Text messaging is all the rage these days. Even brands are jumping on the bandwagon. The problem for you is that in the eyes of regulators (here in the US) a text message is no different then a call. If you are sending text messages to your consumers, or are thinking about it, you need to understand the Telephone Consumer Protection Act (TCPA). Failure to do so may bring some pretty hefty monetary consequences, as some have found:
- Papa Johns faces a $250 million class action suit for allegedly sending 500,000 text messages without obtaining consent.
- A class action against Coca-Cola for unsolicited text messages was allowed to proceed to discovery, and Coca-Cola faces an indeterminately large judgment.
- Domino’s pays almost $10 million dollars to settle TCPA suit.
- Overall, suits filed under the TCPA are on the rise. With a fine of $1,500 per unsolicited text message (with no cap), that can be some serious green.
I am going to focus on the rules that are coming down the way, which are a bit more stringent than previous, specifically with respect to the “established business relationship” exemption. In fact, there will no longer be such an exemption.
For the purposes of this blog, the TCPA covers any autodialed calls, or texts sent to a mobile device. It does not cover texts that are manually entered. So, any system that sends out messages will be the subject of the TCPA.
You need prior express written consent to be able to send these types of messages. Yes, the TCPA does state “express written consent.” This has been a part of the regulation for a while, but the changes effective in October go further and say “unambiguous written consent.”
Again, text messages are covered by the TCPA. I think it is even more problematic than regular phone calls, to be honest. You have the ability to send thousands of text messages very quickly. If your processes are faulty, each of them has a $1,500 bill. You thought your text messaging plan was expensive.
You need written consent to send an unsolicited message to a mobile device. In order for this consent to be acceptable, you need to record that transaction in some way. E-sign is acceptable, but you must be able to prove the process. E-sign is easy, but it is only one part of the puzzle. You have to have good consumer consent language in there, including the wonderful “standard text and data rates may apply.” I think you should go further and state emphatically that “by providing us your mobile device number, you are consenting to the receipt of text messages from us.” When accepted by the user, you need to record timestamp, and an identification of where the user came from, say an IP address.
The burden of proof in a TCPA lawsuit is not on the person receiving the text message. You are guilty until proven innocent. TCPA presupposes that you did not have consent. You have to prove that you had their consent. Prove your process, show the data record of the signature ceremony, and you might be okay. Your language will be challenged, in form and substance. If you were to ask me, I would say that you need to go further than what you think you should minimally do. Even a few tens of thousands of dollars is a small price when compared to a possible $250 million dollar class action.
If you use a short code to allow your consumers to text you easily, you are familiar with aggregators. These are companies that handle working with individual carriers to implement short codes. These arrangements may also allow you the ability to send thousands of text messages through their systems. These companies get deep discounts from the carriers. Even when they add a service fee on top of it, your costs are still less than what you would do with each carrier individually, and you don’t have to worry about negotiating each of those agreements.
Apart from cost, the other nice thing about aggregators is that they are incented to maintain a good relationship with the carrier. With the specter of the TCPA hanging over their head, and the carriers, they will ensure that your processes are compliant. When you first engage with an aggregator to do this, you will probably have to show them in intimate detail what you are doing, including the exact words of your disclosure. They have sufficient experience in this space to highlight when your language may not be strong enough. Listen to them.
With every regulation, there are exceptions. TCPA is no different. As of October, you will no longer be able to rely on the established business relationship. I think this is a realization that it is generally easy enough to setup systems that properly inform existing consumers. There is probably even a way to do it when they merely fill out a user profile page. There are some difficulties there, I think as well, though. If it is a just a profile page and you are getting consent for text messaging, a good argument could be made that the user was confused. It is probably better to have a page dedicated to this.
The other exception is emergency type messages. There is a good policy argument here for this exception. Why should I worry about your consent when I am texting you about a threat to your life. The TCPA doesn’t specifically restrict this to life threatening situations to my read. So, if you want to notify a user of something that is a threat to a user, such as identity theft, or a pending depletion of all their monies from an account, I think you might be ok. That being said, I would still recommend some sort of disclosure when your user gives up their mobile device number. Do not rely on number harvesting from other programs, give your users some ability to give you their numbers.
If you are contacting users on their mobile device, why not use the functionality built into the mobile operating system. The TCPA does not cover push notifications sent that way. I think the regulators haven’t caught up to technology, but there is a good argument to support this. Users have control over push notifications on their device. They can turn you off. Dirty little secret though – there is some functionality in both iOS and Android that can bypass this as well. The TCPA will catch up. Think about what your users want and expect from you and their reactions when you use push notifications and you should be ok. Do the right thing by your users.
New Economy, Old Rules
The TCPA was enacted in 1991. There are lots of experts out there on the telephone based part of this. If your company has done any sort of telemarketing you will have legal advice galore on it. If you are a small start-up, you do not have that advantage, and this law will come as a surprise. You need to pay attention to it as the monetary liability is enough to suck down your entire company. Do you have enough funding to pay off a $250 million dollar judgment. I think not.