TCPA Panic Not Necessary for CTIA Compliant SMS Messaging Programs
October 11, 2013
By Timothy Miller, President of
Have you received one these text messages lately from a short code program?
"BRAND: Still want to get our alerts? New law requires you to reply "YES" to stay on this list.
Txts r autodial. Not required for purchase. New law takes effect 10/16 so don't delay!Msg&Data rates may apply."
Why are we getting these messages?
While the CAN-SPAM Act of 2003 authorizes the Federal Communications Commission (FCC) to consider mobile messages when developing guidelines, the FCC has taken the position that text messages sent by automated broadcast systems are ‘automated calls’ and are therefore best covered under the
Telephone Consumer Protection Act (TCPA) of 1991.
On February 15, 2012 the FCC amended the the Telephone Consumer Protection Act (TCPA) of 1991 to remove any ambiguity surrounding consent requirements for SMS and MMS messaging.
These changes are finally going into effect this week on October 16, 2013 (20 months later), and are creating a flurry of last-minute messaging campaigns aimed at existing subscribers who may have already given prior affirmative consent.
So What About TCPA has Changed?
Simply put, TCPA now makes it mandatory for businesses to receive “prior express written consent” before auto-dialing or texting consumers. Assuming everyone already understands that the Electronic Signatures in Global and National Commerce Act (ESIGN) makes electronic signatures and records just as good as their paper equivalents, the noteworthy changes are:
1. New requirement for prior express written consent to deliver a prerecorded marketing message to a residential landline - which is now consistent with the Federal Trade Commission’s existing rules on residential telemarketing.
2. “Prior express written consent” will require (1) a clear and conspicuous disclosure that by providing consent, the consumer will receive auto-dialed or prerecorded calls or texts on behalf of a specific seller; and (2) a clear and unambiguous acknowledgment that, having been informed about the consequences of consent, the consumer agrees to receive such calls at the mobile number provided.
3. The consumer’s consent to receive calls cannot be required as a condition of allowing the consumer to make a purchase of any good or service.
4. The caller (content provider for SMS) will bear the burden of establishing, by clear and convincing evidence, that prior express written consent was obtained.
5. No “grand-fathering” provision for implied consent - i.e. just because you have a business relationship or have been messaging a consumer before October 16, you will still need prior express written consent to send texts or make prerecorded calls.
So What's the Controversy with TCPA?
While anyone with a certified short code knows that handset-initiated opt-in and web-initiated double opt-in have always been fundamental tenants of our industry’s self-regulatory framework, the FCC's language does not say how their new rules apply to content providers who already adhere to these long-standing practices.
In other words, a small minority of companies are interpreting the new rules to imply everyone must start over and re-opt-in everyone in their database, essentially wiping out years of investment based on the
Mobile Marketing Association's (MMA) Best Practices and the
Wireless Association's (CTIA) Mobile Short Code Playbook.
So Who in the World Would Destroy their Database?
First, there are many companies that have played fast and loose with the CTIA's self-regulatory framework. Just ask
Aegis Mobile or
WMC Global, the CTIA's and wireless carrier agent auditors who proactively search for non-compliant calls to action (CTAs) in marketing channels and who have issued thousands of audit violations on behalf of the wireless carriers.
Every brand and content provider should stop now and thank the CTIA, the auditors, their partner aggregators, and their application providers for forcing them to include all of those descriptive, up-front disclosures next to their phone number collection fields and mobile T&Cs.
Brands should be equally upset with all those application providers who let them build subscriber lists with web forms or sign-up sheets that did not follow (enforced) industry standards. By failing to comply with self-regulation, some brands did not take advantage of the immediate verified/double opt-in processes prescribed by the CTIA. Some did not authenticate their subscribers using the handset (which satisfies ESIGN), or make it clear to recipients what they were signing up for.
But even the most compliant programs run by the most compliant marketing departments can still be prone to panic-induced myopia. And some organizations with ultra conservative general counsels would rather be safe than self-audit or worry about how good of a job their marketing team did in following existing industry standards.
If you're compliant with the CTIA, You're Compliant with TCPA
The Wireless Association's self-regulatory schema has evolved steadily over the past 7 years. It began with the 2003 MMA Consumer Best Practices, the MMA Code of Conduct, and is currently administered by the CTIA under a consolidated Common Shortcode Monitoring Compliance Playbook. Those of us that have followed these rules know that this gold standard already goes far above and beyond even the new TCPA rules.
Are you compliant with CTIA Playbook?
While wiping out your database and starting over is not an admission of guilt, there are a few questions to ask yourself before you panic and attempt to emulate what brands like Abercrombie & Fitch, Sonic, Target, and Bed, Beth, & Beyond have all done this week.
1. Was the call to action in our advertising clear to the consumer and compliant with MMA and CTA guidelines?
2. Was the opt-in confirmation message we sent new subscribers compliant with MMA and CTA guidelines?
3. Is our current messaging content still related to the original program the subscriber opted in to?
4. Do we include "Reply STOP to opt-out" at the end of our messaging campaigns?
5. If we used a webform for opt-in, did we provide an empty check box with a link to our CTIA compliant mobile T&C's?
6. If we used a webform for opt-in, did we immediately send a double-opt in confirmation request to verify the handset?
7. If we used a webform for opt-in, did we receive the handset verification as a pin number or "YES"?
8. Do we still have all single or double opt-in confirmation message on file with a time stamp?
Questions that CTIA and the FCC Should Clarify
Are we certain that the way the new TCPA rules are written, that these disclosures would even make sense to consumers opting in to an SMS messaging program?
Are we certain that the FCC intended for its new conditions to be disclosures and not merely rules of the road?
If they are intended to be disclosures, should those only be in the T&Cs, or should they also be in every call to action and opt-in confirmation message flow as well?
If the government were not shutdown, there is petition that would already be on file with the FCC seeking clarification on these and other questions. And we believe the FCC will respond similarly to their November 30 statement that clarified that the MMA-prescribed opt-out confirmation messages were not in violation of the TCPA.
According to FCC Commissioner Ajit Pai, “Hopefully, by making clear that the Act does not prohibit confirmation texts, we will end the litigation that has punished some companies for doing the right thing, as well as the threat of litigation that has deterred others from adopting a sound marketing practice.”
Conclusions for TCPA's Impact on SMS Programs and Threats of Litigation
Those who have refused or neglected to follow the CTIA's self-regulatory framework in the first place have always been at risk of lawsuits. We totally concede that these programs would absolutely need to reconfirm their subscribers and update their disclosures and terms moving forward. What nobody should concede is that this somehow invalidates other, valid consent agreements.
This is the problem with the rash, new best practices that some third party attorneys and self-appointed interpreters of TCPA have recently prescribed. They are rooted in the cost-analysis of litigation. Frivolous lawsuits are going to happen whether you destroy your database and start over or not. But best practices are not written or followed to prevent lawsuits. They are written and followed to protect consumers, provide a high standard of care, and provide companies the tools to defend their business practices and ultimately win lawsuits.