SMS compliance: the use of SMS messaging
In honor of SMS’s 20th anniversary late last year and the MMA CBP’s 7th edition we would like to provide you with some key information about mobile marketing compliance.
SMS messaging regulations
Since the passing of the US CAN-SPAM Act of 2003, it has been widely believed that commercial SMS and MMS messages were subject to the same opt-out consent and unsubscribe requirements as commercial email. While the CAN-SPAM Act of 2003 authorizes the Federal Communications Commission (FCC) to consider mobile messages when developing guidelines, the FCC has taken the position that text messages sent by automated broadcast systems are ‘automated calls’ and are therefore best covered under the Telephone Consumer Protection Act (TCPA) of 1991. Under the original Act, implied consent through a pre-existing business relationship and not opt-in consent was the standard for commercial telephonic communications and robo-calls.
On February 15, 2012 the FCC amended the TCPA to remove any ambiguity surrounding consent requirements for SMS, making it mandatory for businesses to receive “prior express written consent” before auto-dialing or texting consumers.
Industry self-regulation background
In 2003 the MMA published its first set of ethical guidelines for mobile marketers. Now a global-facing document, the MMA Code of Conduct can be distilled into the following privacy principles:
- Adequate notice.Whenever requesting a mobile phone number marketers should inform consumers that they will be receiving SMS messages from a concrete shortcode-based program.
- Opt-in consent. Regardless of offline, online or handset-originating acquisition, consumers may not be automatically enrolled into an SMS program. Consumers must first give their express (opt-in) consent by knowingly volunteering their mobile number or using a handset-originating command to join the program. Submissions through online forms require a double opt-in.
- Opting out. Users should also know the ways to opt-out of a program, how to get help from their handset and where to reference terms and conditions, as well as the fact that message and data rates may apply when participating in an SMS program.
While advocated, the Code was not enforced and there were no concrete rules it’s practical application. The shift to robust self-regulation came in 2007 when the Florida Attorney General’s Cybercrime Taskforce aggressively pursued affiliate networks and mobile carriers who enabled the proliferation of deceptive premium-rated mobile programs. The AG’s actions resulted in a number of key settlements, the terms of which became the backbone of the MMA CBP and carrier-specific monitoring and enforcement playbooks. This self-regulatory schema has evolved steadily over the past 7 years and is currently administered by the custodians of US shortcodes, the CTIA. In 2012 the CTIA, in collaboration with wireless carriers and industry auditors, developed a consolidated Common Shortcode Monitoring Compliance Playbook for SMS marketers.
Regulatory win for consumer best practices
The FCC’s amendments to the TCPA resulted in unintended consequences for MMA-compliant senders who were subjected to threats of civil suits for alleged violations under the Act. On November 30, the FCC clarified that MMA-prescribed confirmation messages were not in violation of the TCPA. According to FCC Commissioner Ajit Pai, “Hopefully, by making clear that the Act does not prohibit confirmation texts, we will end the litigation that has punished some companies for doing the right thing, as well as the threat of litigation that has deterred others from adopting a sound marketing practice.”
And while not an explicit endorsement, the FCC Commissioner’s comments in support of “sound marketing practices” should not be overlooked. Some marketers have already dealt with the consequences of breaking these rules by way of CTIA audits, program short codes being de-provisioned and private legal actions from consumers. With the TCPA updated to better reflect the state of privacy and practice in the industry today, rogue senders now have more reasons to worry.
Michael Puffer, one of our Experian mobile marketing experts at Experian Marketing Services, suggests you ask yourself the following questions when reviewing your mobile program: (HINT – If the answer is no, it might be time to take another look)
- Are you only sending mobile messages to those users that have provided express consent as defined by the MMA?
- As part of that consent, are all programs identified and are the instructions, primary and secondary charges ( message and data rates), program terms and privacy policies clearly displayed anywhere opt-ins are promoted?
- Are you ensuring that a user’s consent only applies to the specific program for which they opted-in, and not treated as a blanket approval for other programs?
- Are you double opting-in subscribers who are joining programs from Web forms and other methods? (In most cases, texting from a phone is the only time a single opt-in should be used.)
- Are you maintaining opt out (STOP) and assistance (HELP) mechanisms and communicating their use at the time opt-ins are collected?
- Are all opt-out requests honored no later than 72 hours after receipt?
If the answer to all of the above is YES, then you are well on your way to establishing a mutually respectful and beneficial relationship with your subscribers.
Learn more about the author, Alex Krylov