Stay ADvised: What's New This Week, March 30
- FCC Declaratory Ruling OKs Emergency Robocalls in Fight Against COVID-19
- EU Privacy Regulators Clarify Data Protection Rules in Response to COVID-19
- After FTC Settlement, Nutritional Co. to "Rejuvi"-nate Its False Ads
- U.K. Proposes Labeling Political Ads
FCC Declaratory Ruling OKs Emergency Robocalls in Fight Against COVID-19
The Federal Communications Commission (FCC) has issued a declaratory ruling confirming the current COVID-19 pandemic is an emergency, thus activating the “emergency purposes” exception to the Telephone Consumer Protection Act (TCPA) restrictions on calling and sending text messages to mobile devices.
The TCPA generally prohibits calls to a wireless telephone number without the recipient’s express consent. However, the law provides an exception from this consent requirement for “emergency purposes.” In this ruling, the FCC allows health and public safety officials to respond to health emergencies and communicate important information to the public in a timely manner without fear of violating the law. Specifically, the ruling is intended for “instances [that] pose significant risks to public health and safety, and [where] the use of prerecorded message calls could speed the dissemination of information regarding . . . potentially hazardous conditions to the public.”
By issuing this ruling, the FCC confirmed that the COVID-19 pandemic qualifies as an “emergency” under the TCPA. The FCC’s March 20, 2020 COVID-19 “emergency purposes” exception authorizes “hospitals, health care providers, state and local health officials, and other government officials [to] lawfully communicate information about the novel coronavirus as well as mitigation measures” without having to receive prior express consent from the called party.
However, the FCC stressed that not all calls about COVID-19 from authorized individuals and entities qualify. In fact, the exception is quite narrow and applies only to calls relaying time-sensitive information related to the outbreak:
"First, the caller must be from a hospital, or be a health care provider, state or local health official, or other government official as well as a person under the express direction of such an organization and acting on its behalf. Second, the content of the call must be solely informational, made necessary because of the COVID-19 outbreak, and directly related to the imminent health or safety risk arising out of the COVID-19 outbreak."
Among the types of automated calls that would fall under the exception include a hospital call communicating COVID-19 status, a call informing the public about emergency measures related to the pandemic, or a call by a county official informing residents about “Stay Home” orders or quarantine requirements, said the FCC.
Advertising and telemarketing calls do not fall under the exception, even if stemming from health-related treatments or services related to the pandemic (e.g., grocery delivery services, cleaning services, or home test kits). Neither would debt-collection calls related to COVID-19 healthcare debt.
Even though the declaratory ruling clarifies that the “emergency exception” has been triggered by the COVID-19 pandemic, the exception is quite narrow in application. Only healthcare and government calls that “affect the health and safety of consumers” and are related to “an imminent health or safety risk” are exempt from the TCPA. Advertisers should take note the FCC specifically stated that the exception does not apply to telemarketing calls.
Additionally, the FCC deliberately communicated that it would continue its work against illegal robocalls, enforcing action against “unscrupulous callers” who “should not view the relief we provide here as a retreat from our aggressive work to combat illegal robocalls.”
EU Privacy Regulators Clarify Data Protection Rules in Response to COVID-19
With the COVID-19 pandemic compelling countries around the world to take drastic emergency action, questions arise concerning the use of personal data in an emergency. In this context, the European Union’s data protection authorities recently issued guidance clarifying how to handle personal data during this emergency while balancing privacy rights governed by the European General Data Protection Regulation (GDPR) and other European privacy regulations.
The GDPR provides for emergency exceptions to data protections for health and employment organizations to process personal data without obtaining consent. For example, personal information may be processed to protect the public and in the interest of public health.
The European Data Protection Board (EDPB) said that while there are exceptions allowing for certain personal data to be used without consent in this emergency, electronic communication data is still a protected category and must be processed anonymously.
This means that even during the COVID-19 pandemic, employers and health organizations must process location data “in an anonymous way.” For example, by generating reports showing the concentration of cellphones in a particular area rather than the location of one specific telephone.
If these safeguards are not possible to implement, member states may introduce emergency legislation addressing these concerns, but any measure must still “put in place adequate safeguards, such as granting individuals the right to judicial remedy,” said the regulators.
The EDPB’s guidance comes as several European Union member states recently issued contradictory guidance on the issue. While acknowledging that European privacy laws “do not hinder measures taken in the fight against the coronavirus pandemic,” Austrian Data Protection Authority and chair of the EDPB Andrea Jelinek stressed that there are limits to the use of data in this emergency situation and that “even in these exceptional times ... [companies] must ensure the protection of the personal data of the data subjects.”
Although noting there were “a number of considerations” at play to “guarantee the lawful processing of personal data,” Jelinek stressed the importance of keeping electronic communication data, particularly location data, anonymous, even in this emergency. Hard-hit Italy also recommended companies not collect individual information about employees’ current health status.
On the other hand, Ireland’s Data Protection Commissioner authorized employers to ask individuals about their travel histories and symptoms, while saying any such data processing should be necessary and proportionate. France opted not to encourage data processing “beyond the management of suspected exposure to the virus.”
The EDPB’s guidance highlights the delicate balancing act Europe faces in dealing with an unprecedented public health threat while endeavoring to uphold its privacy regulations. Key here is the distinction between personal data and electronic communications data. Existing personal data that can help in the fight against the virus may be processed without consent in an emergency under European privacy regulations, but electronic communications such as location data must remain anonymous.
After FTC Settlement, Nutritional Co. to "Rejuvi"-nate Its False Ads
The Federal Trade Commission (FTC) has settled charges against a Nevada supplement company accused of deceptively marketing its products as a cure for multiple (or even all) ailments.
According to the FTC complaint, Nevada-based Health Center, Inc. (HCI) and its owner Peggy Pearce marketed three products promising relief from all kinds of maladies, including cancer, diabetes, Alzheimer’s disease, heart disease, obesity, rheumatoid arthritis, and depression. The first was a homeopathic oral spray called Rejuvi-Cell which the company said contained human growth hormone but, according to the FTC, actually contained pig growth hormone. The second, Rejuvi-Sea, was a caplet allegedly containing marine phytoplankton. And the third, Rejuvi-Stem, was touted as a “a ‘stem cell recruiter’ that enhances, releases, and recruits adult stem cells so they can migrate to parts of the body where [they are] needed most.”
The company claimed that research and clinical studies supported its health claims, but the FTC took issue with such assertions, finding that HCI and Pearce had no such substantiation or scientific bases for making its promises to unwitting consumers.
Moreover, the FTC claimed that on top of HCI’s false pronouncements regarding its “Rejuvi” line of products, the company also advertised fabricated testimonials. One example cited in the complaint involved an alleged “consumer” from Connecticut who raved that after taking Rejuvi-Cell “for a week my excruciating arthritis pain was gone. Also, I sleep like a baby.” These positive reviews, said the FTC, were actually drafted by employees of HCI.
The FTC’s complaint seeking a permanent injunction and equitable relief alleged that HCI and Pearce’s activities, which were directed to seniors, violated the FTC Act and the Telemarketing Sales Rule since the products were sold by telephone.
For now, the order against the defendants spares (somewhat) their wallets. In addition to barring them from engaging in any of the deceptive conduct alleged in the complaint, the proposed settlement imposes a monetary penalty of $8.62 million, all of which but $5,000 is suspended due to their inability to pay the full amount. The full amount will become immediately due if the FTC finds the defendants were not truthful in the documentation they provided demonstrating their inability to pay the full penalty.
Although COVID-19 is foremost on everyone’s mind, this announcement signals the FTC is open for business as usual and will continue to pursue actions against unscrupulous marketers of the garden variety, such as the seemingly endless number of companies advertising deceptive health products. As Andrew Smith, Director of the FTC’s Bureau of Consumer Protection put it: “This company told older adults that its products could treat nearly any disease or health condition—but that was not true. When bogus claims put people’s money and health at risk, the FTC will hold companies accountable for their deception.”
U.K. Proposes Labeling Political Ads
The United Kingdom’s Law Commission has proposed regulations that would require online political advertisements to be labeled or “imprinted” with information identifying the source and sponsor of the ad. This proposal was part of a recent report proposing a number of other changes to U.K. electoral laws. The Law Commission is an independent body tasked with reviewing and recommending reforms to the nation’s laws.
The Commission proposed the changes to the political advertising rules after citing a “very real risk of the electoral process losing credibility.” Changes to digital advertising methods, including micro-targeting, have also made it harder to tell whether a political ad has been paid for by a national group or by a constituency (an electoral district).
To remedy this, the Law Commission proposed disclosure requirements for digital ads that are currently imposed on print advertisements. These “digital imprints” would be required to disclose the name of the publisher that paid for the ad and other information.
“Without knowing who is responsible for material, it is difficult to tell when an offence has been committed, or to enforce the campaign expenditure rules,” noted the Commission. “Being able to track the origin of campaign material is also important for voters, as it enables them to assess its credibility.”
“We think the imprinting requirement should be modified to reflect the growth of online campaigning and the use of social media in recent years. The U.K. government is already considering how the imprinting requirement should be applied to online campaign material,” wrote the report authors.
According to the Commission, the U.K.’s electoral law is in serious need of reform. The law is spread out across a number of scattered statutes and regulations and was last updated in the Victorian era. The goal of the proposal is to modernize electoral law and condense it into a cohesive legislative framework.
Other changes to the electoral law proposed by the Commission include expanding the conditions when polls may be suspended in case of an emergency, reforming the method for challenging election results, and introducing tougher sentences for election fraud.
Given the prevalence of “fake news” and election interference online, the U.K. Commission’s recommendations to provide more information about political ads come as no surprise. They also mirror steps taken in some parts of the United States. Recently, a San Francisco judge upheld a local law requiring political advertisers to disclose their biggest donors. However, in Maryland a law requiring online platforms to disclose information about political ads was ruled unconstitutional.