Professional Hockey's TCPA (And Other) Privacy Problems

Morrison & Foerster’s Socially Aware blog has an interesting post about a California man who filed a putative class action lawsuit against the Pittsburgh Penguins hockey team for failing to honor the team’s alleged promise to send him no more than three text messages each week.

After receiving five messages the first week and four messages the following week, the plaintiff could endure it no more and went off in search of legal redress at the offices of Edelson McGuire, a leading supplier of class action litigation to the technology industry. Edelson’s solution: Weiss v. Lemieux Group L.P., No. 12-cv–4585 (C.D. Cal., complaint filed May 25, 2012.

If you look at the Pittsburg Penguins opt-in page, you can see the basis of the plaintiff’s complaint: “Maximum of 3 messages a week.”

Pittsburgh Penguins Opt-In  

Edelson is alleging that each message over and above the Penguins’ self-imposed three-message limit is a violation of the Telephone Consumer Protection Act, 47 U.S.C. 227. The TCPA is a 1991 law intended to protect the privacy of residential telephone subscribers against intrusive robo-calls by telemarketers. The TCPA provides a private right of action against marketers who violate the law, and statutory damages of $500 per unlawful call ($1500 per call if the violation was knowing and willful).

The Ninth Circuit held in Satterfield v. Simon & Schuster Inc., 569 F.3d 946 (9th Cir. 2009), that unsolicited cell phone text messages are “calls” within the meaning of the TCPA, thereby setting off a wave of lawsuits challenging marketers’ use of text messages.

The authors of the Socially Aware blog post surmise that the Penguins published a three-message-per-week limit because they were following the Mobile Marketing Association’s best practices guidelines for mobile advertising. The guidelines suggest that mobile marketers should provide information about the frequency of the messages that a consumer can expect to receive. But I don’t think the guidelines necessarily require that a limit be published in the manner that the Penguins published it, which, as the complaint alleged, reads like a promise to not send any more than three messages each week. There is a difference between providing information and making a promise. Most privacy policies are pretty good at walking this line.

I'm reminded of my mom's frequent advice: If Billy told you to jump off a cliff you wouldn't do it, would you? Nothing in current law requires a marketer to publish or promise a limit on the number of messages that will be sent to a consumer who opts in to mobile marketing communications. It will, as they say, be very interesting to see how the Weiss case turns out.

Recent Relevant Decisions

Several recent decisions are going to bear on the Weiss lawsuit.

In the first one, Smith v. Microsoft Corp., No. 11–1958 (S.D. Cal., July 20, 2012), decided last Friday, the court held that the fact that the plaintiff did not incur data charges for allegedly unsolicited text messages did not deprive the plaintiff of Article III standing to sue for TCPA violations. In Gutierrez v. Barclays Group, No. 10-cv–1012 (S.D. Cal., Feb. 9, 2011), another court in the Southern District of California reached the same result. There is no allegation in Weiss that the plaintiff incurred data charges as a result of the Penguins’ text-messaging, so these two rulings are good news for him.

Better news for the Penguins can be found in the case of Ibey v. Taco Bell Corp., No. 12–583 (S.D. Cal., June 18, 2012), where the court, relying on congressional intent, held that messages merely confirming that the plaintiff had opted out of future text messages are not unlawful under the TCPA. Perhaps the Penguins can use the Ibey ruling to support the sort-of-related conclusion that text messages merely confirming that the plaintiff had opted-in to receiving text messages should not count against the Penguins' self-imposed three-message limit. In Weiss, it appears that two of the five allegedly unlawful text messages received during the first week were confirming his opt-in. (The Weiss complaint isn’t clear on this point. But that’s what happened when I opted-in to the Penguins’ text-messaging marketing.)

Two cases go the other way: Both Gutierrez and Ryabyshchuk v. Citibank, No. 11–1236 (S.D. Cal. Nov. 29, 2011), held that confirming text messages can violate the TCPA.

The main issue is whether, when a marketer sends a fourth text message after having promised to only send three, that extra message is unlawful under the TCPA. Is a fourth message "unsolicited" if the consumer clearly opts-in to receiving  messages? Hard to say. Certainly this is not a scenario that Congress had in mind when it passed the TCPA. A court in an Ibey frame of mind could conceivably rule that the extra message is not what Congress intended to be treated as an "unsolicited" call or message. A court inclined to rule this way might conclude that the extra message is a breach of contract, leaving the plaintiff with economic, contract damages only. 

The plaintiffs may have precedent under the Computer Fraud and Abuse Act on their side. Several cases have concluded that contracts (including website terms of use) can define what is "unauthorized access" under the CFAA. Contracts might also define what is an "unsolicited" text message under the TCPA (47 U.S.C. 227(a)(5)).

Privacy Around the League

I looked around the rest of the National Hockey League’s websites this morning to see what other teams are doing. It’s a mixed bag, to say the least.

At the Anaheim Ducks website, there is no privacy policy anywhere in sight. This is because it is entirely obscured by a Meebo bar running along the bottom of the page. Nor do the Ducks make any promises about how many texts they are going to send. It's sort of comic that a site's lawyers would demand a privacy policy and the same site's marketers would cover it up with marketing.

Ducks Website Terms  

Things are better at the New York Rangers website, where they have placed a link to their privacy policy and terms and conditions next to the form that is collecting personal information. That’s good, a best practice if I am not mistaken. Unfortunately, the Rangers also make an “up to 3 msg/wk” representation similar to the one that got the Penguins in legal trouble.

New York Rangers Opt-In  

The Boston Bruins make no secret of the number of messages they will be sending: “You will receive 20 msgs/mo.” Sounds vaguely threatening to me; I appreciate the candor, though. The Bruins have clear and conspicuous links to their privacy policy and terms and conditions right next to the place on the page that collects the user’s personal information.

Boston Bruins Opt-In  

The Buffalo Sabres also have a link to their privacy policy near the information collection fields. Unfortunately, their website designer styled the link so that the phrase “Privacy Policy” appears in the same font and color as the rest of the text on the page until the user scrolls over it (whereupon it turns red.).

The Detroit Red Wings promise “no more than three messages per week.” The Los Angeles Kings say “You’ll receive no more than 7 messages per week.” The Chicago Blackhawks make this representation: “You will receive no more than 5 messages/week per alert list. ” That’s more than 5, isn’t it? None of these teams post a privacy policy near the information collection point. Each has a small-type (in some cases, gray small type) link at the bottom of each page pointing to their privacy policy.

Only a very few of these teams have terms of use containing a forum selection clause or an arbitration clause. Some teams don’t have their own privacy policy or terms and conditions of website use; instead they point to the National Hockey League’s policies. It is possible that the Penguins could assert these terms to get the Weiss case out of California and into a New York forum. This is provided in the NHL's league-wide website terms; however, those terms are an awfully long ways away from the place where the Penguins collected Weiss's cell phone number.

The NHL should seriously consider having legal counsel comb through the league’s websites and take steps to get its privacy house in order. Individually, some NHL teams need to get a lawyer; some of them need to get a new lawyer. The privacy policies and terms of use on some of these websites look dusty too. I definitely did not see signs that these websites appreciated the implications of the Satterfield decision. Unlike email marketing (the CAN-SPAM Act does not give individuals a private right of action), thanks to the TCPA’s statutory damages provisions the cost of legal mistakes in text message marketing can get out of hand in a hurry. Plain old privacy rights class actions are on the upswing too. A decent privacy policy and a clear link to it can go a long way toward trimming a company’s exposure to cases alleging non-consensual uses of personal information.

Memo to Commissioner Bettman: I would be happy to help your lawyers fix all of your websites if you could get me four decent seats to the Winter Classic in Ann Arbor this year. Seriously.  

Follow this blogger on Twitter at @tjotoole.