Trusted Form Wiretap Case Confuses TCPA – Privacy Protection

To print this article, all you need to do is be registered or log in to

For telemarketers, having prior, express, and valid written consent to contact marketing prospects is essential to avoid prosecution and liability under the Telephone Consumer Protection Act (“TCPA”). This need has spawned the creation of services that record a consumer’s interactions with a given website‘s consent flow in real time. One such company is ActiveProspect, which offers a widely used service called “TrustedForm”. A key concern lately has been whether a consumer must register before TrustedForm and similar services log a session. In a recent notice entitled Javier vs Insurance IQa federal appeals court considered whether acceptance of the terms of a website’s privacy policy after the start of screen recording is considered adequate consent under California wiretapping law. In its recent decision in the
Javier Case, the Ninth Circuit Court of Appeals ruled that to avoid a wiretap violation, companies should obtain consumer consent before recording begins. The TrustedForm wiretapping case has therefore caused confusion about how to use services such as Trusted Form and how to securely obtain proof of TCPA consent.

What exactly does the TrustedForm wiretap case say?

The facts of the Javier cases are quite common in today’s online world. Florentino Javier came to a website looking for insurance quotes. As Javier progressed through the site’s consent flow and provided personal information, TrustedForm began recording his session. After giving his consent to TCPA, Javier then agreed to the terms of the website’s privacy policy, which included permission for the website operator, Assurance IQ, to use TrustedForm to record his session.

Javier then learned of the TrustedForm record of his website visit and sued Assurance IQ and ActiveProspect for violations of California wiretapping law. In his complaint, Javier alleges that TrustedForm grants ActiveProspect, a conversational third party, a means to monitor and record his communications with Assurance IQ without his prior consent. In response, ActiveProspect requested that the complaint be dismissed arguing, among other things, that: (1) Javier provided adequate consent to the recording; and (2) ActiveProspect is not a third party covered by wiretapping law. The trial court ultimately dismissed the case, finding that Javier’s retroactive consent to the recording was sufficient. Notably, the trial court did not address the “third party” issue in its decision.

On appeal, the Ninth Circuit backtracked. The Court ruled that Javier’s post-recording consent under Assurance IQ’s privacy policy could not operate retroactively and did not give ActiveProspect the required permission to record Javier’s communications with Assurance IQ. Please note that the Court’s opinion was limited to whether the retroactive consent to the recording can be considered valid under California wiretap law.

Why is the TrustedForm record important for your business?

It is not difficult to see the vast implications that
Javier decision could have for the telemarketing industry. TrustedForm and similar services that log a consumer’s registration stream provide an invaluable defense against TCPA claims and regulatory demands. Developing in-house software to perform this “consent capture” function would prove costly and difficult for many companies. Proving valid TCPA consent without logging or screenshots of a consumer’s progress through a given consent flow would be much more difficult, or, at least, much less convincing without the logging services provided by companies like ActiveProspect. .

Fortunately, companies can be reassured in three ways.
Firstthe Javier the ruling is only binding in the Ninth Circuit (roughly the Pacific Time Zone). Secondyou can eliminate some of the risks associated with Javierproblematic decision by obtaining consent to privacy policy and terms of service prior to begin the consent flow recorded by the third-party software. Of course, this step alone is not an infallible defense against wiretap requests. But this simple step also requires companies to ensure that their privacy policies (and, according to best practice, “submit” button language as well) contain an explicit section in which the consumer allows the website to use software. screen recording.

Thirdthe central argument ignored in
Javier concerns the status of ActiveProspect as a third party (or not) with regard to the law on wiretapping. In another case, a California federal court found that a web hosting company that stored user session data (including recording of mouse clicks and keystrokes) solely for website improvement (as opposed to selling lead information to advertisers) was not a third party under the wiretap law. The outcome of the ruling is that if a company uses session recordings solely to prove TCPA consent, it has a strong argument that the third-party screen recording software company is not a third party, but rather a agent of the website operator.

Hire experienced telemarketing and privacy attorneys.

Today, collecting consent and personal information through a web form is nearly universal. But the different types of consent a company must obtain and in what order can be a confusing knot. Hiring experienced telemarketing and privacy attorneys can save your business the expense and headache of solving these issues on your own. Klein Moynihan Turco’s (“KMT”) attorneys have years of experience in all areas of telemarketing and privacy law. KMT can help companies update their privacy policies and maintain TCPA compliance.

Similar blog posts:

Privacy policies for websites and mobile applications

The Telemarketer’s Guide to TCPA Consent

How CPRA Revises and Updates the CCPA

The content of this article is intended to provide a general guide on the subject. Specialist advice should be sought regarding your particular situation.


Immediate Thoughts on the New Regulations Proposed by CPRA

Frankfurt Kurnit Klein & Selz

Happy Friday before a holiday weekend! This afternoon, the California Privacy Protection Agency (CPPA) issued a notice indicating that it will hold a public meeting on June 8, 2022.

Comments are closed.