FCC's Enforcement of Carrier Marketing Practices

FCC's expanded enforcement of carrier marketing practices, jurisdiction over marketing practices, impact of convergence on regulatory classifications, FCC and FTC jurisdiction, significant consent decrees and fines imposed on telecom companies for privacy and data security violations.

• FCC
• Marketing Practices
• Enforcement
• Jurisdiction
• Telecom

jveron Follow

Uploaded on Apr 03, 2025 | 4 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

Presentation Transcript

1. The FCCs Expanded Enforcement of Carrier Marketing Practices Doug Bonner, Partner Womble Carlyle Sandridge & Rice, LLP CANTO 32nd Annual Conference, August 4, 2016 1

2. What we will Discuss Today FCC v. FTC jurisdiction over marketing practices Increasing FCC enforcement activity as a data breach/privacy regulator over carriers. Impact of convergence is blurring the regulatory classifications of businesses (telecom/broadband; ISPs/edge providers) Regulators scrambling to adjust to ensure consumers are protected. 2 CANTO 32nd Annual Conference, August 4, 2016

3. FCC Jurisdiction Communications Act, Sec. 201(b) any such charge, practice, classification, or regulation that is unjust or unreasonable is declared to be unlawful. (emphasis added) Traditionally applied to traditional telephone services Since 2014, FCC applying to carriers data security practices Sec. 222 (CPNI Statute); Open Internet Rules, including Transparency Rule 3 CANTO 32nd Annual Conference, August 4, 2016

4. FTC Jurisdiction Section 5 of the FTC Act declares unfair methods of competition and unfair or deceptive acts or practices affecting commerce unlawful. BUT, FTC lacks j/d over banks, nonprofits, and telecommunications carriers to extent they are offering telecommunications services . 15 U.S.C. Sec. 45(a)(2). 4 CANTO 32nd Annual Conference, August 4, 2016

5. Verizon $7.4 Million Consent Decree for Marketing without Opt-Out notices Verizon marketed to 2 million new customers without first notifying them of their rights to opt out of CPNI being used to market to them. $7.4 Million Consent Decree (Sept. 2014); Verizon agrees to place opt out notices in every bill; monitoring systems and reporting noncompliance. 5 CANTO 32nd Annual Conference, August 4, 2016

6. TerraCom/YourTel Forfeiture $10 Million in fines for privacy and data security violations against two Lifeline ETCs for collecting names, addresses, SSNs, driver s license #s and other proprietary information on unprotected Internet servers. 1st enforcement of customer proprietary information not CPNI- under Sec. 222(a) 6 CANTO 32nd Annual Conference, August 4, 2016

7. The TerraCom Shift $1.5 Million penalty for false representations in companies website privacy policies about protecting customers sensitive personal information. FCC claims this is an unjust and unreasonable practice under Sec. 201(b) for deceptive marketing. Failing to employ reasonable data security practices (password protection or encryption) and failing to notify all affected customers of breach also violated Sec. 201(b). But no forfeiture because first case in which it has made such findings. CARRIERS ON NOTICE! 7 CANTO 32nd Annual Conference, August 4, 2016

8. Sec. 201(b) now an FCC privacy and data security enforcement tool. FCC expanding its authority to regulate carrier practices, mirroring FTC enforcement of data security under Sec. 5 authority to regulate unfair or deceptive trade practices. Republican Commissioners dissent re: lack of notice of any required data security practices FCC Enforcement Bureau Chief LeBlanc: Case by case adjudication is way to articulate policy positions and changes in policy. 8 CANTO 32nd Annual Conference, August 4, 2016

9. Cox Communications Consent Decree (Nov. 2015) Through pretexting, EvilJordie , a 3rd party hacker, gains access to Cox customer data systems by getting Customer Service representative and contractor to enter account IDs and passwords into fake website. Cox enters into Consent Decree, including $595K fine and Compliance Plan, including privacy risk assessments, implementing multifactor authentication of 3rd party vendors, and more robust data breach response plan. 9 CANTO 32nd Annual Conference, August 4, 2016

10. Cox FCC again interprets Sec. 201(b) as requiring just and reasonable data security practices to protect consumers PI AT&T $25 Million fine and consent decree (April, 2015) involving data breaches at its call centers in Mexico, Colombia and the Philippines. Involved unauthorized disclosure of 280K U.S. customer names, full or partial SSNs and CPNI. Call center employees paid for SSNs to unlock cellular handset codes. Sec. 201(b) and 222 violations 10 CANTO 32nd Annual Conference, August 4, 2016

11. AT&T - $100M Fine for Throttling Unlimited Data customers In June 2015, FCC issues $100 Million fine against AT&T for violating 2010 Open Internet Transparency Rule for misleadingly and inaccurately marketing its unlimited data plan to customers and failing to disclose speed reductions once they hit a data threshold. Beginning in 2007, AT&T offered unlimited data plans, and advertised 4G LTE speeds of 5 -12 Mbps in most markets. In 2011, began Maximum Bit Rate Policy ( MBR ) - capped speeds at 512 kbps if exceed 5 GB data limit during a billing cycle (Non-LTE customers even slower). Need 700 kbps for FaceTime video calling. And to download a 10 MB file, 10 seconds at 12Mbps v. 3 minutes at 512 kbps. 11 CANTO 32nd Annual Conference, August 4, 2016

12. Dissent/AT&T Response AT&T Disclosures: press release, bill insert, webpage announcement and individualized emails to heaviest 3G and 4G unlimited data plan customers, and an initial text message when approaching data threshold Dissent: In addition to disclosures, AT&T never used unlimited in data plans to mean no reduced data throughput speed under MBR program AT&T separately, in 2015, increased data cap to 22 GB from 5 GB and only applied throttling to congestion points , not everywhere or 24/7. (Travis LeBlanc comments at IAPP, 10/1/15) 12 CANTO 32nd Annual Conference, August 4, 2016

13. AT&T response AT&T Response: unlimited is only with regard to price, not service quality. 13 CANTO 32nd Annual Conference, August 4, 2016

14. Broadband Privacy Rulemaking (2016) FCC: distinct congruence between practices that are unfair or deceptive and practices that are unjust, unreasonable or unreasonably discriminatory . NPRM, Para. 306. LeBlanc: Sec. 201(b) coextensive with FTC s Sec. 5 authority (Comments, 4/6/16). FCC seeking to use as precedent FTC rich body of precedent in enforcement proceedings testing privacy and data security practices under unfair or deceptive standard. 14 CANTO 32nd Annual Conference, August 4, 2016

15. FCC Enforcement Bureau trophy hunting? In past 2 years, $800 Million in fines and restitution; $50 Million in data security cases. In Commission actions, Republican minority has been loudly dissenting (penalties drawn out of thin air ; regulatory bait-and-switch ). Carriers and Congress alarmed. FCC Enforcement activity likely to grow even more once broadband privacy rules adopted, and harmonization of CPNI broadband and voice rules. 15 CANTO 32nd Annual Conference, August 4, 2016

16. FCC prescriptive rules over broadband privacy Will opt-in requirement for marketing of non- communications-related services/opt out for communications-related services protect consumers or just confuse them? Worse than FTC model which applies to entire Internet ecosystem. (CTIA) ISP/Edge provider dichotomy: Will consumers understand the difference between ISPs and edge providers having different thresholds for access to personal information? Pai: slanted regulation . (3/31/16). 16 CANTO 32nd Annual Conference, August 4, 2016

17. Thank You Doug Bonner 202 857-4428 dbonner@wcsr.com http://www.wcsr.com/Professionals/Lawyer- Bios/Bonner-Douglas-G 17 CANTO 32nd Annual Conference, August 4, 2016