Disclaimer: The articles and contents of this website are provided for informational purposes only and should not be construed as legal advice. The information contained herein does not create an attorney-client relationship and should not be used as a substitute for professional legal consultation. Always seek the advice of a qualified attorney for any legal issues or concerns you may have.
Whether you are a lead generator, affiliate marketer, or advertiser, you have to adapt to the ever-tightening consent regulations in the United States. There’s no way around it: ensuring compliance with CAN-SPAM, CCPA, and TCPA is a must to stay on the legal side of the fence.
However, proper consent management is quite challenging due to the complexity of requirements, elusive customer interactions, and—to add insult to injury—privacy regulations that are getting tougher.
And there’s more to come: the notorious update on the TCPA consent—announced by the FCC in early 2023 and expected in January 2025—will likely make one-to-one consent mandatory to deal with robotic calls, topical irrelevancy, and mass lead sales.
So how do you survive amidst this confusing hotchpotch of regulations?
It seems there’s only one way: adjust your business model to the new consent requirements.
How exactly?
Let’s pull back the curtain of consent management to find out.
Why Are Consent Requirements Getting Stricter?
The history of consent management goes back to 1934, when the federal government passed an amendment to the Communications Act – now known as the Telephone Consumer Protection Act (TCPA) – to protect customers from obnoxious telemarketing calls.
As new customer acquisition strategies appeared, the consent rules and requirements changed to respond to emerging privacy and data protection concerns. This trend brought us to where we are now, with the toughest concern requirements ever.
➥ Consent requirements are getting stricter to ensure online users – potential customers – can feel safe and get the best commercial experiences.
The same logic applies to the upcoming update on the TCPA consent. Regulators want to protect customers against AI technologies that may abuse their trust. For businesses, though, one-to-one consent means an inevitable growth in competition and lead price.
How Big Are Customer Privacy Concerns?
Online privacy concerns are growing as more users encounter data misuse and stealing. Around 42% of adults in the United States are worried about companies selling their information without their consent; 38% – stealing their identity or personal information; 15% – monitoring what they do online.
Source: Statista
Many users act proactively to protect their privacy. For example, 43.1% of online users in the United States occasionally decline cookies when browsing websites, 31.8% use special tools to block advertisements, and 25.7% use a VPN to hide their location.
Source: Statista
And the more advanced the information collection, the more advanced the protection measures. In fact, 49% of customers have stopped using a digital product at least once due to concerns about data use, a shocking statistic to ponder.
At the same time, when it comes to online privacy, users don’t want to waste time reading disclosures, contracts, and T&C policies—they need a short and clear statement regarding what data is collected and how this data will be used. For this reason, more than half of internet users accept online privacy policies without reading them: too long, too boring.
Pre-Update Consent Management Strategies for Businesses
It’s not out of the question that the consent management landscape is about to change dramatically in the coming months, but let’s proceed from how things work now for TCPA, CAN-SPAM, and CCPA-compliant businesses.
Here are some general consent management practices:
Providing Easy Access to Privacy Policy | It’s crucial to have easy access to the privacy policy – from the homepage and other pages. |
Providing Easy Access to Consent Review | It’s important to provide users with an easy way to update their consent preferences, especially if the policy changes. |
Keeping Detailed Consent Records | Keeping detailed consent records ensures constant access to who, how, and when granted the consent: consent method, timestamp, and IP address. |
Informing about Data Changes | Businesses must inform users when data collection, sharing, or storage practices change so they can update their consent preferences in a timely manner. |
Of course, consent management and data collection strategies differ depending on the business and the message itself. For example, prior written consent might be required for telemarketing messages and not required for non-marketing communication.
But it’s getting tougher anyway.
One Consent Won’t Cover Many Companies Anymore
At the beginning of 2023, the Federal Communication Commission (FCC)—the one regulating communications, including texts and SMS—announced a game-changing update on the TCPA consent.
At the time of writing, lead generators can obtain one consent for multiple advertisers on their list, exposing the user to dozens and potentially hundreds of calls from irrelevant companies. The TCPA update is designed to fix this by asking for one-to-one consent from EVERY advertiser.
Here’s an excerpt from the Jessica RosenWorcel’s statement on the matter:
“Imagine you are shopping online. You give a business your number and in a single click you are also giving that business the right to sell and share your number with hundreds if not thousands of other businesses that may use it to send you robocalls and robotexts that you never asked for, do not want, and do not need. They bury it in the fine print, so you do not realize when you make that one click you are authorizing all kinds of incoming junk to your phone. This is called the lead generator loophole. And it is a big reason why unwanted robocalls and robotexts are multiplying on our phones. So today we put an end to this loophole. We make clear that any company that wants to use robocalls and robotexts in their businesses obtain consent one-to-one. That means consumers get back the power to pick who they want to communicate with and when.”
After the update, lead generators will be obliged to let customers choose the companies they want to share their data with (for example, via checkboxes). This gives customers full control over the companies that have access to their personal data and can text or call them.
Is One-to-One Consent All Good?
The TCPA update isn’t necessarily a win-win. For lead generators, however, offering the same lead to multiple advertisers is a way to maximize their revenues, so there’s no doubt the FCC update will impact these businesses heavily. Businesses will have to find a way to obtain individual consent for multiple partners.
Consent Management Strategies by Business in the Post-FCC Update Era
To understand how consent management and client acquisition strategies might change, let’s review the statements in the official FCC document:
“First, we require terminating mobile wireless providers to block text messages from a particular number following notification from the Commission unless their investigation determines that the identified text messages are not illegal.”
In other words, wireless carriers or mobile service providers – AT&T, Verizon, T-Mobile, etc. – must block messages from specific phone numbers after being notified by the FCC. However, if the mobile carrier decides to investigate the text message before blocking it (which is not mandatory) and reveals that it’s legal, then the blocking should not happen.
“Next, we codify that the National DNC Registry’s protections apply to text messages.”
In other words, if a consumer signs up with the DNC to block unwanted marketing calls, the text messages will also be blocked.
“Third, we encourage providers to make email-to-text, a major source of illegal texts, a service that consumers proactively opt into.”
In other words, the FCC encourages mobile providers to require one-to-one consent for email-to-text messages so customers can opt in before they receive them.
“Next, we close the lead generator loophole by prohibiting lead generators, texters, and callers from using a single consumer consent to inundate consumers with unwanted texts and calls when consumers visit comparison shopping websites.”
This one I’ve already reviewed, so no explanation is needed.
“And we propose further steps to stop illegal texts. First, we propose a stronger blocking requirement following Commission notification and seek comment on other options for requiring providers to block unwanted or illegal texts. Second, we seek further comment on text message authentication, including the status of any industry standards in development. Finally, we propose to require, rather than simply encourage, providers to make email-to-text services opt in.”
The FCC emphasizes the importance of blocking unwanted messages after receiving their notification and wants to receive public feedback regarding (a) other potential ways to block unwanted calls and texts (which is reflected in the comment and reply comment phases of the update) and (b) verification of the identity of the message sender.
“We also adopt a limited waiver to allow providers to use the Reassigned Numbers Database (RND) to determine whether a number that the Commission has ordered to be blocked has been permanently disconnected. This waiver will help prevent blocking of lawful texts from a new subscriber to the number.”
In other words, the FCC allows mobile providers to use the Reassigned Numbers Database (RND) to check if a blocked number has been reassigned to a new, legitimate user. This way, new subscribers who use reassigned phone numbers won’t get legitimate messages blocked.
And here’s the last and arguably the most impactful one:
“We also require that the consent must be in response to a clear and conspicuous disclosure to the consumer and that the content of the ensuing robotexts and robocalls must be logically and topically associated with the website where the consumer gave consent.”
The “logically” and “topically” terms have been a topic of hot debate, so I’ll get back to it soon.
Practical TCPA Update Implications for Market Players
#1 Lead Quality and Price Will Increase
Sharing the same contacts with hundreds and thousands of companies within the lead generation ecosystem will no longer be possible, so the lead quality and price will grow.
And that’s a double-edged sword.
On the one hand, advertisers will get pre-screened leads that have explicitly opted in to receive marketing messages; on the other hand, businesses might have problems buying shared leads.
#2 Lead Volumes Will Decline
Lead generators will no longer be able to generate leads in bulk, which may cause confusion on the advertiser’s side. Businesses that are unaware of the change and new market players may not understand why they cannot get the number of leads they need, and lead generators will have to clarify the confusion.
#3 Organic Lead Acquisition Will Become More Important
It’s only natural that generating and buying leads might become more challenging, so businesses might double down on SEO to generate more leads organically. Investing in long-term lead generation might become more appealing than buying pre-screen leads at a higher price.
Likewise, businesses might expect a further crackdown on lead generation, affiliate marketing, and lead qualification, shifting towards organic lead acquisition.
#4 The Entry Barrier Will Rise for New Digital Businesses
Businesses with smaller budgets and new players might have trouble buying leads. It’s still unclear how much the price of a qualified lead will increase, but there’s no arguing that the competition will get tougher.
When it comes to choosing a product, customers are likely to choose the biggest name, leaving the less-known brands empty-pocketed. As a result, new businesses might have to outbid their stronger competitors to get the leads they want.
#5 Loopholes Might Still Exist
Remember I mentioned “logical” and “topical” associations? The trick is that interpreting these terms is up to everyone’s opinion. Even though the FCC partially explains what they mean by “logical” and “topical” association, they refuse to assign direct definitions.
Here’s the quote:
“We therefore agree with commenters who argue that consumers deserve protection against calls that go beyond the scope of consent, a scope that can be reasonably inferred from the purpose of the website at which they gave that consent. We believe that texters and callers are capable of implementing this standard and, when in doubt, will err on the side of limiting that content to what consumers would clearly expect. As a result, we decline to adopt a definition of “logically and topically” at this time as some commenters suggest”
How close the topical and logical association should be, though, can be derived from the statement of Commissioner Nathan Simington:
“If I give consent to be robotexted about car insurance offers, I expect to receive texts about car insurance, not about garage doors—and, indeed, not even about car loans. Great. Makes sense. That proposal aligns typical consumer expectations around in what their consent to be robotexted consists, and it would eliminate the abusive practices contemplated in the NPRM.”
#6 Businesses Will Have To Be Creative
Lead generators and affiliates will have to find ways to obtain the required consent without burdening customers with bloated checkboxes. For that, they will likely have to adjust engagement across different marketing channels.
Another way to ensure topical relevance is to create additional website pages that are strongly connected to the promoted products and only offer relevant advertisers. In other words, advertising will become granular.
#7 Companies Might Shift to Inbound Calls
Companies might shift to generating inbound calls, which are organic and less regulated. With inbound calls, businesses don’t have to worry about violating the DNC register or obtaining prior written consent for the call.
#8 Ping Post Systems Might Have Built-In Consent Management
Affiliate networks using Ping Post lead distribution systems might have to use integrated consent management systems that track consumer consent throughout the marketing cycle and transfer it to the buyer. This will require providing users with a consent form at some stage, letting them choose the buyers who can access their information, and informing them about the type of communications the customer will receive.
Likewise, Ping Post systems might start providing the user’s consent when pinging leads to the buyers, including the time and date of consent, chosen communication methods, and restrictions imposed by the consumer (if any).
On the buyer’s side, they will have to verify the consent before contacting the lead, which can be done by integrating the consent management system into their CRM. The check will be done automatically, though, blocking the opted-out users.
#9 Pre-Recorded Calls and IVR Systems Will Be Adjusted
Since robotic calls and texts are the main focus of the update, companies will have to find a way to obtain one-to-one consent from users before contacting them robotically while complying with the regulatory and carrier guidelines.
On a similar note, advertisers buying leads will have to ensure they acquire opted-in traffic, which means they will need to obtain proof of consent from their lead generators.
#10 User Flows Will Change
There will be a lot of new consent management to be made, both strategically and for real-time customer flows.
Depending on the business case, you may have to:
- Provide a check-in box and a clear explanation of what the consumers agree to
- Specify what company and how it is going to contact you
- Include a notion about the message frequency (how often the user will receive messages)
- Include a link to your T&C and privacy policy pages
- Include clear opt-out instructions.
Carriers may manually verify the advertisers’ websites, including disclosures and privacy policies, so there is not much room for maneuver in this regard.
Phonexa’s Consent Branches – Your Best Way to Handle the TCPA Update
Whether you are an advertiser or affiliate, you must be dreaming of closing all your compliance gaps with one compliant-ready solution. And that’s possible with Phonexa, an all-encompassing performance marketing software suite that uses Consent Branches to deal with FCC one-to-one consent regulations.
What Are Phonexa’s Consent Branches?
Consent Branches – also known as legs – is a technology used to collect individual consumer consent before you contact them via an automatic telephone dialing system (ATDS). Integrated into Phonexa’s Smart Tree – a lead distribution technology – Consent Branches ensure full transparency for affiliates, the affiliate network itself, and consumers while obtaining consent from the latter.
To collect consumer consent with Consent Branches, you can:
- Enable Consent Branches with your own forms using Phonexa API
- Use Phonexa’s form builder with FCC branches
Here are the two types of consent solutions we offer:
By-Brand Customer Consent Language | For every buyer the consumer it matches with, they obtain unique tailored consent language – exactly what the TCPA update requires. Individual consent minimizes your compliance risk, if not eliminates it altogether, and grows consumer trust. |
Multiple-Brand Consent Language | The consumer is presented with a single consent request that covers multiple advertisers. Multiple-brand consent speeds up lead acquisition and might be the best solution until the new FCC regulations come into force in 2025. |
Here Is How Consumer Branches Help Ensure One-to-One Consent at Phonexa
Step 1 – Phonexa Receives Non-PII Pings from Publishers
First, publishers send non-PII pings – ones without personally identifiable information – to Phonexa so the system can match the consumer to the advertiser. At this stage, the data excludes the consumer’s name, phone number, exact location, or anything else that can identify them. Non-PII pings may include general information like device type, state-level location, and other general or anonymized data that cannot be used to identify the consumer.
Step 2 – Phonexa Sends Individual Consent Requests to Consumers
For the pings that entered the system – remember, just general info at this stage – Phonexa searches for companies that match these pings. Once the matches are found, the system offers these companies to the consumer while asking them for individual consent for every company.
In practice, one-to-one consent takes the form of checkboxes and general information about the company – name, logo, and what they ask permission for (for example, an ATDS call or an SMS message) – so the consumer can make an informed choice.
Step 3 – Phonexa Shares the Rest of the Consumer Data with the Chosen Brands
The companies that obtained consent receive extended consumer information – for example, their phone number or email address – so they can contact these opted-in consumers. With some lead flows, not all information may be disclosed to protect the network from abuse (for example, some advertisers may reject their leads to contact them outside the system).
Learn more about Phonexa’s FCC-compatible Consent Branches.
Get Your All-in-One Compliant Performance Marketing Software Suite
As the quality and price of leads grow, it’s paramount to get a compliant solution that allows you to buy or sell leads in bulk while tracking their interactions within the established legal limits.
And that’s exactly what Phonexa offers: an all-in-one performance marketing ecosystem that ensures legal compliance while helping you collect, store, and analyze customer data when you buy or sell leads. The unique synergy between eight solutions allows you to manage your business from a single dashboard while only spending time on strategic decisions.
Here are the eight proprietary solutions you get at a single price starting at $100 a month (online price calculator):
LMS Sync | Lead tracking & distribution software |
Call Logic | Call tracking & distribution software |
E-Delivery | Email & SMS marketing software |
Cloud PBX | Cloud phone system |
Lynx | Click tracking software |
Opt-Intel | Suppression list management software |
HitMetrix | User behavior recording & analytics software |
Books360 | Automated accounting software |
Get your all-in-one performance marketing software suite now, or book a demo to learn more about Phonexa.
Frequently Asked Questions
What is consent management?
Consent management describes how a business collects, stores, processes, and shares consumer personal data. A good consent management strategy should include the means to concisely and clearly explain what private data will be collected and how it will be used. Likewise, the user should be able to set and change consent preferences easily when needed.
What is a consent management platform?
A consent management platform, or consent management software, is an automated solution for collecting, managing, storing, and sharing user consent data while ensuring compliance with privacy and data regulations like TCPA, CCPA, and CAN-SPAM.
Is consent compliance important for a business?
Consent compliance is necessary from the legal standpoint—non-compliant data collection and use may result in fines and lawsuits—but also to prove that users trust you. Here are some numbers: 36% of users use encrypted messengers, and 67% turn on cookies or website tracking.
Do I need consent management software?
If you are a B2B or B2C business that collects, processes, or shares personal data, you surely need consent management software. This software makes it easy to comply with privacy regulations like TCPA, CCPA, and CAN-SPAM.
Will the FCC update change consent management in 2025?
The FCC update will make one-to-one consent obligatory for businesses. This means lead generators will have to require individual consent for every business they share the customer’s data with. Among other things, this will increase the quality and price of leads.
Get in touch! We are available 24/7.