SMS Marketing Laws/Rules: The Ultimate Guide

Drive 20-40% of your revenue with Avada

Get Started

SMS marketing (or text marketing) makes it simple to reach customers directly at a relatively low cost. However, if you don’t adhere to SMS marketing laws/rules that are in place to protect customers, you risk incurring massive penalties and fines.

In this blog post, we’ll walk you through everything you need to know about SMS marketing laws/rules, including laws in the US, Canada, the EU, and the UK, together with best practices for leveraging SMS marketing legally.

Let’s get started!

The importance of following SMS marketing laws/rules

SMS marketing is an excellent way for brands to communicate promotions and offers to customers. Nevertheless, not all businesses follow SMS marketing rules in their engagement with customers.

Without an in-depth understanding of legal and proper protocol, businesses may unknowingly send unsolicited SMS messages and spam their audience with irrelevant information, offers, products, or services.

In addition, some businesses only want to gather personal data for other purposes (some potentially unethical) and have no intention of engaging with or providing value to customers.

In order to uphold the privacy and protection of personal data, the Cellular Telecommunications Industry Association (CTIA) was established to impose ethical text marketing practices.

Other organizations and stakeholders, like Federal Communications Commission (FCC), Mobile Marketing Association (MMA), and Federal Trade Commission (FTC), also control, regulate, or enforce rules that apply to SMS marketing.

Any business that uses SMS and MMS marketing to communicate with customers must comply with the rules put forth by these regulators. Companies that violate SMS marketing laws/rules will incur hefty penalties and fines.

SMS marketing laws/rules in the US

Electronic communications in the US are carefully regulated through strict SMS laws/rules. Besides these federal regulations, businesses must also observe all text messaging laws by state that may apply to their region.

In the US, 4 stakeholders oversee wireless device laws for texting:

• Cellular Telecommunications Industry Association (CTIA) - represents the wireless communications industry.

• Mobile Marketing Association (MMA) - encourages marketing transformation and innovation via mobile devices (like SMS marketing).

• Federal Communications Commission (FCC) - regulates electronic and media communications by wire, cable, satellite, TV, and radio.

• Federal Trade Commission (FTC) - protects users by dealing with complaints or violations that happen via media communications.

Generally, the CTIA and MMA advocate for ethical wireless communications and establish the best practices for mass SMS texting.

On the other hand, the FCC and FTC have legislative powers to enact laws, rules, regulations, and penalties for businesses.

Now, we will cover the two SMS privacy laws enforced in the US, including the Telephone Consumer Protection Act (TCPA) and the CAN-SPAM Act.

Telephone Consumer Protection Act (TCPA)

This law is the product of the FCC. The Telephone Consumer Protection Act (TCPA) is the main anti-telemarketing law as well as the leading regulator of SMS marketing.

Under this law, businesses may not send messages to users without their consent. Even if someone provides their phone number and has a long-standing relationship with the company, businesses cannot text them without written consent.

Companies are required to obtain explicit written consent (not verbal) to add anyone to their subscription list. Written consent does not refer to writing on paper but rather consent that is documented and saved.

When someone opts into SMS marketing campaigns, they must receive clear, conspicuous disclosure of the text messages they’ll receive. Also, they must agree to accept these text messages on their mobile device.

Below are several compliant ways for an individual to join your SMS marketing subscription database:

• Keyword texting. Users text a keyword from their mobile device in order to join your SMS subscriber list.

• Paper form. Users fill out a paper form that states clearly that they agree to receive text messages from a business.

• Online form. Online forms must explicitly state that the user is subscribing to receive text messages from a business once they provide their phone number.

• Website popups. You can place a popup form on your website to share details of your SMS programs and allow visitors to opt-in.

It is integral to be completely transparent with subscribers. Below is what contacts should expect to receive:

• A description of the program they’re subscribing to

• The approximate number of text messages they should expect to receive in a specific period (such as per week or month)

• A direct link to the terms and conditions of your privacy policy

• Clear instructions on how to opt-out/unsubscribe from receiving messages, and how they can get helpful information. Companies can provide a link with detailed information about these instructions.

Companies should send text messages via shortcodes, which include 5 or 6-digit phone numbers that prevent messages from getting flagged as spam. Using shortcodes makes sure that communications are well regulated by wireless carriers and CTIA guidelines.

Read more:

• TCPA Compliance Checklist for Sending SMS in US/CA
• How to Set up AVADA SMS Compliant with TCPA/CTIA

CAN-SPAM Act

The CAN-SPAM Act is the main text spam law in the US and works in conjunction with TCPA.

Under this law, the FCC can regulate commercial text messages sent to wireless devices to protect users from unwanted mobile commercial messages.

This law makes it illegal for brands to send unwanted text messages and requires that any commercial text message be easily identifiable by the receiver as an advertisement. Users must also be able to unsubscribe from receiving messages.

The law doesn’t apply to messages regarding existing transactions or relationships, like delivery notifications.

Related topic: What is the CAN-SPAM Act? Everything Email Marketers Should Know

SMS marketing laws/rules in Canada

Canada enforced Canada’s Anti-Spam Legislation (CASL) in 2014. This law is similar to the TCPA.

Canada’s Anti-Spam Legislation (CASL)

Under this law, businesses that wish to send electronic messages to customers must fulfill three core requirements:

• Get consent
• Provide identification info
• Provide an unsubscribe mechanism

There are also 2 avenues for getting consent: implied and express

• Implied consent. This refers to an individual disclosing or providing their contact info to a business, thus giving consent.

• Express consent. This refers to an individual explicitly agreeing to receive e-communications from a business.

SMS marketing laws/rules in the EU

The EU also has SMS laws/rules regarding e-communications, namely the General Data Protection Regulation (GDPR).

General Data Protection Regulation (GDPR)

Enacted in May 2018, the GDPR applies to any country that wishes to do business with the EU or use EU citizens’ personal data.

Businesses must adhere to the 7 following principles to be GDPR-compliant:

1. Get consent
2. Report any security breaches to users within 72 hours
3. Provide users the right to access their personal information
4. Provide users the right to reuse their personal information outside the business
5. Provide users the right to have their information erased completely
6. Apply appropriate security measures to safeguard data collection
7. Be able to appoint a Data Protection Officer (DPO) if necessary

The law applies to all commercial SMS messages and data security in general. So, GDPR may affect other aspects of a business’s marketing activities.

Related topic: GDPR Email Marketing: Everything You Need to Know

SMS marketing laws/rules in the UK

The UK enacts supporting regulations in conjunction with the GDPR, including the Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act.

Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act

The Privacy and Electronic Communications Regulations (PECR) apply to any e-marketing methods and website tracking (such as cookies) as well as their respective security measures and privacy rights.

The Data Protection Act regulates how companies can store and use users’ personal information. Under this act, personal information must be used “fairly, lawfully, and transparently.” Companies can only use appropriate and relevant data and cannot store the data longer than necessary.

Similar to GDPR principles, users have the right to know how their information is being used or have information updated or erased.

What are the penalties and fines for not adhering to SMS marketing laws/rules?

Now that we know what the SMS marketing laws/rules are, it’s essential to recognize the penalties and fines for breaking them. Understanding what’s at stake provides better insight into how your company can avoid these damages.

Telephone Consumer Protection Act (TCPA)

If a business breaks the TCPA’s terms, users can file a lawsuit. They can receive:

• Up to $500 for each violation of unsolicited phone calls
• Up to $1,500 for breaches of phone and text message solicitations

There are actually no caps on statutory damages, which means violations can lead to thousands of dollars.

CAN-SPAM Act

For each violation, the CAN-SPAM Act can cost businesses up to $16,000. There are no maximum penalties.

Remember that other agencies (such as the FCC or state agencies) can also enforce the act for more variable financial penalties.

Canada’s Anti-Spam Legislation (CASL)

Businesses that don’t comply with CASL face civil charges, criminal charges, personal liability for employees and officers, and financial fines of up to $10 million.

General Data Protection Regulation (GDPR)

When it comes to GDPR penalties, there are two tiers.

The first one is for violating any articles relating to controllers and processors, monitoring bodies, and certification bodies. The penalties for these cases can be as much as €10 million or 2% of the company’s worldwide annual revenue, whichever is higher.

The second one is for violating articles relating to consent, data subjects’ rights, processing, and transferring information to other organizations. These violations can result in a fine of $20 million or 4% of the company’s worldwide annual revenue, whichever is higher.

Privacy and Electronic Communications Regulations (PECR) and the Data Protection Act

When violating the PECR, the maximum penalty is about €500,000 or $630,000. Violating the Data Protection Act can cost up to £17.5 million, or 4% of annual global turnover, whichever is higher.

6 ways to leverage SMS marketing legally

The potential for penalties and fines might discourage some companies from using SMS marketing. However, this channel is too effective to ignore. Below are several ways to fulfill SMS marketing laws/rules while successfully marketing your business:

1. Include all essential information for express written consent

Consent is the most vital aspect of compliance. No matter if your business uses shortcodes, online forms, or paper forms, the written consent must be explicit, transparent, and comprehensive for subscribers to agree to the conditions.

There are several ways customers can give consent to receive your text messages, such as:

• Send a keyword-based on an ad that includes the required terms
• Enter their phone number into your web form online with the required terms
• Sign-up in person at a physical location via a form with required terms

Note: You are not allowed to require users to opt into your text program as a condition to buy property, goods, or services.

To get express written consent, your first message to new subscribers should include all of the necessary information, including:

• Your business name
• Messaging reason
• Message frequency
• Rates disclaimer
• Privacy policy and terms
• Opt-out/help instructions

Below is a simple template to you get started:

Hi {first_name}, thanks for signing up to receive updates from {brand_name}! We’ll send you personalized deals every week. Up to 4 msgs/month. Msg and data rates may apply. Reply HELP to review terms, STOP to cancel.”

2. Use keyword shortcodes

A keyword shortcode is a word/phrase that customers can text to a particular number to sign up for your text messages. Companies can provide that keyword to customers within a CTIA-compliant disclaimer that includes all components of express written consent. When customers respond with the keyword, they’ve provided consent.

These messages can be displayed via signs on-site or through text and email. A physical sign might list the URL subscribers can use to access the terms and conditions.

3. Consider double opt-ins

Double opt-ins are the safest way to ensure the legality of your text messages. Once a subscriber has provided their phone number, send a text message asking them to confirm their decision by replying “Yes” or “No.” Double opt-ins erase any doubt that a keyword message or email subscription didn’t acquire the subscriber’s express written consent.

4. Maintain your commitments

Text message campaigns experience the highest open rates of all marketing channels. This can tempt businesses to inundate their subscribers with SMS notifications. However, contacting customers too frequently can put you at risk of legal violations and damage your brand image.

SMS marketing laws/rules ensure businesses commit to their promised texting schedule. By adhering to these laws/rules, your text messaging will remain an infrequent surprise, and recipients will be less likely to feel annoyed and perceive your messages as spam.

5. Offer an incentive

Offer value to subscribers who sign up for your text messages. For instance, subscribers could receive attractive discounts, limited-time offers, or additional features to your core services (i.e., delivery tracking or real-time alerts).

Consider how your favorite brands convinced you to provide your phone number, and then see how your company might use a similar approach.

6. Pay attention to what you can’t text

The CTIA sets rules and best practices for the SMS marketing industry, and one of these rules is known as SHAFT - sex, hate, alcohol, firearms, and tobacco.

Including content related to any of these content in your CTA (call to action) or your messages is one of the highest violations, and may result in an immediate ban.

However, there are a few exceptions to this rule. For instance, if you operate a bar, you may still be able to send messages about special occasions. But it’s crucial that you operate on a dedicated toll-free number and include an age-gate preventing under 21 years old from signing up for your messages.

Read more: SMS and MMS Prohibited Content

Compliant SMS marketing with AVADA Commerce

SMS marketing laws/rules exist to protect customers. They have the right to know what they’re subscribing to and know that businesses are using their personal information with respect, care, and protection. As long as your company is attentive in keeping up with these guidelines, you will be good to go.

If you need more guidance on SMS marketing compliance and want to ensure you are abiding by SMS marketing laws, reach out to AVADA Commerce today!

AVADA Commerce believes in the importance of customer experience as well as aims to provide easy-to-integrate text messaging solutions for your business. Learn more about AVADA Commerce and sign up for a free trial to kickstart your SMS marketing campaign today!

TRY AVADA SMS MARKETING FOR FREE