On April 1, 2021, the Supreme Court decided Facebook, Inc. v. Duguid, which narrowed the scope of the Telephone Consumer Protection Act of 1991 (TCPA). The Court unanimously ruled that Facebook did not violate the TCPA by sending unsolicited text messages to individuals without their consent, overturning the Ninth Circuit’s decision to broadly define automatic telephone dialing systems (“autodialers”) under the federal statute. The case boiled down to everyone’s favorite subject—grammar.

Understanding the TCPA Issue in Duguid

In 1991, Congress passed the TCPA to address “the proliferation of intrusive, nuisance calls” to consumers and businesses from telemarketers. The nuisances Congress intended to protect us from are commonly labeled as spam, robocalls, and robotexts today. The TCPA restricts certain telemarketer communications made with an “autodialer.”

47 U.S.C. § 227(a)(1) defines an autodialer as:

“equipment which has the capacity–

(A) to store or produce telephone numbers to be called, using a random or sequential number generator; and

(B) to dial such numbers.”

Based on the statute’s construction, the Court in Duguid was left to decide whether the statute applied to: (i) all equipment that stored or produced telephone numbers to be called or (ii) equipment that used sequential number generators to produce and store numbers to be called.

The Facts

Noah Duguid brought a class-action lawsuit against Facebook alleging that the tech giant violated the TCPA by using prohibited autodialers to alert individuals about activity on their accounts. (Facebook has a security feature that allows users to elect to receive text messages when someone attempts to log in to the user’s account from a new device or browser). Facebook alerted Duguid, who did not have a Facebook account, about unusual login activity on an account linked to his telephone number—for ten straight months. Duguid tried to stop the unwanted text messages without success. As a result, Duguid brought this lawsuit on behalf of himself and several others, alleging that Facebook’s use of a database that stored phone numbers and programming its equipment to send automated text messages to users was illegal under the TCPA. In response, Facebook asserted that the TCPA did not apply because the technology it employed to text Duguid and others did not use a “random or sequential number generator,” and thus not an autodialer as defined by the statute.

The Court’s Holding and Reasoning

Justice Sonia Sotomayor authored the Court’s decision and looked to the conventional rules of grammar to address the statutory interpretation issue concerning the TCPA’s definition of autodialers. The Court applied the interpretative rule, also called the “series-qualifier canon.” This rule generally reflects the most natural reading of a sentence. Sotomayor wrote, a “qualifying phrase separated from antecedents by a comma is evidence that the qualifier is supposed to apply to all the antecedents instead of only to the immediately preceding one.″ To illustrate, Sotomayor used an example of a teacher who announced that “students must not complete or check any homework to be turned in for a grade, using online homework-help websites.” Sotomayor also wrote, “It would be strange to read that rule as prohibiting students from completing homework altogether, with or without online support.”

Applying this grammar lesson to the case, the Court held that to meet the definition of an autodialer the equipment in question must use a random or sequential number generator. The Court reasoned that Facebook could not violate the TCPA because the company’s login notification system did not use a random or sequential number generator to contact individuals whose telephone numbers were linked to an account. The court further reasoned that, although Congress was broadly concerned about intrusive telemarketing practices, “[e]xpanding the definition of an autodialer to encompass any equipment that merely stores and dials telephone numbers would take a chainsaw to the nuanced problems when Congress meant to use a scalpel.”

What Does this Mean for the TCPA’s Future?

Although the Court held that Facebook’s practices of collecting users’ phone numbers did not violate the TCPA, the question remains how long until telemarketers start using Facebook’s tactics to harass individuals with more, technically legal, robocalls. If telemarketers are not already using systems like Facebook’s to get around TCPA compliance, the chances are likely that they will start.

Congress passed the TCPA 30 years ago. Today’s technology is drastically different from the technology of the nineties. Innovations like smartphones, tablets, and smartwatches were limited to the purview of SCI-FI novels and spy movies. The TCPA is no longer equipped to handle the nuanced tactics employed by telemarketers on such devices. To achieve its intended purpose, the TCPA must be brought into the twenty-first century (the statute is so out of date it references landlines and pagers). Distain for robocalls shares a broad bipartisan consensus. The ball is now in Congress’s court to decide whether to update the three-decade-old statute and address key privacy concerns in telemarketing.

What the Court’s Decision Means for Businesses

Businesses, and retail companies in particular, see the Court’s decision in Duguid as a win that will reduce the risk of liability when sending electronic communications to consumers. Texting customers is a common marketing practice for companies today. Further, businesses will no longer face penalty under the TCPA for using systems that store or produce phone numbers, so long as these systems do not use random or sequential number generators.

While Duguid narrows the scope of one specific provision of the TCPA, it by no means invalidates the statute as a whole. Companies must still carefully comply with the remaining TCPA provisions, such as the sections governing pre-recorded and artificial voice phone calls, seeking consumer informed consent prior to contacting such consumers, related opt-out requirements, and limitations placed on making phone calls to numbers on the National Do Not Call Registry.

For more information on the TCPA or other privacy matters, please contact Taft’s Privacy and Data Security Team

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jordan Jennings Jordan Jennings

Jordan is a member of Taft’s Privacy, Security, and Artificial Intelligence and Employment & Labor Relations practice groups. She has vast experience with technology-related issues, which brings a unique and vital perspective to her practice of successfully negotiating agreements involving personal data and…

Jordan is a member of Taft’s Privacy, Security, and Artificial Intelligence and Employment & Labor Relations practice groups. She has vast experience with technology-related issues, which brings a unique and vital perspective to her practice of successfully negotiating agreements involving personal data and developing creative governance solutions that blend well with existing business practices. Jordan’s practice focuses on the collection, processing, sharing, transferring, and retention of personal data domestically and abroad. She has experience negotiating data processing and sharing agreements for companies in various countries including those located in the European Union, United Kingdom, Asia-Pacific, and the Middle East.

Read more about Jordan JenningsJordan's Linkedin Profile
Show more Show less
Photo of Zenus Franklin Zenus Franklin

Zenus has wide-ranging experience with data governance and information technology, which brings a unique and vital perspective to his practice. He advises clients on data privacy matters, such as risk management, policy development, training, audits, website privacy policies and terms of use, website…

Zenus has wide-ranging experience with data governance and information technology, which brings a unique and vital perspective to his practice. He advises clients on data privacy matters, such as risk management, policy development, training, audits, website privacy policies and terms of use, website cookies, M&A due diligence, and data breach and incident response management. His expertise spans federal privacy regulations such as HIPAA, GLBA, FCRA, TCPA, FERPA, and COPPA, along with state laws governing the processing of personal information, such as the California Consumer Privacy Act and state Data Broker laws.  Additionally, Zenus provides guidance to clients on global data privacy matters, including the GDPR.

Read more about Zenus FranklinZenus's Linkedin Profile
Show more Show less
Photo of Brett Taylor Brett Taylor

Brett focuses his practice on advising clients in areas of corporate governance and data privacy and security.

Read more about Brett TaylorBrett's Linkedin Profile
Related Posts
New Amendments to Texas’ Telemarketing Law Have Gone into Effect—Sellers Should Carefully Consider the Exemptions
September 9, 2025
UPDATE: FCC’s One-to-One Consent Rule Delayed, Then Overturned
February 12, 2025
FCC’s 1-to-1 Consent Requirement for Marketing Text Messages
August 2, 2024