2024 Q1 Compliance Update
FCC Updated Rules to TCPA Consent
In this recurring blog series, Entrata will review the latest compliance information for you to help ensure you are in the loop and don’t fall out of compliance and are prepared for upcoming deadlines. However it is important to note, the information contained herein is general in nature and is not intended to provide, or be a substitute for, legal analysis, legal advice, or consultation with appropriate legal counsel. You should not act or rely on information contained in this document without seeking appropriate professional advice.
In November of 2023, the Federal Communication Commission (“FCC”) adopted one to one Telephone Consumer Protection Act (“TCPA”) consent and Do-Not-Text Rules that will have a sweeping impact on the use of text messaging and autodialing in marketing campaigns. The rule adoption will effectively:
- Close the lead generator loophole
- Encourage providers to make email-to-text a service that consumer proactively opt into
- Codify that the National Do-Not-Call (DNC) registry's protections extend to text messages
- Require wireless providers block all texts from a particular number when notified by the Commission.
Many of the proposed changes will have sweeping impacts on the use of marketing to individuals, none, however, more than the one to one consent changes that will close the lead generator loophole. To send an autodialed telemarketing text or phone call, the texter/caller must first obtain a consumer's prior express written consent (which must comply with the ESign Act if obtained online) specific to the company that will place such a text or call to the consumer’s cell phone. This will effectively close the lead generator loophole by removing the ability for lead generators, texters, and callers from using a single consumer consent for multiple companies.
The FCC’s reasoning behind this specific change is intended to reduce abusive consent practices, including where a single consumer consent authorizes auto-dialers from different companies to inundate consumers who would otherwise not expect to receive messaging from these companies.
The effective date of these rules will be 12 months after the rules are introduced in the Federal Registry - which has yet to happen as of the date of this blog post. This will give companies a full year to review their current practices and contact their Entrata representative with any questions about functionality around text messaging and proper opt out procedures.
Colorado AG Announces Approved Universal Opt-Out Mechanism:
Under the Colorado Privacy Act, companies must allow consumers to opt-out of using their personal data for targeted advertising using Universal Opt-Out Mechanisms. On December 28,2023, the Colorado Attorney General announced that it approved Global Privacy Control to serve as a Universal Opt-Out Mechanism. Global Privacy Control will be added to a periodically updated list that was released on January 1, 2024.
Global Privacy Control is one of many examples whose purpose is to allow internet users to notify businesses of their privacy preferences from a single point. The list represents Universal Mechanisms the Colorado department of Law will prioritize for enforcement.
In December of 2023, the California privacy governing body voted unanimously to approve a legislative proposal that would require internet browsers to send consumers an opt-out preference signal. This preference signal allows consumers to share their choice to opt out of the sale or sharing of personal information when they interact with organizations online. Additional states with similar restrictions included: Utah, Colorado, Connecticut, Delaware, Montana, Oregon, and Texas.
For organizations that fall under the Colorado Privacy Act they must allow consumers the opportunity to opt-out of the sale of their personal data or use of such data for targeted advertising and must accept these Opt-Outs via the Universal Opt-Out Mechanisms by July 1, 2024.
California Launches Privacy Resource Center:
January saw the launch of a new website dedicated to providing resources to California residents about their privacy rights under the California Consumer Privacy Act (CCPA). This site will be maintained by the California Privacy Protection Agency (CPPA) which provides California residents resources to understand their rights and the actions that they can take related to a variety of privacy issues.
One of the website’s more important features to note is the form provided by the CPPA for residents to file a complaint against a business. In addition to the complaint form, a resident can review their rights in an organized resource center. The site also provides resources for businesses to understand their obligations under the CCPA.
Other useful resources include guidance on what to do if a California resident is a victim of a data breach, identity theft, financial privacy, children’s privacy, and civil rights violations.
Entrata would encourage all clients with properties located in California to review this new resource center as well as understanding Entrata’s privacy dashboard and privacy settings within their environment. For more information about Entrata’s privacy data subject access rights process, please refer to the previous blog post in this series.
If you have any questions or concerns please contact your Entrata representative.