Translate this page RSS Share this page Print this page


Data, Privacy & Security Practice Report – May 15, 2017

15 May 2017

FCC Net Neutrality War — On April 27, 2017, the Federal Communications Commission (“FCC”) released a draft Notice of Proposed Rulemaking (“NPRM”), proposing to reverse the FCC’s 2015 Open Internet Order (“Title II Order”), which had applied Title II of the Communications Act of 1934 (“Communications Act”) to Internet service providers.  The day before, FCC Chairman Ajit Pai explained in a speech at the Newseum in Washington, D.C., why he believes this reversal is important to bringing high-speed Internet access to more Americans, creating more jobs, and boosting competition.

Calling Title II “heavy-handed regulation,” Chairman Pai asserted that before it was applied to broadband by the Open Internet Order in 2015, a free and open Internet flourished.  He praised the FCC’s “light-touch regulatory framework” created by President Clinton and a Republican Congress in the Telecommunications Act of 1996—bipartisan legislation supporting U.S. policy “to preserve the vibrant and competitive free market that presently exists for the Internet . . . unfettered by Federal or State regulation.”  These policies, Chairman Pai stated, led to innovation, the development of successful online companies, private sector investment, and improved high-speed access.

Accordingly, the FCC has concluded that if the Title II Order is repealed, companies will spend more to build next-generation networks so that “many more Americans, especially low-income rural and urban Americans, will get high-speed Internet access for the first time” and “will benefit from faster and better broadband”; good paying jobs will be created, like “laying fiber, digging trenches, and connecting equipment to utility poles”; and competition will increase, especially from new entrants and small businesses that cannot meet the demands of Title II.  Further, the FCC concluded, repealing application of Title II to broadband will improve providers’ privacy and data security practices because it will permit the Federal Trade Commission (“FTC”) to regulate broadband services instead of the FCC.

Among other things, the NPRM would:

  • Propose to reinstate the information service classification of broadband Internet access service and return to the light-touch regulatory framework first established on a bipartisan basis during the Clinton Administration;
  • Propose to reinstate the determination that mobile broadband Internet access service is not a commercial mobile service and, in conjunction, revisit the elements of the Title II Order that modified or reinterpreted key terms in section 332 of the Communications Act and implementing rules;
  • Propose to return authority to the FTC to police the privacy practices of Internet service providers;
  • Propose to eliminate the vague Internet conduct standard;
  • Seek comment on whether to keep, modify, or eliminate the bright-line rules set forth in the Title II Order;
  • Propose to re-evaluate the Commission’s enforcement regime to analyze whether ex ante regulatory intervention in the market is necessary; and
  • Propose to conduct a cost-benefit analysis as part of the NPRM proceeding.

Chairman Pai has asked his fellow Commissioners to vote on the NPRM at the FCC’s next monthly meeting, scheduled for May 18, 2017.  If adopted in its current form, the NPRM would set the deadline for comments on July 17, 2017, with reply comments due August 17, 2017.

Reporter, Ahmad Asir, Silicon Valley, +1 650 422 6709,

Court Grants Multiple Motions To Dismiss In TCPA Vicarious Liability Case — On May 10, 2017, the United States District Court for the Western District of Michigan granted the multiple motions to dismiss of hotel chains AM Resorts, LP and Newport Hospitality, LLC (collectively, “Resorts”) in a Telephone Consumer Protection Act (“TCPA”) lawsuit.  The TCPA makes it unlawful to make a call using an “automatic telephone dialing system or an artificial or prerecorded voice . . . to any telephone number assigned to a . . . cellular telephone service.”  Additionally, Federal Communications Commission (“FCC”) regulations prohibit initiating a telephone solicitation to a residential telephone subscriber who has put her telephone number on the national do-not-call registry.

The plaintiffs alleged that VIP Travel Services and United Shuttle Alliance Transportation Corp. (collectively, “USA”) made dozens of calls to the plaintiffs’ cell phone numbers, which are on the do-not-call registry.  When the plaintiffs answered the calls, they claimed that they heard an automated voice tell them they had won a vacation.  The automated voice gave the plaintiffs the option to press 1 to reach a human and schedule a vacation.  USA’s website listed various hotels, including hotels owned by the Resorts, and one of the plaintiffs made reservations to stay at some of the Resorts’ hotels.  The plaintiffs alleged that USA’s automated calls violated the TCPA and that the Resorts were vicariously liable for TCPA violations.

An entity can be found vicariously liable for TCPA violations under federal common law agency theories, including actual authority, apparent authority, and ratification.  Regarding actual authority, the court determined that there was “nothing in the complaint [that] permit[ed] a reasonable inference that the Resorts had the right to control USA, or gave actual authority to USA to make automated telephone calls in violation of the TCPA.”

The plaintiffs’ apparent authority theory also failed.  A plaintiff can demonstrate apparent authority by showing that “the seller allow[ed] the outside sales entity access to . . . detailed information regarding the nature and pricing of the seller’s products and services or to the seller’s customer information.”  According to the court, however, “there [we]re no well-pleaded allegations that the Resorts gave USA access to detailed information about the Resorts’ pricing, services, or customer information, or gave USA the ability to enter consumer information into the Resorts’ systems.”  It was not enough that USA knew the prices associated with staying at the Resorts’ hotels and was able to determine whether rooms were available at the Resorts’ hotels.

The plaintiffs’ ratification theory fared no better.  The plaintiffs alleged that the Resorts ratified USA’s actions by accepting reservations that were unlawfully obtained.  The court, however, recognized that an entity is not bound by a ratification if it was made without knowledge of the material facts of the alleged agent’s conduct.  The court found that ratifying reservations (by accepting them) was not the same as ratifying the alleged conduct that led to the reservation. Additionally, the court concluded that there were not even “allegations from which to infer that the Resorts had sufficient knowledge of USA’s allegedly unlawful telephone calls that would have led a reasonable person to investigate USA’s actions further.”

A copy of the court’s decision is available by clicking here.

Reporter, Barrett R. H. Young, Washington, D.C., +1 202 626 2928,

ABA Urges DHS To Review Standards On Border Searches Of Lawyers’ Electronic Devices In a May 5, 2017 letter to the Department of Homeland Security (“DHS”), American Bar Association (“ABA”) President Linda Klein urged DHS to revise directives issued in 2009 to U.S. Customs and Border Protection (“CBP”) and Immigration and Customs Enforcement (“ICE”) to restrict searches and seizures of attorneys’ electronic devices when attorneys traveling across the border assert that a device contains privileged or confidential client information.  The letter explains the ABA’s serious concerns about protecting “the attorney-client privilege, the work product doctrine, and the confidentiality of lawyer and client communications during border crossings and [preventing] the erosion of these important legal principles.”

Searches of electronic devices at the border have increased rapidly in recent years.  In 2016, 390 million people entered the United States, and 23,877 electronic media searches were conducted at the border, while in 2015 only 4,764 searches were conducted.  According to Ms. Klein’s letter, attorneys have reached out to the ABA to express concerns about maintaining the confidentiality of client information contained on electronic devices when crossing the border into the United States.     

The letter expresses that Ms. Klein shares these concerns and stresses that “a cornerstone of our legal system—both civil and criminal—is the confidential lawyer-client relationship, which includes the lawyer’s strict ethical duty to preserve the confidentiality of communications with the client.”  It explains that this duty encourages clients to communicate with lawyers in confidence, to seek guidance to conform their conduct to the law, and to identify and remedy problems with past conduct. 

In light of the recent increase in border searches and the concern about border agents’ review of privileged and/or confidential legal materials, the ABA suggested that the CBP and ICE directives be revised to specifically address the handling of such materials.  The ABA recommends that the policies specify that when an attorney is travelling across the border and asserts that an electronic device contains privileged or confidential client information, border agents should only perform a “routine cursory physical inspection” of the device.  The policies should prohibit border agents from reading, duplicating, seizing or sharing any materials on the device absent a subpoena based on reasonable suspicion or a warrant supported by probable cause. 

The ABA’s letter also urges DHS to clarify the procedures for border agents when confronted with a lawyer’s electronic device.  Specifically, the letter states that the directives should: (1) give agents clear standards to follow before demanding a search of files on a lawyers’ device; (2) specify what conduct is expected of agents when a lawyer asserts the information on his device is protected by attorney-client privilege, work produce doctrine, or applicable rules of professional conduct; and (3) define when agents must consult with the CBP Associate/Assistant Chief Counsel, the ICE Office of the Chief Counsel, or the U.S. Attorney’s Office, including specifically requiring that the agent do so whenever a lawyer asserts that an electronic device contains privileged or confidential client information and the agent continues to seek access to that information.

Reporter, Yelena Kotlarsky, New York, +1 212 556 2207,


New Mexico Enacts Data Breach Notification Law — On May 12, 2017, King & Spalding published a Client Alert on New Mexico’s data breach notification law.  The full Client Alert can be found here.