KEYS TO THE CASTLE: Castle Credit Stuck in TCPA Class Action Over Debt Collection Calls
TCPA class actions can be incredibly scary and pose a massive risk to callers of all sorts.
While the statute has generally been enforced against marketers as of late, servicers and collectors or debts may also find themselves in TCPA hot water, particularly if they are using prerecorded calls or ringless voicemail.
This is true even when a calling party originally has consent–that consent can burst like a bubble anytime a consumer asks for calls to stop. And it can be VERY difficult to prove a negative unless every call is recorded.
For instance in Cannon v. Castle Credit, 2025 WL 975805 (N.D. Ill April 1, 2025) a Defendant’s motion for summary judgment was denied–i.e. the collector must face trial–because the plaintiff claims he revoked his consent.
In Cannon Castle allegedly called Plaintif hundreds of times, including through the use of a ringless voicemail system (VoApps.)
Plaintiff claimed that he asked not to be called on several of those calls. However the Defendant’s records did not reflect the do not call request and calls continued.
Defendant moved for summary judgment arguing the Plaintiff’s inability to provide the specifics around his revocation coupled with the numerous call recordings of calls in which Plaintiff did not revoke consent demonstrated he never actually revoked as he claimed.
But the Court sided with Plaintiff finding his testimony that he revoked consent was sufficient admissible evidence to require a jury to figure out what really happened.
Making matters worse, although Defendant argued it had not used an ATDS the Court determined that did not matter– Castle’s concession it had used VoApps (a prerecorded RVM) meant it was potentially liable under 227(b) regardless of whether an ATDS was ued.
This last point is an important one to drive home. Even if calls are placed manually leaving a prerecorded voicemail will automatically trigger the TCPA. So be careful!
Also worth noting, this case arises out of a REVOCATION that allegedly went unheeded. Will in just 9 days the scope of revocation rules is about to EXPLODE. If you’re not ready for this you need to be! (The FCC has taken no action to stay the rule as of yet, although many are hoping it will.)
B2B BLUES: Residential Usage of Business Phone Continues to Trap Marketers
In Ortega v. Sienna 2025 WL 899970 (W.D. Tex. March 4, 2025) a company calling to offer inventory loans to businesses dialed a number that was being “held out” as a business. Yet the Plaintiff suing over those calls claimed the number was residential in nature.
The defendant moved to dismiss but the Court refused to throw out the case crediting the plaintiff’s allegation of residential usage:
At this stage in the litigation where the Court is limited to evaluating the pleadings and does not have an evidentiary record, it would not be proper to decide whether Mr. Ortega’s phone number is a business number or a personal/residential number for TCPA purposes. As the FCC has acknowledged, whether a cell phone is “residential” is a “fact intensive” inquiry. See id. This is a summary-judgment issue
Get it?
Even though Defendant claimed to have evidence of Plaintiff’s use of the number for business purposes that issue cannot be resolved at the pleadings stage. So the case lives on.
Plus although the court suggests a summary judgment might be appropriate here, past cases have found a question of fact where the plaintiff testifies to residential usage but the evidence shows otherwise. This means the issue might end up at trial!
The Court went on to find Plaintiff’s allegations his DNC request was not heeded demonstrated the caller may not have a DNC policy, which is a separate violation.
Last the Court determined a claim had been stated under under Texas Business and Commerce Code § 302.101 and § 305.053. Section 302.101 because the caller was allegedly marketing without a license, as required in Texas.
So there you go.
B2B callers need to heed the TCPA and particular the DNC requirements. Do NOT think you are exempt merely because you’re not calling residences or for a consumer purpose. You are not!
Plus state marketing registration requirements DO apply to you. Don’t get confused!
Alternative Paths: Court Denies Motion to Dismiss Quiet Hours Provision Claim
Many lawsuits in the past few months have claimed violations of 47 C.F.R. § 64.1200(c)(1) and 47 U.S.C. § 227(c)(2) (the “Quiet Hours Provision”) of the TCPA. Previously, the Quiet Hours Provision saw very few filings, meaning there is currently very little case law interpreting this area of law. On March 28, 2025, the District of New Jersey denied a motion to dismiss a Quiet Hours Provision claim—and potentially gave a preview of how the cases will be adjudicated in a practical manner.
In Jubb v. CHW Group Inc., No. 23CV23382 (EP) (MAH), 2025 WL 942961 (D.N.J. Mar. 28, 2025), the court denied a motion to dismiss which argued that the Quiet Hours Provision claim was duplicative of the plaintiff’s Do Not Call (“DNC”) claim. Id. at *7. The defendant in Jubb argued that the Quiet Hours Provision claim should be dismissed as duplicative of the DNC claim, because both claims arise from 47 U.S.C. § 227(c).
There is no doubt that both claims arise out of Section 227(c). Section 227(c)(5) of the TCPA is where we see a lot of claims—this is the DNC provision. The DNC provision provides that, when an individual whose phone number has been registered on the national DNC registry for more than thirty days receives more than one telephone solicitations in a twelve-month period, that individual has a private right of action. See 47 U.S.C. § 227(c)(5). Section 227(c)(2), on the other hand, implements additional regulations, including the Quiet Hours Provision, which provides the same private right of action for telephone solicitations made either before 8 a.m. or after 9 p.m., in the recipient’s local time. See 47 U.S.C. § 227(c)(2); C.F.R. § 64.1200(c)(1).
Ultimately, there is no doubt that post-trial recovery is limited to one violation of Section 227(c) per call, a point which neither party contested. Jubb, 2025 WL 942961, at *6. However, post-trial recovery is not the issue on a motion to dismiss. The Jubb court found that a plaintiff may plead multiple claims in the alternative—then limit recovery at the time of trial. See id.
Pleading alternative claims under Section 227(c) allows a plaintiff to seek certification of two different types of classes, either in the alternative or as part of a subclass, presenting a greater risk of liability for defendants. These alternative claims have always been permitted, even under Section 227(c), for instance with internal DNC list violations and external DNC violations. The Quiet Hours Provision now offers a new option for plaintiffs.
In a silver lining here for defendants, the court seemed to take heed of a recent petition made to the Federal Communications Commission. The Petition for Declaratory Ruling and/or Waiver of the Ecommerce Innovation Alliance and Other Petitioners, CG Docket Nos. 02-278, 21-402 (filed Mar. 3, 2025) seeks a declaratory ruling that the time zone of the recipient’s area code—rather than the recipient’s actual location—should be used to determine which time zone is the “recipient’s local time” under the Quiet Hours Provision.
The Jubb court did not directly cite the petition. However, the court did note that the Plaintiff had an area code that corresponded with the pacific time zone. Jubb, 2025 WL 942961, at *2. This is a much more practical and workable way to determine the recipient’s local time than looking to the recipient’s actual location.
Currently, the language of the Quiet Hours Provision requires a telemarketer to restrict telephone solicitations to between 8 a.m. and 9 p.m., based on “local time at the called party’s location.” C.F.R. § 64.1200(c)(1). Realistically, there is no way for a telemarketer to know the precise location of the individuals they contact. Even if a telemarketer knows and actively monitors the current physical address of their leads, the recipient could be on vacation or an extended business trip in Taiwan, changing the hours of the recipient’s local time. Using the recipient’s area code rather than their actual, physical location makes the most sense—but there is an argument that this reading is not directly supported by the plain language of the Quiet Hours Provision.
Even if the FCC petition is unsuccessful, the Jubb ruling provides some support for arguing that a recipient’s area code determines the recipient’s time zone, making the Quiet Hours Provision more workable from a compliance perspective.
We have seen many cases around the Quiet Hours Provision and have seen many voluntary dismissals of those same cases since then, likely from settlements. As case law begins to come out in this area, there are sure to be more updates to follow.
More States Ban Foreign AI Tools on Government Devices
Alabama and Oklahoma have become the latest states to ban from state-owned devices and networks certain AI tools with links to foreign governments.
In a memorandum issued to all state agencies on March 26, 2025, Alabama Governor Kay Ivey announced new policies banning from the state’s IT network and devices the AI platforms DeepSeek and Manus due to “their affiliation with the Chinese government and vast data-collection capabilities.” The Alabama memo also addressed a new framework for identifying and blocking “other harmful software programs and websites,” focusing on protecting state infrastructure from “foreign countr[ies] of concern,” including China (but not Taiwan), Iran, North Korea, and Russia.
Similarly, on March 21, 2025, Oklahoma Governor Kevin Stitt announced a policy banning DeepSeek on all state-owned devices due to concerns regarding security risks, regulatory compliance issues, susceptibility to adversarial manipulation, and lack of robust security safeguards.
These actions are part of a larger trend, with multiple states and agencies having announced similar policies banning or at least limiting the use of DeepSeek on state devices. In addition, 21 state attorneys general recently urged Congress to pass the “No DeepSeek on Government Devices Act.”
As AI technologies continue to evolve, we can expect more government agencies at all levels to conduct further reviews, issue policies or guidance, and/or enact legislation regarding the use of such technologies with potentially harmful or risky affiliations. Likewise, private businesses should consider undertaking similar reviews of their own policies (particularly if they contract with any government agencies) to protect themselves from potential risks.
ICO Fines Advanced Computer Software Group £3 Million Following Ransomware Attack
On March 27, 2025, the UK Information Commissioner’s Office (“ICO”) announced that it had issued a fine against Advanced Computer Software Group (“Advanced”) for £3.07 million (approx. $4 million) for non-compliance with security rules identified through an investigation following a ransomware attack which occurred in 2022.
The ICO’s investigation found that personal data belonging to 79,404 people was compromised, including details of how to gain entry into the homes of 890 people who were receiving care at home. According to the ICO, hackers accessed certain systems of a group subsidiary via a customer account that did not have multi-factor authentication. The ICO also noted that it was widely reported that the security incident let to the disruption of critical services. The ICO concluded that the group subsidiary had not implemented adequate technical and organization measures to keep its systems secure.
Initially, the ICO intended to issue a higher fine against Advanced. However, it took into consideration Advanced’s proactive engagement with the UK National Cyber Security Centre, the UK National Crime Agency and the UK National Health Service in the wake of the attack, along with other steps taken to mitigate the risk to those impacted. The final fine represents a voluntary settlement agreed between the ICO and Advanced.
Banking Agencies Begin Publishing Updated Crypto Guidance
On March 28, the Federal Deposit Insurance Corporation (FDIC) rescinded Biden administration guidance1 related to state-chartered banks’ participation in “crypto-related activities” and published a new interpretation of the scope of permissible crypto activity for the insured depository institutions for which it is the primary regulator (the Crypto Letter).2 As discussed below, while similar to guidance issued by the Office of the Comptroller of the Currency (OCC) on March 7 with respect to national banks and federal savings banks,3 the Crypto Letter reflects a seismic shift in the scope of enumerated crypto-related activities permitted to state-chartered banks across the United States, assuming that such activities are performed in a manner that is otherwise consistent with bank regulation.
The Crypto Letter
Notably, the Crypto Letter defines “crypto-related activities” to include “acting as crypto-asset custodians; maintaining stablecoin reserves; issuing crypto and other digital assets; acting as market makers or exchange or redemption agents; participating in blockchain- and distributed ledger-based settlement or payment systems, including performing node functions; as well as related activities such as finder activities and lending.” Some of these powers are consistent with what the banking industry believed likely to be newly permitted by the Trump administration, such as acting as a cryptoasset custodian.
Custodial powers have long been permitted to insured depository institutions that satisfy certain statutory and procedural requirements. Other powers enumerated in the definition, however, such as issuing crypto and other digital assets, represent a breadth of authority that had not been widely anticipated in the banking industry given that such activities provide the potential for FDIC-supervised institutions to publicly offer payment mechanisms that could, potentially, compete with the US dollar. For example, if Bank of X issues a hypothetical “X coin” that can be used at merchants much like a credit or debit card (whether in an open-loop or closed-loop environment), such coin will function as a medium of exchange that could either be fully backed by US dollars (i.e., a payment stablecoin), or potentially backed by other assets, introducing a new form of privately issued currency into the payment ecosystem.
It is worth noting that Congress is currently considering several bills on payment stablecoins. These bills would create regulatory pathways for banks to issue payment stablecoins under appropriate regulatory oversight.
However, the Crypto Letter further provides that traditional concepts underpinning bank supervision continue to apply to a bank that pursues participation in a crypto-related activity: namely, such activities must be performed in a manner that is consistent with safety and soundness principles as well as applicable laws and regulations. While the Crypto Letter is clear that prior approval from the FDIC is not required to engage in a crypto-related activity, before undertaking such activities, the insured depository institution must consider the existing risk rubric that governs all bank activities, including, but not limited to, “market and liquidity risk; operational and cybersecurity risks; consumer protection requirements; and anti-money laundering requirements.”
Finally, the Crypto Letter notes that new interagency guidance related to crypto activities by insured depository institutions will be forthcoming from the federal banking regulators with respect to prior guidance issued by the Biden administration. This is consistent with action taken by the OCC in its publication of the OCC Crypto Letter that rescinded prior OCC guidance with respect to crypto activity and affirmed that national banks and federal savings banks may engage in cryptoasset custody, distributed ledger and stablecoin activities.
What This Means
While the Crypto Letter reflects a policy to permit broad participation in the crypto market by FDIC-supervised banks, there is no expectation that such banks will immediately enter the market with crypto-related products and services. Rather, policies, procedures and testing methodologies must be created to reflect safe and sound banking principles. Clearly, certain activities that “mirror” products currently offered by insured depository institutions, such as the custodying of crypto assets, will be the first activities retail and commercial customers are likely to see, given that the pivot to offering this type of additional fiduciary activity will not present significant operational and procedural hurdles assuming an institution currently offers such services. Lending against the value of a customer’s crypto likely falls within the same analytical framework: banks have long loaned against the value of assets, including assets whose values fluctuate in the market.
Other enumerated activities, however, will require a longer “lead time” before they are brought to the market. In particular, building a blockchain-based payment system will require significant investment and effort given the multiple layers between consumer/customer, merchant, and payment system. For example, in order for a consumer to use crypto held at Bank X to buy coffee in the morning from the merchant in the office lobby, Bank X must build the technical infrastructure to connect its banking systems with blockchain networks. This infrastructure will need to allow the consumer to initiate payments, enable the bank to verify balances and process transfers and ensure that such crypto can be moved from the customer’s account held at Bank X to the merchant’s account held at Bank Y.
1 The Biden administration guidance requiring prior FDIC notification before engaging in crypto-related activities was set forth at FDIC FIL-16-2022.
2 FDIC Clarifies Process for Banks to Engage in Crypto-Related Activities, March 28, 2025, available at https://www.fdic.gov/news/financial-institution-letters/2025/fdic-clarifies-process-banks-engage-crypto-related?source=govdelivery&utm_medium=email&utm_source=govdelivery
3 OCC Letter Addressing Certain Crypto-Asset Activities, March 7, 2025, available at https://www.occ.treas.gov/topics/charters-and-licensing/interpretations-and-actions/2025/int1183.pdf (the “OCC Crypto Letter”).
CFTC Withdraws Pair of Advisories on Heightened Review Approach to Digital Asset Derivatives [Video]
On March 28, the staff of the Commodity Futures Trading Commission (CFTC) issued two press releases announcing the withdrawal of two previous advisories that reflected the agency’s heightened review approach to digital asset derivatives.
These announcements appear to mark the end of the CFTC’s heightened review of digital asset products. The CFTC rules certainly still apply, but this seems to be a deliberate move by the CFTC to start treating digital asset derivatives like other CFTC-regulated products. It also gives a glimpse of how the CFTC would regulate digital asset spot transactions if Congress gives it the authority to do so.
The first advisory the CFTC withdrew was Staff Advisory No. 18-14, Advisory with Respect to Virtual Currency Derivative Product Listings, which was issued on May 21, 2018. The withdrawal is effective immediately. That advisory provided certain enhancements that CFTC-regulated entities were asked to follow when listing digital asset derivatives. These included enhanced market surveillance, closer coordination with the CFTC, reporting obligations, risk management and outreach to members and market participants. That advisory was withdrawn in its entirety, with the CFTC staff citing its increased experience with digital asset derivatives and that the digital asset industry has increased in market growth and maturity.
The second advisory the CFTC staff withdrew was Staff Advisory No. 23-07, Review of Risks Associated with Expansion of DCO Clearing of Digital Assets, issued on May 30, 2023. It stated that CFTC staff would focus on the heightened risks of digital asset derivatives to system safeguards, fiscal settlement procedures and conflicts of interest.
United States: House Committee on Financial Services Urges the SEC to Withdraw Final and Proposed Rules
On 31 March 2025, the House Committee on Financial Services (Committee), in a letter to Acting Chairman of the US Securities and Exchange Commission (SEC), Mark Uyeda, identified a series of proposed and adopted rules that the SEC should withdraw or rescind. The letter notes the Committee’s view that the SEC, under the prior Chair, had lost sight of its mission. The identified proposals and rules represent significant rulemaking efforts on the part of the SEC, many of which were controversial and subject to significant industry opposition. The specific proposals identified are the following:
Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure;
Short Position and Short Activity Reporting by Institutional Investment Managers;
Reporting of Securities Loans;
Pay Versus Performance;
Investment Company Names;
Form N-PORT and Form N-CEN Reporting; Guidance on Open-End Fund Liquidity Risk Management Programs;
Conflicts of Interest Associated with the Use of Predictive Data Analytics by Broker Dealers and Investment Advisers;
Open-End Fund Liquidity Risk Management Programs and Swing Pricing;
Regulation Best Execution;
Order Competition;
Position Reporting of Large Security-Based Swap Positions;
Regulation Systems Compliance and Integrity;
Outsourcing by Investment Advisers; and
Enhanced Disclosures by Certain Investment Advisers and Investment Companies about Environmental, Social, and Governance Investment Practices.
While the Committee does not have the authority to compel the SEC to take action on any if these final or proposed rules, the letter is a strong indication of support for an overall deregulatory environment and could provide a blueprint for SEC regulatory policy once Paul Atkins is confirmed.
EU: New European Consumer Protection Guidelines for Virtual Currencies in Video Games
On March 21, 2025, ahead of a consultation and call for evidence on the EU’s Digital Fairness Act, the Consumer Protection Cooperation (CPC) Network[1] highlighted the pressing need for improved consumer protection in the European Union, particularly regarding virtual currencies in video games. This move comes in response to growing concerns about the impact of gaming practices on consumers, including vulnerable groups such as children. The CPC Network has defined a series of key principles and recommendations aimed at ensuring a fairer and more transparent gaming environment. These recommendations are not binding and without prejudice to applicable European consumer protection laws[2] but they will likely guide and inform the enforcement of consumer protection agencies on national level across the EU.
What Are the Key Recommendations for In-Game Virtual Currency?
The CPC Network’s recommendations are designed to enhance transparency, prevent unfair practices, and protect consumers’ financial well-being. These principles are not exhaustive but cover several crucial areas:
Clear and Transparent Price Indication: The price of in-game content or services must be shown in both in-game currency and real-world money, ensuring players can make informed decisions about their purchases. (Articles 6(1)(d) and 7 of the UCPD, and Article 6 (1) (e) of the CRD)
Avoiding Practices That Obscure Pricing: Game developers should not engage in tactics that obscure the true cost of digital content. This includes practices like mixing different in-game currencies or requiring multiple exchanges to make purchases. The goal is to avoid confusing or misleading players.(Articles 6 (1) (d) and 7 of the UCPD, and Article 6 (1) (e) of the CRD)
No Forced Purchases: Developers should not design games that force consumers to spend more money on in-game currencies than necessary. Players should be able to choose the exact amount of currency they wish to purchase.(Articles 5, 8 and 9 of the UCPD)
Clear Pre-Contractual Information: Prior to purchasing virtual currencies, consumers must be given clear, easy-to-understand information about what they are buying. This is particularly important for ensuring informed choices.(Article 6 of the CRD)
Respecting the Right of Withdrawal: Players must be informed about their right to withdraw from a purchase within 14 days, particularly for unused in-game currency. This is crucial for ensuring consumers’ ability to cancel transactions if they change their mind.(Articles 9 to 16 of the CRD)
Fair and Transparent Contractual Terms: The terms and conditions for purchasing in-game virtual currencies should be written clearly, using plain language to ensure consumers fully understand their rights and obligations.(Article 3 (1) and (3) of the UCTD)
Respect for Consumer Vulnerabilities: Game developers must consider the vulnerabilities of players, particularly minors, and ensure that game design does not exploit these weaknesses. This includes providing parental controls to prevent unauthorized purchases and ensuring that any communication with minors is carefully scrutinized.(Articles 5-8 and Point 28 of Annex I of the UCPD)
These principles reflect the growing concern by European regulators of exploitation of consumers, particularly vulnerable groups such as children, in the gaming world. The European Consumer Organisation (BEUC) has strongly supported these measures, which aim to provide a safer, more transparent gaming experience for players.
Enforcement Actions and Legal Proceedings
On the same day, coordinated by the European Commission the CPC Network initiated legal proceedings against the developer of on online game. This action, driven by a complaint from the Swedish Consumers’ Association, addresses concerns about the company’s marketing practices, particularly those targeting children. Allegations include misleading advertisements urging children to purchase in-game currency, aggressive sales tactics such as time-limited offers, and a failure to provide clear pricing information.
A Safer Gaming Future
This enforcement action, along with the introduction of new principles, is part of the European Commission’s stated objective to ensure better consumer protection within the gaming industry. The Commission aims to emphasize the importance of transparency, fairness, and the protection of minors within gaming platforms.
What Should Video Game Companies and Gambling Operators Do Next?
In light of these new developments, video game companies and gambling operators especially those offering virtual currencies are well advised to review their practices to ensure ongoing compliance with existing EU consumer protection laws.
Failure to align with the above principles does not automatically mean that consumer laws are infringed but as the recent enforcement action shows could result in investigations and enforcement actions under the CPC Regulation or national laws. If gaming content is available across multiple EU countries, a coordinated investigation may be triggered, with the possibility of fines up to 4% of a company’s annual turnover.
To further support the industry, the European Commission is organising a workshop to allow gaming companies to present their strategies for aligning with the new consumer protection standards. This will provide a valuable opportunity for companies to share their plans and address any concerns related to these proposed changes. If you would like to know more, please get in touch.
FOOTNOTES
[1] The CPC Network is formed by national authorities responsible for enforcing EU consumer protection legislation under the coordination of the European Commission.
[2] Reference is made to Directive 2005/29/EC of the European Parliament and of the Council of 11 May 2005 on unfair commercial practices (UCPD); the Directive 2011/83/EU of the European Parliament and of the Council of 25 October 2011 on consumer rights (CRD); the Directive 93/13/EEC of 5 April 1993 on unfair terms in consumer contracts (UCTD).
Confirmation Hearing for SEC Chair Nominee Atkins — Takeaways for Fund Managers
The Senate Banking Committee convened on Thursday to consider the nomination of Paul Atkins, President Trump’s nominee for Chair of the Securities and Exchange Commission, along with the nominees for the Comptroller of the Currency, the Assistant Secretary of the Treasury and the Department of Transportation.
Atkins, a former SEC Commissioner, shared his views on the current regulatory landscape, contending that today’s environment stifles capital formation and indicating a pivot from the SEC’s recent emphasis on aggressive enforcement. Overall, nothing occurred at the hearing that would change the expectation that Atkins will be confirmed. Currently, the SEC only has three members, meaning the Democratic Commissioner in theory could effectively have veto power over actions requiring a vote of the SEC because she can deny a quorum for any action she strongly opposes; if Atkins is confirmed, the Republican majority would no longer need the Democratic Commissioner, so it will be able to begin with formal rulemaking steps.
Key takeaways for fund managers from Atkins’ testimony are below.
Position on Private Funds
Surprisingly, Atkins faced relatively few questions about private funds. Nonetheless, in responding to questions, he noted that investors in private funds are typically sophisticated and have sufficient resources to hire advisers. In response to a question from a Democratic member of the Committee, he conceded that retail investors in registered funds benefit from additional investor protections, such as diversification rules. Atkins confirmed that the SEC would continue to enforce penalties against firms that mislead investors, but he drew a distinction between accredited investors—who he said have the sophistication and means to fend for themselves—and registered fund investors, possibly indicating a less restrictive or more principles-based regulatory and enforcement framework for the private fund industry.
Focus on Disclosure Practices
Atkins expressed concerns about the inefficient disclosures that investors face, stating, “investors are flooded with disclosures that do the opposite of helping them understand the true risks of an investment.” At the same time, he stated that investors should be protected from incorrect or materially misleading private fund disclosures. While his testimony suggests that the SEC would continue scrutinizing firms’ marketing practices, this could signal a willingness to pare back rules that require voluminous disclosure that most investors do not read.
Digital Assets and Cryptocurrency
In his opening statement, Atkins signaled that digital assets and cryptocurrency will be a prominent focus if he is confirmed. He highlighted his experience developing best practices for the digital asset industry since 2017, pointing to what he views as ambiguous or outdated regulations that have led to market uncertainty and inhibited innovation. Atkins stated that a “firm regulatory foundation” for digital assets would be a top priority, emphasizing a “rational, coherent, and principled approach.” Consistent with the work that already has started under the Crypto Task Force, his comments suggest a more measured and predictable environment for market participants, which could foster greater institutional involvement and spur technological developments in the digital asset space. Consistent with his overarching views on regulation expressed throughout the hearing, Atkins stressed the importance of clear rules that encourage capital formation, which believes are critical as the SEC considers its role in overseeing rapidly evolving cryptocurrency markets.
Creating Efficiencies within the SEC
In response to questions regarding how he might work with the Department of Government Efficiency, Atkins indicated general support for seeking greater efficiency in the SEC’s operations. “If there are people who can help with creating efficiencies in the agency or otherwise, I would definitely work with them.” As has been reported elsewhere, more than 12% of the SEC has already taken a voluntary buyout; any further cuts as a result of involvement by DOGE could result in the SEC prioritizing certain types of investment adviser firms for focus from the Division of Examinations. While the SEC’s future staffing levels are not yet known, its future resource allocation is likely to be influenced by any priority given to protecting less sophisticated and less well-resourced investors.
China Regulator Proposes Amendments to Cybersecurity Law
On March 28, 2025, the Cyberspace Administration of China issued draft amendments to China’s Cybersecurity Law (“Draft Amendment”) for public comment until April 27, 2025. The Draft Amendment aims to harmonize relevant provisions of the Personal Information Protection Law (“PIPL”), Data Security Law (“DSL”) and Law of Administrative Penalties, all of which were issued after the Cybersecurity Law came into effect in 2021.
The Draft Amendment amends the liability provisions of the Cybersecurity Law as follows:
Legal liability for network operation security: (1) classifies massive data leakage incidents, loss of partial functions of critical information infrastructure (“CII”) and other serious consequences that jeopardize network security as violations of the Cybersecurity Law and increases the range of fines set forth in the DSL for such violations; (2) imposes liability for the sale or provision of critical network equipment and specialized cybersecurity products that do not meet the Cybersecurity Law’s requirements for security certification and security testing; and (3) clarifies penalties for CII operators that use network products or services that have either not undergone or passed security review.
Legal liability for security of network information: (1) increases the penalty range for failure to report to the competent authorities, or failure to securely dispose of, information that is prohibited by applicable law to be published or transmitted; and (2) clarifies penalties for violations of the Cybersecurity Law that have particularly serious impacts and consequences.
Legal liability for security of personal information and important data: Amends the Cybersecurity Law to incorporate the PIPL’s and DSL’s penalty structure for violations of the law involving the security of personal information and other important data.
Mitigation of penalties: Adds provisions to mitigate, alleviate or withhold penalties for violations of the Cybersecurity Law where: (1) the network operator eliminates or mitigates the harmful consequences of the violation; (2) the violation is minor, timely corrected and does not result in harmful consequences; or (3) it is a first time violation that is timely corrected and results in minor harmful consequences. The Draft Amendment also clarifies that the competent authorities are responsible for formulating the corresponding benchmarks for administrative penalties.
NEW HAMPSHIRE DEEPFAKE SCANDAL TCPA LAWSUIT: Court Refuses To Dismiss Claims Against Platforms That Allegedly Aided In Sending The AI/Deepfake Calls Impersonating President Biden
Hi TCPAWorld! Remember last year when that political consultant from Texas hired the New Orleans magician to sound like Joe Biden in order to make calls using AI technology to New Hampshire voters in an attempt to convince them not to vote?
Well, that saga continues!
So for some background here, Steve Kramer, a political consultant, used AI technology to create a deepfake recording of President Joe Biden’s voice. Days before the New Hampshire primary, nearly 10,000 voters received a call in which the AI voice falsely suggested that voting in the primary would harm Democratic efforts in the general election. To further the deception, Kramer spoofed the caller ID to display the phone number of Kathleen Sullivan, a well-known Democratic leader. Voice Broadcasting Corporation and Life Corporation enabled the call campaign, providing the technology and infrastructure necessary to deliver the calls.
Steve Kramer, Voice Broadcasting Corporation, and Life Corporation in the US District Court of New Hampshire were sued on March 14, 2024, for violations of the TCPA (as well as violations of the Voting Rights Act of 1965 and New Hampshire statutes regulating political advertising) by the League of Women Voters of the United States, the League of Women Voters of New Hampshire, and three individuals who received those calls. League of Women Voters of New Hampshire et al v. Steve Kramer et al, No. 24-CV-73-SM-TSM.
Broadcasting Corporation and Life Corporation filed a motion to dismiss arguing 1) they did not “initiate” the at-issue calls and 2) these calls did not violate the TCPA because they were “’political campaign-related calls,’ which are permitted when made to landlines, even without the recipient’s prior consent.”
The court denied their motion on 3/26/25 finding that the plaintiffs adequately alleged a plausible claim for relief under the TCPA. League of Women Voters of New Hampshire et al v. Steve Kramer et al, No. 24-CV-73-SM-TSM, 2025 WL 919897 (D.N.H. Mar. 26, 2025).
The TCPA makes it unlawful “to initiate any telephone call to any residential telephone line using an artificial or prerecorded voice to deliver a message without the prior express consent of the called party.” While the TCPA does not specifically define what it means to “initiate” a call, the FCC has established clear guidance. According to In the Matter of the Joint Petition filed by Dish Network, Federal Communications Commission Declaratory Ruling, 2013 WL 1934349 at para. 26 (May 9, 2013), a party “initiates” a call if it takes the steps necessary to physically place it or is so involved in the process that it should be deemed responsible.
In this case, the court assumed, without deciding, that neither Voice Broadcasting nor Life Corporation physically placed the calls. But that didn’t absolve them. The court turned to the totality of the circumstances to determine whether the companies were sufficiently involved to bear liability.
The allegations were that Voice Broadcasting didn’t merely act as a passive service provider. Instead, it actively collaborated with Kramer to refine the message and even suggested adding a false opt-out mechanism that directed recipients to call Kathleen Sullivan’s personal phone number. Life Corporation, in turn, allegedly facilitated the delivery of thousands of the calls using its telecommunications infrastructure. The court found that these facts were more than enough to justify holding the companies accountable under the TCPA.
Quoting the FCC’s guidance, the court explained that companies providing calling platforms cannot simply “blame their customers” for illegal conduct. Liability attaches to those who “knowingly allow” their systems to be used for unlawful purposes. Voice Broadcasting and Life Corporation had the means to prevent the deepfake calls— but they didn’t. As the court explained, “Even if one were to assume that neither Voice Broadcasting nor Life Corp. actually ‘initiated’ the Deepfake Robocalls, they might still be liable for TCPA violations, depending upon their knowledge of, and involvement in, the scheme to make those illegal calls.”
As for the defendants’ second argument, that the calls were political and therefore exempt from the TCPA’s consent requirements, the court acknowledged that political campaign calls using regulated technology, such as the AI-voice technology used in the alleged calls, to landlines are generally permissible, even without prior express consent. However, this exemption is not a free pass. The calls must comply with other key provisions of the TCPA, including the requirement to provide a functional opt-out mechanism.
Here, instead of providing a legitimate way for recipients to opt-out, the alleged calls instructed the recipients to call Kathleen Sullivan’s personal phone number. This sham opt-out mechanism not only failed to meet TCPA standards but also contributed to the deception. The court had no trouble rejecting the claim that this constituted compliance: “Little more need be said other than to note that such an opt-out mechanism plainly fails to comply with the governing regulations and is not, as defendants suggest, ‘adequate.’”
And in case you are all wondering about Mr. Kramer himself, a default was entered against Kramer on 8/29/24.
The entire story behind these calls has been something to watch. This is definitely a case to keep an eye on!