A brand’s privacy policy must be available for review as it will be scrutinized as part of the 10DLC Hub’s Manual Review, toll-free verification or short code certification. A privacy policy is required regardless of whether the content provider is collecting opt-in through the website, or conducts business through their website.
Required Specifications
The CTIA Messaging Principles and Best Practices section 5.2.1 offers guidance on what is necessary in a compliant privacy policy. The Privacy Policy must:
- Be conspicuously displayed on the brand’s website, clear, and easy to understand.
- Specify that an end-user’s personal information (“personal information,” “Personally Identifiable Information,” “PII”) will not be shared or sold to third parties for marketing purposes.
- Specify that an end-user’s SMS opt-in consent is never shared with third parties for marketing or promotional purposes.
- State what information is shared and in what circumstances.
Note that there are some circumstances in which information sharing is acceptable and/or necessary, such as:
- Necessary to conduct business and/or provide the requisite service.
- Merge/sale of the business
- Adhering to legal requirements
Conspicuous & Clear
As mentioned above, privacy policies must be conspicuously displayed and easily accessed by the consumer (e.g. through clearly labeled links). They must also clearly describe how the message sender may collect, use and share information from consumers. A link to any relevant privacy policies must be provided in conjunction with the call-to-action.
California Consumer Privacy Act
Please refer to the California Consumer Privacy Act (CCPA) for more information.
Comments
0 comments
Article is closed for comments.