Header graphic for print

Global Media and Communications Watch

The International Legal Blog for the Tech, Media and Telecoms Industry

Posted in Policy & Regulation

FCC Releases Waiver Order and Two Declaratory Rulings on TCPA Fax Rules

Today the FCC released three Orders relating to the fax requirements under the Telephone Consumer Protection Act (the “TCPA”).

Under the TCPA, it is unlawful for a person to use a fax machine, computer, or other device to send an unsolicited advertisement to a telephone fax machine unless there is an established business relationship between the sender and recipient, the sender has obtained the recipient’s fax number through an acceptable method, and the sender provides certain notices in the fax transmission.

In the three items released today, the FCC granted 117 retroactive waivers to the fax opt-out notice requirement, and issued Declaratory Rulings in response to a petition from Westfax, Inc. relating to efaxes, and from iHire, LLC relating to faxes sent in response to job postings.

FCC Grants Retroactive Waivers to Fax Opt-Out Notice Requirement Under the TCPA

The FCC today granted retroactive waivers of the opt-out requirement for faxes sent prior to April 30, 2015 to 117 petitioners due to previous uncertainty as to whether the FCC’s opt-out notice requirement applied to faxes sent with recipient consent.  The TCPA prohibits the sending of an unsolicited advertisement to a fax machine and fax advertisements sent with prior express invitation or permission of the recipient must include an opt-out notice.

The FCC previously found that a footnote in the order implementing the opt-out notice requirement caused confusion regarding the applicability of this requirement, and granted retroactive waivers to petitioners who sent fax advertisements to recipients who provided prior express consent.  The FCC explained that similarly-situated parties could seek similar waivers. The initial waivers, as well as the waivers issued today do not extend to faxes sent after April 30, 2015, so even entities that received a waiver should already be in compliance with the rule.

The FCC explained that it will not conduct a factual analysis as to whether each petitioner in fact obtained consent – it will leave that a question for triers of fact in private litigation – and assumed for the purposes of the waivers that consent was obtained.

In this Order the FCC also denied the Petition for Declaratory Ruling of Bijora, Inc., which sought clarification that text messages do not require opt-out notices pursuant to the fax opt-out notice requirement.  The FCC said the plain language of the rule clearly applies to fax advertisements, and does not apply to text messages, and denied the petition.

FCC Clarifies that Efaxes are Subject to the TCPA

The FCC released a Declaratory Ruling in response to a petition from Westfax seeking clarification of several questions relating to facsimile messages sent as traditional fax messages and converted to e-mails, or “efaxes.”  The FCC clarified that “efaxes” that are submitted via a conventional fax machine are subject to the TCPA, and consumers have the same protections from unwanted efaxes of this type as from unwanted conventional faxes.

The FCC clarified that the receipt of the fax message by a computer via e-mail meets the statutory requirements under the TCPA for a fax message, and is thus subject to the TCPA.  Further, the FCC clarified that entities that convert faxes to e-mails are not the “recipients” of such faxes under the TCPA because they are not the intended audience of the fax.  The FCC noted that fax messages that begin as e-mails – where the fax is attached to an e-mail message – are not subject to the TCPA.  The FCC declined to determine at what point a fax broadcaster is “sufficiently involved in fax advertising to be liable for TCPA violations” or to establish a “safe harbor” opt-out notice language.

FCC Clarifies that Faxes Promoting Job Placement Services are Advertisements

The FCC released a Declaratory Ruling clarifying that faxes promoting a business’ job placement services are “advertisements” under the TCPA in response to a Petition for Declatory Ruling from iHire, LLC.  In response to job postings, iHire submits messages to employers with summary resumes, as well as information about iHire’s services, in response to job postings, and sought clarification that such fax messages are not advertisements under the TCPA.

In the Declaratory Ruling, the FCC emphasized that incidental advertisements in a communication (such as in a newsletter faxed to a recipient) or communications containing a de minimis amount of advertising information (i.e. a company logo on an account statement) do not convert an entire communication into an advertisement.  In making the determination that a communication is an advertisement, the FCC will consider the amount of space devoted to advertising compared to the amount of space utilized for information, as well as the “primary purpose of the communication.”

In this case, the FCC stated that iHire’s faxes aimed to generate enough interest in job candidates to induce employers to visit iHire’s website and purchase access to full resumes and other iHire paid services. The FCC explained that because two thirds of the printed lines in the iHire faxes encouraged recipients to visit iHire’s website, and the primary purpose of the faxes was advertising, these faxes are advertisements under the TCPA.

Posted in Data Protection & Privacy Eduardo Ustaran

Influential OECD Report Sets Out Future Challenges for the Digital Economy

OECD_logo_new_svg_-300x76The Organisation for Economic Co-operation and Development (OECD) has published its 2015 Digital Economy Outlook (“Report”), a survey of changes and opportunities in, and challenges arising from, the digital economy.  The Report identifies three broad trends for member countries and their partners to focus on in digitising their economies:

  1. Realising the full potential of the digital economy

Technological developments have fuelled the growth of trade in information and communication technology (ICT) manufacturing and services, but there opportunities for further growth.  In particular, the OECD recommends that spectrum usage be planned more efficiently, to allow specialised use of fixed and mobile networks.  New technologies such as cloud computing and enterprise resourcing software are identified as a growth area for businesses, while from a social perspective more could be done to promote services like e-government and online banking.

Continue Reading

Posted in Data Protection & Privacy Paul Otto

NIST Requests Input on Revised Cryptographic Standards

500px-NIST_logo_svg_1-300x79On August 12, the National Institute of Standards and Technology (NIST) published a Request for Information (RFI) to help develop the next generation of technical encryption standards used by the U.S. Government and federal contractors to protect sensitive information. The new standard will update Fair Information Processing Standard (FIPS) 140-2, which has provided the baseline requirements for the development, testing, and validation of cryptographic modules since 2001. While the RFI seeks input on several questions, NIST is primarily interested in the risks and benefits of transitioning—in whole or in part—to a competing standard developed by the International Standards Organization and International Electrotechnical Commission: ISO/IEC 19790:2012.

Continue Reading

Posted in Data Protection & Privacy

FTC Settlement Reinforces Lessons for Data Broker Industry

ftc-logo-150x150The FTC has brought a number of actions over the years against companies that shared or failed to protect consumer information in violation of privacy policy promises or transferred data in violation of specific laws, such as the Fair Credit Reporting Act.  In what may be viewed as charting new territory, the FTC recently brought a second action against a data broker for selling payday loan application information to entities that were not engaged in making any kind of loans to consumers. Both sets of defendants purchased payday loan application information from online payday loan websites where consumers provided personal information, including financial institution account information, on the applications.  The defendants purchased the application information from the websites and sold the information to third parties who did not make payday loans to consumers, but rather made unauthorized charges to consumers’ accounts.  The Commission alleged that the selling of such sensitive information was unfair.

Continue Reading

Posted in Data Protection & Privacy Natalia Gulyaeva

Russia Introduces a Right to be Forgotten

Russian-Flag-150x99With the aim of keeping pace alongside European practice, on July 13th 2015, the Russian President signed into law a bill amending the Federal Law “On Information, information technologies and on protection of information” No. 149-FZ of 27 July 2006. This law (the “Law”) introduces in Russia the so-called “right to be forgotten” or “right to oblivion” and will take effect on January 1st 2016.

Under the Law, upon receiving a request from an individual, search engines must cease listing links to Internet pages with information on the individual where such information is:

  • unlawfully disseminated;
  • untrustworthy;
  • outdated; or
  • irrelevant (i.e. it has lost its importance to the individual due to subsequent events or actions of the individual).

Continue Reading

Posted in Data Protection & Privacy Lilly Taranto

Recap on the ICO Stance on Data Security

ICO-LogoThe UK’s Information Commissioner’s Office (ICO) is known to prefer an “engaging” rather than an enforcement approach with organisations.  However, when looking at the “action we’ve taken” page on the ICO website the ICO’s enforcement activity seems to be increasing by the day.  While the ICO has stated that it wants to focus its enforcement efforts going forward on unsolicited marketing, such as nuisance messages and calls, breaches of security requirements have to date attracted the majority of the ICO’s enforcement attention.  Therefore, organisations operating in the UK would be well-served to focus on understanding and adhering to the ICO’s expectations for data security compliance.

Continue Reading

Posted in Copyright Diana EttigTheresa HousePatsy Wilson

TMT2020: Comparing EU and U.S. Copyright Protection Frameworks for Non-literary Texts

GMCQ WatchEditor’s note: We are excited to present this first entry in our new TMT2020 series, which reflects the key technology, media, and telecoms legal issues that are expected to impact today’s organizations and tomorrow’s marketplace. It also provides an opportunity to highlight contributions by TMT associates across our global offices and practice areas.

In today’s business world, non-literary texts are of great economic value. They often hold know-how and reflect the specific skill and competence a company offers to its customers. Thus, the question how to adequately protect non-literary, functional texts is more important than ever. In this post, we shine light on whether and to which extent copyright protection is available for this kind of texts both within the European Union and the United States.

Continue Reading

Posted in Data Protection & Privacy Natalia GulyaevaBret Cohen

Russia Update: Regulator Publishes Data Localization Clarifications

1The Russian Ministry of Communications, the agency that oversees the Russian data protection authority which will be enforcing Russia’s Data Localization Law, published unofficial clarifications on its website that provide a view into how the Ministry believes organizations must comply with the law. While these clarifications are non-binding, they constitute the only written regulatory guidance that has been published to date about the law, which takes effect on 1 September and requires organizations that collect personal data from individuals located in Russia to store that data within Russian territory.  The Ministry’s website also provides a mechanism to ask further questions online.

In this blog post, we summarize the main issues raised in the published clarifications, and the possible impact on global businesses seeking to comply with the law.

Continue Reading

Posted in Data Protection & Privacy, Policy & Regulation Mark ParsonsEugene Low

A Right to be Forgotten in Hong Kong?

9251839_Text_imagesA recent appeal against an enforcement notice issued by the Privacy Commissioner for Personal Data of Hong Kong raised an interesting and highly controversial issue as to whether, and to what extent, individuals in Hong Kong have a “right to be forgotten” entitling them to deletion of personal data in the public domain.

This label of “right to be forgotten” gained significant publicity following a landmark ruling of the European Court of Justice (ECJ) in May 2014 where it held that under certain circumstances search engines are obliged to remove results if they link to webpages that contain information infringing the privacy of EU citizens. The rationale behind this right is to avoid indefinite stigmatisation or censure due to information available about a specific action performed in the past, or at least to avoid search engines producing results that aggravate the resulting harm to affected individuals.

Continue Reading

Posted in Data Protection & Privacy Winston Maxwell

French Surveillance Law Permits Data Mining, Drawing Criticism from Privacy Advocates

French-BinaryAdopted by Parliament in June 2015, France’s new surveillance law was ratified by the President on July 24, 2015 and published in France’s Official Journal on July 26, 2015.  France’s Constitutional Court (“Court”) reviewed the law prior to its ratification and issued an opinion on July 23, 2015 requiring deletion of certain measures that the Court felt were incompatible with constitutional principles.  However a number of observers were surprised that the Court validated a provision of the law allowing intelligence agencies to deploy algorithms to analyze traffic and log data to detect potential terrorist threats.  To some lawyers, analyzing the traffic and log data of the entire population of France violates the proportionality principle set forth in the European Court of Justice’s Digital Rights Ireland decision.

Continue Reading