Artificial Intelligence (AI) is in the spotlight, and there are many eager to adopt such technology. For businesses that have incorporated or are seeking to incorporate AI into their processes, applicable legal restrictions and regulations are a consideration. Definitive AI-targeted laws are still developing, with government working groups evaluating how best to regulate such technology. In the meantime, the answer lies within existing statutory and regulatory frameworks.
When it comes to the use of AI in outbound calling, the Telephone Consumer Protection Act (TCPA) and its implementing regulations provide one such framework. The following are a few ways the TCPA may apply to the use of AI:
- Artificial or prerecorded voice calls: Outbound calls involving AI are likely to be considered “an artificial or prerecorded voice” under the TCPA because AI calls involve prerecorded and/or artificial voice elements. The playing of a prerecorded or artificial voice message at any point during an outbound call can trigger the TCPA’s prerecorded call provisions.
- We have already seen such treatment arise with the use of soundboard and avatar technology. Soundboard technology uses recorded audio clips specifically selected and presented by a human operator in real time. Such technology is a prerecorded voice for purposes of the TCPA. See In the Matter of Rules & Reguls. Implementing the Tel. Consumer Prot. Act of 1991 Northstar Alarm Servs. LLC’s Petition for Expedited Declaratory Yodel Techs. LLC’s Petition for Expedited Ruling or in the Alternative Retroactive Waiver, 35 F.C.C. Rcd. 14640, at 14640-41 (2020) (“[T]he TCPA applies to any telephone call to a residential telephone line initiated using an artificial or prerecorded voice message. If such a call is initiated using an artificial or prerecorded voice message—whether made using soundboard technology or otherwise—the caller must obtain the called party’s prior express consent for such a call unless an exemption applies. This is true even if a live agent controls the initial artificial or prerecorded voice message using soundboard technology.”). Similarly, courts have found the use of avatars sufficient to constitute use of an artificial and/or prerecorded voice under the TCPA. See, e.g., Perrong v. Quoteqizard.com, LLC, No. 20-CV-2506, 2020 WL 5039445, at *1 (E.D. Pa. Aug. 26, 2020) (finding complaint alleging use of an avatar named Danny to make telephone solicitation calls sufficed to state a claim under the automated calling provision of the TCPA based on the use of a prerecorded voice).
- Under the TCPA, calls initiated with “an artificial or prerecorded voice” may require consent. Specifically, an “artificial voice or prerecorded voice” message call to a mobile phone number will require “prior express consent” from the person called if the call is transactional or informational in nature and “prior express written consent” if the call is considered telemarketing or an advertisement. See 47 U.S.C. 227(b)(1)(B); 47 C.F.R. §§ 64.1200(a)(1)(iii), (a)(2). An “artificial voice or prerecorded voice” message call to a residential landline is generally exempt from the TCPA’s consent requirements, unless it is an advertisement or constitutes telemarketing (in which case, “prior express written consent” is required). See 47 U.S.C. § 227(b)(1)(B); 47 C.F.R. § 64.1200(a)(3). However, the recent TRACED Act amendments impose call count and frequency limitations, as well as opt-out requirements, even for exempt calls if there is no prior express consent. Additionally, artificial or prerecorded messages must clearly identify the individual or entity initiating the call at the beginning of the message and the phone number of such business, entity or individual. 47 C.F.R. §§ 64.1200(b)(1)-(2). For telemarketing calls, additional disclosure and opt-out requirements also apply. See 47 C.F.R. §§ 64.1200(b)(3), (d)(4).
- Automatic telephone dialing system (ATDS) calls: Use of AI in storing or producing phone numbers or records to be called might also trigger the TCPA’s automated calling provisions by rendering the system a potential ATDS. While a “random or sequential number generator” is generally required post-Facebook, not all courts are in agreement that such capability be used in relation to the generation of telephone numbers to be dialed. Numerous courts have allowed cases through to the merits on the question of whether the system might store or produce phone numbers using such capabilities (i.e., the footnote 7 argument), while still others have reinvigorated the “capacity” question. The introduction of AI adds another component to the system to be assessed, and the capability of AI to operate in a manner that might result in an ATDS finding presents an open question that must be addressed.
- Under the TCPA, any calls to a mobile phone made using an ATDS require, at minimum, prior express consent and, if telemarketing, prior express written consent. 47 U.S.C. § 227(b)(1). Automated calling consent requirements also vary across states, so businesses must ensure they satisfy all such potentially applicable requirements wherever they are making calls. The Federal Communications Commission (FCC) continues to issue new TCPA regulations and recently organized a workshop called “Opportunities and Challenges of Artificial Intelligence for Communications Networks and Consumers.” As these requirements continue to evolve, companies should work with counsel to evaluate their TCPA and state calling regulation obligations in regard to the use of AI.
- Other considerations:
- Courts have noted other issues AI use may present in TCPA cases. For example, in Hatteberg v. Cap. One Bank (USA), N.A., No. SA CV 19-1425-DOC-ES, 2019 WL 8888087, at *4 (C.D. Cal. Nov. 20, 2019), the court acknowledged that advances in AI could allow bad actors to make it difficult to prove the technology used is indeed artificial, such as “deepfake” audio, and this in turn may impact TCPA plaintiffs’ ability to successfully plead a case by eliminating the earmarks that plaintiffs typically rely on to recognize use of an artificial or prerecorded voice in the first instance, such as pauses at the beginning of calls, identical messages and robotic voices. It is unclear what impact AI might have on pleading standards or a plaintiff’s ability to plead a TCPA claim, but the Hatteberg court suggests this possibility counsels against requiring a TCPA plaintiff to allege anything more than conclusory factual allegations that meet the elements for such a claim. See id. at *4.
- AI-driven activities, such as deepfake recordings, may also constitute abusive telemarketing acts or practices under the Telemarketing Sales Rule, 16 C.F.R. §§ 310 et seq. As the regulatory and telecommunications landscape continues to evolve, we are likely to see the FCC and the Federal Trade Commission (FTC), along with state attorneys general, use their authority to stop abusive practices resulting from the use of AI.
- Businesses looking to create or otherwise develop artificial prerecorded voices, including for use in AI-based calling, should also consider whether consent is needed to generate these recordings in the first instance. U.S. state privacy laws currently in effect require businesses to obtain consent or allow users to opt out of certain types of automated processing and to disclose whether businesses are sharing personal information with third-party AI platforms. Failure to obtain consent for the inputs used to create artificially generated voices may likewise result in potential exposure under biometric information laws, including the Illinois Biometric Information Privacy Act (BIPA). See Carpenter v. McDonald’s Corp., 580 F. Supp. 3d 512, 514, at *519 (N.D. Ill. 2022) (finding complaint alleging that Defendant collected voiceprint information using AI voice assistant sufficed to state a claim based on the facts pleaded and referenced patent).
- If AI tools are used in conjunction with call and/or video recordings, such use may implicate call recording and/or wiretapping regulations and accompanying notice requirements. These considerations may exist even where a recording is merely being used as input for a subsequent AI function or service. We have also seen a proliferation of lawsuits under such statutes, based upon novel technologies, including under the California Invasion of Privacy Act (CIPA). Such claims could be adapted to address AI usage, particularly where third-party tools are relied upon.
Why it matters
The foregoing is merely a nonexclusive list of the myriad ways AI could trigger additional compliance considerations and exposure in the context of telephone calls. Businesses seeking to adopt AI should consider the ways in which its use may trigger additional consumer protection obligations, impact the business’s existing compliance program and create additional exposure.