For additional information see the Ad Law Access blog posts:

• Taking Stock of the TCPA in 2019: What is an “Autodialer”?
• FCC Reaffirms Potential TCPA Liability for Text Message Platforms

For a deeper focus on TCPA-related issues at the FCC, listen to the “Inside the TCPA” series on Kelley Drye Full Spectrum.

The Ad Law Access podcast is available now through Apple Podcasts, Spotify, Google Podcasts, SoundCloud, and other podcast services.

This webinar series will commence January 25 and continue the last Wednesday of each month, as outlined below.

January 25, 2017, February 22, 2017, March 29, 2017, April 26, 2017, June 28, 2017, July 26, 2017, September 27, 2017, October 25, 2017, and November 29, 2017

Kicking off the series will be a one-hour webinar on “Marketing in a Multi-Device World: Update on Cross Device Tracking” on January 25, 2017 at 12 PM ET.

CLE credit will be offered for this program.

And for those of you that have not through the guidance recently…or at all… here is a quick summary:

Transparency: The privacy policy must disclose the fact that data collected from a particular browser or device may be used with another computer or device that is linked to the browser or device on which such data was collected, or transferred to a non-affiliated third-party for such purposes. The notice should also include a clear and prominent link to a disclosure that either (1) links to the industry-developed website or choice mechanism that provides the consumer with choices over these practices, or (2) individually lists the third-parties that are engaged in cross-device tracking.

Consumer Control: Consumers must have the ability to exercise choice (i.e., an opt-out mechanism) concerning cross-device tracking.

Although the DAA published the guidance last year, it has delayed enforcement to allow companies time to come into compliance. The guidance on cross-device tracking will be independently enforced by the Council of Better Business Bureaus (CBBB) and the DMA (formerly the Direct Marketing Association), which provide ongoing independent oversight of the DAA Principles.

What does this mean for you? If you are actively engaging in cross-device tracking, or have implemented beacons or other technologies that permit cross-device tracking to occur on your website or app, be sure that your privacy policy and other public-facing materials provide consumers with appropriate notice and choice about your cross-device tracking practices.

Thank you again for attending the Summit. We hope you enjoyed the content and opportunity to connect with others who regularly handle advertising and privacy issues. The presentations and supporting materials from the Summit and Boot Camp are also available on our blog using the same KelleyDryeAdLaw password. We welcome your feedback, so please send it to [email protected].

To stay up to date throughout the year and learn the latest developments on consumer protection issues, please subscribe to our blog, Ad Law Access, follow us on LinkedIn, Facebook, Twitter.

See you in 2017!

InMobi’s Practices

InMobi provides an advertising platform for app developers and advertisers. App developers can integrate the InMobi software development kit (SDK) for its Android and iOS apps, allowing them to monetize their applications by allowing third party advertisers to advertise to consumers through various ad formats (e.g., banner ads, interstitial ads, native ads). Advertisers, in turn, can target consumers across all of the mobile apps that have integrated the InMobi SDK.

InMobi also offers several geo-targeting products, which allow advertisers to target consumers based on specific location information. For instance, advertisers could target consumers based on their device’s current or previous location, or if the consumer visits a certain location at a particular time of day or on multiple occasions.

FTC Charges

The FTC alleges that InMobi mispresented that its advertising software would track consumers’ locations and serve geo-targeted ads only if the consumer provided opt-in consent, and only when it was done in a manner consistent with their device’s privacy settings. According to the complaint, InMobi was actually tracking consumers’ locations whether or not the apps with InMobi SDKs requested consumers’ permission to do so, and even when consumers had denied permission to access their geolocation.

Even when users had denied the app permission to access geolocation, InMobi was collecting information about the WiFi networks that the consumer’s device connected to or that were in-range of the consumer’s device, feeding this information into its geocoder database, and using this information to infer the consumer’s longitude and latitude. The FTC claims that this process allowed InMobi to track the consumer’s location and serve geo-targeted ads, regardless of the app developer’s intent to include geo-targeted ads in the app, and regardless of the consumer’s privacy preferences or device settings. As a result of these practices, app developers could not provide accurate information to consumers regarding their apps’ privacy practices. The FTC concluded that InMobi’s misrepresentations regarding its data collection and use practices were deceptive in violation of Section 5 of the FTC Act.

In addition, the complaint alleges that InMobi violated COPPA by knowingly collecting personal information from children under the age of 13, despite representations to the contrary. The FTC claims that InMobi did not have adequate controls in place to ensure COPPA-compliance and did not test any controls it implemented to ensure they functioned as intended. As a result, InMobi collected personal information (including unique device identifiers and geolocation information) in thousands of apps that developers had expressly indicated to InMobi were child-directed, and used this information to serve interest-based, behavioral advertising in violation of COPPA.

Settlement Provisions

Per the stipulated order, the company is prohibited from collecting consumers’ location information without their affirmative express consent and will be required to honor consumers’ location privacy settings. The company is further prohibited from violating COPPA and from misrepresenting its privacy practices. The order also requires the company to delete all information it collected from children, delete the location information collected from consumers without their consent, and establish a comprehensive privacy program. The comprehensive privacy program is typical of what we see in other FTC privacy settlements. It has provisions governing the designation of a responsible employee to oversee privacy compliance, requiring ongoing assessment of risks that could result in unauthorized collection of information, mandating implementation of reasonable privacy controls, requiring regular testing and evaluation of such controls, and addressing service provider oversight. Under the terms of the settlement, InMobi is subject to a $4 million civil penalty, which was suspended to $950,000 based on the company’s financial condition.

Key Takeaways

Mobile technology practices continue to be a focus of the FTC’s consumer protection efforts. Companies collecting personal and geolocation information from consumers should understand precisely what information will be collected from or about a user, clearly and accurately communicate its data practices, and respect any representations that are made. Particular care should be taken when collecting information through child directed apps and websites. Taking these simple steps can help avoid FTC scrutiny with respect to a company’s privacy practices and related representations.

But rather than simply confirm receipt of the listener’s text, the plaintiffs alleged that the messages frequently included ads for the company’s partners. For example, when the plaintiffs sent a text message to enter a contest, they received a response inviting them to “play us in the brand new version of Words With Friends.” The text message included a link that led the recipient to the Words With Friends download page on their phone’s app store.

It’s tempting to think that a person’s text to your company constitutes consent to text them back, but it’s not that easy. While you may be able to send a simple confirmation of receipt, in order to send an ad, you need prior express written consent. Without that, you could be liable for statutory damages of up to $1,500 per text sent without consent. As this settlement demonstrates, those numbers can quickly add up.

FTC Allegations

The FTC first filed its complaint against Amazon in district court in July 2014, alleging that the billing of parents and other account holders for in-app purchases incurred by children “without having obtained the account holders’ express informed consent” violated Section 5 of the FTC Act. Many of the apps offering in-app purchases were geared towards children and offered as “free” with no indication of in-app purchases. These in-app charges generally ranged from $0.99 to $99.99, but could be incurred in unlimited amounts. The FTC alleged that, while the app developers set the price for apps and in-app purchases, Amazon retained 30% of the revenue from every in-app sale.

The complaint alleged that when Amazon first introduced in-app charges in November 2011, the default setting initially permitted in-app purchases without a passcode, unless this setting had been enabled by the user in the parental controls. Following a firestorm of complaints by parents surprised to find these in-app charges, Amazon introduced a password prompt feature for in-app charges of $20 or more in March 2012. This initial step, however, did not include charges that, in combination, exceeded $20. In August 2012, the FTC notified Amazon that it was investigating its in-app billing practices.

Amazon began to require password prompts more frequently beginning in February 2013, only if the purchase initiated was over $20, a second in-app purchase was attempted within five minutes of the first, or when parental controls were enabled. Even so, once a password was entered, in-app purchases were often authorized for the next hour. Amazon continued to refine its in-app purchase process over the next few months, identifying that “In-App Purchasing” was available on an app’s description page, and adding a password requirement for all first-time in-app purchases, among other things.

The Court’s Order

The FTC moved for summary judgement in February 2016. In it April 27 order, the court granted the FTC’s summary judgement motion finding that: (1) the FTC applied the proper three-prong legal test for determining unfair business practices (e.g., a substantial injury that is not reasonable to consumers, and not otherwise outweighed by countervailing benefits); (2) the FTC’s witness used to calculate money damages was timely disclosed, even though she was identified after the discovery cut-off date since the FTC made its intentions to seek monetary relief known from the beginning; and (3) Amazon’s business practices around in-app purchases violated Section 5.

First, the court (in its heavily-redacted order) reasoned that there was substantial injury to consumers due to the significant number of in-app purchases. Even though Amazon provided refunds to consumers, the court concluded that many customers were never aware they had made an in-app purchase, and those who were aware spent significant time contesting the charges.

Second, the court also found that the injury was not reasonably avoidable by consumers, because consumers were generally unaware of the possibility of in-app purchases until June 2014, since notices were not conspicuously placed in the app’s description page, and even when passwords became required for certain in-app purchases these prompts did not indicate that users could make multiple charges within a given timeframe. Lastly, the court found that Amazon’s billing practices around in-app purchases did not benefit consumers or competition.

The court is requiring further briefing to determine the extent of damages and how much in refunds should be provided to consumers. Nonetheless, the FTC’s initial complaint identified that Amazon received tens of millions of dollars from its cut of the in-app purchases.

The Bottom Line

The court’s analysis is significant in that it imputes third-party liability on a company when such company knew or should have known of the challenged conduct, financially benefited from such conduct, and failed to take appropriate or prompt steps to address consumer concerns. We have seen this analysis in previous FTC actions, and will likely continue to see them in the future.

You consent to receive autodialed or prerecorded calls and text messages from PayPal at any telephone number that you have provided us or that we have otherwise obtained. We may place such calls or texts to (i) notify you regarding your account; (ii) troubleshoot problems with your account; (iii) resolve a dispute; (iv) collect a debt; (v) poll your opinions through surveys or questionnaires, (vi) contact you with offers and promotions . . . .

Although the TSR permits telemarketing calls to numbers on the Registry if a consumer has provided express written consent to receive such calls, the proposed language did not meet the requirements for the exception. The staff noted, for example, that the request seeking consent must be “clear and conspicuous” and cannot be “buried” in a lengthy user agreement. Moreover, calls may only be placed to a number specified by a consumer – not to any number "otherwise obtained."

On June 29, 2015, PayPal revised the proposed language such that the company only reserved rights to place calls or texts to “(i) provide notices regarding your Account or Account Activity, (ii) investigate or prevent fraud, or (iii) collect a debt owed to us.” Based on these changes – and because the company hadn’t yet made any telemarketing calls under the proposed language – the FTC’s Division of Marketing Practices decided not to recommend enforcement action.

As we’ve posted before, few things will get companies in trouble faster than sending unwanted calls or texts. You can ask for permission to send those, but the request has to be done in a way that is clear and conspicuous.

The landmark settlement is indicative of vigorous enforcement by the FTC in the mobile broadband space. Our advisory provides an analysis of the settlement and items of note for other companies considering similar claims or related business practices in the broadband space.

The FTC’s complaint against Google alleges that the company offered free and paid apps through its Play store. Many of these apps are rated for kids and offer “in-app purchases” ranging from $0.99 to $200, which can be incurred in unlimited amounts. The FTC alleges that many apps invite children to obtain virtual items in a context that blurs the line between what costs virtual currency and what costs real money.

At the time Google introduced in-app charges in March 2011, users were notified of an in-app charge with a popup containing information about the virtual item and the amount of the charge. A child, however, could clear the popup simply by pressing a button labeled “CONTINUE.” In many instances, once a user had cleared the popup, Google did not request any further action before billing the account holder for the corresponding in-app charge.

It was not until mid- to late-2012 that Google begin requiring password entry in connection with in-app charges. The complaint alleges, however, that once a password was entered, it was stored for 30 minutes, allowing a user to incur unlimited in-app charges during that time period. Regardless of the number or amount of charges incurred, Google did not prompt for additional password entry during this 30 minute period.

Google controls the billing process for these in-app charges and retains 30 percent of all revenue. For all apps, account holders can associate their Google accounts with certain payment mechanisms, such as a credit card, gift card, or mobile phone billing. The complaint highlights that Google received thousands of complaints related to unauthorized in-app charges by children and that unauthorized in-app purchases was the lead cause of chargebacks to consumers.

The FTC alleges that Google’s billing practices were unfair and violated Section 5 of the FTC Act. Under the terms of the proposed settlement order, Google must pay at least $19 million in refunds to consumers. Google is also required to obtain the “prior express, affirmative consent of the account holder” before billing a consumer for an in-app charge.

In instances where consent is sought for a specific in-app charge, the settlement requires Google to clearly and conspicuously disclose: (1) the in-app activity associated with the charge; (2) the specific amount of the charge; and (3) the account that will be billed for the charge. In addition, if consent is sought for potential future in-app charges, Google must clearly and conspicuously disclose: (1) the scope of the charges for which consent is sought, including the duration, devices, and apps to which consent applies; (2) the account that will be billed for the charge; and (3) the method(s) through which the account holder can revoke or otherwise modify the scope of consent.

The settlement with Google is a good reminder that app developers and mobile platforms should continue to review their advertising, marketing, and game experience (as well as consumer complaints), and determine whether existing disclosures may benefit from disclosure and process enhancements in line with the terms set forth in this latest settlement.

Ms. Sweeney’s presentation, while highlighting the maxim that transparency establishes trust, documented the flow of consumer health data provided to hospitals, noting that consumer health data may flow – and often does flow – from hospitals to entities that are not covered by HIPAA. Additionally, although de-identified when sold, this information may be easily re-identified. Mr. Ho presented the results of an FTC study on the health information collected and transmitted by 12 mobile apps and two wearables. While the Commission did not review privacy policies, the study results revealed that the apps transmitted consumer health information to 76 third parties, many of which collected device information or persistent device identifiers (sometimes from multiple apps) and additional information, such as gender, zip code, and geolocation. Mr. Ho stated that there are significant health concerns when data is capable of being aggregated.

The panel, moderated by two FTC Division of Privacy and Identity Protection attorneys, featured Dr. Christopher Burrow, the Executive Vice President of Humetrix, Joseph Lorenzo Hall, Chief Technologist for the Center for Democracy and Technology, Sally Okun, Vice President for Advocacy, Policy and Patient Safety at PatientsLikeMe, and Joy Pritts, Chief Privacy Officer in the Department of Health & Human Services’ Office of the National Coordinator for Health Information Technology. The panelists spent a significant amount of time discussing the various entities covered – and not covered – by HIPAA, as well as the array of health-related websites and apps that are available to consumers. Some of the concerns raised were: (1) the potential for sensitive health information to be shared in ways consumers would not reasonably anticipate (and the inability to predict what consumers may deem “sensitive”); (2) the lack of a standard definition of “de-identified data”; (3) the potential for data re-identification; and (4) the ever-expanding definition of what constitutes “health” information.

Information on the seminar, including a transcript, is available here, and the FTC is accepting comments until June 9.

In 2012, a consumer signed up to receive text messages from the Bills. The terms of the text message program disclosed that “you will be opted in to receive 3-5 messages per week for a period of 12 months.” A confirmation message also referred to “up to 5msgs/week.” The plaintiff claimed that shortly after signing up, he received six texts in one week and seven texts in another week. In the lawsuit, he argued that the one additional messages received during the first week and the two additional messages received during the second week were sent without consent and, thus, in violation of the TCPA.

After a hard-fought lawsuit, the Bills secured preliminary approval of a $3 million settlement. As part of the deal, the Bills will provide class members who submit valid claims up to $2.5 million worth of debit cards good at the team’s stadium or online store. The Bills must also pay over $500,000 in attorneys' fees.

This case serves as a reminder that companies need to ensure they carefully draft the terms for their text message programs and that their programs are run in accordance with those terms. Even a small deviation could result in a lawsuit that costs millions of dollars.

Specifically, the FTC alleged that Fandango and Credit Karma disabled the SSL (Secure Sockets Layer) certification validation procedure for each of their mobile apps. By doing so, the FTC claims that the apps were open to attackers positioning themselves between the app and the online service by presenting an invalid SSL certificate to the app – i.e., “man-in-the-middle” attacks. The FTC contends that Fandango and Credit Karma engaged in a number of practices that, when taken together, failed to provide reasonable and appropriate security in the development and maintenance of its mobile app, including:

• Overriding the default SSL certificate validation settings provided by the iOS and Android application programming interfaces (APIs) without implementing other security measures to compensate for the lack of SSL certificate validation;
• Failing to appropriately test, audit, assess, or review the apps, including failing to ensure that the transmission of sensitive personal information was secure;
• Failing to maintain an adequate process for receiving and addressing security vulnerability reports from third parties (Fandango only); and
• Failing to reasonably and appropriately oversee its service providers’ security practice (Credit Karma only).

As mobile privacy and security continues to be at the forefront of the FTC’s enforcement priorities, companies should keep abreast of developments in this area and regularly evaluate their mobile products and services. Stay tuned for a Kelley Drye client advisory discussing the enforcement trends for mobile and “red flags” that companies should watch out for.

The complaint alleges that Google offers free and paid apps through its “Google Play” store, and that many are targeted at children. Although some of the apps may be downloaded for free, the complaint further alleges that many allow the user to make in-app purchases (e.g., virtual supplies, ammunition, food, and fake “currency”), and that these games are “highly addictive,” and “tend to compel” children playing them to make large in-app purchases, including charges of $100 or more.

For all apps, Google requires its users to authenticate their accounts by entering a password prior to downloading an app or making an in-app purchase. The complaint alleges that once the password is entered, Google permits the user to make in-app purchases for up to 30 minutes without reentering the password. According to the complaint, this window of time allows minors to make large in-app purchases, without the knowledge or authorization of the parents. Google then automatically charges the customers’ credit or debit cards or PayPal accounts for the in-app purchase, through its online “Google Wallet.”

The lawsuit comes on the heels of the FTC settlement with Apple, which requires Apple to pay at least $32.5 million in refunds to consumers (for a more detailed assessment of the Apple settlement, please click here). Apple also settled a similar class action lawsuit in February 2013.

These recent developments are a good reminder for online platforms, app developers, and app providers to continue reviewing applicable advertising, marketing, and in-app purchases and experiences. We will continue to closely track these litigation and regulatory developments, and update this blog accordingly.

The tutorial on mobile device tracking provided a technical overview of how mobile devices collect information and also send information back to the consumer. This discussion also covered the practice of “hashing” which makes the information collected non-personally identifiable, but not completely anonymous.

Following the technical overview, the panel discussed the consumer benefits and privacy concerns of mobile device tracking, mainly in the context of brick-and-mortar retailers. The panel agreed that while the technology has the potential to improve consumers’ shopping experience and help businesses identify how best to display popular products and improve line waits at registers, the collection of data via mobile devices is invisible and passive, and it is difficult for consumers to opt out of mobile device tracking.

For a more detailed overview of the seminar, please click here.

In particular, the complaint alleges that Apple engaged in unfair practices by: (1) failing to inform parents that iTunes stores a password for 15 minutes after it is entered; (2) labeling apps in its App Store as “FREE” and only disclosing that the app offers in-app purchases in small print and on a separate information page; (3) failing to explain what an “in-app purchase” is before or during downloading; and (4) failing to disclose any information about in-app charges when consumers are prompted to “buy” and then to input their password during game play. Through these practices, the Commission claims that Apple failed to give parents sufficient information for them to give informed consent to the charges their children incurred. The FTC notes that Apple revised its order process in September 2013, so that consumers were prompted to enter their iTunes password prior to choosing to “buy” within the app. However, iTunes passwords were still stored for 15 minutes, and neither the password prompt nor the “buy” prompt explained that consumers would incur charges. Under the terms of the order, Apple is prohibited from billing a consumer for an in-app charge without having obtained prior express, affirmative consent.

This settlement is in addition to a class action settlement that Apple entered into resolving the same issues, and a good illustration that a class action may not mean finality if the FTC remains concerned about the conduct or issue. Additionally, while this complaint focused on the in-app billing process, which Apple controls, the Commission can – and likely will – pursue enforcement against app developers for the alleged failure to adequately disclose in-app purchases. Therefore, app developers should ensure that a consumer is clearly notified that the purchase of virtual game currency will result in charges.

Click here to view our client advisory on the settlement.

THE FTC’S COMPLAINT

Goldenshores Technologies, LLC advertises and distributes the “Brightest Flashlight Free” mobile application (“Brightest Flashlight App” or App) developed for Google’s Android operating system. One of the most popular Apps for Android devices, the Brightest Flashlight App activates all lights on mobile devices to provide outward-facing illumination. In this matter, the FTC claimed that, neither the company’s promotional material for the App, nor the company’s privacy policy and end-user agreement, disclosed that the App transmitted certain types of personal information to third parties, including third party advertising networks. The FTC charged that this material omission deceived consumers about (1) the extent to which device data is transmitted, and (2) the extent to which users can exercise control over the transmission of device data. The FTC deemed the company’s actions “deceptive” under Section 5 of the FTC Act.

Material Omission

The FTC first claimed that the company deceived consumers about how their geolocation information would be shared with advertising networks and other third parties. The company provided a privacy policy on its promotional pages in the Google Play application store, its end-user license agreement, and on its website. The policy represented that the company may “collect, maintain, process, and use diagnostic, technical, and related information” to facilitate software updates, provide support, and verify compliance with the terms of its end-user license agreement. The FTC alleged that the company did not disclose that the Brightest Flashlight App transmits, or allows the transmission of, device data including precise geolocation data and persistent device identifiers to third parties, including third party advertising networks.

The Complaint also noted that the promotional pages for the App and the general “permissions” statements that appear for all Android applications do not reference the collection or use of data from users’ mobile devices.

The omissions in the privacy policy and end-user agreement formed the basis for the Complaint’s first “deception” claim under Section 5 of the FTC Act (Count I). Specifically, the FTC alleged that the company “failed to disclose, or failed to adequately disclose that, when users run the Brightest Flashlight App, the App transmits, or allows the transmission of, their devices’ precise geolocation along with persistent device identifiers to various third parties, including third party advertising networks” and that such disclosure “would be material to users in their decision to install the application.” The FTC alleged that the failure to disclose, or adequately disclose, those facts “was, and is, a deceptive practice.”

Illusory Choice

The FTC next claimed that the company deceived consumers about their control over the collection and use of their device’s data. After installation of the Brightest Flashlight App, the App presented users with the company’s end-user license agreement. The license agreement allowed the company to collect and use device data. At the bottom of the license agreement, the App presented users with a choice to “Accept” or “Refuse” the terms of the agreement. The FTC alleged that the App began transmitting users’ device data before they could “Accept” or “Refuse” the agreement’s terms. Because consumers could not prevent the Brightest Flashlight App from collecting or using their device data, the FTC deemed the choice illusory.

The company’s presentation of an illusory choice formed the basis for the Complaint’s second “deception” claim under Section 5 of the FTC Act (Count II). Specifically, the FTC claimed that the company “represented, expressly or by implication, that consumers have the option to refuse the terms of the [application’s end-user license agreement], including those relating to the collection and use of device data.” Yet, the FTC alleged that consumers could not prevent the application from collecting or using their device’s data because “regardless of whether consumers accept or refuse the terms of the [agreement], the Brightest Flashlight App transmits, or causes the transmission of, device data as soon as the consumer launches the application.” The FTC deemed the acts and practices of the company “deceptive” in violation of the FTC Act.

SETTLEMENT PROVISIONS

Most of the settlement provisions apply to the company and the individual who served as the managing member of the limited liability company for 20 years, and a violation of such provisions could subject the company and the individual to civil penalties of up to $16,000. The core components of the settlement are set forth below.

Advertising Injunction

The settlement prohibits the company or its agents from misrepresenting (1) the extent to which the company collects, uses, discloses, or shares personal information, and (2) “the extent to which users may exercise control over the collection, use, disclosure, or sharing of [personal information] collected from or about them, their computers or devices, or their online activities.”

Data Collection Injunction

The settlement prohibits the company or its agents from advertising or disseminating a mobile App that collects, transmits, or allows the transmission of geolocation information unless two requirements are met.

1. Comprehensive Geolocation Data Collection Disclosure. First, the App must disclose to the consumer (1) that the App collects, transmits, or allows the transmission of geolocation information, (2) how geolocation information may be used, (3) why the App is accessing geolocation information, and (4) the identity or specific categories of third parties that receive geolocation information directly or indirectly from the App. The company must display this disclosure:

• Clearly and prominently;
• Before the initial collection or transmission of geolocation information; and
• On a separate screen from any final end-user license agreement, privacy policy, terms of use, or similar document.

LESSONS LEARNED

This case serves as a reminder of the importance in determining exactly what information an App collects from the user, when such data collection occurs, with whom it is shared, and whether all representations made in the App’s advertising, the privacy policy, terms and conditions, user guide, etc. accurately reflect such data collection practices. The stakes are certainly high, given that the failure to engage in such due diligence before introducing the App to the marketplace can result in a 20 year settlement on both the App company and its individual owners.

With the rise in class action cases for alleged TCPA violations, businesses engaging in telemarketing should review their practices for obtaining customer consent prior to implementation of the new rules on October 16, 2013.

For more information, click to read our client advisory.

Yesterday, the California Superior Court dismissed the claim, holding that the state action is pre-empted by the federal Airline Deregulation Act, which prohibits states from applying regulations on airlines related to price, routes, or services. Judge Miller stated: “In this instances it’s services. . . . I think that this case is, in effect, an attempt to apply a state law designed to prevent unfair competition, which regulates an airline’s communications with consumers, and I think it’s pre-empted.” Press coverage is available here.

This is an interesting result for the first Attorney General app enforcement action and it’s too soon to tell whether the Attorney General will appeal the decision. Unfortunately, the ruling doesn’t provide any substantive guidance, or give much comfort, to companies that can’t make similar federal pre-emption arguments. Companies with mobile apps will want to keep their seatbacks and tray tables in their upright and locked positions as we watch for the Attorney General’s next activities in the mobile privacy space.

During a Lakers game last year, the team invited fans to text a message for a chance to have it appear on the scoreboard. A fan texted a message, and received the following confirmation from the Lakers in return: “Thnx! Txt as many times as u like. Not all msgs go on screen. Txt ALERTS for Lakers News alerts Msg&Data Rates May Apply. Txt STOP to quit. Txt INFO for info.” Shortly thereafter, the plaintiff filed a lawsuit against the Lakers arguing that the team had sent that message without consent, in violation of the Telephone Consumer Protection Act.

Applying a “common sense” reading of the TCPA, a California court determined that, by sending his original message, the plaintiff “expressly consented” to receiving a confirmatory text message from the Lakers. Indeed, the court noted that when the plaintiff sought to display his message on the scoreboard, “it is difficult to imagine how he could have been certain that the Lakers received his message without a confirmative response.” Accordingly, the court granted the Laker’s motion to dismiss the case.

There are still a number of legal risks associated with text message campaigns, but this decision — as well as other recent developments — suggests that companies now have a better shot at prevailing in these types of nuisance suits.