UK Data Use and Access Act Now in Force

On June 19, 2025, the UK Data Use and Access Bill (DUA Bill) finally received Royal Assent and passed into law as the Data Use and Access Act 2025 (DUA Act). The DUA Act amends the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communication (EC Directive) Regulations 2003 (PECR). 
Key Changes Under the DUA Act 
International Data Transfers
The DUA Act introduces a new data protection standard for international data transfers from the UK to other countries. The new standard is “not materially lower” data protection measures than the standard in the UK, as opposed to the current standard as being “essentially equivalent.” This may impact the UK’s adequacy status with the EU. The current EU-UK adequacy decision is valid until December 27, 2025. We will monitor how the European Commission responds to the DUA Act’s new standard. 
A New Legal Basis
The DUA Act introduces “Recognized Legitimate Interests” as new a legal basis for data processing. This new legal basis will permit certain security-related activities such as fraud prevention, public safety, and national security. With regard to these data processing activities, a controller will likely not be required to conduct a legitimate interest balancing test. The DUA Act also provides further guidance around what constitutes legitimate interest, such as direct marketing, intra group data transfers for internal administration, and processing necessary to ensure the security of network and information systems.
Data Subject Requests
The DUA Act modifies Data Subject Access Requests (DSARs) by introducing “reasonable and proportionate” searches when controllers are required to respond to DSARs. The DUA Act codifies ICO guidance related to DSARs. Organizations must now explain when they withhold information due to legal privilege. 
Automated Decision Making
Article 22 of the UK GDPR restricts solely Automated Decision-Making (ADM) that has a significant legal effect on individuals, requiring meaningful human oversight for all such processes. The DUA Act clarifies that “meaningful human intervention” necessitates that a competent person reviews automated decisions. Organizations conducting ADM must also offer appropriate safeguards. Organizations using AI-driven processes must uphold transparency and accountability in decision-making. Organizations are also required to inform individuals and comply with non-discrimination laws such as the Equality Act 2010. 
Cookies
The DUA Act provides new exemptions to the requirement for consent to set cookies for:

Collecting statistical information about how an organization’s service or website is being used with a view to make improvements (such as analytics purposes); 
Optimization of content display or to reflect user preferences about content display (such as saving user preferences in relation to font or adapting the display to the size of the user’s device); or
Where the sole purpose is to enable the geographical position of a user to be ascertained in response to an emergency communication.

Even with these exemptions, organizations must clearly inform users about the purpose of the cookies and provide a simple and effective opt-out mechanism.
Digital ID Trust Framework
The DUA Act establishes a Digital ID Trust Framework to establish rules for digital verification services in the UK. This is aimed at fostering innovation, while increasing oversight and consultation. Key provisions of the framework include simplifying regulations to make digital verification services more efficient and accessible.
Children’s Data
The DUA Act introduces several provisions aimed at strengthening the protection of children’s personal data. It outlines that children’s “higher protection matters’” as considerations for how best to safeguard and support children when using services. 
Complaints
The DUA Act outlines new rules requiring controllers to respond to complaints within 30 days before being reported to the Information Commissioner’s Office (ICO).
Role of the ICO
The ICO will now see increased oversight by the Secretary of State, potentially leading to shifts in enforcement priorities. The ICO will transition to a corporate body formally established as the Information Commission led by a Chair and supported by a non-executive board.
Next Steps for Organizations
The DUA Act will enter into phased implementation from now through June 2026. Organizations should:

Review and update their data maps and inventories globally.
Assess and audit any ADM and AI related activities.
Review DSAR processes and procedures.
Identify and update how cookies are being used.
Update and/or create complaints handling procedure.

Big Sky State Makes Big Privacy Updates

Montana’s privacy law has received a refresh and updates will go into effect October 1, 2025 – exactly one year since the law took effect. The law was modified with SB 297, and changes include coverage, approach with minors, and more:

Broadening who is covered. Previously, Montana’s privacy law applied only to those controlling or processing the personal data of at least 50,000 Montanans. SB 297 cuts those numbers in half, bringing in any business handling the data of just 25,000 state residents or making substantial revenues off the personal data of at least 15,000 people.
Minors. As amended, businesses offering online services, products, or features to those under 18 must use reasonable care to avoid heightened risks of harm to minors. Data protection impact assessments -will also be needed if engaging in activities that might create a risk of harm to minors. As revised, companies will need to get consent from those 13-18, or from their parents if the minor is under 13, to process minors’ information for targeted advertising, certain profiling activities, or selling of personal data. There are also restrictions on geolocation information collection and using “system design feature[s]” to increase use of online services.
Narrowed exemptions. Montana has removed the broad GLBA entity-level exemption that exists in most states (joining California, Minnesota, and Oregon). There will still be an exemption for GLBA-covered information, but the only types of financial institutions that receive the entity-level exception are banks and credit unions. Montana’s law also previously exempted non-profits, but now narrows this to only non-profits that detect and prevent fraudulent acts in connection with insurance. Delaware and Oregon’s privacy laws contain similar carveouts for non-profits. 
Privacy policy updates. Under the law’s revisions, privacy policies will need to explain what rights consumers have (not just that the consumer has rights) and the types of data and third parties to whom data is shared or sold. Like California, Colorado, Minnesota, and New Jersey, Montana businesses must also state the date the privacy notice was “last updated.” Privacy notice content will need to be accessible to individuals with disabilities and available in each language in which the business provides a product or service. Links to the notices must be conspicuously posted. Material changes must communicated to consumers for prospective data collection and they must be allowed to opt out of such changes.
AG and right to cure. Finally, as amended, businesses will no longer have a statutory cure period. Previously, when the AG issued a notice of violation, businesses were given 60 days to cure.

Putting it into Practice: Montana joins California, Colorado, and Virginia in making changes to its comprehensive privacy laws. Provisions to keep in mind include privacy policy content, approach with minors’ information, and who and what is covered under the law.
Listen to this post 

SYSTEM REBOOT ON AUTODIALERS?: McLaughlin and the Future of TCPA Statutory Interpretation

Greetings TCPAWorld!
The Supreme Court dropped another surprise that’s about to turn everything upside down again. See McLaughlin Chiropractic Assocs. v. McKesson Corp., No. 23-1226, 2025 U.S. LEXIS 2385 (June 20, 2025). McLaughlin was not, in turn, about autodialers at all—it was about whether courts must consider FCC interpretations under the Hobbs Act. But what about the ripple effects for automatic telephone dialing systems (“ATDS”)? Absolutely, potentially massive.
For the past four years, we’ve all been living in the post-Facebook (Facebook, Inc. v. Duguid, 592 U.S. 395 (2021)) world where everyone pretty much agreed on what an automatic telephone dialing system actually means. The Supreme Court seemed to settle the matter: to qualify as an ATDS, your equipment must have the capacity to store or produce telephone numbers using a random or sequential number generator and then dial those numbers.
That narrow interpretation was huge for businesses that had been facing significant challenges from TCPA class actions. Before this clarification, plaintiff attorneys were arguing that any system capable of storing phone numbers and dialing them automatically—such as a smartphone, a basic CRM system, or even predictive dialers calling from customer lists—could qualify as an ATDS. The Supreme Court’s grammatical analysis put an end to that madness by concluding that “using a random or sequential number generator” modifies both “store” and “produce,” meaning you need the random generation component for either function.
But here’s where McLaughlin comes in and changes everything we think we already know. Justice Kavanaugh’s majority opinion established a principle that will reshape how every TCPA case is litigated: district courts must independently interpret statutes under ordinary principles of statutory construction, giving only “appropriate respect” to agency interpretations. This is not a minor shift at all, as it explicitly disclaims the view that district courts are bound by FCC interpretations in private TCPA actions. WOW!
Now let’s not put the cart before the horse. That means the FCC no longer controls how district courts interpret the TCPA, although its guidance may still be considered persuasive.
This represents a gigantic shift from the old days, when FCC orders interpreting the TCPA were treated as binding under Hobbs Act jurisdictional preclusion. District courts previously could not disagree with FCC interpretations because challenges had to go to the courts of appeals. Now, following McLaughlin and last year’s Loper Bright decision, which eliminated Chevron deference entirely, federal judges must do the hard work of statutory interpretation themselves.
So what does this mean for ATDS? While Facebook settled the core definition at the Supreme Court level, there were still plenty of gray areas that the FCC had been filling in with guidance and interpretations. Now, district courts can look at those same issues with fresh eyes. See the challenge here? This will no doubt create new circuit splits and ALOT more unpredictability.
Post-McLaughlin, one district court might look at the statutory text and decide that “capacity” means what you can do right now, not what you could theoretically do with software modifications. Another court three states over might stick closer to the FCC’s broader interpretation. Yet another might split the difference and require some middle ground between current functionality and theoretical potential. Suddenly, we’re back to forum shopping and conflicting precedents across jurisdictions, with plaintiffs rushing to file in friendly districts while defendants attempt to relocate cases to more favorable venues.
Then there’s the question of human intervention. FCC guidance has generally stated that if a human must initiate every call, you’re probably not dealing with an ATDS. But how much human involvement is enough? What if a person loads the contact list, but the system dials automatically? What about click-to-call platforms where humans trigger each individual call? These cases, which seemed settled under FCC guidance, are now fair game for independent judicial interpretation.
The world of predictive dialing is an exciting one. Modern predictive dialers that operate from stored customer lists were largely exempted after Facebook, as they don’t use random generation. But there are still cases—systems that use algorithms to select numbers sequentially within targeted lists, or platforms that employ some mathematical progression that might arguably qualify as “sequential.” Without FCC deference, creative plaintiff attorneys can argue these distinctions to judges who might see things differently than the agency.
And don’t get me started on platform-specific technologies. Peer-to-peer texting systems, automated appointment scheduling, click-to-call functionality—all these technologies that the FCC has weighed in on over the years are now subject to fresh judicial analysis. A district judge unfamiliar with a specific platform may interpret the statutory language differently from an agency with telecommunications expertise.
The implications extend beyond federal courts as well. It’s only fitting that I talk about Florida, my home state. Florida’s Telephone Solicitation Act (“FTSA”) is likely the best example of how states have been attempting to fill the gap and narrow the federal interpretation. The FTSA initially defined prohibited technology as “an automated system for the selection or dialing of telephone numbers”—notice the “or” instead of “and,” and the complete absence of any random or sequential number generation requirement.
Florida amended the law in 2023 to require systems that both select and dial numbers; however, this still doesn’t incorporate the TCPA’s requirement for random or sequential number generation. You’ve got a peculiar situation where technology that’s perfectly legal under federal law may still be considered a violation of Florida state law. The McLaughlin principle doesn’t directly affect how state courts interpret state statutes. Still, it certainly signals a broader trend toward judicial skepticism of agency interpretations that extend beyond what the actual statutory text states.
Speaking of that trend, we just saw another example play out in real time. The Eleventh Circuit’s decision in Insurance Marketing Coalition v. FCC struck down the FCC’s one-to-one consent rule, essentially telling the agency that it had overstepped its authority. See Ins. Mktg. Coal. Ltd. v. FCC, 127 F.4th 303 (11th Cir. 2025). The reasoning there—that agencies can only “reasonably define” statutory provisions without altering them—sounds awfully similar to the McLaughlin approach.
So, how will this ultimately play out? I’m glad you asked. For defense attorneys, McLaughlin opens up a whole new playbook. Instead of having to work around FCC interpretations of ATDS scenarios, you can now argue directly from statutory text and context. Got a client using technology that stores numbers but doesn’t generate them randomly? Make the textual argument. Using a system with human intervention that the FCC once deemed “automated”? Point the court to the text. Using some algorithmic selection that doesn’t quite fit the random/sequential concept? Time to get creative with statutory interpretation.
The flip side is that plaintiff attorneys also gain new opportunities. They can argue for broader textual interpretations of ATDS without having to overcome existing FCC guidance. The whole question of what “capacity,” “production,” and “storage” mean in the context of modern technology is back on the table.
From a compliance perspective, this creates a much more complex landscape. It used to be that if you followed FCC guidance, you had a pretty good safe harbor. Now you’ve got to think about how different district courts in different jurisdictions might independently interpret the same statutory language. For instance, compliance that works perfectly in the Ninth Circuit might change drastically in the Fifth Circuit, not because the law changed, but because different judges reached different conclusions about what Congress meant when it wrote about ATDS.
This all fits into the constraining of administrative power and the return of interpretive authority to the judiciary. Following Loper Bright’s elimination of Chevron deference and McLaughlin’s limitation of Hobbs Act preclusion, we’re witnessing a fundamental rebalancing toward judicial supremacy in statutory interpretation. Bottom line for anyone in the TCPA space, this means possibly less predictability in the short term, but potentially more sophisticated, text-based analysis over time. Exciting stuff!

How Intellectual Property Protection Fuels Growth in Tech Startups

Strategic protection of intellectual property (IP) is crucial for driving the growth and sustainability of high-tech startups, enabling them to secure their innovations, maintain a competitive edge, and strengthen their market position.
IP is a critical asset for tech startups, often representing the core value of the company. In highly competitive technology sectors driven by innovation and rapid technological advancements, such as artificial intelligence (AI) and fintech, protecting IP is essential to maintaining a competitive edge. For tech startups, IP can include patents, trademarks, copyrights, and trade secrets, each serving a unique role in safeguarding different aspects of the business. Patents protect inventions and technological processes, trademarks secure brand identity, copyrights cover original works of authorship, and trade secrets protect confidential business information. Together, these IP rights form a robust framework that supports the startup’s growth and market position.
The Role of Patents in Innovation
Patents are particularly vital for tech startups as they provide exclusive rights to new inventions, preventing others from making, using, or selling the patented technology without permission. This exclusivity is crucial in the tech industry, where innovations can be easily replicated. By securing patents, startups can protect their technological advancements, ensuring that they reap the benefits of their research and development efforts. Moreover, patents can enhance a startup’s credibility and attractiveness to investors, as they demonstrate a commitment to innovation and a clear path to market differentiation.
Attracting Investment and Partnerships
For tech startups, attracting investment is often a key priority, and a strong IP portfolio can be a significant factor in securing funding. Investors are more likely to invest in companies that have protected their innovations, as this reduces the risk of imitation and potential legal disputes. A well-managed IP strategy can also facilitate partnerships and collaborations, as it provides a clear framework for sharing technology and knowledge while protecting the startup’s interests. By demonstrating a proactive approach to IP protection, startups can build trust with investors and partners, paving the way for strategic growth opportunities.
Mitigating Legal Risks and Challenges
In the competitive tech landscape, legal challenges are not uncommon, and IP protection serves as a crucial defense mechanism. Without adequate IP protection, startups risk facing infringement claims from competitors, which can be costly and damaging to their reputation. By securing IP rights, startups can mitigate these risks, ensuring that they have the legal backing to defend their innovations. Additionally, having a strong IP portfolio can deter potential infringers, as it signals the startup’s readiness to enforce its rights and protect its market position.
Enhancing Market Position and Brand Value
Beyond legal protection, IP rights contribute to a startup’s market position and brand value. Trademarks, for example, help establish brand identity and consumer trust, which are essential for building a loyal customer base. Copyrights protect the creative aspects of a startup’s offerings, such as software code and digital content, ensuring that the startup maintains control over its unique contributions. By leveraging IP rights, startups can differentiate themselves from competitors, enhance their brand value, and create a sustainable competitive advantage in the market.
Strategic IP Management for Long-Term Success
For tech startups, strategic IP management is not just about protection, it is about leveraging IP as a tool for growth and innovation. This involves regularly assessing the IP landscape, identifying opportunities for new filings, and ensuring that existing IP rights are maintained and enforced. Startups may also consider the global nature of the tech industry, seeking IP protection in key international markets to maximize their reach and impact. By integrating IP strategy into their overall business plan, tech startups can secure their innovations, attract investment, and position themselves for long-term success in a dynamic and competitive industry.
Listen to this article

Ohio Leads the Way Allowing Employers to Post Digital Labor and Employment Notices

On July 20, 2025, Ohio will officially become one of the first states to allow employers to provide digital—rather than physical—copies of certain labor law notices required under Ohio law. 
Specifically, under changes imposed by Senate Bill 33 (SB 33), Ohio will soon allow employers and businesses to post the following Ohio notices digitally:   

Minor Labor Laws
Minimum Fair Wage Standards Law
Civil Rights Law
Prevailing Wage Law
Workers’ Compensation Law
Public Employment Risk Reduction Program Law  

Employers who choose to adopt a digital format must do so in a way that is accessible to all employees, such as posting the notices to an intranet site, an employee portal, or an employee accessible webpage (in each case, ensuring accessibility for employees with disabilities). Importantly, if an employer elects to provide digital notices, SB 33 requires an employer to also post the Ohio Civil Rights Law notice on the internet “in a manner that is accessible to the public.”    
In contrast to a similar law enacted by New York State in 2022, SB 33 does not require Ohio employers to use digital notices; instead, employers may still choose to post physical copies of the notices in high traffic areas such as break rooms or on bulletin boards. Additionally, SB 33 does not change any requirements under federal law to physically post certain employment-related notices.
In determining whether to provide digital notices, employers should consider:

how the employer intends to communicate any changes to its workforce. For instance, employers may want to incorporate the notices and directions on how to access the notices in their onboarding materials;
whether the employer’s digital platform is reliable; employers should avoid using systems that frequently render the notices inaccessible or unavailable; and
whether the employer needs to maintain physical postings to comply with other state or federal laws.

DC District Court Dismisses SOX Whistleblower Retaliation Claim Where Plaintiff Was Employed Abroad And His Employment Contract Was Not Governed By U.S. Law

In Jefferson v. Science Apps. Int’l Corp., et al.,[1] the U.S. District Court for the District of Columbia dismissed the plaintiff’s whistleblower retaliation claim brought under Section 806 of the Sarbanes-Oxley Act (“SOX” or the “Act”), holding, in line with courts across the country, that the statute does not apply extraterritorially and that there can be no domestic application of the statute when the employee lived and worked abroad. 
In Jefferson, the plaintiff worked as a Cyber Security Systems Administrator in Germany at a U.S. military base for Science Applications International Corp. (“SAIC”), a publicly traded U.S. company. Jefferson alleged, among other things, that while working for SAIC he reported to management the company’s use of incorrect metrics in reporting to the U.S. Securities and Exchange Commission and shareholders. Jefferson asserted that he faced escalating retaliation for his complaints, including a demotion, and, ultimately, termination of his employment. Following his termination, Jefferson brought suit under SOX, among other legal theories, and SAIC moved to dismiss under Rule 12(b)(6).
On May 6, 2025, the Court dismissed Jefferson’s SOX claim because it constituted an impermissible extraterritorial application of the SOX whistleblower provision. In reaching its conclusion, the Court applied the test established by the DC Circuit Court of Appeals in Garvey v. Admin. Rev. Bd., United States Dep’t of Lab.[2] for assessing whether a plaintiff has sought to invoke an impermissible extraterritorial application of SOX. In so doing, the court considered the following factors: (1) the locus of an employee’s work, and (2) the terms of the employee’s employment contract. The Court found that since Jefferson worked exclusively in Germany, the locus of his employment was in Germany and not the U.S. The Court also determined that since Jefferson did not allege that his employment contract was governed by U.S. law, there was no presumption that U.S. law applied. The Court thus dismissed the claim.
As we have previously reported, courts like this one continue are tending to coalesce around a bright line rule for dismissing SOX whistleblower retaliation claims brought by employees working outside the United States.[3] 

[1] No. CV 24-1692 (SLS), 2025 WL 1305245 (D.D.C. May 6, 2025.)
[2] 56 F.4th 110, 115 (D.C. Cir. 2022)
[3] See Proskauer Whistleblower Defense Blog: DC Circuit: SOX’s Anti-Retaliation Provision Does Not Apply Extraterritorially | Proskauer Whistleblower Defense; CA District Court: SOX and Dodd-Frank’s Whistleblower Provisions Do Not Apply To Individual Employed Abroad. But See Washington Federal Court Refuses to Dismiss SOX Whistleblower Claim Despite Plaintiff Working Abroad | Proskauer Whistleblower Defense.

SCOTUS Says District Courts Are Not Bound by FCC Orders Interpreting the TCPA

On June 20, 2025, the U.S. Supreme Court delivered an opinion that could dramatically change the landscape of class actions under the Telephone Consumer Protection Act (TCPA). 
In the case—McLaughlin Chiropractic Associates, Inc. v. McKesson Corporation—the Court held that the Hobbs Act does not bind district courts in civil enforcement proceedings to accept an agency’s interpretation of statutes such as the TCPA. The Court emphasized that district courts “instead must determine the meaning of the law under ordinary principles of statutory interpretation, affording appropriate respect to the agency’s interpretation.” More directly, the FCC’s word is not the last in determining the TCPA’s definitional and liability standards. 
The underlying case involved a dispute as to whether the district court was bound to follow an FCC order that “an online fax service is not a ‘telephone facsimile machine’” actionable under the TCPA. The district court ultimately decided that the FCC’s ruling was “a final, binding order” dictating how the law must be applied. The Ninth Circuit affirmed that decision.
A 6-3 Supreme Court majority, however, held that both lower courts got it wrong. District courts are not barred from independently assessing whether the FCC’s interpretation of the statute is correct and, in fact, categorically refusing to interpret the statute is error.
Suddenly with the Court’s decision, decades of FCC orders—as well as years of judicial precedent adopting the FCC’s interpretation of the law—are called into question. New battlegrounds are sure to arise as litigants seek to redefine “correct” interpretations of the TCPA’s requirements, including with respect to definitional language in the statute, its applicability to text message communications, and the scope of consent and opt-out compliance requirements under the law.
A three-justice dissent, led by Justice Kagan, notably raises concern with the majority’s holding, finding that the decision will lead to regulatory uncertainty, undermine the stability of administrative programs, and cause parties to disregard pre-enforcement agency orders.
Whatever the end result may be, there should be no dispute that McLaughlin will change how parties previously litigated TCPA class actions, and it opens opportunities for defense attorneys to make new arguments protecting clients against massive TCPA liability risks moving forward. 

Federal Jurisdiction and Review Standards at Issue in Cases Ranging from Terrorism to Tobacco – SCOTUS Today

With six more decisions, the U.S. Supreme Court decided no fewer than 11 cases in two business days last week, following 12 others over the previous two weeks.
In other words, summer vacation is upon us, as the Court’s term is likely to end soon.
The most recent decisions are, as predicted, more controversial than the spate of unanimous or near-unanimous decisions of earlier weeks. None of the newest decisions, nor indeed any of the cases yet to be decided, are likely to provoke the level of public attention given to the Court’s decision in United States v. Skrmetti, upholding a state’s law prohibiting certain medical treatments for transgender minors.
However, the latest batch of decisions offers considerable guidance to litigators with respect to the level of review that federal courts may exercise under several very active statutory regimes and as to important procedural issues such as standing and venue.
Justice Barrett delivered the Court’s opinion in Food and Drug Administration v. R.J. Reynolds Vapor Co., upholding the right of retailers who would sell new tobacco products if not for the order of the Food and Drug Administration (FDA) denying approval to seek judicial review. Justice Jackson, joined by Justice Sotomayor, dissented. The issue in the case was whether retailers, as opposed to manufacturers, were “person[s] adversely affected” by an FDA ruling under the terms of the Family Smoking Prevention and Tobacco Control Act (TCA). One might fairly say, albeit with tongue slightly in cheek, that this is a “liberal” decision from a “conservative” Court. In any event, the Court applied traditional standing analysis in determining that the plaintiff retailers were within the “zone of interests” that the statute protects. “Adversely affected,” as well as variations such as “adversely affected or aggrieved,” are terms of art with a “long history in federal administrative law.” Many statutes, including the Administrative Procedure Act (APA), use the term, which entitles anyone “adversely affected or aggrieved by agency action within the meaning of a relevant statute . . . to judicial review.”
The Court interpreted “adversely affected” broadly as covering anyone even “arguably within the zone of interests to be protected or regulated by the statute . . . in question.” Thus, the Court rejected the argument of the FDA that the capacious understanding of “adversely affected” is unique to the APA but should not apply to the TCA, which, it argues, requires that a person “actually”—not “arguably”—fall within the statute’s zone of interests. Accordingly, the Court interpreted the TCA as echoing the APA and that retailers “fit the bill” of persons who may petition for judicial review. As the Court notes, “If the FDA denies an application, the retailers lose the opportunity to profit from the sale of the new tobacco product—or, if they sell the product anyway, risk imprisonment and other sanctions. . . . Accordingly, the retailers are ‘adversely affected’ by a denial order and are therefore proper petitioners. . . .”
The dissenters read the TCA, as did the FDA, as only empowering manufacturers to appeal. The majority countered that the term “any” suggests a congressional intent to cover a more expansive category of potential plaintiffs. The FDA argued for the first time in the Supreme Court that each petitioner in a joint petition for review must independently establish venue. However, the Court notes that the FDA did not make that argument in the U.S. Court of Appeals for the Fifth Circuit, and the Supreme Court refused to address an argument raised for the first time before itself. The dissenters decried the fact that the decision allows manufacturers and others to do an “end run” around the TCA’s venue restrictions to courts of corporate residence or the D.C. Circuit, as well as forum shop to the perceived most favorable Circuits, thus avoiding the effect of earlier adverse rulings.
Author’s note: As many readers of this blog over the last several terms of the Court might recall, the Court has been increasingly strict in the assessment of standing and venue. This is not to debate the issue of consistency but to suggest that the Court’s decision affording standing to parties whose alleged harm is derivative of the direct harm of a primary party, i.e., a retailer, as opposed to an applicant manufacturer, is likely to add fuel to regulatory challenges brought not only under the APA, but also under other statutes.
Esteras v. United States is another 7–2 decision, this one also written by Justice Barrett, with Justices Alito and Gorsuch dissenting. The case involved a convict, Edgardo Esteras, who had pleaded guilty to conspiring to distribute heroin and was sentenced to imprisonment for 12 months, followed by six years of supervised release. While in the latter status, Esteras was arrested and charged with domestic violence and other crimes. The U.S. District Court for the Northern District of Ohio then revoked Esteras’s supervised release and ordered him reimprisoned for 12 months, explaining that his revocation was intended to “promote respect for the law.”
However, the Supreme Court rejected this view and held that a decision to revoke release may not be based on an excluded section of the statute applied here, “which covers retribution vis-à-vis the defendant’s underlying criminal offense.” While the statute sets forth 10 factors that govern initial sentencing, it excludes two of them from the factors to be considered as to revocation. One of those two excluded factors is the one applied by the trial court, which “references ‘the need for the sentence imposed . . . to reflect the seriousness of the offense, to promote respect for the law, and to provide just punishment for the offense.’ . . . This provision speaks to the retributive purpose of punishment.”
The Court held that the structure of the statute, excluding from consideration in a revocation proceeding two of the 10 factors available at original sentencing, confirms the negative inference that the excluded factors cannot be considered in assessing revocation for the limited universe of supervised release. With an impermissible factor that was used to support the revocation decision as to Esteras and others having been rejected by the Court, the case was remanded for other proceedings, apparently allowing the consideration of permissible factors.
McLaughlin Chiropractic Associates, Inc. v. McKesson Corp. involved a statute, the Telephone Consumer Protection Act (TCPA), that this writer has litigated at both the trial and appellate levels, so the Court’s decision lands on fertile ground. This one was a 6–3 decision with a stereotypical division between jurisprudential conservatives and liberals. Writing for the Court over the dissents of Justices Kagan, Sotomayor, and Jackson, Justice Kavanaugh opined that the Hobbs Act (the statute governing appeals of agency action, discussed recently in this blog in another context) does not bind a district court in a civil enforcement proceeding to an agency’s interpretation of a statute. Much as was the case with Loper Bright, which overturned the Chevron doctrine, the Court held that “[d]istrict courts must independently determine the law’s meaning under ordinary principles of statutory interpretation while affording appropriate respect to the agency’s interpretation.”
The TCPA protects against intrusive telemarketing by banning unsolicited advertisements to fax machines without providing an opt-out, allowing recipients to avoid receiving future faxes. The statute provides for private rights of action and statutory damages per violation. The health care company, McKesson, through a subsidiary, sent unsolicited fax advertisements without the required opt-out notices to various medical practices, including the petitioner. The petitioner then sued, seeking certification of a class of fax recipients who received the advertisements in question either on personal fax machines or through online fax services. While the lawsuit was pending, the company petitioned the Federal Communications Commission (FCC) for a declaratory ruling on whether the TCPA applies to faxes received through online fax services.
Months after class certification, the FCC issued an order that interpreted “telephone facsimile machine” in the TCPA to exclude online fax services. The Northern District of California deemed the order binding and granted summary judgment to McKesson on claims involving online fax services, and the Ninth Circuit affirmed. It then decertified the class, leaving the petitioner to contest 12 faxes received through traditional machines. The Supreme Court accepted the case to decide whether the Hobbs Act bound the district court to the agency’s interpretation.
In reaching the conclusion that it did not, Justice Kavanaugh, who appears to have succeeded the retired Justice Breyer as the Court’s most authoritative voice on administrative law matters, opined that pre-enforcement review statutes such as the Hobbs Act that are silent about judicial review in both pre-enforcement and enforcement proceedings, but that don’t prohibit it, are subject to a default rule. Accordingly, the case was remanded for independent consideration by the district court.
The disagreement between the Court’s majority and minority turned on the application of the default rule to enforcement proceedings. That rule mandates that “district courts must independently determine whether an agency’s statutory interpretation is correct, rather than being bound by the agency’s interpretation.” The dissent argues that application of the rule to enforcement proceedings that might occur years after promulgation of the contested action to the benefit of a party that declined to seek judicial review at the outset reads into the Hobbs Act language inconsistent with the statute’s understood meaning that it prevents “later, collateral attack on agency orders that could have been challenged at the time they issued.” Notwithstanding that the majority did not adopt this thinking, an attorney would do well to consider advising early challenges, though pre-enforcement actions come with their own difficulties.
Diamond Alternative Energy, LLC v. Environmental Protection Agencywas yet another Clean Air Act (CAA) case (the Court having decided two others the same week) and another in which the Court considered the issue of standing. Justice Kavanaugh again wrote for the Court, and this time, only Justices Sotomayor and Jackson dissented. Pursuant to the CAA, the Environmental Protection Agency (EPA) approved California regulations requiring automakers to manufacture more electric vehicles and fewer gasoline-powered ones, with the goal of decreasing toxic emissions. Producers of gasoline and other liquid fuels sued, arguing that the EPA’s approval of the California regulations violated the CAA.
The issues before the Court were whether those producers had standing and, if so, whether they could state a claim that was redressable. As Justice Kavanaugh stated, “This case presents the ‘familiar’ circumstance where government regulation of one business ‘may be likely’ to cause injuries to other linked businesses. Alliance for Hippocratic Medicine, 602 U. S., at 384. California’s regulations force automakers to manufacture more electric vehicles and fewer gasoline-powered vehicles, likely causing downstream economic injuries to fuel producers,” in that “fuel producers make money by selling fuel. Therefore, the decrease in purchases of gasoline and other liquid fuels resulting from the California regulations hurts their bottom line. Those monetary costs ‘are of course an injury’ United States v. Texas, 599 U. S. 670, 676 (2023). . . . As for redressability, invalidating the California regulations would likely redress at least some of the fuel producers’ monetary injuries.”
The majority and minority disagreed over whether the case should have been taken in the first place, given the dynamism of the market. As the dissent puts it, “The Court shelves its usual case-selection standards to revive a fuel-industry lawsuit that all agree will soon be moot (and is largely moot already). And it rests its decision on a theory of standing that the Court has refused to apply in cases brought by less powerful plaintiffs. This case gives fodder to the unfortunate perception that moneyed interests enjoy an easier road to relief in this Court than ordinary citizens.” The majority, however, found enough immediacy to compel the current review.
Stanley v. City of Sanford was a case that will particularly interest practitioners of employment law. The case concerned whether a retired employee who neither held nor sought a job was a “qualified individual” under Title I of the Americans with Disabilities Act (ADA). The statute defines such a person who is protected against discrimination on the basis of disability to be “an individual who, with or without reasonable accommodation, can perform the essential functions of the employment position that such individual holds or desires.” 
Karyn Stanley was a firefighter for the city. When she was first hired, the city offered health insurance until age 65 to those who retired with 25 years of service and those who retired earlier because of a disability. The city later changed that policy as to individuals who retired before age 65 because of disability, now limiting them to 24 months of insurance unless the retiree started receiving Medicare benefits sooner. Stanley retired with a disability before she had 25 years of service and before she was 65. Thus, she was subject to the 24-month limitation on insurance.
She brought suit under the ADA, claiming that she was being discriminated against because her employer provided different benefits to those who retire with 25 years of service and those who retire because of disability. However, the district court dismissed her ADA claim, reasoning that the alleged discrimination occurred after she retired, when she was not a “qualified individual” under Title I of the ADA, and no longer held or sought a job with the defendant. The Eleventh Circuit affirmed, and, resolving a split among the circuits, so did the Supreme Court, with enough Justices attaching themselves to various parts of a decision written by Justice Gorsuch to form a majority that affirmed the holding of the Eleventh Circuit. 
Perhaps of special interest to employment law specialists, the majority made the natural comparison between Title I of the ADA and the more widely known Title VII of the Civil Rights Act of 1964. It found that this comparison reinforced its reading of the ADA to the detriment of Stanley’s position. Title VII protects “employee[s] . . . without temporal qualification, sometimes covering former employees.” But where Title VII links “employee” to present-tense verbs referring to current employees, the story is different. Here, “the ADA’s ‘qualified individual’ yoked to present-tense verbs suggests current job holders or seekers. Court precedent supports this interpretation.”
In seeking what some might argue to be judicial legislation, Stanley invoked the ADA’s purpose of eradicating disability-based discrimination and argued that this purpose would be served by a judicial extension of Title I’s coverage to retirees. Several Justices seemed at least sympathetic to this policy argument. But Justice Gorsuch brought this argument up short while nevertheless noting that other laws besides the ADA may protect retirees from discrimination and “[i]f Congress wishes to extend Title I to retirees, it can do so. “
Fuld v. Palestine Liberation Organization dealt with several lawsuits filed under the Antiterrorism Act of 1990 (ATA). The ATA creates a federal civil damages action for U.S. nationals injured or killed “by reason of an act of international terrorism.” The respondents are the Palestine Liberation Organization (PLO) and the Palestinian Authority (PA), organizations responsible for the functions of government for parts of the West Bank and Gaza Strip.
The question presented to the Court was “whether the exercise of personal jurisdiction over respondents under the Promoting Security and Justice for Victims of Terrorism Act (PSJVTA) violates the Due Process Clause of the Fifth Amendment.” All the Justices agreed that the answer to that question is “no.” The Chief Justice wrote for all of the other Justices, save for Justices Thomas and Gorsuch, who concurred with the result.
The PSJVTA cites the PA and PLO specifically and provides that they “shall be deemed to have consented to personal jurisdiction” in ATA cases under two circumstances. The first of these relates to respondents’ paying salaries to terrorists in Israeli prisons and to families of deceased terrorists—conduct Congress has condemned as “an incentive to commit acts of terror.” The second ties jurisdiction to respondents’ activities on U.S. soil. The petitioners alleged that the respondents engaged in conduct triggering both jurisdictional predicates. Reversing the Second Circuit, the Supreme Court held that “[t]he PSJVTA’s personal jurisdiction provision does not violate the Fifth Amendment’s Due Process Clause because the statute reasonably ties the assertion of jurisdiction over the PLO and PA to conduct involving the United States and implicating sensitive foreign policy matters within the prerogative of the political branches.”
The Court’s opinion is lengthy, but its fundamental principle is concise and quite recognizable to any law student learning civil procedure. “The Fourteenth Amendment personal jurisdiction framework derives from International Shoe Co. v. Washington, 326 U. S. 310, and requires that a defendant have sufficient ‘contacts with the forum State so that maintaining suit is ‘reasonable’ and ‘does not offend traditional notions of fair play and substantial justice.’” General jurisdiction lies in the forum of the defendant’s domicile or “home.” That would not apply to the PLO and PA. “Specific jurisdiction is different: It covers non-resident defendants less intimately connected with a State, but only as to a narrower class of claims . . . so long as there exist ‘minimum contacts’ between the defendant and the forum State.” The requisite contacts “for this kind of jurisdiction often go by the name ‘purposeful availment.’” That means taking some act by which a defendant “purposefully avails itself of the privilege of conducting activities within the forum State.” And actionable claims must be connected with those activities.
But while the terms of the due process clauses of the Fifth and Fourteenth Amendments are nearly identical, the Court’s opinion was based on the Fifth Amendment, with the Court declining to import the minimum contacts analysis of the Fourteenth into the Fifth. “Rather, the Due Process Clause of the Fifth Amendment necessarily permits a more flexible jurisdictional inquiry commensurate with the Federal Government’s broader sovereign authority.” Much of the Court’s discussion of the relationship between the two amendments would seem academic. Indeed, the demands of the Fifth Amendment could end up being on the same constitutional footing as the more expansive Fourteenth. But even if they do,
the PSVJTA easily comports with the factors we have previously applied to determine “the reasonableness of the exercise of jurisdiction” even under the Fourteenth Amendment. . . . Reasonableness, . . . will depend in each case “on an evaluation of several factors,” including “the burden on the defendant, the interests of the forum State, and the plaintiff ’s interest in obtaining relief.” . . . The PSJVTA ticks all three boxes.
The Court continued. “For largely the same reasons that we conclude there is a close connection between the PSJVTA’s predicate conduct and the United States, it follows that the forum sovereign has a substantial interest in adjudicating the dispute.” The United States has “an exceedingly compelling interest” in thwarting international terrorism and holding terrorists accountable for their actions against Americans. The defendants also have a history of being able to litigate ATA suits and do not claim that compelling them to do so in the United States “would force them to bear an unfair or unmanageable burden.” And “the PSJVTA reasonably ties the assertion of federal jurisdiction over the PLO and PA to conduct that involves the United States and implicates sensitive foreign policy matters within the prerogative of the political branches.” Accordingly, the Supreme Court held that the personal jurisdiction provision of the statute comports with the Due Process Clause of the Fifth Amendment. This decision disposes of the instant case and two others of a similar nature.
This week could be as busy as what we’ve just seen. Be ready for it.

GAME CHANGER: After McLaughlin, Can Businesses Continue to Rely on the Rule that they have Express Consent Anytime a Consumer Provides a Phone Number for a Purpose “Closely Related” to the Purpose of a Call?

Lets talk about something important.
If you haven’t read the U.S. Supreme Court’s recent opinion in McLaughlin Chriopractric v. McKesson, you may want to do so now. It’s a very very important ruling that will have a HUGE impact on TCPAWorld.
Why?
Because McLaughlin reshapes how courts are to treat agency interpretations of the TCPA, especially around consent for informational calls. And if your business has been relying on FCC guidance for your TCPA compliance, it’s time to stop and reconsider.
As a refresh, in McLaughlin, the Supreme Court held that The Hobbs Act does not bind district courts in civil enforcement proceedings to an agency’s interpretation of a statute. This means that district courts must independently determine the law’s meaning under ordinary principles of statutory interpretation while affording appropriate respect to the agency’s interpretation. While courts may still consider agency interpretations, they are no longer required to follow them.
To fully grasp the ruling’s impact on consent for informational calls, lets begin with the basics.
Under the TCPA, it is a violation to make any call (other than a call made for emergency purposes or made with the prior express consent of the called party) using any automatic telephone dialing system or an artificial or prerecorded voice. Therefore, prior express consent is a critical defense in TCPA cases for a defendant.
Does this defense apply to all types of calls?
Well, the TCPA imposes different consent requirements depending on the nature of the call.
If you are making a call for a marketing purpose (a telemarketing call), you must have the consumer’s prior express written consent.
If you are making a call for an informational purpose, on the other hand, you must have the consumer’s prior express consent.
What is the key difference here?
For informational messages, you are only required to obtain a consumer’s express consent, which does not require the full written consent but does need to clearly have the consumer express an intention to receive calls.
This is where things get complicated.
For many years, an FCC ruling from 2009 implied express consent to use such technology any time a consumer provided their number to a caller for a purpose “closely related” to the purpose of the call. For instance, giving a number to a bank and receiving a fraud alert—it was presumed that valid express consent existed. This interpretation gave businesses some comfort, particularly in contexts like healthcare, financial services, and debt collection, where informational communications are essential. Even in the retail space, if a consumer provided a phone number while creating an account or during checkout, businesses presumed they had valid express consent to send informational messages to that consumer.
As far back as 1992, the FCC stated that “[p]ersons who knowingly release their phone numbers have in effect given their invitation or permission to be called at the number which they have given, absent instructions to the contrary. Hence, telemarketers will not violate [TCPA rules] by calling a number which was provided as one to which the called party wishes to be reached.” In re Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, Report and Order, 7 FCC Rcd 8752, 8769 ¶ 31 (Oct. 16, 1992) (the “FCC Order”).
Subsequently in 2008, in the context of debt collection calls, the FCC concluded that “the provision of a cell phone number to a creditor, e.g., as part of a credit application, reasonably evidences prior express consent by the cell phone subscriber to be contacted at that number regarding the debt.” In re Rules & Reg’s Implementing the Tel. Consumer Prot. Act of 1991, 23 F.C.C.R. 559, 564 (Jan. 4, 2008).
This all made good sense. In relationships between consumers and businesses, providing one’s phone number has generally been deemed to constitute implied consent to communications that are “closely related” to the purpose for which the number was provided. That’s been the prevailing understanding in countless business-consumer relationships.
But here’s the problem: all of that rested on a foundation of Chevron and Hobbs Act deference. And with the Supreme Court’s recent turn away from Chevron and its clear rebuke of The Hobbs Act mandatory deference in McLaughlin, that foundation is now gone. This informational consent that businesses have enjoyed—presuming express consent exists to contact a consumer when a consumer provides a number for a related purpose—is no longer guaranteed.
Courts are now free to read the TCPA themselves. And given that the statute does not define what constitutes “prior express consent,” the path forward is anything but clear.
This is a game changer, particularly for enterprises and debt collectors. If district courts begin requiring more specific, affirmative consumer consent, especially for the use of ATDS or prerecorded messages for informational calls, we could see a significant increase in litigation exposure. No longer can businesses rely on the idea that obtaining a consumer’s phone number inherently permits automated follow-up communications about account servicing or billing reminders. Even where the call’s purpose is non-marketing in nature, the courts may now require evidence that the consumer consented to the method of communication, not just the message.
And what’s worse?
Because the FCC’s guidance no longer binds, we may begin to see differing standards across jurisdictions. One district court may find that providing a number to a creditor suffices for informational consent under the TCPA. Another may require that the consumer clearly agreed to receive ATDS or prerecorded messages.
So what’s the key takeaway here in this post-McLaughlin world? Businesses should take a closer look at how they’re obtaining consent. You can no longer lean on the FCC’s “closely related purpose” rationale as a fallback.
TCPAWorld has entered a new era, one where consent may not be presumed, and FCC interpretations don’t control.
You may be asking if this has any impact on the new revocation rules that are currently stayed.
As a reminder, in April 2025, the FCC issued a ruling staying the most problematic parts of the TCPA revocation rule for one year. Specifically, the scope of revocation ruling that would have required a caller to stop calling across all channels and for all purposes in response to a single “stop” request from a consumer.
It doesn’t appear that this would impact the revocation piece of the rule, but it would certainly impact how businesses try to re-capture consent from the consumer.

Nebraska Attorney General Files Lawsuit Against Temu Alleging Consumer Protection Violations

On June 12, 2025, Nebraska Attorney General Michael T. Hilgers filed a lawsuit against Chinese e-commerce company Temu and its affiliates (PDD Holdings Inc. (formerly Pinduoduo Inc.) and Whaleco Inc.), alleging consumer protection violations ranging from malware concerns to deceptive trade practices.
In a press release, the Attorney General’s office states, “Temu unlawfully harvests data, including from kids, utilizes multiple deceptive practices to encourage purchases, allows infringement and counterfeits to thrive, and engages in deceptive marketing to greenwash its image.” The press release continues: “Once Nebraskans download the Temu app, they lose all control over their personal data, which may ultimately end up in the hands of a hostile foreign power.”
“Temu is putting Nebraskans’ privacy at risk and running a platform rife with deceptive listings, unlawful promotional practices, and products that rip off Nebraska brands and creations,” Hilgers said. “Our office will hold Temu accountable for its exploitation of Nebraska consumers, brands, and creators and fight hard for honesty and safety in the online marketplace.”
Nebraska’s Allegations

1.
Malware & Spyware Installation: The lawsuit alleges that Temu’s app automatically installs software to a user’s phone without consent and, in essence, functions as malware intended to exfiltrate sensitive user information without consent and to spy on user behavior. The lawsuit cites to interventions by the dominant app marketplaces as proof that Temu’s code is intentionally created to prevent third parties from uncovering their bad acts, with code designed to detect and evade forensic tools. 

2.
Privacy Violations: The lawsuit alleges that Temu’s app purports to be an e-commerce app but is instead designed to collect users’ personally identifiable information (PII) by misrepresenting, omitting, and deliberately concealing the app’s behavior. The lawsuit alleges that Temu does this to “prevent the user from knowing that said PII is subject to unfettered use by other individuals and an adversarial government,” (i.e., China). That the alleged privacy violations are executed through code, making it difficult or impossible for a layperson to discover, makes it that much more egregious and harmful to Nebraskans. 

3.
Intellectual Property Infringement: Temu is accused of hosting numerous products that infringe on copyrights and other intellectual property rights, potentially harming legitimate businesses and creators. According to the lawsuit, Temu frequently sells counterfeit, knock-off products in violation of the law. For example, the lawsuit alleges that Temu was reported for selling knockoffs and continued to do so even after the issue came to light. 

4.
Forced Labor: One of the lawsuit’s more serious accusations is that Temu uses forced labor in the production of its goods, which, if true, would be a human rights violation. The lawsuit cites a 2023 Los Angeles Times exposé of Temu, as well as U.S. congressional reports finding that Temu’s products are manufactured in China’s western province of Xinjiang, which is a region with known links to forced labor and detention camps. 

5.
Fake Reviews: The lawsuit alleges that Temu compensates users to write reviews, which are then skewed positive. It also alleges that Temu mischaracterizes reviews as “five star” when the language of the review is clearly negative. 

6.
Deceptive Representations as to Product Quality: The lawsuit asserts that, according to the Better Business Bureau, hundreds of consumers have complained in the past year alone, earning Temu a 2.1 out of 5 rating. The lawsuit references consumer complaints of Temu’s poor-quality goods and deceptive marketing practices, including the fact that the goods received often do not resemble the photos advertised, where such advertisements appear to be copied directly from other sellers on other consumer retail sites. Attorney General Hilgers also highlights the allegedly deceptive nature of Temu’s product listings, saying, “Product descriptions and pictures are often blatantly wrong. This is exacerbated by artificially skewed positive reviews paid for by Temu and Temu’s made-up ‘market price’ that makes the real price look great by fake comparison.” 

7.
False Reference Pricing: The lawsuit alleges that Temu engages in false reference pricing, inflating the full price of a product in order to trick consumers into thinking they are receiving a discount which never actually existed (also known as dark pattern advertising). 

8.
Unauthorized Charges: The lawsuit alleges that consumers have complained about receiving and being charged for goods they did not order, with Temu reusing consumer information provided at checkout for legitimate purchases.

Foreign Government Data Misappropriation
The lawsuit asserts that Temu’s data collection practices are subject to Chinese law, requiring that Chinese companies provide user data to the government upon request. These laws include, but are not limited to, the National Security Law, Cybersecurity Law, and National Intelligence Law, which are all part of “an interrelated package of national security, cyberspace, and law enforcement legislation” that “are aimed at strengthening the legal basis for China’s security activities and requiring Chinese and foreign citizens, enterprises, and organizations to cooperate with them.”
The lawsuit further explains that under China’s Data Security law, even “a company holding data belonging to a US citizen stored on a Chinese server may not be able to legally hand over that data to the US government without proper approval.” More specifically, companies “are prohibited from providing any data stored in China, regardless of the data’s sensitivity level and whether or not the data was initially collected in China, to any foreign judicial or law enforcement agency without the prior approval of the relevant [Chinese Government] authorities.”
Finally, the lawsuit alleges that Chinese law enforcement and intelligence services interpret Chinese law as applying to any data, wherever it is stored, if China has a national security interest in that data. Chinese authorities have forced even refugees from China to hand over data stored outside of China to Chinese authorities under such circumstances, citing Chinese law.
Legal Actions and Remedies
The Attorney General is seeking to protect Nebraska consumers and hold Temu accountable for its alleged unlawful practices. The lawsuit requests civil penalties, restitution for affected consumers, and injunctions to prevent further deceptive practices.
Takeaways
This lawsuit underscores the importance of consumer protection and the need for transparency in business practices. As the case unfolds, it will be crucial to monitor its impact on both Temu and the broader e-commerce landscape.

NEW ATDS BATTLEGROUND: Texas Passes HUGE NEW AMENDMENT to Its State Telemarketing Law Reviving The Risk of Autodialer Cases

Friday was an absolutely world-changer in TCPAWorld.
Yes, we had the McKesson Supreme Court ruling that will literally cast everything we know about the federal TCPA into doubt—but there was a critical development at the state level that NO ONE is talking about. But your state law compliance Queen is.
And its all about Texas and autodialers.
Brace yourselves.
First, it has been a nice couple of years since Facebook was decided.
After an initial brush with uncertainty the majority rule for interpreting the TCPA’s ATDS definition has settled around the requirement that a system randomly produce phone numbers to be dialed. While this interpretation is somewhat at odds with the express language of the statute—and the Supreme Court’s ruling in Facebook –that seems to allow claims where a system merely uses an ROSNG to store numbers, the clear majority of courts will not read the TCPA so expansively.
This is great news, of course, for TCPA defendants and callers nationwide as the volume of TCPA ATDS cases has shrunk to nothingness even as the overall volume of TCPA class litigation spikes.
But in Texas a massive change just took place. The Texas state legislature has modified the state’s marketing law to massively expand the private right of action available to individuals who received unconsented calls.
Specifically, the state will now allow direct private litigation for calls made using an autodialer. And the definition adopted in Texas varies from the federal definition in a critical respect.
The TCPA defines ATDS as:
The term “automatic telephone dialing system” means equipment which has the capacity—

to store or produce telephone numbers to be called, using a random or sequential number generator; and
to dial such numbers.

The Texas law defines an ADAD as:
Equipment used for telephone solicitation or collection that can:(A) store telephone numbers to be called or produce numbers to be called through use of a random or sequential number generator; and(B) convey, alone or in conjunction with other equipment, a prerecorded or synthesized voice message to the number called without the use of a live operator.
Notice the difference in the phrasing in sub (A) for each statute. With the TCPA’s definition there is a comma that follows the phrase “store or produce telephone numbers to be called.” This critical comma was the lynchpin for the Supreme Court’s textualist approach to interpreting the statute in Facebook. The comma demonstrated the phrase “using a random or sequential number generator” modified both store and produce—meaning the Ninth Circuit had wrongly interpreted the statute in holding any system that stores numbers and can dial them automatically qualified as an ATDS. (See Marks v. Crunch.)
But look at the Texas statute!
There is no comma! Plus, the phrase is different. The fragment “Store telephone numbers to be called” is a complete phrase, unlike in the TCPA where only the word “store” appears prior to the phrase “produce telephone numbers.” The TCPA’s structure strongly implies the following restriction—use of ROSNG—modifies both verbs prior to the comma. But the Texas statute lacks that structure. Instead, the provision merely continues to reference the seemingly alternative act of “produc[ing] numbers to be called through use of a random or sequential number generator.”
Yikes.
To be clear the statute can be read either way. I can certainly imagine a court concluding the phrase ROSNG does modify both “store” and “produce” just as it does with the TCPA. But there is simply no denying the structure of the two phrases is different.
Adding to the mix, section B of the Texas statute does not reference dialing but rather the ability to use either a prerecorded or synthesized voice message to the number without the use of a live operator. The tight restriction in section B implies that mere number storage may be the predicate trigger for the application of Section A.
On the other hand, if mere storage is the predicate for section A, doesn’t that render the ROSNG provision redundant and unnecessary? Seems like that will be a defendant’s best argument moving forward.
Regardless, this change is simply massive and really increases the pressure on all marketers or collectors in Texas to make sure they are collecting consent for all outbound calls.

WAVE OF LITIGATION ENDED?: Are the TCPA’s Quiet Hour Rules Dead After Friday’s Supreme Court Ruling?

As TCPAWorld.com readers know, 2025 has seen a massive rush of TCPA class litigation. Indeed such filings are up over 100 percent from last year– which was already the highest volume year in history.
The biggest volume of TCPA class actions was the so-called quiet hours litigation. This was a massive body of cases brought, in particular, by one firm– Jibreal Hindi’s shop in South Florida.
The theory was simple enough– the TCPA’s CFR provisions mandate “telephone solicitations” cannot be sent before 8 am or after 9 pm. So just find a bunch of people who received texts or calls at 7:58 am of 9:01 pm wherever they happened to be that day and file lawsuits.
This is very easy to accomplish. Folks travel and have cell phone numbers with different area codes. Any vacation traveler can easily demonstrate calls or texts sent too early or too late.
These cases are mostly meritless on their face. Obviously trapping callers based on a called party’s unknown travel plans is not what the FCC had in mind when it promulgated the regs. And regardless “telephone solicitations” is defined to exclude calls made with consent– so the vast majority of “text club” submissions that result in this litigation are outside the scope of the statute anyway.
But this huge volume of cases wasn’t filed with the plan to go all the way. Exactly the opposite. These cases were filed with the plan to settle and settle quickly. And the vast majority of them have.
So this entire body of litigation was essentially nothing more than a shake down effort– and hundreds of businesses were caught in its wake.
As I wrote on Friday, the Supreme Court’s ruling in McKesson changes just about everything under the TCPA, and given the massive wave of quiet hours litigation impact businesses small and large alike, I figured I would start with the ruling’s impact on quiet hours regulations.
Let me start with this– if you have been sued with a quiet hours suit from Hindi DO NOT SETTLE IT. A complete defense is now available. (Not legal advice, just friendly advice.)
As a reminder, McKesson ended district court deference to FCC agency action under the Hobbs Act. While there is some open questions as to whether or not the ruling applies to both declaratory rulings and CFR provisions– McKesson looked a declaratory ruling but the language and analysis used was broad enough to cover both– district courts plainly have much more power to set aside or refuse to apply FCC rules than ever before.
Under the APA courts are now empowered to challenge and invalidate CFR provisions– freed up by both the Hobbs Act’s destruction in McKesson and Chevron’s destruction in Loper Bright. 
While this power is likely not complete– where Congress specifically designated authority to an agency to expressly promulgate rules the appropriate scope of review will be limited to whether or not the agency exceeded the scope of that delegation (to be determined). But where an agency acted on its own implied authority in fashioning a CFR provision it seems clear the district courts can now set it aside.
So let’s look at the quiet hours provisions.
The quiet hours provisions of the TCPA are not actually found in the TCPA– they are found exclusively in the CFR, and that’s the point.
The rule reads:
No person or entity shall initiate any telephone solicitation to:

(1) Any residential telephone subscriber before the hour of 8 a.m. or after 9 p.m. (local time at the called party’s location)
The language used here causes a host of problems. But that is not the point for now. The point is must a court apply this FCC-generated rule to begin with?
The answer, following McKesson, may very well be no.
This reg was promulgated by the FCC delegated to it by Congress pursuant to 47 USC 227(c). That provisions provides a lengthy list of considerations and requirements the Commission must consider in implementing and developing what would become the National Do Not call list and related rules.
What the TCPA does not provide authority to the FCC to do– establish quiet hours for marketing calls.
Indeed, the TCPA is entirely silent on rules for marketing other than marketing efforts made to numbers on the DNC list and marketing calls made using regulated technology.
So this ruling was promulgated through the FCC’s implied authority to fashion rules to implement the TCPA. In other words, Congress did not tell it to create these rules– it created them for itself.
This is precisely the sort of action the Supreme Court has just held is subject to review by district courts. And since the FCC just made these rules up with no input from Congress you can expect many courts to be willing to strike the quiet hours rule down.