Providing a warning about the limits of insurance coverage, a New York federal court sided with an insurer to hold that two exclusions in a policy precluded coverage for a Telephone Consumer Protection Act (TCPA) class action.
Victoria Flores filed a class action against Grubhub in 2016 in Illinois state court, accusing the defendant of sending unauthorized text messages to thousands of consumers in violation of the TCPA. Grubhub did not respond to the lawsuit but entered into a settlement agreement with Flores that included an $8 million payout.
As part of the deal, Grubhub assigned to Flores all claims and proceeds under its insurance policy with ACE American Insurance Co. The settlement agreement provided the $8 million could be collected exclusively from Grubhub’s policy with ACE, and not from Grubhub itself.
Prior to settling with Flores, Grubhub tendered defense of her lawsuit to ACE. The insurer denied that it had a duty to defend or indemnify the insured, relying on two different exclusions: Exclusion CC and Exclusion Y.
Exclusion CC stated the insurer shall not be liable on account of any claim “alleging, based upon, arising out of or attributable to any unsolicited electronic dissemination of faxes, emails or other communications by or on behalf of the Insured to multiple actual or prospective customers of the Insured or any other third party, including but not limited to actions brought under the [TCPA], any federal or state anti-spam statutes, and/or any other federal or state statute, law or regulation relating to a person’s or entity’s right of seclusion.”
Under Exclusion Y, the insurer shall not be liable on account of any claim “alleging, based upon, arising out of or attributable to false, deceptive or unfair business practices or any violation of consumer protection laws.”
After the settlement agreement was finalized, Flores filed suit against ACE to recover the $8 million. She told the court that Exclusion CC was not broad enough to cover the individualized messages in question because the language of the exclusion applied to messages or phone calls that are transmitted en masse, as part of a spam or mass marketing campaign. As for Exclusion Y, it does not apply to “privacy regulations” such as the TCPA, Flores argued.
U.S. District Judge Alvin K. Hellerstein disagreed, finding that coverage was excluded under both exclusions.
Exclusion CC “explicitly precludes coverage for actions brought under TCPA,” he said, and Flores’ claims “are claims under the TCPA and arise out of the unauthorized communications sent by the insured.”
Nothing in the exclusion required that the text messages sent to the customers be identical or sent at the same time, the court wrote, rejecting the plaintiff’s “en masse” position. “The claims are therefore excluded from coverage under Exclusion CC, and Defendant thus did not breach its duty to defend or duty to indemnify.”
Exclusion Y provided “a second and independent justification for Defendant’s refusal to cover the claims” of the underlying complaint, the court added. “Under Exclusion Y, there is no coverage for claims based on ‘false, deceptive or unfair business practices or any violation of consumer protection laws.’ The TCPA is a consumer protection statute, and, therefore, the Policy does not cover claims brought under it.”
Flores pointed to a carve-back in the policy that provided coverage for claims arising out of “an unintentional violation of the Insured’s privacy policy that results in the violation of any Privacy Regulation.”
As defined by the policy, a “privacy regulation” refers to the Health Insurance Portability and Accountability Act as well as “other similar, state, federal and foreign identity theft and privacy protection legislation that requires commercial entities that collect Personal Information to post privacy policies, adopt specific privacy or security controls, or notify individuals in the event that Personal Information has potentially been compromised.”
But the TCPA did not fit this definition, Judge Hellerstein said. “The purpose of the TCPA is not to avoid identity theft, and the TCPA does not require commercial entities to adopt privacy or security controls,” he wrote. “The claims brought in the Underlying Complaint do not relate to ‘privacy regulations.’”
Finding no ambiguities in Exclusions CC and Y, the court said Flores’ claims were “not even potentially within the policy coverage,” granting the insurer’s motion to dismiss the lawsuit.
To read the order in Flores v. ACE American Insurance Company, click here.
Why it matters: This case illustrates the difficulty of obtaining TCPA coverage under most commercial policies. Here, the court had little trouble finding that two separate exclusions in the insured’s policy operated as independent bases for the insurer to deny coverage for Flores’ TCPA class action. One exclusion explicitly prohibited coverage for claims filed under the statute, while the second refused coverage based on consumer protection laws, which the court said included the TCPA. Even the plaintiff’s attempt to characterize the TCPA as a “privacy regulation” failed, and the court granted dismissal of the action.