TCPA Autodialer Standards After Facebook v. Duguid

The Supreme Court’s decision in Facebook, Inc. v. Duguid fundamentally altered the landscape of the Telephone Consumer Protection Act (TCPA) by redefining what constitutes an Automatic Telephone Dialing System (ATDS). For nearly three decades, businesses operated under a broad interpretation where almost any equipment capable of dialing from a database could be flagged as an ATDS, leading to massive class-action settlements. The 2021 ruling seemingly restricted this definition to equipment that uses a random or sequential number generator, theoretically liberating many modern predictive dialers and text platforms from the statute’s strictest consent requirements.

However, the reality on the ground has proven far messier than a simple “open season” for marketing. While federal ATDS claims have declined, the vacuum has been filled by a surge in “Mini-TCPA” laws at the state level (such as in Florida, Oklahoma, and Washington) that adopt broader autodialer definitions. Furthermore, plaintiffs’ attorneys have pivoted their strategies, focusing heavily on Do Not Call (DNC) violations, pre-recorded voice prohibitions, and the revocation of consent—areas where the Duguid ruling provides no shield. The operational danger has shifted from technical equipment definitions to strict process compliance regarding consent management and list hygiene.

This article clarifies the operational boundaries post-Duguid. We will dissect the current judicial interpretation of “capacity” versus “use,” analyze the aggressive rise of state-level compliance traps, and outline a defensible workflow for high-volume outreach. The goal is to move beyond the false sense of security provided by the Supreme Court ruling and address the persistent, multi-layered risks that continue to generate multimillion-dollar liability for unwary organizations.

See more in this category: Digital & Privacy Law

In this article:

Last updated: November 24, 2024.

Quick definition: Post-Duguid compliance refers to adhering to the narrowed federal definition of an autodialer (requiring random/sequential number generation) while managing broader risks from state laws, DNC registries, and pre-recorded voice restrictions.

Who it applies to: Any entity engaging in high-volume SMS marketing, cold calling, debt collection, or customer notification via automated platforms, specifically those using predictive dialers or CRM-integrated texting tools.

Time, cost, and documents:

• Consent Records: Proof of “prior express written consent” must be retained for at least 5 years (statute of limitations buffer).
• Scrubbing Logs: Daily records showing lists were scrubbed against the National and Internal DNC registries.
• Policy Documents: A maintained internal DNC policy is a strict liability requirement; lacking a written policy is a violation even if no bad calls are made.
• Cost of Failure: Statutory damages range from $500 to $1,500 per call/text, with class actions frequently reaching eight figures.

Key takeaways that usually decide disputes:

• The “Footnote 7” Argument: Plaintiffs often argue that dialing from a stored list still counts if the system *could* generate numbers, though courts are increasingly rejecting this.
• Manual Intervention: Systems that require a human to “click to send” or initiate every call generally defeat ATDS claims, even under stricter state laws.
• DNC Dominance: Most current lawsuits ignore the ATDS definition entirely and focus on calls made to numbers on the National Do Not Call Registry.

Quick guide to Post-Duguid TCPA

The Facebook v. Duguid ruling centered on grammar and syntax, concluding that to be an ATDS, equipment must use a random or sequential number generator to either store or produce telephone numbers. This effectively excluded equipment that merely dials from a curated list of customer numbers, which had been the target of TCPA litigation for years.

• The Random/Sequential Test: If your system dials from a loaded CSV file or CRM list and cannot generate numbers out of thin air (randomly) or in a sequence (111-0001, 111-0002), it is likely not a federal ATDS.
• The “Capacity” Trap: Courts generally look at whether the system *has* the capacity to use a generator, not just if it was used. However, post-Duguid, most CRM dialers are viewed as lacking this capacity entirely unless modified.
• The Marketing vs. Informational Split: While the technology definition narrowed, the rules for marketing calls (requiring written consent) remain stricter than for informational calls (requiring prior express consent), especially under DNC rules.
• State Law Override: Florida, Washington, and Oklahoma passed laws defining autodialers as systems that “automatically select and dial.” This bypasses Duguid entirely. If you call into these states, the federal narrowing is irrelevant.

Understanding the ATDS shift in practice

The practical impact of Duguid has been a migration of risk rather than an elimination of it. Before the ruling, the debate was technical: “Is this specific predictive dialer an ATDS?” Now, the debate is jurisdictional and procedural. Defense attorneys can often win a motion to dismiss on a federal ATDS claim by showing the system dialed from a list. However, plaintiffs have adapted by alleging that the *nature* of the call violated other provisions or by filing in state courts where definitions are broader.

A critical nuance in practice is the “Footnote 7” controversy. In the Supreme Court opinion, a footnote suggested that an autodialer might include equipment that uses a random number generator to determine the *order* in which numbers from a list are dialed. While most lower courts have rejected this interpretation as inconsistent with the main holding, it remains a heavily litigated point. Conservative compliance demands assuming that any automated sequencing could potentially trigger scrutiny, though the prevailing view is that list-based dialing is safe from federal ATDS claims.

The definition of “human intervention” has also evolved. Previously, it was a defense against being an ATDS. Now, it is primarily a defense against state-level claims. For example, “click-to-dial” systems—where an agent must physically press a button to initiate each call—are the gold standard for avoiding liability in stricter states like Florida. Automation that removes the human from the initiation step creates exposure in these jurisdictions, regardless of whether a random number generator is involved.

Legal and practical angles that change the outcome

The distinction between “marketing” and “non-marketing” purposes remains vital. Duguid did not change the fact that marketing calls to cell phones using an ATDS or pre-recorded voice require Prior Express Written Consent (PEWC). Even if your dialer isn’t an ATDS, if you use a pre-recorded voice (or an AI voice that sounds human), you are strictly liable without PEWC. Many companies mistakenly believe Duguid allows them to use AI voice agents on cold leads; this is a fatal error.

The “Internal DNC” is another area where outcomes pivot. Federal rules require that if a consumer asks to be on your company-specific do-not-call list, you must honor it indefinitely. Duguid offers no protection against Internal DNC violations. In fact, plaintiffs often seed lists with numbers that have previously requested to be opted out, waiting for a system failure to trigger a lawsuit. If your CRM does not sync opt-outs across all departments (e.g., Sales stops calling, but Collections keeps calling), you are exposed.

Workable paths parties actually use to resolve this

When disputes arise, the resolution path often depends on the specific allegations. If the claim is purely about the use of an ATDS under federal law, defense counsel will typically move for summary judgment early, demanding technical specifications of the dialer to prove it lacks random number generation capacity. This “technical defense” is now highly effective and often forces low-value settlements or dismissals.

However, if the claim involves DNC violations or state laws, the strategy shifts to proving “safe harbor.” The TCPA provides a safe harbor defense if a company can prove that a violation was an error and that they have: (1) established business procedures, (2) trained personnel, and (3) a maintained list of DNC requests. Companies that can produce dated training manuals and scrubbing logs often resolve these claims for nominal amounts, whereas those lacking documentation face full statutory damages.

Practical application of compliance workflows

Implementing a robust compliance framework requires integrating legal thresholds into the daily operational workflow of sales and marketing teams. The goal is to create a “compliance by design” system where the software prevents violations before they occur.

1. Audit the Dialing Technology: Obtain a written certification from your software vendor stating whether the platform utilizes a Random or Sequential Number Generator (RoSNG). If it does, disable that module or obtain PEWC for all contacts.
2. Segment by Jurisdiction: Configure the dialing platform to segregate phone numbers with area codes from strict states (FL, WA, OK). Apply “click-to-dial” or manual intervention protocols specifically to these segments.
3. Centralize Consent Data: Ensure that all consent data (web forms, contract checkboxes) flows into a single “source of truth” database. The dialer must query this database in real-time before placing a call.
4. Automate DNC Scrubbing: Set up an automated daily job that scrubs your calling lists against the National DNC Registry and your Internal DNC list. Ideally, the system should block any number added to the Internal DNC within seconds.
5. Train on Revocation: Train agents to recognize non-standard revocation phrases (e.g., “Take me off your list,” “Don’t call anymore”) and provide a one-click button in the interface to flag the number immediately.
6. Document Everything: Retain logs of every consent obtained, every scrub performed, and every call attempt. In a dispute, a missing log is treated as a non-existent process.

Technical details and relevant updates

The technical definition of an autodialer under the “Mini-TCPA” laws often hinges on the concept of “automatic selection.” For instance, Florida’s law defines an autodialer as a system that permits the “automated selection and dialing” of telephone numbers. This is significantly broader than the federal Duguid standard. A system that sorts leads by “likelihood to buy” and then automatically dials the top 50 is likely an autodialer in Florida, even if it’s not under federal law.

Regarding itemization and record retention, the burden of proof for consent lies entirely with the caller. A simple “date stamp” in a CRM is often insufficient in court. The gold standard is the “TrustedForm” or “Jornaya” certificate—a visual replay of the user’s session proving they saw the disclosure and clicked the button. Without this visual proof, plaintiffs can successfully argue they never saw the fine print or that the form was altered after the fact.

• Pre-recorded Voice (Robocalls): Duguid is irrelevant here. Any non-human voice requires written consent. This includes “soundboard” technology where an agent presses buttons to play pre-recorded snippets.
• Ringless Voicemail (RVM): Courts and the FCC generally classify RVM as a “call” subject to TCPA rules. The argument that it “doesn’t charge the consumer” has largely failed.
• Dual-Purpose Calls: If a call has both a service message and a marketing pitch, it is treated as a marketing call, triggering the stricter consent and DNC requirements.
• Text Message “Systems”: Peer-to-peer (P2P) texting platforms where an agent must manually send each text are generally safe from federal ATDS claims, provided no “blast” automation runs in the background.

Statistics and scenario reads

The litigation environment has not cooled; it has merely shifted. While pure “autodialer” filings in federal court have dipped, the complexity of filings has increased, with plaintiffs layering state claims and DNC violations to survive dismissal. The data suggests a market that punishes the unprepared while offering an exit ramp for those with rigorous documentation.

Operational Shifts (Before vs. After Duguid)

• Consent Strategy: “Implied Consent” (Risky) → Certified Written Consent (Mandatory). Driven by DNC rules rather than ATDS fears.
• Dialing Mode: Predictive/Power Dialing → Human Selection / Click-to-Call. Specifically for state law compliance.
• Defense Cost: High Technical Expert Fees → Quick Summary Judgment. Federal cases are cheaper to defend; state cases are more expensive.

Monitorable Compliance Metrics

• Revocation Lag Time (Minutes): Target should be near-zero. Delays >24h increase risk.
• DNC Scrub Frequency (Days): Maximum 31 days. Best practice is daily/real-time.
• Wrong Number Rate (%): High rates (>5%) indicate poor data hygiene and reassigned number risks.

Practical examples of Post-Duguid Scenarios

Common mistakes in TCPA compliance

FAQ about Post-Duguid TCPA

References and next steps

• Audit your scripts: Ensure no pre-recorded messages or AI voices are used without explicit written consent.
• Check your contracts: Verify that your lead vendors provide visual proof of consent (TrustedForm/Jornaya), not just a spreadsheet row.
• Implement “State Logic”: Update your dialer to treat FL, WA, and OK area codes with “Click-to-Call” protocols.
• Scrub the RND: Register for the Reassigned Numbers Database and integrate it into your scrubbing workflow.

Related reading:

• Digital & Privacy Law
• Understanding the Florida Telemarketing Act (CS/SB 1120).
• FCC regulations on text message revocation and lead generation.
• Best practices for “Safe Harbor” DNC defense.

Normative and case-law basis

The primary statute governing this landscape is the Telephone Consumer Protection Act of 1991 (47 U.S.C. § 227). The pivotal interpretation discussed here comes from the Supreme Court decision in Facebook, Inc. v. Duguid, 592 U.S. ___ (2021), which resolved a circuit split regarding the definition of an ATDS. However, enforcement and rulemaking authority rest with the Federal Communications Commission (FCC), which regularly issues declaratory rulings that clarify (or expand) statutory requirements.

State-level variations are driven by specific statutes such as Florida’s CS/SB 1120 (Florida Telemarketing Act) and Washington’s HB 1497. These laws often explicitly decouple their definitions from the federal standard, creating a dual-compliance regime. Courts generally uphold these state laws as long as they do not directly conflict with federal ability to regulate interstate commerce, though this is an active area of constitutional litigation.

For official text and updates, consult the Federal Communications Commission (FCC) www.fcc.gov or the Supreme Court Opinions database www.supremecourt.gov.

Final considerations

The Duguid decision was a significant victory for the defense bar, but it was not the “end of the TCPA” that many marketers hoped for. By narrowing the technical scope of what constitutes an autodialer, the Supreme Court effectively pushed plaintiffs toward other, equally damaging theories of liability—specifically DNC violations and state-level claims. The modern compliance officer must stop worrying solely about “random number generation” and start worrying about “process governance.”

Survival in this environment requires a holistic approach that treats data hygiene as a legal shield. Documentation of consent, rigorous DNC scrubbing, and jurisdiction-specific dialing protocols are no longer optional “best practices”—they are the only barrier between your business and a class-action lawsuit. In the post-Duguid world, it is not the technology you use that saves you, but the records you keep.

This content is for informational purposes only and does not replace individualized legal analysis by a licensed attorney or qualified professional.