On January 27, 2025, the Federal Communications Commission’s (FCC) new one-to-one consent requirement will go into effect. For background, the FCC published its final rule targeting and eliminating unlawful text messages under the Telephone Consumer Protection Act (TCPA) on January 26, 2024 (the Final Rule). Among other requirements and purposes, this Final Rule sought to close the “lead generator loophole.”

The lead generator loophole involved the practice of obtaining a consumer’s consent to receive marketing text messages by including a hyperlink with a list of hundreds of “partners” in the consent language. The consumer would then receive marketing messages from the hundreds of partners that were listed in the hyperlink. Thus, per the FCC’s Second Report and Order (the Second Report and Order), the FCC sought to “close the lead generator loophole and stop consent abuse by unscrupulous robotexters and robocallers.” However, while the FCC’s primary goal is to close the lead generator loophole, the new requirements have a broader implication on businesses obtaining consent to send marketing text messages.

The revised language of 47 CFR § 64.1200 states:

The term prior express written consent means an agreement, in writing, that bears the signature of the person called or texted that clearly and conspicuously authorizes no more than one identified seller to deliver or cause to be delivered to the person called or texted advertisements or telemarketing messages using an automatic telephone dialing system or an artificial or prerecorded voice. Calls and texts must be logically and topically associated with the interaction that prompted the consent and the agreement must identify the telephone number to which the signatory authorizes such advertisements or telemarketing messages to be delivered.

Looking at this revised language, a business that is obtaining consent to send any automated marketing text messages, not just for lead generation purposes, must:

  1. Obtain the consent from the consumer after a clear and conspicuous disclosure to the consumer;
  2. Only obtain consent from the consumer for one identified seller (business) at a time; and
  3. Ensure that its marketing messages to that consumer are “logically and topically related” to that website where the consent was obtained.

In the Second Report and Order, the FCC offers a couple solutions on how to meet the above requirements, such as (1) offering a list of check boxes that allows the consumer to specifically choose each seller that they wish to receive text messages from; or (2) a website, such as a shopping website that offers comparisons, may offer to the consumer a link to the third party business’ website or services so that the third party business may obtain its own requisite consent from the consumer.

However, the FCC does not offer further details on what an individual “seller” may include. Are the seller’s affiliates considered part of the seller, or is the affiliate considered a second seller? If the affiliate is considered a second seller, the business would then need to obtain separate consent for each affiliate (such as using the list of check boxes for the consumer to choose from).

Businesses now have almost 6 months to implement these new changes as the one-to-one consent requirements go into effect on January 27, 2025.  Accordingly, we would recommend that businesses:

(1) review their current consent disclosures for marketing text messages; and

(2) determine whether more than one “seller” is sending marketing text messages to its consumers; and

(3) determine an appropriate implementation method to make sure consumers are only providing consent to one seller at a time.

Taft’s Privacy & Data Security team has extensive experience counseling clients on consumer data privacy laws, data minimization strategies, and data governance program development. For more data privacy & security-related updates, please visit Taft’s Privacy & Data Security Insights blog and the Taft Privacy & Data Security Mobile Application.