If you are interested in marketing with your customers via texting, you should be aware that there are SMS marketing laws and, in fact, they have been changing and becoming stricter. Consumers understandably are fed up with unsolicited text messages and spam.
Don’t be a business that ignores SMS laws.
Information on any given SMS marketing law is presented here for informational purposes only and is not intended to take the place of the advice of counsel.
What Are SMS Regulations?
There are a number of laws governing SMS messaging from businesses. In fact, there are laws in the United Kingdom and in the European Union. If you are doing business with persons who are outside the United States, you will likely have to comply with these laws as well.
And while the FCC and the FTC are mainly in charge of regulating SMS message marketing, the Data Protection Act of 2021 aimed to change that. But note: that bill has not been passed as of mid-2023.
The most important law in the United States is the Telephone Consumer Protection Act. But there are several SMS marketing regulations, and they are not all coming from the United States.
And unless your business is hyperlocal, you will most likely need to be considering text marketing laws outside the United States, as text messaging can be sent anywhere.
To assure your overall SMS campaign is in SMS marketing compliance, one of the keys is express written consent. Express consent is the cornerstone for nearly any SMS regulation around the world.
Consent is so vital in SMS marketing that it is considered a best practice to ask for consent every time you engage in SMS marketing.
SMS Marketing Laws and Regulations
The Telephone Consumer Protection Act of 1991
Even before SMS messaging existed, there were unwanted telephone solicitations.
When this turned into robocalling, the Federal Communications Commission required that telemarketers get prior express written consent from consumers before robocalling them.
The FCC recognized that companies looking to be in TCPA compliance would likely have no trouble with such a requirement.
In 2023, the FCC expanded their requirements and now require the blocking of texts purporting to be from numbers on a reasonable DNO (do not originate) list. A DNO list is a database of phone numbers that have been identified as numbers that should never make an outbound call.
There is more than one DNO list, and their purpose is to try to stem the flood of spoofed Caller IDs out there.
The FCC also requires providers and other entities to maintain a point of contact for texters to report erroneously blocked texts. It proposes further steps to stop illegal texts.
The Commission is currently (2023) seeking comment on extending Do Not Call protections to marketing text messages, and on banning the practice of obtaining a single customer consent as justification for calls and texts from multiple sellers and potential fraudsters.
The Commission also seeks comment on whether to require mobile wireless providers to block a text message when notified by the Commission that they are likely scams.
The California Consumer Privacy Act of 2018 (Only Applicable for Very Successful Businesses)
Unless your business is strictly local (as in, say, a pizza parlor that is not a part of a national chain), you may find yourself doing business with the occasional customer in California.
Sending an SMS message means your business has personal data on a customer. That’s where the CCPA comes in.
The CCPA gives consumers more control over the personal data that businesses collect about them. Under CCPA, a California consumer has the right to know about the personal data business collects about them and how it is used and shared.
A California consumer also has a limited right to the deletion of their personal data and they are allowed to contact a business to correct it. Further, they have the right to limit the use and disclosure of sensitive personal data collected about them.
A California customer also has the right to opt out of the sale or sharing of personal data and to nondiscrimination for exercising their rights under the CCPA.
But don’t despair, unless your business is doing exceptionally well, CCPA won’t apply—but you should be aware of it all the same, just in case your business really takes off.
The CCPA applies to for-profit businesses that do business in California and meet any of the following:
- Have a gross annual revenue of over $25 million;
- Buy, sell, or share the personal information of 100,000 or more California residents, households, or devices; or
- Derive 50% or more of their annual revenue from selling California residents’ personal information.
GDPR (Generally Applicable for Larger Companies Doing International Online Business)
For a business with a customer base that is at least partly in the European Union, the General Data Protection Regulation is going to govern how you can market to them.
GDPR requires that businesses protect the personal data and privacy of EU citizens for transactions that occur within EU member states. It is one of the strictest privacy laws in the world.
And, given that American citizens can work from virtually anywhere these days, even if you don’t think you’re selling in the EU, you may just be doing so anyway. And if those Americans are also EU citizens, you have more to keep track of.
Under GDPR, EU citizens have the right to be forgotten and the right to deletion. In practical terms, this means that if they ask for their personal data to be deleted, you will need to comply ASAP.
There are strict rules for data and SMS compliance with GDPR, which include designating a data protection officer.
For companies with 250 employees or more, GDPR will apply across the board.
But for small businesses with 249 or fewer employees, if your data processing impacts the rights and freedoms of data subjects, is not occasional, or includes certain types of sensitive personal data, then GDPR applies. That effectively means just about all companies.
The Can Spam Act of 2003 (Illustrative But Not Directly Applicable)
For over twenty years, this act has existed to try to cut down on the number of marketing messages people get. But it does not apply to SMS marketing!
Yet it is still instructive in terms of the kinds of actions which can get an SMS marketer in trouble.
For one thing, the spam act only applies to commercial messages. But relationship type messages are exempt. The Federal Trade Commission notes that there are messages which can be a combination of the two.
In that instance, one of the deciding factors is the subject line of an email message. But SMA messaging doesn’t truly have subject lines.
Can Spam also illustrates how clear a business must make the process of opting out of future messages. If you’ve ever struggled to find the unsubscribe button on an email, know that the CAN spam act requires it to be clear and conspicuous.
In addition, marketers are required to honor opt out requests promptly, with a 10 business day maximum to be in compliance with the law. The opt out mechanism has to still exist for 30 days after the message is sent.
This means that a business engaging in email marketing can’t just send a flurry of emails and then drop off the face of the Earth. CAN Spam requires that a business (even one in the throes of bankruptcy proceedings) be around for another month to handle opt out requests.
This spam act is to email marketing as SMS marketing is to the Telephone Consumer Protection Act.
Let’s get to compliance. Fundability™ is more than just ticking boxes. The true philosophy of Fundability™ is to do everything on the up and up because it’s the right thing to do, it helps your customers—oh, and by the way, it also helps your business succeed.
How To Ensure Legal Compliance (Best Practices)
Obtain Written Opt-In Permission Before You Send a Text
It may be tempting to start text messaging a customer right away, the moment you get a telephone number where they can accept a text. But don’t!
Getting written opt-in permission first is the absolute platinum standard for text message marketing. This must be express written consent, not buried in a long document that’s hard for a layperson to understand.
Extremely simple and straightforward language is virtually always going to be best. Mention that you will be texting, that it will be for business purposes, and message and data rates may apply.
And give them an easy way to opt out.
Provide a Means to Opt In With Every Campaign
As a part of its best practices, the Cellular Telecommunications Industry Association notes that just as an SMS marketing campaign will have a clear call to action to entice a consumer to buy, it should have an equally clear CTA showing how to opt in, or out of any future text message.
If a business uses a form to capture a customer name and contact information, then the clear opt-in should go there. The CTIA also says it is a best practice to confirm opt-in for recurring messages.
Adding a means of opting in should be second nature for every single message sent to a consumer.
Data Privacy and Personalized Marketing Can Coexist
According to the Mobile Marketing Association, marketers need to find ways to ensure privacy is not a hindrance to providing better products and services to a consumer.
The MMA notes that a privacy-first approach to data can facilitate consumer trust in the brand. Advertisers need to develop strong first-party data fortresses, data clean rooms and novel ways to put together audience intelligence.
A customer will pay more for a marketing message with a personalized experience, but a lot of the ways such experiences are possible is via the usage of third-party cookies.
The MMA reports that PepsiCo improved its ROI dramatically by cultivating direct customer relationships. Conversions for Pepsi and other companies went up due to garnering insights from first party data.
Add Identifying Details to Every Message
Beyond ensuring consent, make certain that your text messaging always contains basic information on your business.
After all, no subscribers can truly consent to a mystery SMS communication.
Being SMS compliant means that subscribers to your SMS program get your business name at minimum, so they know who is texting them and their consent to texting can be truly informed.
SMS compliance also means offering subscribers an easy to identify way to contact your business if they would like to contact you in some way other than texting.
Adding a name to an email is a human touch which, while not necessary for SMS compliance, can show your subscribers that the texting is coming from a real human being.
Don’t Go Overboard With Texting
A text message every single day is likely to be too much unless you have serious justification. Perhaps time is running out on an offer. Or maybe subscribers need to act before a law changes.
Informing subscribers of how often you intend to be texting them is another good idea. But too much texting, without informing them, can lead to them withdrawing their consent and maybe even complaining to their provider about your overly enthusiastic texting ways.
Takeaways
Texting is a terrific way to connect with consumers on the go. Beyond its obvious convenience and immediacy, it is also a way to share images, send receipts, and put offers in writing.
And don’t underestimate how difficult it can be for some people to hear a phone call. You want to be sure they know a number is sixty and not fifty.
Here at Credit Suite, we are committed to your success in business. From how to build business credit to marketing tips, we’ve got you covered.
Why not contact us today so we can show you how Fundability™ helps your business grow and meet compliance requirements?
