Privacy Advisor

Ask the Privacy Expert

March 1, 2007

Readers are encouraged to submit their questions to media@privacyassociation.org. This e-mail address is being protected from spam bots, you need JavaScript enabled to view it We will tap the expertise of IAPP members to answer your questions.

Elise Berkower, CIPP
QDo any laws cover the sending of marketing messages to cell phones?

AIn the U.S. there are some statutory and regulatory restrictions on sending promotional messages to cell phones and other wireless devices. (Much of the impetus for regulation arose from the fact that consumers have to pay to receive these messages.) The laws and rules that intersect in this space are CAN-SPAM (Controlling the Assault of Non-Solicited Pornography and Marketing Act) (15 USC §§7701-7713) and the Federal Communications Commission's (FCC) Wireless Email Rule (64 CFR §64.3100), which was promulgated pursuant to CAN-SPAM and covers "mobile service commercial messages"; and the Telemarketing and Consumer Fraud and Abuse Prevention Act (TCFAP) (15 USC §6101-6108), the Telephone Consumer Protection Act (TCPA) (47 USC §227), and the Telemarketing Sales Rule (TSR) (16 CFR §310.1 et seq.) along with the national Do Not Call registry that the Federal Trade Commision (FTC) maintains (www.donotcall.gov). Some states also have their own Do Not Call registries, so telemarketers have to be familiar with those laws, too.

The easiest way to figure out which laws and rules apply to a promotional message is to look at the destination to which the message is being sent. If the destination is an email address - with a "@" and a domain - CAN-SPAM and the FCC's wireless email rule apply. If the destination is a telephone number, then the TCFAP, TCPA and TSR apply.

CAN-SPAM covers traditional email messages, as well as text (also known as SMS or Short Message Service) messages, and MMS (Multi-media Messaging Service) messages that contain graphics, video and audio components. These formats all fall within the FCC's definition of a "Mobile Service Commercial Message" (MSCM), assuming that the primary purpose of the message is commercial.

Under CAN-SPAM, wireless service providers were supposed to create special domains for their customers to use for sending and receiving "mobile service messages." These specific domains are required to be listed on the FCC's Wireless Domain Registry (available at www.fcc.gov/cgb/policy/ DomainNameDownload.html).

If the primary purpose of a "mobile service message" is commercial, the sender needs "express prior authorization" from the recipient to send it. "Express prior authorization" can be obtained by oral or written means, including electronic methods. A sender may obtain the subscriber's express prior authorization to transmit MSCMs to that subscriber in writing. Written authorization may be obtained in paper form or via an electronic means, such as an electronic mail message from the subscriber. It must include the subscriber's signature and the electronic mail address to which MSCMs may be sent. Senders who choose to obtain authorization in oral format also are expected to take reasonable steps to ensure that such authorization can be verified.

Because the consent standard for sending Mobile Service Commercial Messages is so high, the usual practice is for commercial emailers and Email Service Providers (ESPs) to block all emails going to the domains listed on the FCC's Wireless Domain Registry.

But, in its "Primary Purpose" Rule (16 CFR §316.3), the FTC recognized that emails can contain mixed content, i.e., both commercial content and content that is not commercial. If an analysis of a message intended to be sent to an email address that contains a domain listed on the FCC's Wireless Domain Registry concludes that the primary purpose of a mixed content message is NOT commercial, then the sender doesn't need the recipient's express consent to send it. It should be noted that the "express consent" requirement does not pertain to forwarded messages, unless there's an inducement or consideration offered for forwarding the message.

The TCPA and TSR also cover telemarketing SMS (text) as well as voice messages.

The TCPA was enacted in 1991 to address certain telemarketing practices, including calls to wireless telephone numbers, which Congress found to be an invasion of consumer privacy and even a risk to public safety. The TCPA specifically prohibits calls using an automatic telephone dialing system or artificial or prerecorded message "to any telephone number assigned to a paging service, cellular telephone service, specialized mobile radio service, or other common carrier service, or any service for which the called party is charged." (47 USC §227[b][1][A][iii]). The TCPA defines an "automatic telephone dialing system" as "equipment which has the capacity (A) to store or produce telephone numbers to be called, using a random or sequential number generator; and (B) to dial such numbers." (47 USC §227[a][1]) The CAN-SPAM Act provides that "[n]othing in this Act shall be interpreted to preclude or override the applicability" of the TCPA. (15 USC §7712[a]).

In 2003, the FCC released a Report and Order in which it reaffirmed that the TCPA prohibits any call using an automatic telephone dialing system or an artificial or prerecorded message to any wireless telephone number. This includes both voice calls and SMS text messaging calls to wireless phone numbers.

The Telemarketing and Consumer Fraud and Abuse Prevention Act (TCFAP) gave the FTC the authority to promulgate the Telemarketing Sales Rule (TSR) (16 CFR §310.1 et seq.). The TSR prohibits telemarketers from engaging in various deceptive acts or practices, and imposes recordkeeping requirements. One section of the TSR created the National Do Not Call Registry (16 CFR §310.4[b][1][iii][B]). If a wireless telephone number is listed on the National Do Not Call Registry, a marketer is prohibited from calling that number unless it has an "established business relationship" with the consumer. An "established business relationship" is defined as "a relationship between a seller and a consumer based on (1) The consumer's purchase, rental, or lease of the seller's goods or services or a financial transaction between the consumer and seller, within the eighteen (18) months immediately preceding the date of a telemarketing call; or (2) The consumer's inquiry or application regarding a product or service offered by the seller, within the three months immediately preceding the date of a telemarketing call." (16 CFR §310.2[n]).

As marketers seek to utilize new technologies to promote their products, they need to become familiar with existing laws under which their activities may fall, as well as to keep abreast of new legislation that may affect the ways they interact with their existing and prospective customers.


Elise Berkower, an attorney and CIPP, is the Executive Vice President of Privacy Strategy at Chapell & Associates, a leading strategic consulting firm focusing on privacy, marketing and public policy. Prior to joining Chapell & Associates, she served as DoubleClick's Senior Privacy Compliance Officer for six years, helping DoubleClick's ad serving, search, Web site analytics, email and direct marketing clients address privacy issues. She participates in many privacy and technology industry groups, and is a member of the Advisory Board of The Privacy Advisor. She can be reached at elise@chapellassociates.com. This e-mail address is being protected from spam bots, you need JavaScript enabled to view it



This response represents the personal opinion of our expert (and not that of his/her employer), and cannot be considered to be legal advice. If you need legal advice on the issues raised by this question, we recommend that you seek legal guidance from an attorney familiar with these laws.