1	Privacy and Wireless Spam Don’t Forget FCC Rules When Constructing Your CAN-SPAM Compliance Program by Ronald London
2	CAN-SPAM Act of 2003 – Overview The Controlling the Assault of Non-Solicited Pornography and Marketing (“CAN-SPAM”) Act of 2003 regulates a wide variety of commercial electronic messages and other practices: Predatory and abusive commercial email (§ 7703) General commercial use of email (§ 7704) Email address “harvesting” and “dictionary attacks” (§ 7704) Sexually oriented commercial email (§ 7704) False or misleading email (§ 7705) Wireless email (§ 7712)
3	CAN-SPAM Act of 2003 – Overview Applies regardless of whether commercial emails are sent to consumers or contacts at businesses Preempts conflicting state spam laws, except those prohibiting false or deceptive email Imposes restrictions on both “initiators” and “senders” of commercial email “Sender” is entity that initiates a commercial email and whose product/service is advertised “Initiator” is entity that originates or transmits or procures the origination or transmission of email
4	Wireless “Email” Compliance Which rules apply? Electronic textual mail messages can be sent to wireless phones via either email addresses or phone numbers Only “mobile service commercial messages” (“MSCMs”) sent to email addresses are subject to the CAN-SPAM Act and FCC rules implementing it “Emails” sent to phone numbers are Short Message Service (“SMS”) messages subject to the Telephone Consumer Protection Act (“TCPA”) and FCC rules implementing it
5	Rules for MSCMs Do CAN-SPAM requirements apply? Most provisions of CAN-SPAM Act and rules apply only to “commercial electronic mail messages” (of which MSCMs are a subset) Most provisions do not apply to “transactional” or “relationship” messages Whether a message is a commercial email depends on whether its “primary purpose” is commercial advertisement of a commercial product or service
6	Rules for MSCMs – “Primary Purpose” “Primary purpose” is defined in FTC rules FTC rule controls for purposes of FCC rules governing wireless emails as well Rule divides all email into single-purpose and dual-purpose email Results in four categories (two single-purpose and two dual-purpose) based on nature, placement and amount of commercial content
7	Criteria to Determine Primary Purpose Single-purpose emails If email contains only commercial content, primary purpose is commercial If email has only transactional or relationship content, its primary purpose is transactional or relationship and is not a commercial email
8	Transactional/Relationship Content Facilitates, completes or confirms a transaction into which recipient previously entered with sender Warranty, recall, or safety information about a product or service the recipient already uses or purchased Notice of a change in terms, features or recipient’s standing or status regarding an account, subscription, membership or comparable ongoing relationship, or of balance or similar account data at regular intervals Information directly related to employment relationships or related benefit plans in which the recipient is currently enrolled Delivers goods or services, including product updates or upgrades, to which the recipient is entitled under a transaction previously entered with sender
9	Criteria to Determine Primary Purpose Dual-purpose emails If email contains commercial and transactional or relationship content, primary purpose is commercial if: Recipient reasonably interpreting subject line likely would conclude message advertises or promotes a product or service, or The email’s transactional or relationship content does not appear in whole or substantial part at the beginning of the body of the email
10	Criteria to Determine Primary Purpose Dual-purpose emails (cont.) If email has both commercial content and content that is neither commercial nor transactional or relationship, primary purpose is commercial if: Recipient reasonably interpreting subject line likely would conclude message advertises or promotes a product or service, or Recipient reasonably interpreting body of email likely would conclude primary purpose of the message is the commercial advertisement or promotion of a product or service
11	FCC Rules for MSCMs – Prohibition General Prohibition The FCC rules prohibit sending MSCMs to email addresses that incorporate domain names on the official list of wireless domain names the FCC has compiled and will maintain The prohibition applies where a domain name has been listed for at least 30 days, or at any time prior to the 30 days if the sender otherwise knows a message it seeks to send is addressed to a wireless device
12	FCC Rules for MSCMs – Compliance FCC Wireless Domain Name List By March 9, 2005, senders of MSCMs should have accessed the FCC list of wireless domain names at www.fcc.gov/cgb/policy/DomainNameDownload.html Senders of MSCMs must check the list at least monthly to ensure compliance with any newly listed domains within 30 days of their addition
13	FCC Rules for MSCMs - Exception Express Prior Authorization Key exception to the general prohibition is where an addressee gives a sender express prior authorization May be oral, or in writing on paper or electronically The burden to obtain express prior authorization prior to sending any MSCMs lies with senders For complaints, sender bears burden of proof to show prior authorization whether obtained in writing or orally Whether oral or written, authorization must be “express,” i.e., be prior to sending any MSCM and include the email address to which MSCMs may be sent Express prior authorization may not be obtained in the form of a “negative option”
14	FCC Rules for MSCMs - Exception Express Prior Authorization (cont.) Consumers must not be required to bear any additional cost to receive a request for authorization Senders may offer other, non-cost-free options to respond, but they must be clearly marked as such and there must be a way to respond without incurring costs Senders are thus prohibited from sending initial requests for authorization to wireless devices
15	FCC Rules for MSCMs – Prior Authorization Form and Proof of Prior Authorization Written may be on paper or electronic such as email Must have a “signature” or digital equivalent Senders who choose to obtain oral authorization must take reasonable steps to ensure it can be verified If sender uses a website to obtain authorization, then: Subscriber must have opportunity to input the specific email address for which MSCM authorization is provided It must require “affirmative action” by the subscriber and satisfy all disclosure requirements
16	FCC Rules for MSCMs – Prior Authorization Form and Proof of Prior Authorization (cont.) FCC admonitions MSCMs should be sent only to wireless devices of receptive subscribers “Strongly suggests” senders document authorizations promptly Senders should confirm the email address for which authorization is granted by sending a confirmatory notice and requesting a reply to it
17	FCC Rules for MSCMs – Prior Authorization Disclosures in Obtaining Prior Authorization Senders must provide notice, at the time they obtain express prior authorization, that: The subscriber is agreeing to receive MSCMs sent to a wireless device from the sender The subscriber may be charged by the wireless service provider in connection with receipt of the messages The subscriber may revoke authorization to receive MSCMs at any time
18	FCC Rules for MSCMs – Prior Authorization Form of Prior Authorization Disclosures Notices provided at time of obtaining express prior authorization must be: Legible, of sufficiently large type (or if audio of sufficient volume), and placed so as to be readily apparent Separate from other authorizations and not bundled with advertising Sufficient to identify the sender of the MSCM and the entity advertised or promoted if different from sender
19	FCC Rules for MSCMs – Prior Authorization Form of Authorization Disclosures (cont.) Additional requirements for disclosures: If authorization is oral or on a website all disclosures still must be made If any portion of the disclosures are translated into another language, all portions must be translated into that language
20	FCC Rules for MSCMs – Prior Authorization Duration of Authorization If subscriber who gave prior express authorization to MSCMs notifies sender of wish not to receive them anymore, sender must cease sending MSCMs within 10 business days of request (unless the FTC changes that time in a CAN-SPAM rulemaking) Express prior authorization need only be secured once from a recipient (unless and until revoked), but if obtained prior to FCC rules taking effect it does not qualify unless it meets all the requirements in rules
21	FCC Rules for MSCMs –Prior Authorization Scope of Express Prior Authorization Subscribers may limit extent of authorization, such that: Provision of email address for a specific purpose is not express prior authorization for sending MSCMs in general To the extent a sender allows subscribers to choose the types of MSCMs from that sender and authorization is for those specific types of messages, sender may transmit only those types of MSCMs Authorization to a sender does not entitle it to send MSCMs for third parties, including affiliates/marketing partners
22	FCC Rules for MSCMs – Opting Out Revocation of Prior Authorization – Opt Out All commercial email, including MSCMs, must include clear and conspicuous return email addresses or other Internet-based mechanism for responding Senders of MSCMs must provide recipients with access to whatever mechanism to which they were given access in order to grant express prior authorization Senders also must include basic instructions by which to use the mechanism to reject further transmissions
23	FCC Rules for MSCMs – Opting Out Revocation – Opt Out (cont.) The means by which recipients notify a sender that a recipient does not wish to receive further MSCMs can impose no new requirements on the recipient beyond that imposed to provide prior express authorization Senders may not subject subscribers to further ads or solicitation in procedure used to reject future messages All mechanisms for acquiring prior authorization must remain capable of receiving and honoring rejection of further messages for at least 30 days after any MSCM
24	FCC Rules for SMS General Prohibition The TCPA and FCC rules prohibit all calls using an automatic telephone dialing system or prerecorded message to any phone number assigned to a paging, cellular, SMR, or other similar wireless service Autodialer prohibition encompasses voice calls and text calls, including SMS text messaging, i.e., textual “email” or other messages sent to wireless phone numbers
25	FCC Rules for SMS – Exception Prior Express Consent Key exception to general prohibition for commercial messages is where an addressee gives a sender prior express consent However, once the hurdle of consent is cleared to make the call permissible, it becomes subject to other TCPA restrictions and obligations
26	FCC Rules for SMS – Prior Express Consent Obtaining Prior Express Consent Prior express consent to prerecorded messages, including SMS messages, may be oral or written However, written consent evidenced by a signed, written agreement is needed if phone number to which the SMS message is sent is on the Do-Not-Call Registry In both cases, consent must be “express,” not implied Capturing number by caller ID, etc., not sufficient Even for consent that need not be written, SMS senders must be able to provide “clear and convincing evidence” that they had prior express consent
27	FCC Rules for SMS – Other Requirements Do-Not-Call Restrictions Companies making commercial calls under the TCPA must abide by company-specific do-not-call rules, including internal do-not-call list and honor such requests for five years Also must follow National Do-Not-Call Registry rules Must purchase registry and not send messages to numbers on it, and/or Messages must fall within registry exceptions (such as established business relationships or tax-exempt non-profit endeavors)