For telemarketers, having valid prior express written consent to contact marketing leads is essential for avoiding lawsuits and liability under the Telephone Consumer Protection Act ("TCPA"). That need spawned the creation of services that record a consumer's interactions with a given website's consent flow in real time. One such company is ActiveProspect, offering a widely-used service called "TrustedForm." A key concern of late has been whether a consumer needs to opt-in before TrustedForm and similar services record a session. In a recent opinion titled Javier v. Assurance IQ, a federal appellate court considered the question of whether agreeing to the terms of a website's Privacy Policy after the screen recording begins qualifies as adequate consent under California's wiretap statute. In its recent decision in the Javier case, the Ninth Circuit Court of Appeals held that to avoid a wiretapping violation, companies should obtain opt-in consent from consumers before recording begins. The TrustedForm wiretap case has thus sown seeds of confusion in how to use services like Trusted Form and how to safely secure proof of TCPA consent.

What does the TrustedForm wiretap case say exactly?

The facts of the Javier case are fairly common in today's online world. Florentino Javier arrived at a website in search of insurance quotes. As Javier progressed through the site's consent flow and provided personal information, TrustedForm began recording his session. After Javier provided TCPA consent, he then agreed to the terms of the website's Privacy Policy, which included permission for the website operator, Assurance IQ, to use TrustedForm to record his session.

Javier subsequently learned about the TrustedForm recording of his website visit and sued Assurance IQ and ActiveProspect for violations of California's wiretapping statute. In his complaint, Javier alleges that TrustedForm grants ActiveProspect, a third party to the conversation, a way to monitor and record his communications with Assurance IQ without his prior consent. In response, ActiveProspect moved to dismiss the complaint arguing, among other things, that: (1) Javier provided adequate consent to the recording; and (2) ActiveProspect is not a third party covered by the wiretapping statute. The trial court ultimately dismissed the case, finding that Javier's retroactive consent to the recording was sufficient. Notably, the trial court did not address the "third party" issue in its ruling.

On appeal, the Ninth Circuit reversed. The Court held that Javier's post-recording consent to the terms of the Assurance IQ Privacy Policy could not operate retroactively and did not give ActiveProspect the requisite permission to record Javier's communications with Assurance IQ. Please note that the Court's opinion was limited to the issue of whether retroactive consent to recording can qualify as valid under California's wiretap statute.

Why does the TrustedForm case matter to your business?

It is not hard to see the sweeping implications that the Javier decision could have for the telemarketing industry. TrustedForm and similar services that record a consumer's registration flow provide an invaluable defense against TCPA claims and regulatory inquiries. Developing software internally to perform this "consent capture" function would prove expensive and difficult for many companies. Proving valid TCPA consent without a recording or screenshots of a consumer's progress through a given consent flow would be much more difficult, or, at least, much less convincing without the recording services that companies like ActiveProspect provide.

Fortunately, businesses can take some comfort in three ways. First, the Javier decision is only binding in the Ninth Circuit (roughly the Pacific Time Zone). Second, you can eliminate some of the risk associated with the Javier decision's problematic ruling by obtaining consent to the Privacy Policy and Terms of Use prior to beginning the consent flow that third-party software records. Of course, this one step is not a surefire defense against wiretapping claims. But this simple step also requires businesses to be sure that their Privacy Policies (and, best practices suggest, the "Submit" button language as well) contain an explicit section where the consumer grants permission for the website to use screen recording software.

Third, the pivotal argument unaddressed in Javier concerns ActiveProspect's status as a third party (or not) under the wiretap statute. In another case, a California federal court found that a web hosting company that stored user session data (including recording mouse clicks and keystrokes) solely for website improvement (as opposed to selling lead information to advertisers) was not a third party under the wiretap statute. The upshot of the ruling is that if a business uses session recordings solely to prove TCPA consent, then it has a strong argument that the third-party screen recording software company is not a third party, but instead an agent of the website operator.

Hire experienced telemarketing and privacy attorneys.

Today, collecting consent and personal information through a web form is almost universal. But the different types of consent that a business must obtain and in what order can be a tangled knot. Hiring experienced telemarketing and privacy attorneys can save your business the expense and headache of trying to resolve these issues on your own. The attorneys at Klein Moynihan Turco ("KMT") have years of experience in all things telemarketing and privacy law. KMT can assist businesses in updating their Privacy Policies and maintaining TCPA compliance.

Similar Blog Posts:

Privacy Policies for Websites and Mobile Applications

The Telemarketer's Guide to TCPA Consent

How the CPRA Overhauls and Updates the CCPA

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.