Guide to Mass Texting Laws in the United States & Internationally – 2023
Important Note: This page is just a general guideline and laws are subject to change at any time. Before sending text messages in your state you should check the current local laws or contact an attorney. We assume no responsibility in any legal issues that may arise in your sending of text messages.
Bulk SMS messaging is a popular strategy companies use to get their message into the open. However, there are strict rules governing mass texting. Mass texting laws are there to protect the consumer from spam.
Understanding the various rules and regulations impacting not just the U.S. but Europe, the UK, and Australia is vital because penalties for breaking mass texting laws are steep.
If you decide to adopt DialMyCalls into your marketing mix, your business is responsible for ensuring full compliance with text spam laws.
United States Mass Texting Laws
Is spam texting illegal? Always.
Is it illegal to text random numbers? Also, yes, because you need to obtain consent.
Most texting rules in the U.S. refer to auto-dialers. These are devices that store people’s numbers and automatically dial the number. Although DialMyCalls is not strictly an auto-dialer, most legislation regarding SMS rules was written 20 years ago. As a business, it’s always better to err on the side of caution and assume you are using an auto-dialer.
TCPA – Telephone Consumer Protection Act
The Telephone Consumer Protection Act (TCPA) has been in place since 1991. It was passed in response to the increasing number of annoying calls from telemarketers. With consumer complaints increasing, Congress acted to bring in the TCPA.
Even though its original purpose was to prevent calls, it has since been extended to cold text messages.
The relevant part of the TCPA is the concept of consent. You must receive explicit consent to make your SMS marketing legal. In other words, you cannot throw out random texts to a contact list.
Unfortunately, there’s a gray area with consent. If a consumer gave you their number, does that count as consent? Can a business text you without permission given explicitly for marketing texts?
It’s a tricky area, but generally, you should always look to obtain consent via an opt-in strategy to stay on the safe side.
Penalties for violations of texting laws are steep. Financial penalties for breaking the TCPA are currently set at $500 to $1500. Note that these penalties apply to each violation rather than each campaign.
For example, if you launch a soliciting via text campaign and send your message to 1,000 people who didn’t give their consent, you could be on the hook for $500,000.
CAN-SPAM Act – Controlling the Assault of Non-Solicited Pornography and Marketing Act
The CAN-SPAM Act is another piece of legislation regulating unsolicited electronic messaging from businesses.
Under the terms of the CAN-SPAM Act, the FCC must issue rules regarding commercial electronic messages. While it mainly applies to email, it also applies to SMS text messages sent from wireless devices like cell phones.
The act made it illegal to send unsolicited messages. Any communications sent must make it clear that the message is an advertisement. It also must provide a clear link to where a person can decline further SMS communications.
These SMS marketing regulations only apply to those consumers you don’t have an existing relationship with. In other words, if sending a delivery notification or an interview confirmation, CAN-SPAM wouldn’t apply because you already have a relationship with the receiver.
The CAN-SPAM Act shares the same penalties as the TCPA. Fines per individual violation range from $500 to $1,500.
In theory, you could be penalized separately under both laws if you’re found in violation. It’s another reason why obeying these FCC text message regulations is essential.
CTIA – Cellular Telecommunications Industry Association
The Cellular Telecommunications Industry Association (CTIA) rules differ from TCPA and CAN-SPAM because CTIA rules are regulations, not laws.
Carriers have developed CTIA regulations to protect consumers rather than an act passed by Congress. It doesn’t mean you still don’t need to comply with these rules, however, as the chances are if you’re violating CTIA, you’re also violating various text messaging laws by state.
CTIA is also all about consent. To achieve compliance with the CTIA, you need to follow the rules on revealing the express purpose of your campaign, what the receiver can expect to hear about, how often you’ll be texting them, data rates, and how they can opt-out of receiving any further communications.
Understand that CTIA compliance is relatively simple to achieve because most components also form part of TCPA and CAN-SPAM.
The CTIA is not an unsolicited text messages law. For this reason, you cannot find yourself in hot water with the authorities if you fail to follow your carrier’s guidelines.
You can, however, be blocked from the network. Your number may be permanently blocked, and your company may be unable to send further texts.
Since there’s so much overlap between CTIA and other texting laws, breaking one will likely mean breaking the other, so it’s important to be aware that CTIA compliance is as essential as obeying the law.
International SMS Spam Rules & Laws
If you’re a company thinking about going international, you must be aware of overseas SMS marketing laws. There are similarities between international legislation and domestic legislation, but there are also differences.
Before implementing SMS marketing solutions in a new geographical market, familiarize yourself with local laws to ensure you don’t break some obscure text law.
Europe: GDPR – General Data Protection Regulation
The General Data Protection Regulation (GDPR) is legislation passed by the European Union (EU) to protect consumers’ privacy. Typically, the GDPR rules have gone much further than any legislation passed by the U.S. authorities.
Most people mistakenly believe GDPR refers to website cookies and email communications. GDPR is perhaps the most extensive piece of data protection and privacy legislation in the world.
It also extends to SMS marketing, forcing businesses to seek permission to send texts. However, your opt-in method must explicitly state that the consumer will receive marketing messages. Just because you have messaged someone in the past about something else doesn’t mean you have permission to subsequently send marketing messages.
GDPR also prohibits sending marketing texts at unsociable hours.
Penalties are far more severe under GDPR than under U.S. laws. Each violation invites a potential fine of 1,000 Euros, which is more than $1,000.
Although enforcement of GDPR has been spotty over the years, there has been an increase in enforcement action in the last few years.
Canada: CASL – Canada’s Anti-Spam Legislation
Canada also has its own legislation American businesses must be aware of. This law is Canada’s Anti-Spam Legislation (CASL) and is there to protect Canadian citizens from both spam and malware.
It applies to all Commercial Electronic Messages, meaning email, SMS, and Bluetooth. It also covers any promotion of a commercial service.
The rules of CASL pertain to obtaining express consent. Under the 2014 legislation, there are two types of consent:
- Implied Consent – Consent is obtained automatically via an established relationship between a consumer and a business.
- Express Consent – The receiver has explicitly said they wish to receive promotional materials from you, either orally or in writing.
Note that CASL states that implied consent has an expiry date of two years. You either need to obtain new implied consent or get express consent to continue sending messages.
Penalties for breaking these texting laws vary wildly. The most common penalties promoted by the authorities are Administrative Monetary Penalties (AMPs).
AMPs for the most serious violations of these laws could be up to $1 million per individual violation for individuals and up to $10 million for businesses per violation. These are among the most severe penalties in the world.
United Kingdom: PECR & DPA – Privacy and Electronic Communications Regulations & Data Protection Act
The UK has a confusing patchwork of regulations in place. Combined is the Privacy and Electronic Communications Regulations & Data Protection Act (PECR & DPA). These protect the data and personal information of people located in the UK. Moreover, they regulate how businesses can contact customers with SMS marketing material.
Moreover, there’s also the UK-GDPR, which is the post-Brexit GDPR regulation. It is basically identical to its European equivalent.
Remaining compliant with the UK’s legislation is much the same as remaining compliant with other marketing and campaign texting laws throughout the world.
You must tell individual subscribers that you’re collecting their information, get express consent for any reverse searches, and give them the option to opt out of receiving any further messages. Note that you will also be required to correct or remove data entries for free if a consumer makes such a request.
Violations of the UK’s laws on text marketing are severe. The Information Commissioner is able to serve a penalty of up to £500,000 to companies or their directors.
In more serious cases, criminal prosecution and non-criminal enforcement are also possible.
Unlike in other countries, a company director can go to jail for violating the above regulations.
Australia: Spam Act
The 2003 Australian Spam Act is a piece of legislation enforced by the Australian Communications and Media Authority (ACMA). It regulates spam via electronic communication throughout the country, including SMS messages.
There are several requirements companies need to follow to comply with texting laws in Australia, but most of the requirements fall in line with those of other countries.
Are unsolicited texts illegal in Australia? The answer is yes. To invest in automated SMS marketing messages throughout Australia, you’ll need to comply with three main requirements.
Firstly, you must obtain proper consent, either explicit or inferred. You’ll also need to provide your contact details and identification information when sending out messages. Finally, you’ll need to ensure that you include a link or other mechanism to allow someone to opt-out immediately.
The ACMA is responsible for taking complaints from consumers and taking enforcement action. Fines can result in a $220,000 AUD penalty for a single breach. Subsequent breaches could lead to a $2.1 million AUD fine per breach.
Texting Laws in General
Truthfully, most texting laws are largely the same. If you comply with one, the chances are you comply with all of them.
Certain principles apply worldwide, mainly concerning consent.
Can a company text you without consent? The answer is always no, so let’s run through the steps you need to take to ensure your compliance.
Get Written Consent
The first step is to obtain written consent from the person you want to send a message to. There are plenty of ways you can get written consent from somebody. It could be by texting a keyword back to you, ticking a box on a web form, or filling out a physical form.
Written consent is a concept that has been explicitly outlined in the above legislation. Make sure you read through each country’s legislation to check what is acceptable.
You may also obtain what is known as implied or inferred consent. Relying on implied consent is something of a grey area because there’s little way to prove that someone gave their consent. Someone who has an existing relationship with your business would have a form of implied consent in place.
For example, if someone has signed up for your email newsletter, this would imply that they have given their consent to receive promotional messages via other channels, such as SMS.
Unfortunately, the burden of proof is on your business if legal action is ever taken. Emphasize written consent over implied consent because that gives you solid evidence you can produce if audited.
Moreover, some countries like Canada have a set expiry date on implied consent. In Canada, if you’ve yet to obtain written consent from a consumer within two years of the implied consent period, you’re no longer legally allowed to continue messaging them.
Is it necessary to confirm that someone has consented to receive marketing materials from you via SMS?
Double opt-in is not a legal requirement in many countries. You can decide on a single opt-in, but there are reasons why you should go further than basic compliance in this respect.
With penalties being so high for violations of texting laws, it doesn’t make sense to take an unnecessary risk. Many business owners believe that adding an extra step in the consent process decreases the chances of people opting in.
While this may be true, someone who really wants to receive promotional messages from you will not turn away because they need to text a keyword back or click on a confirmation link. You want people who’re excited to receive messages from you on your list because these are the people most likely to take advantage of your offers.
Finally, double opt-in protects you from receiving penalties and fines from a country’s regulatory body. It shows that you’ve gone above and beyond to receive consent from everybody on your contact list. And there’s certainly no harm in that.
Provide Opt-Out Opportunities
Most of the focus of these laws is on obtaining consent before sending out messages. However, you also need to provide opt-out opportunities under these laws. Consent is not a permanent or perpetual concept. Consumers have the right to withdraw their consent at any point for any reason, and you need to respect that.
Every country has variations regarding opt-out procedures. You’re always required to provide an option to opt out, such as through a link or by texting a keyword back to you. Whatever platform you’re using, make sure a clear opt-out forms part of your messages.
It’s also important to be aware that many countries may require you to remove customer data after they opt-out.
Countries like the UK only require you to scrub your records if the consumer specifically requests it. You’ll also need to do it free of charge.
Others don’t say much about your obligation to delete data after someone expresses their desire to be removed from your contact list. Generally, it’s best to delete unnecessary data after a set period to protect your consumers’ privacy.
General Penalties for Breaking Texting Laws
Penalties for breaking texting laws are severe. To avoid major multinationals accepting a fine as a cost of doing business, legislation has been framed to incorporate fines per violation. In other words, some countries could see you fined half-a-million dollars per unsolicited text communication you send.
Large-scale campaigns could potentially lead to millions in penalties. The scale of these monetary penalties could mean losing your entire business.
Countries like the UK have also included the possibility of criminal action in their SMS laws. All company directors involved in running an organization could be taken to court and charged in the most severe cases.
In the past, many companies have skirted the laws and got away with it. Initial enforcement action was spotty because it typically required consumers to make a complaint before an investigation could begin. Authorities are increasingly taking proactive action by auditing companies and their data protection and privacy systems.
Failing an audit could also lead to financial penalties. In some jurisdictions, subsequent breaches could see your fines increase exponentially.
Avoid Breaking Texting Laws with the DialMyCalls Automated Texting Platform
At DialMyCalls, we understand how complex complying with domestic and overseas legislation can be. Our automated texting platform is designed with compliance in mind. You get all the tools you need to organize your contact list, obtain consent, and maintain accurate records.
Streamline your approach to SMS marketing and communications with the state-of-the-art auto texting platform that empowers you to control everything from a single automated dashboard.
To learn more about SMS marketing compliance, contact us now.