SMS marketing makes it easy to reach customers directly at a relatively low cost. But if you don’t adhere to the text message privacy laws and regulations that are in place to protect consumers, you risk incurring massive fines and penalties.
This article will share everything you need to know about text message privacy laws in the United States, Canada, European Union, United Kingdom and Australia. Plus, best practices for keeping your business compliant with text marketing laws.
The Importance of Following Text Marketing Laws
SMS marketing is an excellent way for businesses to communicate promotions and offers to customers. However, not all companies follow SMS rules in their text message engagement with customers.
Without understanding proper legal protocol, you may unknowingly send unsolicited text marketing messages or spam your audience with irrelevant information, products, services, or offers.
Does your company market internationally? Here are texting laws that your business should adhere to in the following countries:
Read more: 23 Law-Compliant Text Message Templates
Text Message Privacy Laws in the United States
The United States carefully regulates electronic communications via strict SMS rules. In addition to these federal regulations, businesses must also observe all text messaging laws that apply to their region or state.
Four stakeholders oversee wireless device laws for texting in the U.S.:
- Cellular Telecommunications Industry Association (CTIA), a group formed to impose ethical text marketing practices and represents the wireless communications industry
- Mobile Marketing Association (MMA) encourages marketing transformation and innovation through mobile devices (like SMS marketing)
- Federal Communications Commission (FCC), an independent government agency that regulates electronic and media communications by wire, satellite, cable, TV and radio
- Federal Trade Commission (FTC), another government agency that protects consumers by dealing with complaints or violations that occur via media communications
The CTIA and MMA advocate for ethical wireless communications and aim to establish the best marketing practices for mass SMS texting.
On the other hand, the FCC and FTC have legislative powers to enact laws, regulations, and penalties for businesses.
Next, we’ll cover the two text messaging privacy laws enforced in the U.S.: the Telephone Consumer Protection Act and the CAN-SPAM Act.
Telephone Consumer Protection Act (TCPA)
The Telephone Consumer Protection Act (TCPA) is a product of the FCC. The TCPA is the primary anti-telemarketing law and the leading regulator of SMS marketing.
Under the TCPA, companies may not send messages to consumers without their consent. Even if an individual provides their phone number or has a long-standing relationship with the business, the company cannot text the individual if they have not granted written consent.
Businesses must obtain explicit written consent (not verbal) to add subscribers to their subscription list. Written consent doesn’t refer to writing on paper but rather consent that is documented and saved.
As consumers opt in to SMS marketing campaigns, they must receive clear, conspicuous disclosure of the text messages they will receive. They must also agree to receive these messages on their mobile device.
Here are some compliant ways for an individual to join an SMS marketing subscription database:
- Keyword texting: Customers text a keyword from their mobile device to join an SMS database.
- Paper form: Customers fill out a paper form that clearly states they agree to receive text messages from a business.
- Online form: Likewise, an online form must explicitly state that the consumer is subscribing to receive text messages from the company once they provide their phone number.
- Website pop-ups: A pop-up form on your website can share details of your SMS program and allow engaged visitors to opt-in.
It’s critical to be completely transparent with subscribers. Here’s what contacts should expect to receive:
- A description of the program they are subscribing to
- The approximate number of messages they should expect to receive in a defined period (such as per week or month)
- A link to the full terms and conditions of the privacy policy
- Instructions on how to opt-out from receiving messages (STOP instructions) and how they can get help information (HELP instructions).
Businesses should send texts via short codes, five or six-digit phone numbers that prevent messages from getting flagged as spam. Using short codes ensures that communications are regulated by wireless carriers and CTIA guidelines.
CAN-SPAM Act
The CAN-SPAM Act works in conjunction with TCPA and is the primary text spam law in the United States.
Under the CAN-SPAM Act, the FCC can regulate commercial texts sent to wireless devices to protect consumers from unwanted mobile commercial messages.
The CAN-SPAM Act makes it illegal for businesses to send unwanted text messages to cell phone numbers. In addition, it requires that any commercial message be easily identifiable by the receiver as an advertisement. Consumers must also be able to unsubscribe from receiving messages.
The CAN-SPAM Act does not apply to messages regarding existing transactions or relationships, such as delivery notifications.
Read more: Etiquette Rules for Business Texting
Text Message Privacy Laws in Canada
Canada passed the Canada Anti-Spam Legislation, otherwise known as CASL, in 2014. This text spam law is similar to the Telephone Consumer Protection Act.
Canada’s Anti-Spam Legislation (CASL)
Under the CASL, businesses who wish to send electronic messages to consumers must fulfill three core requirements:
- Obtain consent
- Provide identification information
- Provide an unsubscribe mechanism
There are also two avenues for obtaining consent: implied or express.
- Implied consent refers to an individual providing or disclosing their contact information to a business, thus permitting approval.
- Express consent refers to an individual explicitly agreeing to receive electronic communications from a business.
Text Message Privacy Laws in the European Union
The European Union also has SMS rules and regulations regarding electronic communications, namely the General Data Protection Regulation (GDPR).
General Data Protection Regulation (GDPR)
The GDPR, enacted in May 2018, applies to any country that wants to do business with the European Union or use EU citizens’ personal data.
Businesses must adhere to these seven principles to be GDPR-compliant:
- Obtain consent
- Report any security breaches to customers within 72 hours
- Provide customers the right to access their personal data
- Provide customers the right to reuse their personal data outside the business
- Provide customers the right to have their data erased completely
- Deploy appropriate security measures to safeguard data collection
- Have the capability to appoint a Data Protection Officer (DPO) if necessary
The GDPR applies to all commercial text messages and data security in general. Therefore, GDPR may affect other aspects of an organization’s marketing activities. Non-compliance will result in a costly penalty.
Text Message Privacy Laws in the United Kingdom
The UK has supporting regulations that work in conjunction with the GDPR: The Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act.
Privacy and Electronic Communications Regulations (PECR) and Data Protection Act
The PECR applies to any electronic marketing methods and website tracking (such as cookies) and their respective security measures and privacy rights.
These laws recognize “that widespread public access to digital mobile networks and the internet opens up new possibilities for businesses and users, but also new risks to their privacy.”
The UK’s Data Protection Act regulates how businesses store and use consumers’ personal information. Under this act, personal info must be used “fairly, lawfully and transparently.” Companies can only use relevant and appropriate data and cannot store the data longer than necessary.
Similar to GDPR principles, customers have the right to know how their data is being used or have data updated or erased.
Text Message Privacy Laws in Australia
Under Australian law, it’s illegal to send a single unsolicited commercial text message. To comply with Australia’s Spam Act 2003, every commercial email, text and phone message you send must meet the following conditions:
- Consent: The recipient must have either expressly consented to receive your messages or be an existing customer
- Identification: The recipient must be able to identify your business accurately
- Opt-out: The recipient must be able to unsubscribe from receiving further messages. Unsubscribe requests must be honored within five working days from receipt.
How to Leverage SMS Marketing Legally: Best Practices
With these strict text marketing regulations in place, you must be attentive and careful with your SMS strategy. To ensure that marketing laws do not hinder the benefits of SMS marketing, follow these best practices for compliant SMS campaigns.
Get Written Consent
Consent is the most critical aspect of compliance. Whether your business uses shortcodes, paper forms or online forms, the written consent must be explicit, transparent and comprehensive for customers to agree to the conditions. Please note: You cannot ask customers to purchase a product or a service as a condition of the written consent.
Pro Tip: Remember that web opt-ins also require double opt-ins. According to the CTIA, you must provide consent on a web form and follow up with a confirmation text from the subscriber. Short codes or direct text consent only require one step, which is more straightforward for most businesses.
Confirm Opt-Ins
Send your subscribers a confirmation as soon as they opt in to your campaign. Your confirmation message should contain information regarding what the consumer has subscribed for, such as:
- Validation of a successful subscription
- Your campaign’s purpose
- Your organization’s identity
- An approximate frequency of the messages your subscribers will get from you
- Information about opting out if needed
- Information about data required by the text messages, and charges if applicable
- Terms and conditions and your organization’s privacy policy
- A keyword your subscribers can text if they need assistance or information regarding your campaign
You should also include this information in your campaign’s call-to-action. However, if you’re worried about overwhelming your customers with information, simply provide URLs to your privacy policy, FAQ or help center instead.
The CTIA also allows abbreviations of your terms and conditions and privacy policies. Follow these requirements:
Abbreviations:
- Must be clear
- Cannot be blocked by any pop-up message
- Should not have pre-checked confirmation boxes
- Must always be accessible
Provide Opt-Outs
Subscribers must have a way of opting out of your subscriber list. Trapping them into opting in or forcing them to stay is not only breaking text marketing law, but it compromises trust and brand integrity. Adding “Text STOP to cancel” on each communication will suffice.
Consequences of Breaking SMS Marketing Laws
Any company that uses SMS and MMS to communicate with audiences must comply with regulators' rules.
Remember: Ignorance of the law does not excuse lack of compliance. Businesses that violate text message privacy and text spam laws can incur penalties and hefty fines.
What constitutes a TCPA violation?
- Calls or texts to anyone listed on the National Do Not Call Registry
- Unsolicited calls to residential or cell phones using automated dialing or pre-recorded messages
- Unsolicited texts to cell phones
Businesses that violate TCPA laws are subject to harsh penalties. A consumer providing sufficient documentation can recover up to:
- $500 per violation of the National Do Not Call Registry
- $500 per phone call that violates TCPA rules
- $1,500 per phone call if the consumer can show that the business violated TCPA laws knowingly and willfully
Practice Compliant SMS Marketing With Textedly
Text marketing laws exist to protect consumers. Customers have the right to know what they are subscribing to and know that businesses use their personal data with respect and care.
If you need more guidance on SMS campaign compliance or want to ensure you’re abiding by text marketing laws, reach out to Textedly today. Or, check out our Complete SMS Compliance Guide.
Textedly believes in the importance of customer experience and aims to provide easy-to-integrate text messaging solutions for your business.