May 31, 2019

New(ish) Technology and the CFPB's Proposed Debt Collection Rule

Anastasia Caton and Nora Udell

This article is part of a series of articles and webinars Hudson Cook will present over the coming months addressing the CFPB's Notice of Proposed Rulemaking on Debt Collection.

On May 7, 2019, the Consumer Financial Protection Bureau ("CFPB" or the Bureau") released its Fair Debt Collection Practices Act ("FDCPA") Notice of Proposed Rulemaking ("Proposals") and Request for Public Comment. The Bureau will accept comments on the Proposals until August 19, 2019.

While the Proposals will apply only to "debt collectors" as defined in the FDCPA (persons collecting debt owed or due another, or persons engaged in a business, the principal purpose of which is the collection of debt), the CFPB has taken a consistent position since its inception that it will enforce many provisions of the FDCPA against creditors collecting their own debts under its authority to prohibit unfair, deceptive, or abusive acts or practices ("UDAAPs"). For that reason, creditors ought to review the Proposals with a careful eye toward which provisions might fairly fall under the "UDAAP" prohibition, and which provisions may be too technical or impractical for the CFPB to expect creditors to comply with.

At the recent Town Hall introducing the Proposals, Director Kathleen Kraninger reminded us that in 1977 when the FDCPA was enacted, the first Star Wars movie was released and Jimmy Carter became president. Since then, conflicting caselaw and considerable uncertainty have emerged about how the FDCPA applies to newer communication technologies.[1] In light of the fact that the FDCPA does not contemplate technology more advanced than fax machines, younger consumers' desire to be contacted by some method other than phone calls and snail mail, and industry's request for certainty around the use of technology; the Bureau proposes to authorize the use by debt collectors of newer communication media, such as email, text message, and social media. But, the CFPB's authority is not without limits.[2] Specifically:

  • Time and Place Restrictions. The Proposals clarify the times and places at which a debt collector may communicate. Special rules would apply to using social media and work email addresses to contact consumers.
  • Opt Out and Notice of Opt Out. The Proposals would require that a debt collector's emails and text messages include instructions for a consumer to opt out of receiving further emails or text messages. The Proposals also clarify that a consumer may restrict the media through which a debt collector communicates by designating a particular medium, such as email, as one that cannot be used for debt collection communications. This means that a consumer may opt out of contact at a specific phone number or email address and she may opt out of a medium of communication entirely (e.g., no contact by text message).
  • Safe Harbor. The Proposals include procedures that, when followed, would protect a debt collector from liability for unintentional violations of the prohibition against third-party communications when using email and text.

We discuss each provision of the Proposals below.

Time and Place Restrictions.

Under the Proposals, a debt collector must not contact a consumer at any unusual time or place, or at a time or place that the debt collector knows or should know is inconvenient to the consumer.[3] The proposed Commentary explains that the time of an electronic communication, such as an email or text, occurs when the electronic communication is sent by the debt collector, not when the consumer receives or views it.[4]

Interpreting the FDCPA's limits on communicating with a consumer at her place of employment, the Proposals clarify that a debt collector must not communicate with a consumer using an email address that the debt collector knows or should know is provided to the consumer by the consumer's employer, unless the debt collector has received directly from the consumer either prior consent to use that email address or an email from that email address.[5] The proposed Commentary describes the situations where a debt collector is presumed to know that an email address is provided by an employer.

The Proposals would also restrict contacting consumers using social media. Specifically, a debt collector must not communicate with a consumer by a social media platform that is viewable by a person other than the consumer, the consumer's attorney, a consumer reporting agency, the creditor, the creditor's attorney or the debt collector's attorney.[6] This provision of the Proposals prohibits a debt collector from posting any message for a consumer on a social media webpage if that webpage is viewable by the general public or the consumer's social media contacts.

However, the Proposals would not prohibit a debt collector from sending a private message to the consumer that is not viewable by a person other than the consumer, the consumer's attorney, a consumer reporting agency, the creditor, the creditor's attorney or the debt collector's attorney, as long as the message does not violate any other provisions of the FDCPA or the Proposals (e.g., the limits on contacting debtors at inconvenient times or places, the requirement in the Proposals to honor a consumer's request not to be contacted by a certain medium, and the restrictions on contacting consumers who are represented by attorneys).[7]

Opt Out and Notice of Opt Out.

Unlike in the CFPB's 2016 outline of proposals for its debt collection rulemaking, under the rules as proposed, text messages and emails media will not count toward the new bright-line rule for telephone contact frequency.[8] However, the Proposals would clarify that the consumer has the right to opt out of a communication channel, such as email or text, entirely.

A debt collector who communicates with a consumer electronically in connection with the collection of a debt using a specific email address, telephone number for text messages, or other electronic-medium address must include in the communication a clear and conspicuous statement describing how the consumer can opt out of further communications to that address or phone number.[9] The debt collector may not require, directly or indirectly, that the consumer, to opt out, pay any fee to the debt collector or provide any information other than the email address, phone number, or other electronic-medium address subject to the opt out.[10]

The Proposals would also prohibit a debt collector from communicating with a consumer through a medium (e.g., email, text message, social media, telephone call) if the consumer has requested that the debt collector not use that medium to communicate with her.[11] Within a medium of communication, a consumer may request that a debt collector not use a specific address or phone number. In other words, if a debt collector has two phone numbers for a consumer, the consumer may request that the debt collector not use either or both phone numbers.[12]

Safe Harbor.

To avoid the risk of a prohibited third-party communication when sending a text message or email, the Proposals provide reasonable procedures for debt collectors to use when emailing or texting consumers.[13] The use of the reasonable procedures is a safe harbor against liability for violating the prohibition against communicating with a third party about a consumer's debt.[14] However, as the Bureau explains in the Supplementary Information, the safe harbor applies only to claims that the debt collector improperly revealed information about the debt to a third party. It is not a safe harbor as to claims that the debt collector's email or text message violated the FDCPA or proposed Regulation F in other ways.[15]

Under the proposed safe harbor, the debt collector must maintain procedures that include steps to reasonably confirm and document that the debt collector communicated with the consumer using: [16]

  • An email address or phone number that the consumer recently used to contact the debt collector for purposes other than opting out of electronic communications;
  • A non-work email address or non-work phone number that the creditor or a prior debt collector obtained from the consumer to communicate about the debt and that was "recently" used to communicate with the consumer about the debt (the Proposals, proposed Commentary, and supplementary information do not clarify the meaning of "recently"), as long as the consumer has not asked the creditor or prior debt collector not to use that email or phone number to contact her; or
  • A non-work email address or non-work phone number, if the creditor or collector notified the consumer clearly and conspicuously other than through that address or phone number, that the debt collector might use that address or phone number for communications by email or text, where the creditor or debt collector provided that notification no more than 30 days before the debt collector's first such communication, and the notification:
    • identified the legal name of the debt collector and the non-work email address or non-work phone number the debt collector proposed to use,
    • described one or more ways the consumer could opt out of such communications, and
    • provided the consumer with a specific reasonable period in which to opt out before beginning such communications (i.e., the "opt-out period");

and the opt-out period expired without the consumer opting out of receiving communications at the non-work email address or phone number. However, note that if the consumer opts out of being contacted after the opt out period expires, as to that specific email address or phone number, or as to that channel of communication entirely, the request must be honored, even though it is outside the opt out period pursuant to the requirement in the Proposals to honor a consumer's request not to be contacted at a certain medium.[17] Note also that the Proposals do not specify how the CFPB would determine that an opt-out period is "reasonable," but requests comment on the issue.

In addition, to take advantage of the proposed safe harbor, the debt collector must have taken additional steps to prevent communications using an email address or telephone number that the debt collector knows has led to a prohibited third-party disclosure.[18] The Proposals, the proposed Commentary, and the Supplemental Information do not indicate what the additional steps must be.


The good news is that, should the Proposals become final as drafted, debt collectors will have clear authority and a framework (including a safe harbor) for communicating with debtors via email and text messages. Debtors increasingly prefer these modes of communication over traditional telephone and written communications, and may be more receptive to communications via these media.

While the CFPB worked within the framework of the FDCPA to develop the Proposals, the substance of the provisions regulating technology is largely new. Some of these provisions offer obvious interpretations of the FDCPA's provisions, for example, the prohibition on communicating with a debtor via a medium at which she requests not to be contacted is a clear offshoot of the prohibition on communicating with consumers at inconvenient times and places. These provisions of the Proposals are ones that creditors ought to review closely, because it is reasonable to expect the CFPB to interpret its UDAAP authority to allow it to impose these requirements on creditors collecting their own debts.

But, many provisions of the Proposals (including the notice and opt-out requirements and third-party disclosure safe harbor) are highly technical, and only vaguely traceable to traditional notions of the FDCPA's general prohibitions on unfairness, deception, and abuse. These are the provisions we expect debt collectors to struggle with, at least at first. These are also provisions that we would not expect the CFPB to use its UDAAP authority to impose on creditors collecting their own debts.

This is merely a summary of how the Proposals expressly authorize and restrict debt collectors' use of newer technology to communicate with consumers. The Proposals include additional provisions that will impact how debt collectors may use email, text, and social media (e.g., the Proposals concerning "limited content messages" and hyperlinked disclosures). For more information, keep up with Hudson Cook's series of articles and webinars over the coming months addressing the CFPB's Proposals.


[1] Supplementary Information, Fed. Reg. Vol. 84, No. 98, pp. 23278, 23290 (May 21, 2019).
[2] See Supplementary Information, Fed. Reg. Vol. 84, No. 98, p. 23275.
[3] Section 1006.6(b)(1).
[4] Comment 6(b)(1)(i)-1; Supplementary Information, Fed. Reg. Vol. 84, No. 98, p.23296.
[5] Section 1006.22(f)(3).
[6] Section 1006.22(f)(4), 1006.6(d)(1)(i-vi).
[7] Comment 22(f)(4).
[8] Section 1006.14(b)(2).
[9] Section 1006.6(e).
[10] Section 1006.6(e).
[11] Section 1006.14(h)(1).
[12] Comment 14(h)(1)-2.
[13] Section 1006.6(d)(3).
[14] Section 1006.6(d)(3); Supplementary Information, Fed. Reg. Vol. 84, No. 98, p. 23299.
[15] Supplementary Information, Fed. Reg. Vol. 84, No. 98,p. 23327.
[16] Section 1006.6(d)(3)(i).
[17] Comment 6(d)(3)(i)(B)(2)-1.
[18] Section 1006.6(d)(3)(ii).

Hudson Cook, LLP, provides articles, webinars and other content on its website from time to time provided both by attorneys with Hudson Cook, LLP, and by other outside authors, for information purposes only. Hudson Cook, LLP, does not warrant the accuracy or completeness of the content, and has no duty to correct or update information contained on its website. The views and opinions contained in the content provided on the Hudson Cook, LLP, website do not constitute the views and opinion of the firm. Such content does not constitute legal advice from such authors or from Hudson Cook, LLP. For legal advice on a matter, one should seek the advice of counsel.