Evan Schuman's StorefrontBacktalk

When a federal judge certified class-action status against Papa John’s on November 9, the pizza chain became the poster child for mobile text-messaging abuse. But this case raises some key questions retailers need to wrestle with—and which the court will decide—including the use of POS data for non-payment functions, the chain’s reasonable responsibilities for the decisions of very independent franchisee owners and what constitutes a business relationship sufficient to establish marketing permission (and in any definition, does buying one slice of pizza reasonably trigger it?).

(Related stories: “Federal Judge Dismisses Walmart Texting Lawsuit, Just Days After Another Federal Judge Ruled The Opposite Way For Papa Johns” and “Would You Like Spam With That?”)

The specifics of this Papa John’s case involve a vendor that never worked for Papa John’s but was retained by quite a few franchisees. That vendor, OnTime4U, sent a huge number of texts to customers of Papa John’s franchisees and never received explicit permission from any of those customers. If this had been a case of whether OnTime4U had violated the Telephone Consumer Protection Act (TCPA), it would be a very easy case. But because the case is focused on the retailer that never retained the vendor, things get much trickier.

To be fair, Papa John’s is far from having clean hands when it comes to OnTime4U. Although the chain didn’t retain the vendor, it did send memos to franchisees encouraging them to retain OnTime4U. When one franchisee complained, a Papa John’s exec told him to try again. The chain also gave the vendor a prominent presentation slot at its franchisee meeting, clearly endorsing OnTime4U. Therefore, blaming Papa John’s for what OnTime4U did is not wildly inappropriate.

According to U.S. District Court Judge John C. Coughenour in Seattle’s decision, the phone numbers enabling those text messages came from the ones customers gave when they placed pizza orders or that caller-ID systems grabbed. So if you phoned in to ask about a pizza—and perhaps not even buy one—you were about to enter text-message hell.

“Those lists were generated out of the PROFIT system, a proprietary database that Papa John’s describes as a point-of-sale data-entry system,” the judge wrote. “The PROFIT system is downloaded onto registers in Papa John’s restaurants and tracks customer and order information. OnTime4U removed landline numbers from the lists and sent text messages to the numbers associated with cell phones.”

Depending on the text-message plan—or lack of same—the customer has, those annoying texts could also become extremely expensive. So a program intended to generate sales for Papa John’s and to generate goodwill ended up having much of the opposite effect.

Papa John’s ultimately disavowed OnTime4U, but by that point a lot of damage had already been done. When Papa John’s finally did turn on the vendor, IT folks will recognize the classic toothpaste-back-into-the-tube problem of getting back tainted data.

Coughenour’s ruling said that “Papa John’s then directed that all franchisees who have shared customer data (particularly telephone numbers) with OnTime4U take all necessary steps to reclaim this data and/or have the vendor permanently delete it from the vendor’s system as well as demand that the vendor not share the data with anyone. Papa John’s also sent a letter directly to OnTime4U in which it demanded that (the vendor) return all customer data supplied to you by our franchisees or take measures to immediately and permanently delete this data from your systems and make certain that it cannot and will not be copied to, shared with or forwarded to anyone. OnTime4U has told Plaintiff’s counsel that it destroyed the call lists at the behest of Papa John’s.”

What about routine backups? Or employees of OnTime4U who copy parts of the database (or all of it) to laptops and mobile devices (phones and tablets, in addition to thumb-drives)? Or employees who work at home on their personal PCs? Marketing teams with their own copies for analytics? The idea that a names-oriented company can easily and completely expunge such data from its systems is ridiculous—and that’s still assuming the vendor chooses to fully and aggressively try and comply. If OnTime4U makes a half-hearted effort to technically comply, this gets much worse.

By the way, the destruction of those names did make it a lot more difficult to supply a complete list of the names of consumers who had been text-bombed. Would we be so cynical as to suggest that Papa John’s had that in mind when it asked for those names to be destroyed? (Who us?)

One weak argument can really make an entire case look bad. Amidst some very legitimate arguments against this class-action suit being certified, Papa John’s argued that the lead plaintiff—a customer—didn’t have standing to sue, because she did not pay the bills for that phone, as her ex-husband is the primary account holder.

“Plaintiff correctly argues that the case law does not unambiguously require that a plaintiff own the relevant phone or account in order to have standing to sue under the TCPA. Moreover, she argues, she has standing to sue under the TCPA because her privacy interests are the very ones that Congress intended to protect when it enacted the TCPA. Plaintiff avers that: (1) she has been the exclusive user of her cell number since 2002, years before sharing a cellular service plan with her ex-husband; (2) she owned the cell phone which received the message; and (3) she was the intended recipient of the texts.”

Yeah, that wasn’t the best argument to make.