TCPA Consent Fundamentals
Express written consent requirements for commercial text messaging under federal law
The Telephone Consumer Protection Act requires express written consent before sending marketing or promotional text messages to wireless numbers. Consent must be obtained through written form (electronic signature acceptable), clearly disclose message frequency and opt-out methods, involve affirmative action from the recipient, and cannot be conditioned on purchase completion.
Valid Consent Elements
- Written form (paper or electronic)
- Clear message frequency disclosure
- Opt-out instructions (STOP keyword)
- Affirmative action (checkbox, signature, keyword reply)
- Not conditioned on purchase statement
- Purpose-specific (separate for marketing vs transactional)
Invalid Consent Practices
- Pre-checked opt-in boxes
- Purchase-conditioned consent
- Vague frequency disclosures ("periodic messages")
- Verbal-only consent without confirmation
- Missing opt-out mechanism
- Cross-purpose consent (using marketing for transactional)
Consent Type Categories
Offers, sales, product launches, special events, loyalty programs, promotional campaigns
Order confirmations, shipping updates, appointment reminders, account alerts, service notifications
Messages combining transactional information with promotional content
Litigation Risk Factors
- Inadequate Documentation: Unable to produce timestamped consent records during discovery
- Stale Consent: Using consent >18 months old without re-permission confirmation
- Purchase-Conditioned: Requiring SMS opt-in to complete checkout or transaction
- Affiliate Consent Sharing: Using consent obtained by third parties without separate authorization
- Post-Revocation Messaging: Continuing to message after recipient opts out
- Inadequate Opt-Out: Requiring phone call or email instead of STOP keyword
Consent Documentation Requirements
Data elements that must be captured and retained for TCPA compliance defense
Timestamp & Identity Information
Date, time (HH:MM:SS), and timezone of consent capture with millisecond precision if available
Full 10-digit wireless number provided by recipient during consent
IPv4 or IPv6 address of device used for consent submission
Browser and device identifier for web-based consent
Consent Language & Action
Complete verbatim consent language presented to recipient at moment of capture
Method of consent confirmation: checkbox state, button click, keyword reply, signature
Full URLs to terms of service and privacy policy active at consent moment
Category designation: marketing, transactional, or dual-purpose
Source & Channel Attribution
Channel where consent was captured
Specific web page or form identifier
Marketing campaign associated with consent
Retention & Audit Trail
TCPA statute of limitations requires 4-year record retention. Best practice: 6 years to cover state-level claims with longer limitations periods.
Log all revocation events with timestamp, method (STOP keyword, unsubscribe link, phone request), and confirmation sent.
Track consent form version at capture moment. If disclosure language changes, maintain historical versions linked to consent records.
Consent Management Audit Checklist
Systematic review framework for evaluating TCPA compliance posture
Documentation Completeness
Consent Quality
Operational Compliance
Need Consent Management Support?
Schedule a consultation to review your consent documentation, implementation workflows, and TCPA compliance posture with MyTCRPlus specialists