plaintiff class actions. The TCPA permits private individuals who received calls or texts in violation to seek up to $500 per communication ($1,500 for willful or knowing violations) in statutory damages. A cottage industry of professional plaintiffs and class action attorneys has grown in response to the lucrative potential for statutory damages. In the past several years, the number of TCPA cases filed in federal courts has proliferated and judgments have reached more than $925 million.

While TCPA enforcement actions are generally against the calling entity, regulators are increasingly looking for avenues to penalize owners, officers, and executives personally for violations.

What if I Erroneously Thought I had Consent?

Proving valid consent is the caller’s requirement and there is no exception for a good faith, but ultimately mistaken, belief that the caller had received consent. Because consent must be obtained from the subscriber or customary user of the number, callers can have unintentional violations as a result of a number being disconnected and reassigned to a new party. To mitigate this risk, the FCC implemented a Reassigned Numbers Database that, for a fee, allows callers to query whether a number has been reassigned since the caller last knew it had valid consent.

Callers must also be careful to track revocations of consent because a person may generally revoke their consent at any time by any reasonable means. If the consent was obtained via a third party, and it was not valid, the caller will still be liable but may have contractual remedies against the data source depending on the terms of the contract with the third party.

I Have Been Threatened with Enforcement. What do I do?

A regulatory agency’s investigation into your business’s call and text initiatives is a serious matter.

First, gather together as much information as possible regarding the communication/campaign at issue and how you complied with the TCPA requirements related to it (e.g., proof of consent, Do Not Call scrubbing). Then reach out to your legal counsel with expertise on TCPA matters to respond to the threat. Time is often of the essence and so you need to work quickly, but thoroughly, to develop a thoughtful response.

When it comes to consumer protection compliance, an ounce of prevention is truly worth a pound of cure. Proactively establishing policies & procedures for compliance, training your staff on them, and then conducting regular audits to ensure their continued usage is critical to developing a “defendable position” if you find yourself targeted in an investigation.

Is STIR/SHAKEN Part of the TCPA?

STIR/SHAKEN is a set of technical standards created to fight call spoofing by facilitating call authentication. At a high level, STIR/SHAKEN allows an originating carrier to cryptographically sign a call with a rating that demonstrates the carrier’s confidence that the person making the call has the right to use the caller ID associated with the call. The terminating carrier can then decrypt the signature and determine how the call should be dispositioned based upon the rating.

Three rating levels are available. An “A” or “Full” rating indicates the carrier has confidence in the caller’s identity and their right to use the telephone number. A “B” or “Partial” rating indicates the carrier only has confidence in the caller’s identity. A “C” or “Gateway” rating indicates the carrier was the point of entry of the call onto the network but does not indicate any confidence in the caller’s identity or their right to use the number. Calls with an “A” rating are typically less likely to be flagged or blocked by carriers than calls with a “B” or “C” rating.

Call authentication is not part of the TCPA, but has been mandated by the TRACED (Telephone Robocall Abuse Criminal Enforcement and Deterrence) Act and FCC regulations. Under these regulations, carriers are required to implement STIR/SHAKEN on their SIP-enabled infrastructure and also impose measures to prevent illegal calls. Over time, STIR/SHAKEN should help call recipients have more confidence that the caller is calling on behalf of the person or entity shown on their caller ID.

I Want to Initiate a Calling Campaign. What Should I Do?

The TCPA and other state and federal teleservices regulations form a complicated structure that requires specific legal knowledge and business acumen to successfully navigate. Regulations vary based on the type of communications planned, the audience for those communications, and the jurisdictions involved. The requirements include not only those discussed above, but could also involve calling time and day limits, call frequency limits, disclosure obligations, contract requirements, and licensing obligations. Before conducting a calling or texting campaign, seek the advice of skilled TCPA counsel to help you develop and implement a comprehensive compliance program that will mitigate risk.

* Note: This article is intended to provide a general overview of a topic area and is not legal advice. Still have questions about the TCPA or state telemarketing laws? We can help! Contact us or call 614.939.9955.

Updated January 26, 2024.

A Partner at M&S, Josh advises clients on a range of proactive and responsive matters, helping them achieve their business goals while complying with federal and state privacy and other consumer protection laws.

1200 798 Josh Stevens
Share This Post:
Start Typing
Skip to content