<img height="1" width="1" style="display:none" src="https://q.quora.com/_/ad/3ba228b818d84df89534851d45d08489/pixel?tag=ViewContent&amp;noscript=1">

Text Messaging Laws Every Business Has To Know About

May 11, 2021

SMS marketing makes it easy to reach customers directly at a relatively low cost. But if you don’t adhere to the text message privacy laws and regulations that are in place to protect consumers, you risk incurring massive fines and penalties.

In this article, we’ll share everything you need to know about text message privacy laws in the United States, Canada, the European Union and the United Kingdom, plus best practices for keeping your business compliant with text marketing laws.

The Importance of Following Text Marketing Laws

SMS marketing is an excellent way for businesses to communicate promotions and offers to customers. However, not all businesses follow SMS rules in their text message engagement with customers. 

Without an understanding of proper and legal protocol, businesses may unknowingly send unsolicited text messages and spam their audience with irrelevant information, products, services or offers. 

Additionally, some companies only want to collect personal data for other purposes (some potentially unethical) and have no real interest in engaging with or providing value to customers. 

To uphold the privacy and protection of personal information, the Cellular Telecommunications Industry Association (CTIA) was formed to impose ethical text marketing practices. Other organizations and stakeholders, such as the Mobile Marketing Association (MMA), Federal Communications Commission (FCC) and Federal Trade Commission (FTC) also monitor, regulate or enforce rules that apply to SMS marketing. 

Any company that uses SMS and MMS to communicate with audiences must comply with the rules put forth by these regulators. Businesses that violate text message privacy and text spam laws will incur penalties and hefty fines.

Text Message Privacy Laws in the United States

Electronic communications in the United States are carefully regulated through strict SMS rules. In addition to these federal regulations, businesses must also observe all text messaging laws by state that may apply to their region.  

Four stakeholders oversee wireless device laws for texting in the U.S.:

The CTIA and MMA advocate for ethical wireless communications and aim to establish the best marketing practices for mass SMS texting. 

The FCC and FTC, on the other hand, have legislative powers to enact laws, regulations and penalties for businesses.

Next, we’ll cover the two text messaging privacy laws enforced in the U.S.: the Telephone Consumer Protection Act and the CAN-SPAM Act.

1. Telephone Consumer Protection Act (TCPA)

The Telephone Consumer Protection Act (TCPA) is a product of the FCC. The TCPA is the primary anti-telemarketing law and the leading regulator of SMS marketing. 

Under the TCPA, businesses may not send messages to consumers without their consent. Even if an individual provides their phone number or has a long-standing relationship with the business, the company cannot text the individual if they have not granted written consent. 

Businesses are required to obtain explicit written consent (not verbal) to add subscribers to their subscription list. Written consent doesn’t refer to writing on paper, but rather consent that is documented and saved. 

As consumers opt in to SMS marketing campaigns, they must receive clear, conspicuous disclosure of the text messages they will receive. They must also agree to receive these messages on their mobile device. 

Here are some compliant ways for an individual to join an SMS marketing subscription database:

  • Keyword texting: Customers text a keyword from their mobile device to join an SMS database.
  • Paper form: Customers fill out a paper form that clearly states they agree to receive text messages through their phone number from a business.
  • Online form: Likewise, an online form must explicitly state that the consumer is subscribing to receive text messages from the company once they provide their phone number.
  • Website popups: A popup form on your website can share details of your SMS program and allow engaged visitors to opt in.

It’s critical to be completely transparent with subscribers. Here’s what contacts should expect to receive:

  • A description of the program they are subscribing to.
  • The approximate number of messages they should expect to receive in a defined period (such as per week or month).
  • A link to the full terms and conditions of the privacy policy.
  • Instructions on how to opt out from receiving messages (STOP instructions), as well as how they can get help information (HELP instructions). Businesses can provide a link that contains detailed information about these instructions.

Businesses should send texts via short codes, which are five or six-digit phone numbers that prevent messages from getting flagged as spam. Using shortcodes ensures that communications are regulated by wireless carriers and CTIA guidelines.


The CAN-SPAM Act works in conjunction with TCPA and is the main text spam law in the United States. 

Under the CAN-SPAM Act, the FCC can regulate commercial texts sent to wireless devices to protect consumers from unwanted mobile commercial messages. 

The CAN-SPAM Act makes it illegal for businesses to send unwanted text messages to cell phone numbers and requires that any commercial message be easily identifiable by the receiver as an advertisement. Consumers must also be able to unsubscribe from receiving messages. 

The CAN-SPAM Act does not apply to messages regarding existing transactions or relationships, such as delivery notifications.

Text Message Privacy Laws in Canada

Canada passed the Canada Anti-Spam Legislation, otherwise known as CASL, in 2014. This text spam law is similar to the Telephone Consumer Protection Act.

Canada’s Anti-Spam Legislation (CASL)

Under the CASL, businesses who wish to send electronic messages to consumers must fulfill three core requirements

  • Obtain consent
  • Provide identification information 
  • Provide an unsubscribe mechanism

There are also two avenues for obtaining consent: implied or express. 

  • Implied consent refers to an individual providing or disclosing their contact information to a business, thus permitting consent. 
  • Express consent refers to an individual explicitly agreeing to receive electronic communications from a business.

Text Message Privacy Laws in the European Union

The European Union (EU) also has SMS rules and regulations regarding electronic communications, namely the General Data Protection Regulation (GDPR).

General Data Protection Regulation (GDPR) 

The GDPR, enacted in May 2018, applies to any country that wants to do business with the European Union or use EU citizens’ personal data. 

Businesses must adhere to these seven principles to be GDPR-compliant: 

  1. Obtain consent
  2. Report any security breaches to customers within 72 hours
  3. Provide customers the rights to access their personal data
  4. Provide customers the rights to reuse their personal data outside the business
  5. Provide customers the rights to have their data erased completely 
  6. Deploy appropriate security measures to safeguard data collection
  7. Have the capability to appoint a Data Protection Officer (DPO) if necessary

The GDPR applies to all commercial text messages and data security in general. Therefore, GDPR may affect other aspects of an organization’s marketing activities. Non-compliance will result in a costly penalty.

Text Message Privacy Laws in the United Kingdom

The U.K. has supporting regulations that work in conjunction with the GDPR. They are the Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act.

Privacy and Electronic Communications Regulations (PECR) and Data Protection Act 

The PECR applies to any electronic marketing methods and website tracking (such as cookies) and their respective security measures and privacy rights. 

These laws “[recognise] that widespread public access to digital mobile networks and the internet opens up new possibilities for businesses and users, but also new risks to their privacy.” 

The U.K.’s Data Protection Act regulates how businesses can store and use consumers’ personal information. Under this act, personal info must be used “fairly, lawfully and transparently.” Businesses can only use data when relevant and appropriate, and cannot store the data longer than necessary. 

Similar to GDPR principles, customers have the right to know how their data is being used or have data updated or erased. 

How to Leverage SMS Marketing Legally 

With all the strict text marketing regulations out there, you need to be attentive and careful with your SMS strategy. To ensure that the benefits of SMS marketing are not hindered because of marketing laws, follow these best practices for compliant SMS campaigns.

Get Written Consent

Consent is the most important aspect of compliance. Whether your business uses shortcodes, paper forms or online forms, the written consent must be explicit, transparent and comprehensive for customers to agree to the conditions. Please note: You cannot ask customers to purchase a product or a service as a condition of the written consent.

Pro Tip: Remember that web opt-ins also require double opt-ins. According to the CTIA, you must provide consent on a web form and follow-up with a confirmation text from the subscriber. Shortcodes or direct text consent only require one step, which is more straightforward for most businesses.

Confirm Opt-Ins

Send your subscribers a confirmation as soon as they opt in to your campaign. Your confirmation message should contain information regarding what the consumer has subscribed for, such as:

  • Validation of a successful subscription
  • Your campaign’s purpose
  • Your organization’s identity
  • An approximate frequency of the messages your subscribers will get from you
  • Information about opting out if needed
  • Information about data required by the text messages, and charges if applicable
  • Terms and conditions, and your organization’s privacy policy
  • A keyword your subscribers can text if they need assistance or information regarding your campaign

You should also include this information in your campaign’s call-to-action. If you’re worried about overwhelming your customers with information, you can simply provide URLs to your privacy policy, FAQ or help center instead.

The CTIA also allows abbreviations of your terms and conditions and privacy policies. Follow these requirements:

  • Abbreviations must be clear
  • Abbreviations cannot be blocked by any kind of pop-up message
  • Abbreviations should not have pre-checked confirmation boxes
  • Abbreviations must always be accessible

Compliant SMS Marketing With Textedly

Text marketing laws exist to protect consumers. Customers have the right to know what they are subscribing to and know that businesses are using their personal data with respect, care and protection. As long as your business is attentive in keeping up with these guidelines, you’ll be good to go.

If you need more guidance on SMS campaign compliance and want to ensure you’re abiding by text marketing laws, reach out to Textedly today. Or, check out our Complete SMS Compliance Guide

Textedly believes in the importance of customer experience and aims to provide easy-to-integrate text messaging solutions for your business. Learn more about Textedly and sign up for a free trial to kickstart your SMS marketing campaign today.

Start Texting Your Customers for Free With Textedly