Last updated 2026-07-09

TL;DR
Google Ads lead forms collect phone numbers but ship with zero TCPA consent language by default. To comply with 47 U.S.C. § 227, you must add a custom disclaimer that names your company, describes how you'll contact leads (calls or texts), and gets affirmative opt-in before you dial or text. This guide shows exactly how to do that, word for word.
Why does TCPA consent matter for Google Ads lead forms?
Google Ads lead forms are genuinely convenient. A prospect sees your ad, taps a button, and their name, email, and phone number pre-populate from their Google account. You get the lead without building a landing page. The catch is that convenient and TCPA-compliant are two different things, and Google does not make them the same thing for you.
The Telephone Consumer Protection Act, codified at 47 U.S.C. § 227, restricts how businesses contact people on their cell phones using autodialed calls, prerecorded messages, or automated text messages [1]. The statute sets a floor of $500 per violation and up to $1,500 per willful violation. One lead form that runs for a month and generates 400 phone numbers, followed by an automated outreach sequence, is not one violation. It is potentially 400 violations or more.
The FCC's 2012 order (FCC 12-21) tightened the rules. Callers must obtain prior express written consent before making autodialed or prerecorded calls or texts to wireless numbers for marketing purposes [2]. Prior express written consent is a defined term. It requires a written agreement, which includes electronic agreements, that clearly authorizes the specific seller to contact the consumer using the specific channel. A lead form that just says "Submit" does not get you there.
Cases like the Cash App TCPA class action settlement and the Credit One TCPA settlement both turned partly on whether the company had proper written consent before sending automated messages. The dollar figures in those settlements run into the tens of millions. Small teams are not immune. Plaintiffs' attorneys target companies of every size because the statutory damages are fixed regardless of revenue.
What does "prior express written consent" actually require?
The FCC's regulations at 47 C.F.R. § 64.1200(f)(9) define prior express written consent as an agreement that: bears the signature of the called party (an electronic signature or a checkbox action counts); clearly authorizes the seller to deliver telemarketing messages using an autodialer or prerecorded voice; and is not required as a condition of buying anything [2].
The FCC order also requires the disclosure to be "clear and conspicuous." That phrase has teeth. The consent language cannot hide in a link, sit in tiny gray text below a submit button, or jam into a long block of legalese. Courts have found disclosures inadequate when they were visually obscured or placed where a reasonable person would not read them before clicking submit.
One more thing the rules require: the consent must run to the specific company collecting the data. This is the shared-lead problem. If you buy leads from a third-party aggregator, the original consent form must have named your company specifically, or you do not have valid consent to make automated calls or send automated texts to that person. Generic language like "you may be contacted by our partners" has been litigated hard, and courts have been skeptical of it. The FCC issued a ruling in January 2024 (FCC 24-25) closing the so-called lead generator loophole by requiring one-to-one consent: each consumer must give consent separately to each seller, never to a list of marketing partners [3].
For your Google Ads lead form, this means you cannot get away with a disclaimer that says a partner may contact you. You need your company name in the consent language.
Does Google Ads give you a way to add consent language to lead forms?
Yes, and it is easier than most people expect. Google Ads lead forms have a Custom disclaimer field. You reach it inside the lead form asset setup, under the Privacy policy section, where a text box lets you add up to 500 characters of custom disclosure text alongside a required link to your privacy policy.
Here is where most teams make their first mistake. They drop a privacy policy URL in the privacy policy field, add nothing to the custom disclaimer, and assume that linking to a privacy policy is enough. It is not. A privacy policy describes how you handle data. It is not a consent mechanism. Consent requires an affirmative action by the consumer at the time of submission, paired with disclosure language visible before they hit submit.
Google's lead form also has a Consent settings option in some markets, mainly the EU/EEA under GDPR requirements. In the United States, Google does not add TCPA language for you. That is entirely your job.
The good news is that the custom disclaimer field, paired with a required checkbox Google added to lead form assets (available as of 2023 in certain campaign types), gives you the structural pieces you need. The checkbox creates the affirmative action. Your custom disclaimer text provides the clear and conspicuous disclosure. Together they form a compliant written consent record, as long as your language is correct.
What is the exact TCPA consent language to use in a Google Ads lead form?
There is no single court-approved magic script. What the statute and FCC rules require is that the language cover specific elements. Here is a tested template structure followed by an explanation of each part:
---
Template:
"By submitting this form, I authorize [Your Company Name] to contact me at the phone number provided above using automated telephone calls, prerecorded voice messages, and text messages for marketing purposes. I understand my consent is not a condition of purchase. Message and data rates may apply. Reply STOP to opt out."
---
Breaking it down:
"By submitting this form" establishes that the act of submitting is the signature event, which satisfies the electronic signature requirement under the E-SIGN Act [4].
"I authorize [Your Company Name]" names the specific seller. Do not say "our partners" or "affiliated companies" unless you genuinely want to invite litigation.
"automated telephone calls, prerecorded voice messages, and text messages" covers the three channels the TCPA restricts. If you only intend to call and never text, you can trim the language. But if there is any chance your system auto-texts, include it.
"consent is not a condition of purchase" is required by 47 C.F.R. § 64.1200(f)(9)(iii) [2].
"Message and data rates may apply. Reply STOP to opt out" is required for SMS under CTIA guidelines and is standard good practice for calls too [5].
If your Google lead form allows a checkbox, the checkbox label itself should say something like: "I agree to the terms above and consent to be contacted." The checkbox must start unchecked. A pre-checked box does not count as affirmative consent under the FCC's framework.
Step-by-step: how to actually add this to your Google Ads lead form
Here is the process inside Google Ads as of mid-2025. The interface changes occasionally, but these steps map to the current UI:
Step 1: Go to your campaign or ad group and click "Assets," then "Lead form." You can create a new lead form or edit an existing one.
Step 2: Fill in your headline, description, and the questions you want to collect. At minimum, collect "Phone number" as a question if you plan to call or text. Google pre-populates this from the user's account, but you still need to list it as a requested field.
Step 3: Scroll to "Privacy policy." Enter your website's privacy policy URL. Google requires this, and it is a separate issue from TCPA consent, but you need both.
Step 4: Find the "Custom disclaimer" section. Paste your TCPA consent language here. Keep it under 500 characters or Google cuts it off. The template above runs about 300 characters, so you have room.
Step 5: Enable the consent checkbox if available in your account. In some campaign types and markets, Google shows a consent settings toggle that requires a checkbox before submission. If you see it, turn it on. If you do not see it, you have two options: use the custom disclaimer without a checkbox and rely on the "by submitting" language as the affirmative action, or send Google lead form traffic to a landing page instead, where you have full HTML control and can add a proper unchecked checkbox.
Step 6: Save and preview the form. Click through the preview on mobile. The disclaimer should be visible before the submit button without making the user scroll. If it hides below the fold on a typical phone screen, your clear and conspicuous argument just got weaker.
Step 7: Test a live submission and verify your CRM records it correctly. Your CRM or lead intake system should log the timestamp of each submission. That timestamp is your consent record. Store it. You may need to produce it in litigation.
What happens if Google lead form traffic goes to a landing page instead?
Some advertisers use Google lead forms. Others use Google Ads to drive traffic to a landing page with their own form. If you are in the second group, you have more control and can build a fully compliant consent flow, but the same rules apply.
On a landing page form, you can add an unchecked checkbox with inline consent language right next to the submit button. The checkbox label is the consent disclosure. You can gray out the submit button until the box is checked. This is the gold standard for documentation because the user takes a separate, affirmative act.
For cold calling and cold call outreach, even a landing-page consent does not erase your obligation to check the do not call list before dialing. Consent and DNC compliance are separate requirements. A person can consent to be contacted and still sit on the National DNC Registry if they registered their number there. The FCC treats these as independent obligations. Check the DNC registry before you dial, every time, regardless of consent status.
LeadCompliant's free consent language checker and compliance kit covers both the lead form wording and a DNC scrub checklist in one place, which helps if you are managing multiple campaign sources.
The landing page approach also lets you use session replay or form analytics to show that the user saw the disclosure before submitting. That kind of documentation has been genuinely useful in TCPA defense.
How do you store and prove TCPA consent from a lead form?
Winning a TCPA lawsuit is partly about having good consent language and partly about proving you had it. If you cannot produce a consent record for a specific phone number, you cannot defend the call or text.
At minimum, your consent record for each lead should include: the exact timestamp of form submission, the URL or campaign/asset ID where the form appeared, the exact text of the consent disclosure that was live at that time (screenshot or version-controlled copy), and the specific phone number the consumer submitted.
Google Ads passes a timestamp with each lead form submission through its webhook or CRM integration. Make sure your CRM captures it and does not overwrite it if the lead submits again later.
For longer campaigns, archive a screenshot of the live lead form with consent language at least monthly. If you change the consent language mid-campaign, document the date of the change and keep the old version. Consent is tied to what the consumer saw at the moment they submitted.
Some teams use a dedicated consent management platform. That is reasonable at scale. But for a small outbound team running one or two Google Ads lead form campaigns, a simple Google Sheet that logs lead ID, timestamp, campaign name, and a link to a screenshot of the form version is functional and defensible. The key is that you have something. Showing up to a TCPA dispute with no consent record is very bad.
For text message marketing campaigns specifically, the CTIA also recommends storing the IP address of the form submission as an added layer of documentation [5].
What are the TCPA risks specific to Google Ads lead forms?
A few risks are particular to the lead form format, more than to outbound marketing generally.
Stale leads. Google lead forms can sit in your account and generate leads for months. If your consent language was inadequate six months ago and you only fixed it last week, every lead from those six months is potentially unconsented. Audit your lead forms regularly.
Auto-submitted or bot leads. Some lead form submissions are fraudulent clicks. If a bot submits a form and a real person's phone number ends up in your CRM, you may call a real person who never consented. This is a smaller problem for TCPA than for ad spend waste, but it is worth scrubbing your leads against a real-time validation service before dialing.
Third-party consent mismatch. If you share your Google Ads leads with a partner or resell them, the consent covers only your company. The partner needs their own consent or they are violating the TCPA. After the FCC's January 2024 one-to-one consent ruling [3], this is especially sharp. Passing leads to another seller without re-consent is no longer a gray area.
No opt-out mechanism at contact time. TCPA requires you to give consumers an opt-out mechanism during automated calls and honor it immediately. Your consent form gets you the right to make the first contact. Your dialing or texting system must handle opt-outs in real time and suppress that number from future contacts. Consent at form submission does not override a later opt-out.
Check the mobile phone do not call list guidance for how cell numbers interact with DNC obligations separate from TCPA consent.
Does the FCC's 2024 one-to-one consent rule change how you write your lead form language?
Yes, meaningfully. The FCC's Report and Order released in January 2024 (FCC 24-25) amended 47 C.F.R. § 64.1200 to require that consent be given to one seller at a time [3]. The old approach, where a single lead form could name dozens of marketing partners and purport to obtain consent for all of them at once, is no longer valid.
For a business running its own Google Ads lead form to generate leads for itself, the practical change is small: make sure your company name appears in the consent language and you are the only entity named. You were supposed to do that before.
The bigger change hits lead generators, aggregators, and any team buying leads. If you are buying leads where the original form said something like "I consent to be contacted by [Company] and its partners," that consent is no longer sufficient for you after the ruling took effect. The FCC set a compliance date of January 27, 2025 for this provision [3].
If you buy leads, ask your lead vendor to show you the exact consent language and confirm that your company name appears on it. If they cannot do that, you are carrying the compliance risk of their form, not them. Courts have been skeptical of "I didn't know" as a defense.
What about the National Do Not Call Registry and Google lead form leads?
TCPA consent and DNC compliance are parallel obligations, not alternatives. Getting written consent from a consumer does not exempt you from the Do Not Call rules for that consumer.
Here is how they interact. TCPA consent covers the use of automated systems (autodialers, prerecorded voices, automated texts). The National DNC Registry [6] covers telemarketing calls generally, including manually dialed calls to residential numbers and cell numbers registered on the list. If someone is on the DNC registry and you call them for marketing purposes without a prior established business relationship or their specific invitation, you may be violating the DNC rules even if they consented on your Google lead form.
The specific invitation (or "express invitation or permission") that exempts a DNC-registered number from the rules is close to the TCPA written consent requirement. In practice, a well-written Google lead form consent that names your company and covers calls and texts likely also counts as the specific invitation that lets you call a DNC-registered number. But your legal counsel should confirm that for your specific language.
For how to get the do not call list and how to scrub your leads against it, the FTC's site walks through the subscription process for telemarketers accessing the registry [6].
| Situation | TCPA Written Consent Required? | DNC Scrub Required? |
|---|---|---|
| Autodialed call to cell | Yes | Yes |
| Prerecorded message to cell | Yes | Yes |
| Automated text to cell | Yes | Yes |
| Manual call to cell, marketing | No (but check DNC) | Yes |
| Manual call to landline, marketing | No (but check DNC) | Yes |
| Non-marketing call | No | No (DNC doesn't apply) |
Can you rely on a Google Ads lead form for compliant consent, or do you need a landing page?
Honest answer: a properly configured Google lead form with a good custom disclaimer and a required checkbox can be defensible TCPA consent. It is not perfect. A purpose-built landing page gives you more control, but many small teams do not have the resources to build and optimize landing pages for every campaign.
The weakest point of the Google lead form approach is documentation. You cannot easily prove what the form looked like on a specific date unless you screenshot it regularly. A landing page on your own server has version history and server logs.
The second weakest point is checkbox control. Not all Google Ads lead form types support a required consent checkbox in all markets. If you cannot add a checkbox, you are relying on "by submitting this form, I agree" as the affirmative action. Courts have generally accepted "I agree by clicking" as an electronic signature, but a separate unchecked checkbox is cleaner.
If you run high volume, if your product sits in a heavily litigated industry (insurance, mortgage, solar, debt relief, auto warranty), or if you have had any prior TCPA contact, I would route Google Ads traffic to a landing page and keep the lead form for brand-awareness or remarketing campaigns where you already have a prior business relationship.
For any campaign where you are contacting tcpa high-risk populations (purchased lists, aged leads, or unverified lead sources), the extra protection of a landing page with a documented consent flow is worth the conversion rate cost.
What are the penalties if your Google lead form consent is found inadequate?
The statutory damages under 47 U.S.C. § 227(b)(3) are $500 per violation for standard violations and $1,500 per willful or knowing violation [1]. Each call or text is a separate violation. A campaign that auto-texts 1,000 leads without proper consent is $500,000 to $1,500,000 in exposure before attorneys' fees.
TCPA claims are frequently brought as class actions. The class can include everyone who received automated calls or texts without proper consent. That is why TCPA class action settlements run into the millions even when the underlying campaign was small. The Cash App settlement and Credit One settlement show how quickly aggregate exposure grows.
Beyond class actions, the FCC can bring its own enforcement actions and impose forfeiture penalties. State attorneys general also enforce TCPA-like provisions under state law, and several states have enacted their own versions with different or stricter standards. California, Florida, Oklahoma, and Washington all have state-level restrictions that can run alongside federal TCPA claims [7].
The risk is not theoretical. TCPA lawsuit filings numbered in the thousands annually in recent years, and a large share involve inadequate consent language on web forms and lead generation sources [8]. Small businesses are not insulated by their size.
Frequently asked questions
Can I just link to my privacy policy in the Google Ads lead form and call it TCPA consent?
No. A privacy policy link tells users how you handle their data. It is not a consent mechanism. TCPA requires affirmative written consent with clear disclosure that names your company, describes automated contact methods, and states that consent is not a condition of purchase. The privacy policy link is required by Google, but it is separate from and does not substitute for TCPA consent language.
Does TCPA apply to manually dialed calls, or only autodialed ones?
The TCPA's written consent requirement (prior express written consent) applies specifically to autodialed calls, prerecorded messages, and automated texts to wireless numbers for marketing. Manually dialed calls to cell phones do not require written consent under TCPA, but they are still subject to Do Not Call rules. If you use a predictive dialer or any system that dials from a list without a human manually entering each number, it likely qualifies as an autodialer.
How long do I need to keep TCPA consent records from my lead forms?
The TCPA statute of limitations is four years under 28 U.S.C. § 1658, the general federal question limitations period. Keep consent records, including the form version, timestamp, and the phone number submitted, for at least four years from the date of the last contact with that consumer. Some attorneys recommend five years to be safe. Store them in a format you can actually retrieve; a spreadsheet export or database backup works fine.
What if I buy leads where the consent form did not name my company specifically?
After the FCC's January 2024 one-to-one consent ruling (FCC 24-25), consent that names a list of unspecified partners is no longer valid for TCPA purposes. If you buy leads and your company name was not on the original consent form, you do not have prior express written consent to make automated calls or send automated texts to those consumers. You need re-consent, or you need to limit outreach to manually dialed calls to numbers not on the DNC registry.
Can the consent checkbox in my Google lead form be pre-checked?
No. A pre-checked checkbox is not affirmative consent under FCC rules or general electronic consent law. The consumer must take an active step to check the box. This is consistent with both the E-SIGN Act and the FCC's interpretation of written agreement for TCPA purposes. If Google automatically checks the box in your form setup, that is not valid TCPA consent. The box must start unchecked.
Do I need separate consent if I want to both call and text a lead?
Not necessarily separate consent forms, but your consent language must explicitly cover both channels. If your form only mentions phone calls, you do not have consent for automated texts, and vice versa. The template in this article covers calls, prerecorded messages, and texts together in a single disclosure. As long as the language is clear about what types of automated contact are authorized, one consent form can cover multiple channels.
What is the difference between express consent and prior express written consent under TCPA?
Express consent is enough for non-marketing autodialed calls to cell phones (like transactional or informational messages). Prior express written consent, which requires the written agreement with specific elements, is required for marketing calls or texts made with an autodialer or prerecorded voice. If your Google lead form is generating leads for a sales campaign, assume you need prior express written consent, the higher standard.
Does TCPA consent from a lead form cover texts sent weeks or months later?
The consent is generally valid until the consumer revokes it, so it covers more than the first text. However, if you wait a very long time between the form submission and first contact, courts have occasionally found the delay relevant in deciding whether the consumer reasonably expected to be contacted. More practically, a consumer who submitted a form six months ago may have moved, changed numbers, or forgotten they consented. Good practice is to make first contact within a few days and honor any opt-out immediately and permanently.
What does "clear and conspicuous" mean for my lead form disclaimer?
It means a reasonable person would notice and read the disclosure before submitting. The FCC has not set a specific font size, but courts have found disclosures inadequate when they appeared in very small gray text below the submit button, required scrolling on mobile, or were buried in a long block of unrelated text. Your consent language should be readable without zooming, visually distinct from boilerplate, and placed above or immediately next to the submit button.
If a consumer opts out by replying STOP to a text, does that void their original consent entirely?
An opt-out revokes consent for future automated contacts. It does not retroactively void the consent that authorized prior contacts. After a STOP reply, you must immediately cease automated texts to that number and add it to your internal do-not-contact list. You cannot re-contact that number with automated messages unless they affirmatively opt back in, which requires a new consent event. Calling them manually on a non-DNC-registered number may still be permitted, depending on your legal analysis.
Are there state laws that go beyond federal TCPA requirements for lead form consent?
Yes. Florida's Telephone Solicitation Act (FTSA) added state-level autodialer restrictions with a private right of action. California's consumer privacy laws add data handling requirements on top of consent. Washington's Commercial Electronic Mail Act and Oklahoma's Consumer Protection Act also add layers. If you generate leads from consumers in multiple states, especially Florida and California, get state-specific legal review of your consent language. Federal TCPA compliance is a floor, not a ceiling.
What is the safest format for TCPA consent on a Google lead form if I cannot add a checkbox?
If your Google Ads lead form type does not support a required checkbox, use "by submitting this form" as the trigger action in your custom disclaimer language, and place the disclosure immediately above the submit button so it is clearly visible before the user taps submit. Screenshot the form monthly. Consider routing high-risk traffic to a landing page where you have full HTML control and can add a proper unchecked checkbox. The landing page approach is more defensible.
Does a Do Not Call registration override TCPA consent I collected through a lead form?
DNC and TCPA operate on separate tracks. A consumer on the National DNC Registry who submits your Google lead form with proper TCPA consent has likely also given the specific invitation that exempts a DNC-registered number from the telemarketing call restrictions, but you should have your attorney confirm your specific language covers both. Always scrub leads against the DNC registry before dialing, even when you have written TCPA consent, because the two regimes are not interchangeable.
Sources
- U.S. Code, 47 U.S.C. § 227, Telephone Consumer Protection Act: TCPA sets statutory damages of $500 per violation and up to $1,500 per willful violation for unauthorized autodialed calls and texts
- Code of Federal Regulations, 47 C.F.R. § 64.1200 (FCC 2012 TCPA rules, FCC 12-21): FCC's 2012 order required prior express written consent for autodialed or prerecorded marketing calls and texts to wireless numbers; 47 C.F.R. § 64.1200(f)(9) defines the consent requirements including the no-condition-of-purchase rule
- Federal Register, FCC Report and Order (January 2024), one-to-one consent rule amending 47 C.F.R. § 64.1200: FCC's January 2024 ruling requires TCPA consent to be given to one seller at a time; compliance date January 27, 2025; closes the lead generator loophole
- U.S. Code, 15 U.S.C. § 7001, Electronic Signatures in Global and National Commerce Act (E-SIGN Act): E-SIGN Act establishes that electronic signatures and records satisfy written consent requirements, supporting form-submission as valid electronic consent
- CTIA, Messaging Principles and Best Practices: CTIA guidelines require message and data rate disclosures and STOP opt-out instructions for SMS marketing; recommend storing IP address with consent records
- FTC, National Do Not Call Registry (donotcall.gov): FTC administers the National DNC Registry; telemarketers must access and scrub against the registry before making telemarketing calls
- Florida Legislature, Florida Telephone Solicitation Act (FTSA), Fla. Stat. § 501.059: Florida's FTSA adds state-level autodialer restrictions with a private right of action that runs alongside federal TCPA claims
- WebRecon LLC, TCPA Lawsuit Filing Statistics (annual reports): TCPA lawsuit filings number in the thousands annually; inadequate consent on web forms and lead generation is a common basis for claims
- FTC, Telemarketing Sales Rule, 16 C.F.R. Part 310: FTC's Telemarketing Sales Rule governs Do Not Call obligations and established business relationship rules that interact with TCPA consent requirements
- U.S. Code, 28 U.S.C. § 1658, federal question statute of limitations: The four-year federal catch-all statute of limitations applies to TCPA claims, setting the retention window for consent records