What Y.O.U. Need to Know About E.U. Text Messaging Laws
European Regulations and best practices for mobile messaging
Text messaging is an efficient, relatively low-cost communication channel, making it easy to reach stakeholders directly. With over two billion people using WhatsApp™ , a European text messaging favorite, in 2020, it is vital to your business to adopt WhatsApp and take a global approach to your digital marketing and communications. Clients and other stakeholders would prefer to hear from you and reach you over mobile messaging. That means international text messaging regulations apply to your organization.
This article explains the major European Union text messaging privacy regulations that apply to both SMS and WhatsApp. Additionally, this article provides time examples of industry best practices and how Mogli text messaging in Salesforce helps you navigate international regulations. We encourage you to consult with your legal team before deploying any text message campaign so that you can avoid hefty financial penalties.
Text messaging in the U.S.?
The ins and outs of text messaging opt-in and opt-out in the United States: Read here.
|Content on this blog|
|GDPR - What is it?|
|Opt-ins and Consent|
|WhatsApp™ and GDPR|
|Rules of engagement|
GPDR: What is it and how does it affect text messaging for professional uses?
The European Union has the strictest laws protecting personal data. The General Data Protection Regulation, or GDPR, is unique because it addresses the transfer or sale of data outside of the E.U., meaning all organizations that conduct business within the E.U. or use E.U. citizens' personal data are affected by this law.
A Bit of History
The General Data Protection Regulation (GDPR) was introduced in 2008, giving control of personal data back to individuals and simplifying the regulatory environment for international business. GDPR provides organizations guidelines on what organizations and companies may do with personal data, including the kind of data collected and how companies will apply, store, trade, or sell it. Any data that can identify you is classified as personal data, including name, phone number, IP address, and location data.
GDPR, a European legislation, determines how international businesses communicate with stakeholders. For example, Google was fined $57M for a lack of transparency regarding collected user data.
Seven Principles for GDPR Compliance
Businesses must adhere to all seven of these principles to avoid fines:
- Purpose limitation: only collect data needed for your legitimate value-adding purpose.
- Data minimization: Only store relevant data need for your purpose.
- Accuracy: Make sure to keep personal data and consent up to date.
- Storage limitation: Provide customers access to their personal data and the right to erase it.
- Integrity and confidentiality: Deploy appropriate security measures to safeguard data. Do not sell personal data without consent.
- Accountability: Report accidental data loss within 72 hours and appoint a Data Protection Officer, if needed.
As your Mogli users uphold these principles, our team can provide you and your customers with the support they need. Utilize chatbot functionality to route your text message recipients to where they may find answers to your security questions. When this business intelligence chatbot doesn't suffice, automatically escalate a ticket or alert the contact owner to open a one-on-one conversation. Additionally, send bulk SMS & WhatsApp messages to instant alert clients about privacy settings updates.
GDPR Opt-ins and Consent
You may also decide to invite your stakeholders to text into a Mogli number on Salesforce (shortcode or long code) using a keyword query. Either method can automate a text message from your org to secure double-opt-in and explicitly explain how to opt-out with another keyword like, "STOP." Keep in mind that you must be as clear as possible, no trick words or diversions can be used to confuse recipients.
What About Language Variation?
Mogli can account for that, as well, and send text in your recipients’ native language!
GDPR compliant consent forms must disclose:
- Type of data being collected.
- How data will be used, stored, and traded.
- How to easily opt-out.
Once you have opt-in, the GDPR states the validity of consent will diminish over time. Renewal of written text message consent is essential to ensure the accuracy of personal data. Use Mogli automation in Salesforce to send annual consent reminders to your opt-in clients.
(Back to top 🔝)
What About GDPR Opt-outs?
Do not send a text message marketing (or other) campaign unless it contains clear written instructions on how to opt-out. As mentioned in the section above, the most common form of opting out is when a customer replies “STOP” to a text message. This incoming text message will automatically unsubscribe the sender's mobile phone number.
Even if your opt-out instructions ask the recipient to text "STOP" to unsubscribe, your automation should account for related words (like unsubscribe, cancel"). Mogli will recognize all variants for which you account. Someone can always resubscribe to your SMS or WhatsApp messages by using the original inbound keyword or opt-in form. For more information about Mogli’s opt-out and consent process, please see our User Guide.
Should no response from a text message recipient signal an opt-out intent?
Yes! Say you secured the first opt-in, and your automated message to capture the double-opt-in went out without a hitch. Then, crickets. They do not complete the opt-in process if they don't respond. Leave it be. They can always finish at a later date, as long as the first opt-in is within the range of time for GDPR validity.
What’s up with WhatsApp™ and GDPR?
There are no differences between SMS and WhatsApp for business purposes under GDPR, other than the ability on WhatsApp to send pre-approved outbound message templates that invite engagement. Mogli regularly assists clients in the template creation and approval process. SMS opt-in must initially be inbound. After your company or organization sends an outbound WhatsApp template, the recipient has 24-hours to reply. At this point, you may secure double-opt-in and continue your conversations or mobile messaging marketing campaigns.
If the 24-hour window closes from the time you sent your initial template, you may try again to engage with the recipient with the same or a different template. Create clear internal guidelines for the frequency and number of attempts to garner participation to avoid haranguing and alienating stakeholders.
Changing the Rules of Engagement
The E.U. is preparing to take the next steps to protect the collection of personal data within messaging apps such as WhatsApp, Skype, and even Facebook messenger. All online messaging applications would have to follow the same rules and regulations that apply to voice calls and SMS. It's unclear at the time of this writing (July 2020), if this will affect the way businesses and organizations currently use WhatsApp.
A revision of the ePrivacy Directive , also known as the E.U. 's cookie law has been presented to the Council of the European Union but is still in review. This regulation is still in speculation, as some critics believe that the implementation of this law would destroy innovation.
Mogli can help you navigate the confusing and rapid-changing legislation that applies to WhatsApp .
The Best Part of Mobile Global Messaging
Mogli’s text messaging over SMS and WhatsApp far surpasses two-way one-to-one messaging (although clients do love that feature!). We offer features like bulk messaging where you can segment and personalize, surveys and forms for data collection, elegant automation that help you scale your digital communications and workflows, text-to-pay or donate with MogliPay, and more.
Please note that the following recommendations are for informational purposes only and are neither intended as nor should be substituted for consultation with appropriate legal counsel and your organization's regulatory compliance team. The information provided is "as is" and may be updated or changed without notice.