Text Messaging

We all know that text messaging compliance is a big deal. If not followed correctly you can face fines, lawsuits, angry customers, and loss of revenue. That said, in emergencies, those regulations have exceptions. During emergencies, such as the global pandemic we are currently experiencing, you can actually text people who have opted-out, something that would normally result in huge consequences.

The reason for this flex in regulations during emergencies is the need to communicate critical information. For example, a university may need to text all students on campus about an emergency, even if they’ve opted out of other text messages. Companies may need to let customers know about changes in services, and clinics will need to inform patients about visits and office changes.

Here’s what you need to know about different regulations across the globe during times of emergency:

TCPA and CCPA (United States)

The TCPA governs compliance guidelines around text messaging in the United States. The guidelines focus heavily on controlling SPAM communications in phone, email and text messaging. TCPA requires companies to obtain prior express consent before making automated calls or text messages to wireless numbers. But, in times of emergency, there are exceptions.

  • The TCPA provides an express exception from the consent requirement for communications that are made for emergency purposes. FCC regulations define emergency purposes as “situations affecting the health and safety of consumers.”
  • For example, universities can rely on the emergency purpose exception to make automated calls and send automated text messages, as long as the messages concern the health and safety of students and faculty. Examples of permitted messages include those regarding weather closures and dangerous persons.
  • The California Consumer Privacy Act (CCPA) went into effect on January 1, 2020, and its enforcement is currently set to begin in July. 60+ organizations have asked the Attorney General to delay the enforcement of CCPA amidst the coronavirus crisis but the request has been denied.

GDPR (Europe)

The General Data Protection Regulation (GDPR) is a mandatory compliance law that all individuals and businesses operating within the European Union (EU) and European Economic Area (EEA) must follow. It came into effect on May 25th, 2018, and covers all forms of communications, including telephone, email and text messaging. Here’s what we know about GDPR during times of crisis:

  • GDPR allows “competent public health authorities and employers” to process personal data in the context of an epidemic, so “there is no need to rely on consent of individuals.” Where employers may have a legal duty to report health concerns to a public health authority, companies would not be bound by the GDPR when they need to pass on relevant or requested information.
  • Specifically in relation to Coronavirus, the type of information being sought needs to be “explicit” and specific rather than general, and that employers cannot make undue demands. For example, companies that want to ask employees and visitors questions about whether they pose a risk to others can do so, but they should only require health information “to the extent that national law allows it.”

CASL (Canada)

Messages that are sent within, to, or from Canada fall within Canada’s Anti-Spam Law’s (CASL) purview. CASL requires that Canadian and all other global organizations obtain consent from their recipients before sending promotional Commercial Electronic Messages. CASL has several exceptions, and here’s what we know about emergencies:

  • Starting April 6, 2018, cell phone providers will be required to deliver potential life-saving emergency alert messages to compatible mobile wireless devices that are connected to an LTE wireless network.
  • Given the importance of these messages, it will not be possible to opt out of them.


Australia has a Spam Act that makes it illegal to send “unsolicited commercial electronic messages.” But Australia has much more relaxed policies around compliance than most of the world.

  • Unlike most other countries with compliance regulations, the Spam Act says it will simply comply if the recipient has an existing relationship with your business.
  • If you buy a list of contacts from another organization, and providing these contacts have agreed to receive messages from third parties, you can use the list for your own marketing communications.
  • This means you won’t have to stress about compliance when you need to text your audience during times of emergency.

The Bottom Line

Understanding compliance and making sure you are within regulations is critical. But communicating with customers during times of emergency and pandemic are also important. Most compliance laws allow for exceptions during emergencies that will allow you to text customers, students, and clients even if they have opted-out of text messages. Don’t take advantage of this exception. Make sure you are communicating clearly and effectively and only providing the most important information required. Your audience will understand and appreciate the information and you’ll be able to pivot as things change during abnormal times.

If you would like more information on regulations and compliance laws, check out our Compliance Kit, a free resource with everything you need to know about compliance!

Related Post