Messaging & Compliance
Date of Last Revision: December 12, 2016
PLEASE NOTE THE FOLLOWING BEFORE READING FURTHER:
- The following information identifies some (but not all) of the applicable laws, regulations and industry codes and standards which govern the use of CLX’s messaging services (“Messaging Compliance Rules”).
- The following information is not intended to constitute (nor does it constitute) legal, compliance or professional advice of any kind.
- The following information is neither a complete list of the Messaging Compliance Rules nor of the applicable jurisdictions in which CLX provides messaging services. It is the responsibility of all CLX customers to comply with all Messaging Compliance Rules (whether or not they are referred to in the following information). In particular, the following information does not consider any of the specific rules enforced by the underlying carriers, operators and aggregators “Service Providers” who we use to provide the messaging services. Please refer to section 2 below for further information on Service Provider rules.
1. Messaging Compliance Rules
As CLX messaging services are available across multiple territories and jurisdictions, all CLX customers must consider where:
(i) they use the CLX messaging services; and
(ii) their use of the CLX messaging services has an impact.
For example, if the CLX messaging services are used to send messages from an entity in the United Kingdom to end users in Germany, the jurisdictional impact of the Messaging Compliance Rules in the United Kingdom and Germany will be relevant (in addition to any overriding EU Regulations).
The Messaging Compliance Rules are presented in three columns as follows:
This column identifies the relevant country to which the Messaging Compliance Rules relate. As noted above, it is relevant to consider the country in which messages are sent both to and from.
b. Mobile Messaging
This column identifies where certain countries have specific Messaging Compliance Rules governing the sending of mobile messages by businesses. For example, some countries have:
• laws and regulations governing the use of electronic communications and/or telecommunications services which apply to A2P messaging services;
• laws and regulations governing the content of content of A2P messages and the time periods within which it is permissible to send them;
• industry codes of conduct dealing with the use of short codes; and
• regulations requiring the pre-registration of bulk SMS outbound (MT) message originators, i.e. the alphanumeric characters used in the SenderID to personalise Application-to-Person (A2P) SMS messages.
c. Marketing & Privacy
This column details some of the relevant laws, regulations and codes of conduct governing the marketing to individuals and businesses in the applicable countries. These may be specific to messaging services or be of more general application to all marketing activities. Generally speaking they share a very important principle with the privacy laws in that it is necessary to ensure that the consent of the applicable individual has been obtained (and hasn’t been withdrawn) before any marketing is sent to that individual. What is meant by “consent” and the methods by which individuals can withdraw that consent may differ by jurisdiction. The general rule is that individuals must have provided clear and unequivocal consent to receive marketing through the messaging services and that they must be given an easy and convenient method by which they can opt-out at a later date.
The column also identifies where countries now have relevant data privacy laws. Those countries may also have a national regulation authority which monitors and enforces those laws. Although the definition of what constitutes “personal data” or “personal information” (“Personal Data”) may differ by jurisdiction, it is generally understood to mean information about an individual that (a) can be used to identify, contact or locate a specific individual; (b) can be combined with other information that is linked to a specific individual to identify, contact or locate a specific individual. An individual’s mobile phone number (known as the MSISDN), an IP address and certain message content are generally understood to constitute Personal Data.
Before sending any Personal Data to us in connection with our messaging services, it is our customers’ responsibility to ensure that the applicable rules governing the use of that Personal Data have been complied with. For example (but without limitation), have the relevant individuals provided the necessary consent to the use and transfer of the Personal Data? Has that consent since been withdrawn?
2. Service Provider Rules
Many of our Service Providers impose their own specific requirements relating to the use of the messaging services by CLX, its customers and any end users. These may include (but are not limited to) additional rules relating to the:
• type, content and permitted time of sending of messages;
• pre-registration of message originators;
• prohibition of certain types of message originators;
• pre-approval of messaging campaigns; and
• pre-approval of key words used in response to mobile originated messages sent to short codes.
Given the detailed nature of such rules, the specific details are beyond the scope of the detail in the table below. Nonetheless, by using CLX’s messaging services our customers agree to comply with such rules at all times. Therefore before attempting to send any messages to a particular country, all customers should contact their account manager who (with the support of CLX’s country managers and product management team) will discuss the Service Provider rules which may apply, including (but not limited) to any necessary pre-registration or registration of originators which needs to be undertaken before messages can be sent.
For our Country Compliance guide please click here.