United States: Direct Marketing Restrictions In The U.S.

Tough new regulations in the U.S. and the European Union ("E.U.") are making direct marketing by phone, fax, and e-mail more difficult. In the U.S., a new "do not call" phone registry, new "do not fax" regulations, and ever increasing e-mail regulation by the states have businesses scrambling to modify their practices. In the E.U., new regulations regarding privacy and the use of data for marketing purposes, as well as unsolicited e-mail restrictions and regulations regarding the use of "cookies" through websites are creating similar havoc for marketers. (See Direct Marketing Restrictions in the E.U. on page 8 for a detailed description of new E.U. marketing restrictions). This article provides a brief overview of some of these new marketing regulations in the U.S., and some suggested actions for businesses to take.

The ongoing debate behind most of these changes is whether many forms of direct marketing should be consentbased (called opt-in) or permitted unless someone objects (called opt-out). Many privacy advocates prefer that all forms of direct marketing be on a opt-in basis. On the other end of the spectrum, direct marketers and businesses that rely on direct marketing, including banks and financial institutions, insurance companies, retailers, and many other industries, prefer fewer restrictions on marketing, and an opt-out regime. Underlying all of this debate is the tension between issues of personal privacy and data protection versus issues of free market capitalism and free marketing for that cause. In the U.S., lawmakers have recently responded to increasing demands from consumers and privacy groups for opt-in or opt-out regulation of direct marketing.

Nearly everyone in the U.S. has heard of the controversy these past few months regarding the National Do Not Call Registry ("Registry"). The Federal Communications Commission ("FCC") began enforcing the Registry on October 1, 2003. The Federal Trade Commission ("FTC") overcame legal challenges on October 7, 2003 to begin its enforcement of the Registry.

Telemarketing in the U.S. is regulated by both the FCC and the FTC, and in many cases, the states.¹ In December of 2002, the FTC amended its Telemarketing Sales Rule ("TSR") to adopt the Registry.² Similarly, in June of 2003, the FCC revised its Telephone Consumer Protection Act ("TCPA")³ rules to establish the Registry in collaboration with the FTC.

The Registry is intended to allow consumers to stop unwanted telemarketing calls by registering their telephone numbers at no cost, thereby establishing an "opt-out" regime for consumers. Telemarketers and sellers are required to access the Registry and "scrub" their own do not call lists. They then may not call consumers who have placed their numbers on the Registry, subject to certain exceptions described below.

Enforcement Power

The FCC and the FTC each have some enforcement power in connection with the Registry, but each agency’s jurisdiction over telemarketing is different. The FTC’s list and regulations will not cover certain entities. These include common carriers, banks, credit unions, savings and loans, companies engaged in the business of insurance, and airlines. The FTC’s jurisdiction does extend, however, to entities that conduct telemarketing activities on behalf of exempt entities. When a bank conducts a telemarketing campaign through a third party telemarketer that is not exempt from the FTC’s jurisdiction, that campaign is subject to the FTC rules. The FCC’s jurisdiction over telemarketing practices is significantly broader than the FTC’s.

Controversy over the Registry ensued almost immediately after the FTC announced its creation. While some 50 million phone numbers have been registered by consumers as of September 2003, there are many who oppose its use. The FTC’s Registry and other amendments to the TSR have been challenged on grounds that the Registry violates the First Amendment and that the FTC exceeded its statutory authority under the Telemarketing Consumer Fraud and Abuse Prevention Act.⁴ Though both agencies are currently enforcing their rules and the Registry, pending legal challenges may affect enforcement.

Exceptions to the Rules

Under the new rules, it is now against the law to call any number on the Registry. It is also against the law to telemarket without first checking the Registry to determine that the number is not in the Registry. However, not all telemarketing calls are subject to the FTC and FCC regulations regarding the Registry. The regulations do not cover calls from political organizations, charities, telephone surveyors, or companies with which a consumer has an existing business relationship. An "existing business relationship" is deemed to exist 18 months from any purchase or transaction, and three months from any inquiry or application. Even where an existing business relationship exists, a consumer may still request that the company not call the consumer, and then the company must comply with that request. Express permission of a consumer may also provide a basis for telemarketing calls to that consumer, if the permission is given in a signed written agreement that includes the telephone number to which the consumer is granting permission to be contacted.

There is some safe harbor protection for inadvertent mistakes. There is a worldwide long arm aspect to the regulations as well. It makes no difference whether a telemarketer operates from within the U.S., or outside of the U.S. If the telemarketer is making calls to U.S. residents, unless otherwise exempt, the telemarketer must comply with the regulations.

Outbound telemarketing activities (calls placed by the telemarketer to the consumer) are covered by the new telemarketing rules. Inbound telemarketing (calls made by consumers to a business, often in response to an advertisement) are not covered, unless the inbound telemarketer engages in "upselling." Upselling occurs when a seller attempts to sell additional goods or services during a single phone call after an initial transaction. There are exceptions to the upselling rules, so businesses that engage in upselling should consult the regulations. The FTC guidance on the rules also exempts business to business calls, except if they involve the sale of nondurable office or cleaning supplies.

Penalties

Non-compliance with the new regulations can be costly. Violators may be subject to fines of up to $11,000 per violation from the FTC, and each call may be considered a separate violation. The TCPA also provides for private rights of action for certain violations, but the FCC has thus far declined to comment about the specific contours of the private right of action.

At the same time that the FCC changed its TCPAregulations regarding the National Do Not Call Registry, the FCC also amended its regulations regarding unsolicited facsimile advertisements. The TCPA prohibits the use of any telephone facsimile machine, computer, or other device to send an "unsolicited advertisement" to any telephone facsimile machine.⁵ An "unsolicited advertisement" is defined as "any material advertising the commercial availability or quality of any property, goods or services which is transmitted to any person without that person’s prior express invitation or permission."⁶ The TCPArequires a person or entity to obtain the prior express invitation or permission of the recipient before transmitting an unsolicited fax advertisement. The express permission must be in writing and include the recipient’s signature. A signature is any signature that is recognized as a valid signature under applicable federal or state law.

Elimination of Existing Business Relationship

Perhaps the most important change to the unsolicited fax rules is the elimination of the existing business relationship ("EBR") rule. It provided companies with the necessary express permission to send faxes to their customers. In June 2003, the FCC reconsidered this position and revoked the EBR rule. The change means that an EBR is no longer a showing of express permission by the recipient to receive a fax, and the sender must now get the express written permission of the recipient, regardless of whether the two parties have an EBR. This converts the prior existing rules into an "opt-in" regime for faxing.

Due to tremendous outcry from businesses and organizations who rely on faxes to communicate to their customers and memberships, the FCC issued an order on August 18, 2003 that delays the effective date of the revised EBR rule. The FCC determined that many organizations needed additional time to obtain the express permission to send faxes. The FCC made clear that it does not intend to reverse its decision to remove the EBR exception to getting permission to send faxes, but only to delay enforcement of it until January 1, 2005. Until that date, a party may send a fax either with the express permission of the recipient, or through an EBR. After January 1, 2005, only the express written permission will provide a basis for sending faxes, regardless of whether the parties have an EBR.

Companies may not fax their permission forms to recipients, even if the recipient has requested such a fax. Rather, the permission form must be obtained through some non-faxing means, such as e-mail or mail. A proper permission form will contain a signature of the recipient (with authority to provide the permission), indicate the fax number to which advertisements may be sent, and clearly indicate the consent to receive faxes.

Companies who rely on faxes, whether on a regular basis or occasionally, will need to amend their customer agreements, terms and conditions, and other transactional documents to include the required permission for sending faxes. Some organizations may want to consider mailing permission forms to existing memberships, or sending e-mail permission forms or "pop-ups" requiring a reply.

In September 2003, the State of California passed what is considered to be the toughest antispam and unsolicited commercial e-mail legislation in the U.S. to date. While many states already have some unsolicited e-mail laws on the books, California included, the new law creates an opt-in system requiring consumer consent to send an unsolicited commercial email. The law, known as S.B. 186, takes effect on January 1, 2004.

The new law prohibits the sending of unsolicited commercial e-mail from or within California, or the sending of an unsolicited commercial e-mail to a California electronic mail address. A California electronic mail address means an e-mail address furnished by a provider that sends bills to a mailing address in California, an e-mail address ordinarily accessed from a computer in California, or an e-mail address of a California resident.

Certain E-mail Permitted

S.B. 186 prohibits unsolicited commercial e-mail unless the recipient asked for information or otherwise provided his or her direct consent to receive the e-mail, or had a preexisting or current business relationship with the sender. Even if a preexisting or current business relationship exists, the sender must still include information that permits the recipient to opt out of receiving future messages. "Preexisting or current business relationship" means that the recipient has made an inquiry and has provided his or her e-mail address, or has made an application, purchase, or transaction, with or without consideration, regarding products or services offered by the advertiser.

In addition to the unsolicited e-mail restrictions, the law contains additional prohibitions aimed at spammers and those who engage them to do campaigns. For example, the law would prohibit collection of e-mail addresses or registering multiple e-mail addresses for the purpose of initiating or advertising an unsolicited commercial e-mail to or from California. Unsolicited e-mail recipients, ISPs, and the Attorney General are all empowered to enforce the law and recover actual damages and/or liquidated damages of $1,000 per transmitted message up to $1 million per incident, as well as attorneys’ fees and costs.

Critics of the new law say that despite its tough approach, the new law will not do much to stem the flow of unsolicited e-mail because so many providers are located offshore and they are difficult to find and prosecute. However, sponsors of the law made clear that they are not just targeting the illicit or less desirable messages. One California senator told the New York Times that California will not differentiate between legitimate businesses and those selling porn, Viagra, and other similar unsolicited e-mail messages. Any business that rents a list of e-mail addresses, or uses its own without the proper consent or business relationship will violate the law.

Any business that relies on e-mail to sell its products and services to new customers should immediately examine its programs, and plan now to be in compliance by January 2004. Even businesses that rely on e-mail to communicate with customers and prospects who make affirmative inquiries should review their existing terms and conditions, privacy notices, and other customer agreements to ensure that they comply with the law and that they contain clear and conspicuous consent language. In addition, opt-out programs must be carefully enforced.

After January 1, 2004, any business that solicits individuals through e-mail who have not given their consent or with whom a business does not have a preexisting relationship will be in violation. There will be no shortage of California consumers, privacy advocates, and lawyers who will be waiting to test and enforce the new law.

Businesses that rely on direct marketing via telemarketing, faxing, or e-mail need to examine their programs immediately to ensure compliance with the new marketing restrictions. Notices and consents will need to be clear and conspicuous, and opt-out databases and programs must be updated and continuously maintained. In some cases, telemarketing, faxing, and e-mail programs may need to stop until a business can get the proper consents in place.

Copyright © 2007, Mayer, Brown, Rowe & Maw LLP. and/or Mayer Brown International LLP. This Mayer Brown article provides information and comments on legal issues and developments of interest. The foregoing is not a comprehensive treatment of the subject matter covered and is not intended to provide legal advice. Readers should seek specific legal advice before taking any action with respect to the matters discussed herein.

Mayer Brown is a combination of two limited liability partnerships: one named Mayer Brown LLP, established in Illinois, USA; and one named Mayer Brown International LLP, incorporated in England.