Header graphic for print

Focus on Regulation

FAA Task Force Recommends Sweeping UAS Registration Requirements

As previously reported here and here, a month ago on October 19, 2015, the Department of Transportation (DOT) created a registration task force (RTF) charged with making recommendations to the FAA on what mandatory registration of small unmanned aircraft systems (UAS), including those used for recreational or hobby use, should look like. Today, the FAA publicly released the RTF’s much-anticipated final recommendations report.

Here are the key highlights from the RTF’s report to the FAA:

  • Perhaps most newsworthy is that registration under either the existing system or a new, alternative registration system would be required for all small UAS with a maximum takeoff weight of 250 grams (~½ pound) or more. Most vehicles capable of flying outside weigh at least this much.
  • An owner could register more than one UAS with the same registration number. Under the report’s recommendations, the new, alternative registration system would be electronic or app-based and provide the registrant with an immediate electronic certificate of registration and universal registration number that can be used on all UAS owned by the registrant.
  • Registrants would only be required to provide FAA with (1) their name and (2) physical street address. They’d have the option to also provide an email address, telephone number, and/or UAS serial number.
  • To encourage maximum participation, registration under the new system would be free.
  • Registrants could choose to affix their FAA-issued registration number to the UAS or they could rely on a manufacturer’s serial number that is already permanently affixed to the aircraft.
  • Any time a registered UAS is in operation, the operator of that UAS would be required to produce the certificate of registration for inspection.
  • Current commercial operators that have already registered their UAS using the existing paper-based aircraft registration system should not be required to re-register under the new, alternative registration system.
  • On a going-forward basis, commercial UAS operators should be permitted to use either the existing registration system or the new, alternative system.

It is important to note that these proposed registration requirements are only the task force’s recommendations to the FAA. The FAA will still need to review the recommendations and develop and issue a new rule before any new registration requirements take effect. While today’s announcement means the task force met Secretary Foxx’s goal of having recommendations by mid-November, it remains to be seen whether the FAA will meet the Secretary’s goal of having final registration rules in place by mid-December, when the agency expects up to 1 million UAS to be sold during the holiday season.

FCC Fines More Companies for Wi-Fi Blocking

On November 2, 2015, the U.S. Federal Communications Commission issued two proposed fines related to Wi-Fi hotspot blocking.   In the first notice the FCC proposed a penalty of $718,000 against M.C. Dean, one of the largest U.S. electrical contracting companies, for allegedly interfering with and disabling the operation of consumers’ Wi-Fi devices at the Baltimore Convention Center.  In the second notice, the FCC proposed a $25,000 penalty against Hilton Worldwide Holdings, Inc., for “willfully and repeatedly” failing to respond to an FCC inquiry and for obstructing the agency’s investigation.

The Commission voted 3-2 to fine M.C. Dean, with Commissioners Ajit Pai and Michael O’Rielly dissenting.  In separate statements, Commissioner Pai and Commissioner O’Rielly asserted that before releasing enforcement actions against Wi-Fi blocking, the Commission must first adopt rules limiting the practice.  Commissioner O’Rielly noted that the Commission is “once again, trying to set important and complex regulatory policy by enforcement adjudication.”  Commissioner Pai made a similar argument, stating “because the Commission dropped the ball earlier this year, we do not have any rules that limit Wi-Fi blocking,” going on to note that “the only relevant rules we have on the books preclude liability in these circumstances.”  In addition, Commissioner Pai highlighted that Section 333 of the Communications Act has never before been interpreted as prohibiting interference between unlicensed devices such as Wi-Fi devices.

For Hilton, the Commission’s $25,000 proposed fine may be just the beginning.  The Commission asserted that Hilton is refusing to hand over information related to the hotel company’s Wi-Fi management and other practices, something the Commission has been asking for since November 2014.  The FCC stated that “we cannot and will not countenance such flouting of the Commission’s responsibility and authority” and goes on to warn “if this is not sufficient to secure Hilton’s compliance with the Bureau’s Wi-Fi blocking investigation, we are prepared to take further action in the future.”  The Commission gave Hilton 30 days to respond fully to its inquiry.

The M.C. Dean and Hilton cases are the latest in a series of Commission enforcement actions related to Wi-Fi blocking at hotels and conventions centers.  In August 2015, the FCC fined Smart City Holdings, LLC $750,000 for Wi-Fi blocking at multiple convention centers across the country, and in October 2014, the Commission fined Marriott International, Inc. and Marriott Hotel Services Inc., $600,000 for allegedly interfering with its guests’ personal wireless hotspots at the Gaylord Opryland Hotel and Convention Center in Nashville, Tennessee.  Of note, in August 2014 Marriott, along with the American Hotel and Lodging Association and Ryman Hospitality properties, petitioned the FCC to clarify its rules on managing its wireless networks; however, the companies eventually withdrew their petition.

The enforcement action against M.C. Dean is the first of the FCC’s Wi-Fi blocking investigations not to be resolved through settlement, and the company is reportedly planning to fight the proposed forfeiture.

Companies operating in the telecommunications sector face increasing competition and an ever-changing regulatory environment.  Hogan Lovells’ telecommunications lawyers possess an in-depth understanding of the sector, working closely with cable, mobile, satellite, and all types of advanced broadband network operators; internet service and content providers; broadcasters and media companies; equipment providers and other vendors; as well as with regulators, government bodies, and investors in the sector.  For more information on our practice, click here:  http://www.hoganlovells.com/telecommunications/

FCC Considers Whether Title II Protections Apply to SMS Traffic

In a recent Public Notice, the Federal Communications Commission (“FCC”) sought comment on a Petition filed by Twilio Inc. (“Twilio”) requesting clarification that short message service (“SMS”) messages are regulated under Title II of the Communications Act.  The regulatory treatment of SMS messages has come to a head because of the FCC’s recent reclassification of broadband Internet access as a telecommunications service subject to Title II regulation.  In that decision, the FCC reclassified both wired and wireless broadband services as Title II services earlier this year to “protect the open nature of the Internet.”  The FCC also adopted bright-line rules prohibiting three practices it found “invariably harm” Internet openness:  blocking, throttling, and paid prioritization.

Twilio asserts that SMS messages are “undeniably telecommunications services” under the Open Internet Order framework and that SMS messages also satisfy the definition of a “commercial mobile service,” which are common carrier services regulated under Title II.  In addition, Twilio asserts that the FCC has already applied Title II regulation to SMS messaging even though it has not expressly indicated that the service is a Title II service.

The FCC also indicated a desire to refresh the record on this issue because 2008 was the last time it requested comment on a similar petition.

If the FCC grants Twilio’s request to confirm that SMS messages are regulated under Title II, it would by extension confirm that those messages are protected from blocking, throttling, and paid prioritization.  Comments and reply comments on Twilio’s Petition are due by November 20, 2015 and December 21, 2015, respectively.

New HHS OIG Work Plan Indicates Focus on Subrecipient Monitoring

The U.S. Department of Health and Human Services Office of Inspector General (“OIG”) recently released its Work Plan for Fiscal Year 2016. The Work Plan discusses OIG’s anticipated reviews and audits of HHS programs and operations over the coming year. As is typical, the FY 2016 Work Plan includes many items of interest to recipients of HHS awards.

Particularly noteworthy is OIG’s interest in controls over subawards issued under HHS grants and cooperative agreements. OIG states, in full:

We will assess colleges’ and universities’ controls over the subcontracting of NIH grant and contract work. Specifically, we will determine whether colleges and universities effectively monitor the services subcontracted to other organizations and ensure that Federal funds are spent on allowable goods and services in compliance with selected cost principles and the terms and conditions of the grants and subcontracts . . . The principles shall also be used in determining the costs of work performed by such institutions under subgrants, cost-reimbursement subcontracts, and other awards made to them under sponsored agreements. We will conduct reviews at selected organizations based on the dollar value of Federal grants received and on input from NIH. (OAS; W-00-15-51001; various reviews; expected issue date: FY 2016; new start).

Continue Reading

Parliament explains the relationship between the Commons and Lords

In the wake of the Government’s defeat on tax credits in the House of Lords, the House of Commons Library has published a briefing paper, “Conventions on the relationship between the Commons and the Lords“.

At 23 pages long, the briefing paper is a helpful introduction to the various conventions that govern the relationship between the Houses, chiefly:

• the “Salisbury Convention” – which generally means that the House of Lords should not reject, at their second or third readings, Government Bills brought from the House of Commons for which the Government has a mandate from the nation (such mandates usually stem from a manifesto commitment);

• the convention that the Lords does not usually object to secondary legislation – unlike for most primary legislation, the House of Lords has a power of veto over secondary legislation, although it had only used that power on four occasions before the tax credits issue;

• the financial privilege of the House of Commons – under the Parliament Act 1911, the Lords cannot require any amendments to money Bills, although there is some disagreement about the exact scope of this convention; and

• the convention that the Lords should consider all Government business “in reasonable time” (again, there is debate about what exactly this means).

Readers will not find any new law or interpretations of the conventions in the briefing paper. However, the briefing paper does provide insight and clarity for those who may be somewhat confused by the Government’s indignation over the Lords’ apparent “defeat” of the statutory instrument making changes to the tax credit rules.

On 26 October 2015, the Lords twice amended a motion, so as to decline considering a piece of secondary legislation that would have implemented the Government’s policy making changes to tax credits. Many commentators held that the Lords was entitled to do so – but the Government disagreed, stating that the Lords had failed to respect convention, something that would “fundamentally change” its relationship with the Commons.

Not only is there confusion over the exact scope of the conventions governing the relationship between the Houses, but there has also been dispute about what exactly happened in the Lords that day. As the paper explains:

“The two amendments which were passed could be considered as fatal as the House had a choice as to whether or not to approve the draft statutory instrument, and the effect of the amendments was to not approve it. However, it could also be argued that they did not “kill” the statutory instrument – they would allow it to be passed in future if the conditions they set were met. This appears to have been the first time amendments have been passed to decline to consider an instrument.”

The Government have now tasked Lord Strathclyde with the rather optimistic task of carrying out a “rapid review” of the relationship between the Houses and reporting back “before Christmas”.

BREAKING: Germany Proposes New Regulations for Commercial and Hobbyist Unmanned Aircraft Operations

Yesterday, the German Federal Ministry of Transport and Digital Infrastructure proposed new rules for commercial and hobbyist unmanned aircraft system (UAS), or drone operations. If implemented, the proposed rules will open the door to new UAS commercial opportunities in Europe’s largest economy.

Citing a lack of regulations to confront growing public safety concerns associated with the use and operation of privately owned UAS, Minister Alexander Dobrindt proposed the following key requirements:

  • All commercially-operated and hobbyist-operated UAS weighing more than 0.5 kg (1.1 lb) will require an individual license plate to identify the operator in the event of an accident.
  • For commercial flights the following new rules, if implemented, will apply: The regional States’ (Länder) authorities may authorize flights beyond visual line-of-sight in circumstances where it can be done safely. The Ministry has not yet provided further guidance on how the term “safe operation” should be interpreted. Flights beyond visual line-of-sight of the operator are currently prohibited in Germany. Moreover, new licensing requirements for commercial UAS operators will be established. Among other things, operators will need to pass a test demonstrating aeronautical skills and knowledge regarding aviation law. German law currently does not provide for training and licensing requirements. Under the proposed rule, the German Federal Authority of Aviation (Luftfahrtbundesamt) will be tasked with reviewing applications and issuing commercial UAS licenses.
  • For hobbyist operators the following new rules, if implemented, will apply: Flights above 100 m (328 ft) and beyond visual line-of-sight will be prohibited. Moreover, hobbyist-operated UAS must not be operated above prisons, military installations, crowds of people, scenes of accidents, disaster areas and other sensitive areas affecting national security. While these restrictions had already been in place, some additional “no flight zones” will be introduced, namely—industrial facilities, power plants and power transmission networks, federal roads, and railroads.

Continue Reading

FCC Continues String of Data Security Cases, Settling with Cox for $595,000

On November 5, 2015, the Federal Communications Commission Enforcement Bureau announced a $595,000 settlement agreement with Cox Communications, Inc. to resolve an investigation into whether the company failed to properly protect its customers’ personal information when electronic data systems were breached in August 2014.  According to the FCC, Cox exposed the personal information of numerous customers and failed to report the breaches through the Commission’s established breach-reporting portal.

This is the third FCC data security settlement this year.  In July, the FCC settled an investigation into TerraCom Inc. and YourTel America Inc. for $3.5 million for failing to safeguard customers’ personal information, and in April reached a $25 million settlement with AT&T Services Inc. to resolve similar claims.

Details of the Breach:

The Enforcement Bureau’s investigation discovered that Cox’s data systems were breached in August 2014 by a member of the hacker group “Lizard Squad.”  To access sensitive customer information, the hacker allegedly pretended to be a Cox tech employee (a practice commonly referred to as “pretexting”) and successfully convinced a company customer service representative and a Cox contractor to enter their account IDs and passwords into a fake website that was controlled by the hacker.  According the FCC, Cox’s data systems lacked technical safeguards, such as multi-factor authentication, for the employees that were compromised.

With the Cox employees’ credentials, the hacker purportedly had access to Cox customers’ personal data, including sensitive personal information such as name, home address, email address, phone number, partial Social Security Number, partial driver’s license number, as well as Customer Proprietary Network Information (“CPNI”) of the company’s telephone customers.  In addition to sharing the compromised account credentials with another alleged member of the Lizard Squad, the hacker posted customers’ personal information on social media sites and changed some customers’ account passwords.

Alleged Violations of the Communications Act and the FCC’s Rules:

According to the FCC, the disclosure of the data violated the Communications Act, as amended by the Telecommunications Act of 1996, which requires network operators to protect customer information.  Relying on 47 U.S.C. § 551, the FCC stated in its Order that “Congress and the Commission have made clear that cable operators such as Cox must ‘take such actions as are necessary to prevent unauthorized access to such information by a person other than the subscriber or cable operator.’”  The Order goes on to state that “telecommunications carriers such as Cox must take ‘every reasonable precaution’ to protect their customers’ data.”

The FCC also determined that Cox failed to take reasonable measures to discover and protect against attempts to gain unauthorized access to CPNI, and failed to provide timely notification to law enforcement of the CPNI breach.

Settlement Agreement:

According to the Consent Decree, the Enforcement Bureau will directly monitor Cox’s efforts for the next seven years. In addition to the civil penalty, Cox is required to:

  • Designate a senior corporate manager who is a certified privacy professional;
  • Conduct privacy risk assessments;
  • Implement a written information security program;
  • Maintain reasonable oversight of third party vendors, including implementing multi-factor authentication;
  • Implement a more robust data breach response plan;
  • Provide privacy and security awareness training to employees and third-party vendors;
  • Notify all affected consumers of the breach and provide them with free credit monitoring; and
  • File regular compliance reports with the FCC.

Government reveals new UK surveillance measures in the wake of tribunal decision restricting the Wilson Doctrine

On 4 November 2015, the government published the Investigatory Powers Bill, containing new surveillance powers for police and security services in the UK. The draft Bill, which is expected to be introduced to Parliament in the New Year, contains a wide range of proposals, including a “double-lock” for interception warrants, so that, following Secretary of State authorisation, warrants cannot come into force without approval by a judge and the creation of a new Investigatory Powers Commissioner to oversee how powers available to security services are used.

One particularly interesting protection is that for communications between parliamentarians and their constituents, whose confidentiality was brought into question after a ruling by the Investigatory Powers Tribunal (the “IPT“) on the enforceability of the “Wilson Doctrine”.

The Wilson doctrine, which was widely considered to prevent the interception of MPs’ communications by the security services, was the result of a statement made by Harold Wilson.  In 1966, Wilson, who was then Prime Minister, told the House of Commons that “there was to be no tapping of the telephones of Members of Parliament, […] but that if there was any development which required a change in the general policy, I would, at such moment as seemed compatible with the security of the country, on my own initiative make a statement in the House about it.” There have been since a number of references to or clarifications of the Wilson Doctrine subsequently including, most recently, by Theresa May, who noted that, “obviously, the Wilson Doctrine applies to parliamentarians. It does not absolutely exclude the use of these powers against parliamentarians, but it sets certain requirements for those powers to be used in relation to a parliamentarian.”

The case, Lucas v Security Service, arose after whistle-blower Edward Snowdon exposed the government’s secret Tempora programme. Two Green Party parliamentarians, Caroline Lucas MP and Baroness Jones of Moulsecoomb AM, along with former MP George Galloway, alleged that the blanket collection of data under the programme breached the Wilson Doctrine. The claimants argued that they had a legitimate expectation that the doctrine would be enforced and that, as a result, their communications would not be monitored. They suggested that the doctrine could only be abrogated by the Prime Minister, who should make a statement to Parliament to that effect.

The IPT dismissed these arguments, holding that the doctrine was not absolute. The IPT noted that there were a number of significant limitations to the doctrine’s scope.

• The doctrine could not apply to “untargeted” warrants under s8(4) of Regulation of Investigatory Powers Act 2000, under which a substantial number of communications are intercepted: blanket application of the doctrine would render this procedure, which Parliament has itself approved, impossible.

• Once the Regulation of Investigatory Powers Act 2000 (“RIPA“), requiring statutory justifications for both targeted and untargeted warrants, had been passed, it was unlikely that the Wilson Doctrine was intended to rule out surveillance or incidental interception of MPs’ communications.

• In any event, the Wilson Doctrine could not prevent security agencies from applying to the Secretary of State for a s8(1) or s8(4) warrant in relation to an MP, and this was the critical stage at which the doctrine would apply.

Agreeing with the defendant’s argument that the doctrine is merely “a political statement in a political context“, the IPT confirmed that the Wilson Doctrine is not enforceable by way of legitimate expectation for the following reasons.

• Under R v Inland Revenue Commissioners, ex p MFK Underwriting Agents Ltd, a legitimate expectation must be clear, unambiguous and devoid of relevant qualification.  The statement by Mr Wilson was ambiguous and had relevant qualification, both as to the nature and the effect of the policy.

• Before there can be any expectation (legitimate or otherwise), such statement or policy must have continuing effect. It could not be expected that the Wilson Doctrine would remain: it could be abrogated or changed at any time.  Harold Wilson’s promise to inform Parliament was an unenforceable obligation and, in any event, reporting to Parliament could happen at any time of the Prime Minister’s choosing.  As such, it would be impossible to know whether there had been an abrogation or change.

The IPT also confirmed that the regime under RIPA complies with Articles 8 and 10 ECHR. There is no ECHR authority for enhanced protection for parliamentarians, and the IPT held that it was unnecessary for it to make new law on this.

Following the IPT’s decision, David Cameron confirmed that the Wilson Doctrine is not “an exemption from the legal regime governing interception.”

However, while the Wilson Doctrine may not protect parliamentarians’ confidential communications from interception, some protections have been built into the draft Bill.  Under clauses 16 and 85 of the Bill, the Secretary of State will be required to consult the Prime Minister before issuing a targeted warrant in relation to the interception or examination of an MP’s communications.  The Prime Minister must also be consulted prior to the selection for examination of a parliamentarian’s communications collected under an untargeted warrant.


Following the IPT’s decision in Lucas, the claimants had described the potential threat to the confidentiality of communications between MPs and their constituents as “a body blow for parliamentary democracy“.  While the Bill confirms that MPs’ communications may be intercepted under a warrant, parliamentarians may welcome the additional protections that the Bill offers.

China proposes new cyber security rules for insurance industry

On 9 October 2015, the China Insurance Regulatory Commission (“CIRC“) issued draft Supervisory Rules for Adoption of Information Technology by Insurance Institutions (“Draft Insurance IT Rules“) for public comment. The public comment period will close on 31 October 2015.

The Draft Insurance IT Rules have been issued to replace the 2009 (Pilot) Guidance on Administration of Adoption of Information Technology by Insurance Companies (“2009 Guidance“) and they build on the requirements set forth in the 2011 (Pilot) Guidelines on the Information System Security Management of Insurance Companies (“2011 Guidelines“).

The Draft Insurance IT Rules come in the wake of a substantial new body of laws and draft rules in the cyber security arena in China. As may be anticipated, the draft rules carry forward many of the more invasive aspects of China’s emerging cyber security regime, although there are some indications of moderation on some issues.

Below we list and discuss some of the new requirements for insurance institutions in the Draft Insurance IT Rules.

Involvement of the board of directors in the management of information technology

Under the Draft Insurance IT Rules, the board of directors must be involved in the management of information technology, including compliance issues, allocation of funding, approval of strategic plans, and ensuring that core systems for customer, financial and product information independently operate within China’s borders. This mandate is the first time that the board of directors of an insurance institution has been given such a specific statutory role. The move suggests that the government is seeking a greater degree of accountability for technology matters within insurance institutions. The emphasis in the Draft Insurance IT Rules is on stepped up management oversight of the location of processing and meeting targets for responding to changes required by the Draft Insurance IT Rules. The 2011 Guidelines already require that insurers’ server rooms be located in China, so the requirement that core systems operate onshore does not in itself add much to existing requirements. 

Appointment of a qualified chief information officer

Under the 2009 Guidance, direct responsibility for IT systems could either be assigned to a chief information officer or to a senior manager. However, the Draft Insurance IT Rules remove this option and require the appointment of a chief information officer who is to be given a specific set of statutory responsibilities (see Article 10) and must have a minimum set of qualifications and background, including a minimum of five years’ work experience in technology and three years’ prior work experience in a financial institution or other experience evidencing the person has the relevant knowledge and skills.

Storage of information originating in China in data centres physically located in China

The 2011 Guidelines require that insurance institutions locate their server rooms onshore. The Draft Insurance IT Rules add greater specificity in requiring that insurance business data itself must, if originated in China, be kept in China. However, the Draft Insurance IT Rules do contemplate that foreign-invested insurance institutions may wish to transfer information outside of China, and the rules do not forbid this, but they do re-iterate that such transfers must be done in compliance with Chinese law (for personal information, this ordinarily means with user consent; the clearest guidance on this point is in a non-binding standard which requires the express consent of a person in order to transfer his or her personal information to a recipient overseas).

Priority purchasing and increased use of secure and controllable hardware and software products

“Secure and controllable” have become regulatory buzzwords in China, the term having been used in China’s National Security Law (passed on 1 July) and in draft technology regulations put forward by the China Banking Regulatory Commission (“CBRC“), China’s banking regulator, in December of 2014. The phrase draws its tone from suspicions associated with the use of foreign technology by strategically important Chinese industries. From an international perspective, the terminology raises concerns that “secure and controllable” may in practice mean favouritism of domestic products and indigenous innovation over foreign technology products. We expect this aspect of the Draft Insurance IT Rules to draw significant commentary given industry reliance on foreign technology and the costs and risks involved in procuring alternatives.

Incremental use of domestic encryption algorithms in step with the scheme laid out for China’s finance sector

Encryption is seen as a key aspect of the “secure and controllable” concept and so there is a specific provision in the draft rules addressing it. As foreshadowed by the CBRC’s draft rules, the Draft Insurance IT Rules would place insurance institutions on the same schedule for transitioning to domestic encryption technologies as the financial sector.

Value and risk assessments for cloud services

Insurance institutions are already permitted to outsource technology capabilities to capable providers, but the Draft Insurance IT Rules are the first legislative instrument in the insurance field to specifically refer to the use of cloud services. The headline point here is that the use of cloud services is permissible, but insurance institutions have a duty to carry out adequate cost/benefit, security and risk assessments for cloud solutions and conduct adequate due diligence into cloud service providers before employing cloud services. Particular focus must be given to the security of sensitive information and risk factors associated with system and data transfers.

External audits of technology functions at least every two years

CIRC previously encouraged external audits of the technology functions of insurance institutions. Now they are required.

Conclusions – new rules’ overall significance

As alluded to above, it is important to put the Draft Insurance IT Rules in the context of the rapidly developing landscape of technology regulation in China. Over the last year, China has passed a National Security Law and put forward a draft cyber security law, both of which incorporate similar approaches to “secure and controllable” technologies and support a push towards enhanced state access to information and data localisation. Both of these developments apply across all industry sectors. The Draft Insurance IT Rules follow the CBRC’s lead in making specific application of these policies to insurance, an industry of critical importance to China’s financial system and national economy.

Some of the measures proposed in the Draft Insurance IT Rules have drawn controversy when presented in the context of these separate regulatory developments. Much of what is proposed will likely be criticised for being invasive and unnecessarily prescriptive of business’ choice of technology products and services, introducing potentially burdensome or difficult safety certification regimes, mandating loosely defined cooperation with state authorities and restricting the flow of data across China’s borders. While part of the criticism is directed at the potential for increased cost in shifting to compliant technologies and the practical risk of using less robust and less tested alternatives, there are obvious geopolitical dimensions to these developments, with government access to data being a headline issue on many fronts globally. There are also concerns about technology industry protectionism and the possibility that the rules will either by design or in practice favour the adoption of domestic Chinese technologies over foreign technologies. There are signs, however, that the Draft Insurance IT Rules represent some degree of moderation on these headline grabbing issues. For example, the rules recognize cross-border data transfers by foreign-invested institutions, and propose that the adoption of secure and controllable technology and domestic encryption be phased in over time.

Although, the relatively short period allotted for public comments on what is a fairly lengthy regulation may be an indication that the authorities are confident that the draft reflects an adequate balancing of interests, we expect there to be much commentary on the Draft Insurance IT Rules. We would be delighted to speak with you as to how we may assist with any comments you would like to put forward.

FCC Considers TCPA Exemption for Calls Made by or on behalf of Federal, State, and Local Governments

On September 29, 2015, the Federal Communications Commission (FCC) released a Public Notice seeking comments on the Broadnet Teleservices, LLC (Broadnet) petition asking the FCC to declare that the Telephone Consumer Protection Act (TCPA) does not apply to calls made by or on behalf of federal, state, and local governments, when such calls are made for official purposes.

Currently, the FCC’s TCPA rules prohibit the use of an automatic telephone dialing system (autodialer) or prerecorded voice to call wireless telephone numbers, absent an emergency or the “prior express consent” of the called party.  Autodialed or prerecorded marketing calls to wireless telephone numbers require “prior express written consent.”

In its petition, Broadnet stated that teleconferencing technology has been used to promote democratic engagement.  However, due to concerns over the TCPA restrictions on calls to wireless numbers, citizens who utilize wireless phones as their sole method of telephone communication may be effectively deprived of these opportunities to engage with the government.  To help provide services to these individuals, Broadnet urged the FCC to declare that the TCPA consent requirements do not apply to communications initiated by or on behalf of government entities, when such communications are for official purposes.

In support of its petition, Broadnet argued that the definition of “person,” as stated in the Communications Act (in which the TCPA is codified), does not include federal, state, and local government entities.  First, Broadnet explained that the plain language of the TCPA does not apply to government entities; the definition of a “person” (an “individual, partnership, association, joint-stock company, trust or corporation”) does not include a government organization.  Second, Broadnet noted that according to Supreme Court precedent, “the term ‘person’ does not include the sovereign, [and] statutes employing the [word] are ordinarily construed to exclude it.”

Broadnet also urged the Commission to declare that the TCPA does not apply to calls by or on behalf of government officials acting in their official capacities.  Such a finding would lead to arbitrary results.  For example, Broadnet noted, “If a mayor is considered a ‘person’ for purposes of the TCPA but the city is not, could a mayor’s deputy or staff use an autodialer to call wireless phones on behalf of the mayor’s office, but not the mayor herself?”

How Can We Help?

Our TCPA Working Group brings together more than 25 attorneys in our litigation, communications, and privacy practice areas.  We provide regular TCPA counseling to clients from a broad range of industries, including technology, healthcare, communications, transportation, and financial services.  We have secured dismissals and nominal settlements for clients in TCPA actions, and have worked with the FCC to clarify rules addressing a number of key TCPA issues.

The authors would like to thank Cobun Keegan for his assistance in preparing this article.