How TCPA affects your business
The TCPA stands for the Telephone Consumer Protection Act. It’s a U.S. federal law that restricts how marketers and companies can legally contact their customers or prospects via Automatic Telephone Dialing Systems (ATDS), prerecorded voice messages (robocalls), SMS messages and by fax.
Enacted by the Federal Communications Commission (FCC) in 1991, the TCPA is a strong statute, designed to protect consumers from text message and telemarketing spam. It means that companies can’t promote their products or services to anyone without getting that person’s prior express written consent, even if that person has already provided their contact details during the establishment of a business relationship.
As a Shopify merchant (Customer), you’ll automatically collect user (End User) details during the checkout process. So you need to be aware that you can’t just use go ahead and use those details for advertising your store and brand unless you’ve explicitly received your customer’s written or digital consent first.
If you’re a Shopify merchant (Customer) sending marketing-based text messages to people in the U.S. and Canada, you’re legally obliged to make sure you’re TCPA compliant.
It makes sense to follow the messaging principles and best practice guidelines set out by CTIA, as these are designed to protect End Users from spam text messages.
If you have End Users that reside in the EU, you will also need to make sure your marketing messages are GDPR compliant. Read this article for more information.
The Shopify checkout page is the ideal place to attract subscribers who want to hear about great offers and deals running in your store. By making a few simple changes to the way you collect customer data and to the checkout language that you use, you can achieve the necessary compliance that’ll keep both a federal court and your subscribers happy.
The key rules under the TCPA mean that unless the recipient has given their prior express written consent, in respect of advertising and marketing purposes, you must:
- Not call a residence before 8 am or after 9 pm (local time).
- Keep a Do Not Call (DNC) list of End Users who don’t wish to be contacted, and those requests must be honored for five years.
- Not contact a wireless number using auto-dialed or prerecorded calls or texts.
- Not contact a wired number (landline) using an autodialer or prerecorded voice system.
- Not send unsolicited marketing faxes.
- Provide an opt-out mechanism so recipients can easily withdraw their consent.
A detailed summary of the TCPA rules can be found here and if you fancy a lengthier read, here’s the statute in its entirety.
It’s possible for someone to file a lawsuit against you if you’re in breach of the TCPA. You could receive a fine of $500 for each violation. In extreme cases, where the violation is particularly excessive, fines may be imposed of up to $1,500 for each violation (three times the damages). The recipient may also seek an injunction.
Such fines can significantly mount up, as Papa Johns found out a few years ago. The pizza giant settled a class action lawsuit for an alleged $16.5 million after sending 500,000 illegal text messages.
If SMS campaigns are high up on your list of marketing activities, you might be wondering exactly what the TCPA SMS rules are, and how you can make sure your Shopify store is compliant.
When the TCPA was first established, text messages weren’t a thing, so they weren’t specifically mentioned in the legislation. Think back to 1991. Mobile phones were just emerging, in fact, the first mass-produced mobile (the Nokia 1011) wasn’t even released until 1992.
Fast forward to today, and text messages are considered the same as phone calls, according to the FCC. The TCPA rules have since been revised and now extend to text messaging.
Here’s what you need to know about TCPA SMS rules in general:
First and foremost, in order to send your End Users marketing text messages, you must obtain their prior express written consent. This can be via digital methods, such as a contact form, an email or a text. But the point is, the End Users must willingly opt-in to receive such communications.
If you obtain such consent on the checkout page, where the End Users confirm their consent by checking the box next to: “I agree to receive marketing text messages from [BRAND_NAME]”, you must ensure that such consent was obtained in accordance with the requirements of the CTIA and TCPA, that is, it must be “an explicit consent and be provided specifically in relation to the distribution of messages”.
Obtaining the user's consent to send the messages (in the subheading) together with obtaining consent for a discount (in the heading) can be regarded as “misleading the Users”. If it is proven, the Party is entitled to denounce such agreement and claim damages in accordance with the law.
When getting opt-ins, you must be specific about the type of text messages you’ll be sending including how often the subscriber is likely to receive them from you.
TCPA rules state that you must keep records of consent from each End User.
You must provide End Users with an opt-out mechanism that enables them to opt-out at any time, and provide instructions on how to do this. You must also provide a way for the subscriber to ask for help.
Specifically that means not sending your End Users any messages before 8 am in the morning and after 9 am at night (according to their local time zone).
You may have heard of the Cellular Telecommunications and Internet Association (CTIA) before, particularly in relation to the TCPA. The CTIA is a trade association, run by wireless carrier companies like T-Mobile and AT&T. It aims to protect consumers from unwanted messaging traffic.
Unlike the TCPA, the CTIA isn’t law. But it provides a set of best practice messaging guidelines that you should adhere to when you carry out SMS marketing campaigns. Those guidelines include making sure you’re requesting written consent for marketing messages and that you provide an opportunity for subscribers to revoke consent using keywords like “STOP” and ask for help with a keyword like “HELP”. You should also ensure you provide disclosures such as message and data rates.
While you can get sued if you’re found in breach of the TCPA, you can’t if you violate CTIA messaging principles. However, wireless carriers can block unwanted messaging traffic as they see fit, which will stop your SMS marketing campaign in its tracks.
The TCPA, with it being federal law, is the main issue to worry about when running SMS campaigns. Following the CTIA messaging principles will stand you in good stead for being TCPA compliant. It’s well worth taking some time to familiarize yourself with the TCPA rules and the CTIA messaging guidelines to make sure you fully understand them.
Automated marketing apps like Tobi can help you meet your compliance obligations. Both apps prompt you to put in place the required permissions, opt-out mechanism and transparent marketing language as you gather sign-ups and deliver your SMS campaigns.
To make sure Shopify stores are TCPA/CTIA compliant for when you send marketing messages, you should request consent from End Users at the point where they hand over their phone number to you.
You can ask End Users to sign-up to your marketing messages in a TCPA-compliant way as they go through your checkout process.
Within your Shopify store’s full terms and conditions, you should have a section that’s dedicated to your SMS marketing practices. There you should set out exactly how you’ll be contacting your End Users by text message in relation to promotional messages. We recommend you consult a legal professional who is familiar with the TCPA to help you put together the right legal wording for this.
Once you have consent, and you begin sending marketing campaigns, you should provide an opportunity to opt-out or ask for help, in every message that you send.