What are the SMS marketing rules regarding consent and the Do Not Call list?

Key findings

• Explicit consent is paramount: Prior express written consent is mandatory before sending any SMS marketing messages. This consent must specifically cover SMS communications, not just general marketing or email opt-ins.
• DNC list interaction: Even if a number is on the National Do Not Call Registry, a business can send marketing SMS messages if they have clear, explicit consent from the consumer. However, without consent, sending texts to a DNC-listed number is a violation.
• Private right of action: The TCPA grants individuals the right to sue businesses directly for violations, with statutory damages of up to $1,500 per message sent without consent to a DNC-listed number.
• Consent documentation: Businesses must be able to demonstrate and verify consent if challenged. This means meticulously storing records of how and when consent was obtained.
• Regular DNC checks: While consent overrides a DNC listing, routinely checking against the Federal Do Not Call Registry is a critical compliance practice, especially for lists where consent might be ambiguous or aged. Maintaining a clean list also prevents issues like unwanted messages.

Key considerations

• Opt-in process clarity: Ensure your SMS opt-in process is crystal clear, explicitly stating what types of messages will be sent and how frequently. This clarity helps in proving consent if needed.
• Consent duration: While not explicitly defined, consent generally implies an ongoing relationship. However, understanding how long consent lasts in email marketing provides a good parallel for SMS.
• Triggered campaigns: For triggered SMS campaigns, ensure that the initial consent mechanism is robust enough to cover these automated messages, as real-time DNC checks before each message might not be feasible.
• Legal compliance awareness: Marketers should stay updated on TCPA changes and other regulations from entities like the Federal Trade Commission (FTC) to avoid fines and legal challenges.
• Opt-out mechanisms: Always provide a clear and easy way for recipients to opt out of SMS messages, such as replying STOP. This is a fundamental requirement.

Key opinions

• Initial validation focus: Some marketers initially focus on phone number validation tools, similar to email verification, without fully grasping the primary importance of consent and DNC checks.
• Consent vs. DNC confusion: There's common confusion about whether explicit consent overrides a DNC listing, which it does, provided consent is properly obtained and documented.
• Automated campaign concerns: Marketers worry about the feasibility of real-time DNC checks for triggered SMS campaigns, questioning if such campaigns are even possible under strict rules.
• Reliance on ESP features: Some believe their SMS platform (e.g., Salesforce Marketing Cloud) automatically handles DNC list cross-referencing, which provides a layer of security but doesn't negate the need for explicit consent.
• Risk assessment: The potential for high fines and individual lawsuits under the TCPA makes marketers extremely cautious about compliance.

Key considerations

• Consent granularity: Marketers must ensure consent is specific to SMS marketing, not just implied from other opt-ins.
• Record keeping: Implement robust systems for capturing and storing verifiable consent, including timestamps and methods of consent, to serve as defense against legal claims.
• List hygiene importance: Even with consent, regular list cleaning and suppression against DNC lists is a best practice to avoid unintentional violations and maintain a high standard of compliance.
• Education and training: Educate marketing teams on the severe implications of TCPA non-compliance and the nuances of SMS consent, which differ from email marketing laws like CAN-SPAM.
• Third-party data: If considering using third-party phone number lists, be extremely cautious and verify consent, similar to how one would approach email marketing with third-party data.

Key opinions

• Demonstrable consent: Experts strongly advise that SMS marketers must have 100% demonstrable and verifiable consent for every message sent.
• DNC list priority: Before even considering validity, the primary check should always be against the Federal Do Not Call list for marketing messages.
• Consent overrides DNC: Explicit consent for SMS marketing legally overrides a recipient's presence on the Do Not Call list.
• High stakes: The TCPA includes a private right of action, allowing individuals to sue for significant statutory damages ($500 to $1,500 per message) for unsolicited SMS.
• Consent proof as defense: The only reliable defense against a TCPA claim based on a DNC listing is the ability to produce verifiable consent.
• Avoid implicit consent: Experts strongly advise against relying on implicit consent for SMS, even with DNC suppression, due to the high legal risks.

Key considerations

• Continuous DNC checks: It's imperative to check lists against the Federal Do Not Call Registry every time before sending, as numbers are continuously added.
• SMS-specific consent: Consent must be explicitly obtained for SMS marketing, not merely extrapolated from email subscriptions or other forms of contact.
• Documentation is key: Maintain robust records of all consent, including date, method, and specific terms, to defend against potential lawsuits. This is similar to the importance of email consent records.
• Automated checks: While manual checks are possible, automated solutions for phone number validation and DNC screening are crucial for scalable and compliant SMS operations.
• Understanding legal recourse: Be aware that individuals can pursue private action under TCPA for unsolicited SMS, making robust consent management your primary defense.
• Compliance overlaps: While different, there are parallels between SMS and email to SMS gateway compliance.

Key findings

• TCPA Scope: The Telephone Consumer Protection Act (TCPA) regulates automated telephone calls, pre-recorded calls, and SMS text messages, requiring prior express consent for marketing communications.
• DNC Registry Purpose: The National Do Not Call Registry is a list of phone numbers whose owners have expressed a preference to limit telemarketing calls and texts.
• Express Written Consent: For marketing SMS messages, the TCPA requires prior express written consent, which can be electronic but must clearly authorize messages.
• Consent Exception: Even if a number is on the DNC list, a business may send marketing SMS if it has obtained the necessary consent from the subscriber.
• Recordkeeping Requirement: Businesses must maintain records of consent for at least four years, demonstrating how and when consent was obtained, to prove compliance if challenged.

Key considerations

• Opt-out provisions: All SMS marketing messages must include a clear and conspicuous mechanism for recipients to opt out, such as replying STOP. Failure to do so is a violation.
• Scope of consent: Documentation specifies that consent must relate directly to the SMS messages being sent. Generic consent for communication is often insufficient.
• State-specific DNC lists: Beyond the federal registry, some states (e.g., Connecticut) maintain their own Do Not Call registries that marketers must also comply with.
• Lead generator consent: Recent FCC rules highlight that consent obtained through lead generators must be unambiguous and directly from the consumer for a specific seller, not just a broad category. This applies to calls and texts for advertising. Learn more from Consumer Finance Monitor.
• Enforcement and penalties: Violations can result in significant penalties, including fines of up to $1,500 per violation, enforced by the FCC or through private lawsuits.