Last updated 2026-07-10

TL;DR
Click-to-call campaigns fall fully under the TCPA (47 U.S.C. § 227). Any call placed through an autodialer or prerecorded message to a mobile number needs prior express written consent. Violations cost $500 to $1,500 per call. The consent has to be call-specific, not buried in general website terms. Get it right before the first dial.
What is click-to-call and does the TCPA actually apply to it?
Click-to-call is what it sounds like. A consumer taps a button on a web page, an ad, or a text, and the platform either connects the call right away or fires an outbound call from your system back to that consumer's phone. Compliance teams keep asking whether that click changes the TCPA math. It doesn't.
The TCPA, codified at 47 U.S.C. § 227, bars using an automatic telephone dialing system (ATDS) or a prerecorded voice to call any mobile number without the prior express consent of the called party [1]. The law does not care whether the consumer clicked a button or whether your dialer queued the number on its own. The question is narrower than that. Did an ATDS or prerecorded message touch a mobile number without proper consent?
The FCC's 2015 Declaratory Ruling and Order (FCC 15-72) read the ATDS definition to cover equipment with the capacity to store or produce telephone numbers using a random or sequential number generator and dial them. Many click-to-call platforms queue numbers programmatically, which drops them straight inside that definition. The 2021 Supreme Court decision in Facebook v. Duguid narrowed the ATDS definition, holding it reaches systems that use "a random or sequential number generator" to store or produce numbers [11]. If your system stores a list of numbers and dials them automatically after a click event, you are still exposed under most courts' reading.
Don't treat the consumer's click as a consent proxy. It's a user interface action, not a legal consent document.
What kind of consent do click-to-call campaigns require?
The TCPA runs two consent tiers, and which one applies depends on what you are calling about.
Informational calls (appointment reminders, order updates, no sales pitch) need only "prior express consent." The consumer just has to have handed you their number in a context where getting that kind of call was reasonably expected.
Telemarketing and advertising calls to mobile numbers placed with an ATDS or prerecorded message need "prior express written consent." The FCC's 2012 rules under 47 C.F.R. § 64.1200(a)(2) define that as a signed agreement (wet or electronic) that clearly authorizes a specific seller to call that consumer, at the specific number provided, for marketing purposes, using an ATDS or prerecorded voice [3]. The agreement also has to say consent isn't a condition of purchase.
For click-to-call ad campaigns, almost every fight is about which category applies. Someone clicks "Call us now" from a Google search ad and your system rings them back as a follow-up. That follow-up is almost certainly a telemarketing call, which means the written-consent standard.
Three things that do NOT count as written consent under the TCPA:
- A general website privacy policy that mentions "you may be contacted"
- Pre-checked boxes on a web form
- The consumer's act of clicking your ad button
Two things that DO work:
- A clearly worded opt-in checkbox (unchecked by default) on a landing page with compliant disclosure language
- A recorded verbal consent captured during an inbound call, where the system reads a compliant disclosure and the consumer confirms
The FCC and plaintiffs' attorneys both look at the same thing: does the consent language name the seller, specify the channel, and make clear it covers automated calls? Generic language fails. Read the disclosure out loud to yourself. If it sounds like fine print nobody would understand, a judge will probably agree.
How does the TCPA treat calls triggered by Google or Meta click-to-call ads?
It depends entirely on who dials whom. Google call ads and Meta click-to-call lead ads are popular because they produce phone calls from people who look interested right now. The compliance answer splits into two scenarios based on how the call actually routes.
Scenario 1: The consumer places the call directly. They click the ad and their phone dials your number. They are the originating party. This is a consumer-initiated inbound call, and the TCPA doesn't restrict it the way it restricts outbound autodialed calls. They called you. You answered. No ATDS dialed their number.
Scenario 2: Your system calls them back. The consumer fills out a lead form inside a click-to-call ad (common with Meta lead gen forms), and your CRM or dialer automatically rings the number they submitted. Now you are the originating party using an automated system. That's an outbound ATDS call, and full TCPA consent rules apply.
Here's where teams get burned. Many marketing shops run both setups interchangeably and keep no clean record of which calls were truly consumer-initiated versus system-initiated follow-ups. If you can't prove the call was inbound, you will struggle in litigation.
Scenario 2 needs documented prior express written consent before the dialer fires. The Meta lead form or the landing page your Google ad points to has to carry a clear, standalone TCPA disclosure with an affirmative opt-in action. Platforms like Meta have their own terms restricting certain uses of lead data, but those terms don't substitute for TCPA consent. They are separate obligations.
See our broader overview of cold calling rules if you run mixed outbound campaigns alongside your click-to-call traffic, because the outbound rules stack on top of any consent gaps.
What does a TCPA-compliant consent disclosure actually look like?
The FCC rules and court decisions give you enough to build a working template. A compliant disclosure for a click-to-call lead form needs every one of these elements.
1. It names the entity (or entities) that will call. If you're a lead generator selling to multiple buyers, name every buyer or limit consent to a reasonable number of sellers. The FCC's 2024 one-to-one consent rule (set to take effect in January 2025 before being vacated by the Eleventh Circuit, so check current status) pushed toward naming each seller individually [4]. 2. It states the consumer consents to receive autodialed and/or prerecorded calls. 3. It names the specific phone number, or states that calls go to the number provided. 4. It makes clear consent is not required to buy anything. 5. It requires an affirmative action: checking an unchecked box, or clicking a clearly labeled consent button. Burying it in terms of service does not work.
Working example (run it past your own counsel):
"By checking this box, I agree that [Company Name] may contact me at the phone number I provided above, including via autodialed or prerecorded calls, for marketing purposes. I understand that consent is not required to purchase any product or service."
That's the core. Keep it close to the submit button or the click-to-call button. Don't push it below the fold. The closer it sits to the action the consumer takes, the cleaner your consent record reads in court.
Timestamp the consent. Store the IP address, the form version, the disclosure text shown at that moment, and the date and time. If a TCPA claim lands, those records are your first line of defense.
What are the TCPA penalties for click-to-call violations?
The statute sets damages at $500 per violation for unintentional violations and $1,500 per violation for willful or knowing ones [5]. Each call (or text) counts as a separate violation. Fire 10,000 calls without proper consent and you're staring at $5 million to $15 million in statutory damages before any class multiplier.
TCPA cases are almost always class actions. The statutory damages make the math attractive to plaintiffs' attorneys even without proof of real harm. The plaintiff doesn't have to show they lost a dime. They just have to show they got an unconsented autodialed call.
Real settlements set the scale. The Cash App TCPA class action settlement hit $5.5 million. The Credit One TCPA settlement reached $12.5 million. Those aren't outliers. They're what a systemic consent problem across a big call volume looks like when it lands in court.
Willfulness moves the number. If a consumer sent a cease-and-desist and you kept calling, or internal emails show your team knew the consent process was broken and used it anyway, the $1,500 figure applies. Courts have found willfulness on thinner facts.
The FCC can also issue forfeitures under 47 U.S.C. § 503. In 2021, the agency imposed a $225 million forfeiture on a Texas health-insurance telemarketing operation for roughly one billion spoofed robocalls, the largest in FCC history at the time [6]. That's how seriously the agency treats systematic violations.
Small teams sometimes think they fly below the radar. They don't. Plaintiffs' attorneys run automated complaint systems that flag high-volume callers. A startup with a leaky consent form that dialed 50,000 leads is as exposed as a Fortune 500.
Do you still need to scrub the Do Not Call registry for click-to-call leads?
Yes, and TCPA consent won't cover you here. TCPA consent and Do Not Call (DNC) compliance are separate legal obligations. You have to satisfy both.
The National Do Not Call Registry is run by the FTC under 16 C.F.R. § 310, the Telemarketing Sales Rule [12]. A number on the National DNC list can't receive a telemarketing call, period, whether or not you hold TCPA-style consent. One narrow exception exists: the consumer can give you express written permission to call their DNC-registered number, and that permission has to name your company specifically.
The practical workflow for click-to-call: 1. Capture consent on the landing page or lead form (TCPA requirement) 2. Scrub the submitted number against the National DNC registry before dialing (TSR requirement) 3. Scrub against your own internal DNC list for anyone who already opted out with you 4. Check state-specific DNC lists where they apply (several states run their own registries)
The subscription fee for the National DNC registry is set by the FTC by area code, and the first five area codes are free [7]. If your click-to-call campaign pulls leads nationally, budget for full registry access.
For how the registry works and how to get into it, see our guide on the do not call list and the do not call telemarketer list.
State DNC rules add another layer. Florida runs its own state DNC list plus a mini-TCPA (the Florida Telephone Solicitation Act) that allows private suits with up to $500 per call in damages. Texas and Oklahoma run similar structures. Federal compliance alone won't save you if you call into multiple states.
How do you handle revocation of consent in a click-to-call context?
Consumers can revoke TCPA consent at any time, by any reasonable means. The FCC's 2024 order on consent revocation locked this in, stating companies must honor revocation requests within a reasonable time and can't force consumers into a single opt-out method when a different reasonable method gets used [8].
For click-to-call campaigns, that means:
- A consumer says "stop calling me" during a live call. That's a revocation. Flag the record immediately.
- They send an email asking you to stop. Counts.
- They text STOP to a number tied to your campaign. Counts.
- They re-register on the DNC list. Counts for future calls.
The 2024 FCC rule gives companies a 10-business-day window to process revocation requests. Blow that window and a consent issue becomes a willfulness issue.
Your internal DNC suppression list is the machine that runs all of this. Every person who revokes has to hit that list before the next dialing session. If your click-to-call platform and your CRM aren't synced on suppression, you have a gap that will eventually produce a violation.
Test it yourself. Call your own campaign number, ask to be removed, then check whether your CRM shows the revocation within 24 hours. If it doesn't, fix the process before a plaintiff's attorney finds the hole first.
What records do you need to keep to defend a TCPA click-to-call claim?
A TCPA demand letter or class complaint puts your documentation on trial. Your defense lives or dies on what you retained. Here's what to keep and for how long.
| Record Type | What to Store | Recommended Retention |
|---|---|---|
| Consent records | Timestamp, IP, form version, disclosure text shown | 4 years minimum (TCPA statute of limitations) |
| Call logs | Number dialed, time, duration, agent ID, campaign ID | 4 years |
| DNC scrub logs | Date of scrub, registry version used, numbers removed | 4 years |
| Revocation records | Date received, method, who processed it, suppression date | 4 years |
| Lead source contracts | What the lead vendor warranted about consent | Duration of relationship + 4 years |
| Form/page versions | Screenshots or archives of what the consent page looked like | 4 years after last use |
The four-year window comes from the TCPA's statute of limitations under 28 U.S.C. § 1658, though some states run longer periods under their own laws.
Lead vendors are their own risk. If you buy click-to-call leads from a third party, get a written representation that the leads carried TCPA-compliant consent and that the disclosure language met the one-to-one standard. If the vendor can't give you that, you're taking on their compliance risk as your own.
LeadCompliant's free compliance kit includes a consent audit checklist and a record retention template you can adapt to your workflow. Use it mid-process, not after a lawsuit lands.
For mobile-specific DNC questions, also review how the mobile phone do not call list interacts with your click-to-call consent records.
Does the TCPA apply differently to B2B click-to-call campaigns?
B2B gets a partial carve-out, but it's narrower than most sales teams assume. The trap is the phone type, not the person.
The TCPA's autodialer and prerecorded-message restrictions apply to calls to "telephone numbers assigned to a paging service, cellular telephone service, specialized mobile radio service, or other radio common carrier service" [1]. That definition keys on the phone type, not the person. Call a mobile phone that belongs to a business owner or employee and the TCPA still applies to that number, even if the pitch is B2B sales.
Where B2B gets breathing room:
- Calls to landline business numbers aren't restricted under the TCPA's ATDS provisions (state laws and the FTC's TSR still apply)
- The FCC has historically treated business landlines as outside the core TCPA mobile protections
- Courts have sometimes found implied consent when a mobile number sits publicly listed as a business contact
That implied-consent argument for B2B is fact-specific and contested. Building a compliance strategy on it is risky. The safer move is express consent even for B2B mobile leads, especially if your dialer qualifies as an ATDS.
Text marketing to business mobile numbers carries the same TCPA risk as consumer texts. See our guide on text message marketing for the SMS-specific angle on consent.
What practical steps should you take before launching a click-to-call campaign?
Run this before your campaign goes live. If you use any automated dialing component, none of these steps are optional.
Step 1: Audit your dialing technology. Ask your platform vendor in writing whether their system qualifies as an ATDS under the post-Facebook v. Duguid standard. Get the answer in writing. If they can't tell you, assume yes and build your consent process to match.
Step 2: Review every consent touchpoint. Screenshot every landing page, lead form, and ad that feeds numbers into your campaign. Read the disclosure language. Does it name your company? Does it mention autodialed calls? Is the opt-in checkbox unchecked by default? Fix whatever fails.
Step 3: Verify your DNC scrub process. When was your last registry download? Is your suppression list current? Is it wired into your dialer so numbers drop out before the next call attempt, not after?
Step 4: Document your lead source contracts. Buying leads? Get written warranties. If a vendor can't produce them, that tells you what you need to know about their data.
Step 5: Set up revocation handling. Who processes a verbal opt-out? How fast does it hit the suppression list? Test it.
Step 6: Train your agents. Agents have to know what to do when a consumer says "take me off your list" during a live call. That instruction gets followed immediately, logged, and synced to suppression.
LeadCompliant offers free number-checking tools and a downloadable compliance kit that walks each step with a fillable template. A pre-launch audit takes a few hours and costs a fraction of a single demand letter.
For the broader cold call compliance picture beyond TCPA, including state calling-hour rules and agent disclosure requirements, see our cold calling hub.
What have courts actually decided about click-to-call consent?
No court has carved out a special safe harbor for click-to-call. A few real cases show where the lines fall.
In Marks v. Crunch San Diego (9th Cir. 2018), the court read ATDS broadly, holding that a system that stored and dialed numbers without human intervention met the definition even without a random number generator [9]. Facebook v. Duguid (2021) partially superseded that reading, but the practical takeaway holds: if your click-to-call system dials from a stored list automatically, you sit in ATDS territory in many circuits.
In Van Patten v. Vertical Fitness Group (9th Cir. 2017), the court found that a consumer who gave a cell number to a gym at signup had impliedly consented to texts about related services, but that consent did not stretch to communications from a new owner of the gym [10]. For click-to-call, that means consent given to one entity doesn't automatically transfer when you buy leads from another company.
Most TCPA click-to-call disputes settle before trial, which is why the big settlements like Cash App ($5.5M) and Credit One ($12.5M) teach more than published verdicts. The pattern repeats: systemic consent failures, high call volumes, internal records that showed the company knew something was wrong.
Some defense arguments have worked case by case. The reliable protection is a solid consent record from the start, not a litigation theory after the fact.
Frequently asked questions
Is click-to-call covered by the TCPA?
Yes. The TCPA covers any call placed with an ATDS or prerecorded message to a mobile number, whether or not a consumer clicked a button to start contact. If your system dials the consumer's number automatically after a click event, full TCPA consent rules apply. Only truly consumer-initiated inbound calls, where the consumer dials your number directly, fall outside the outbound ATDS restrictions.
Does a consumer clicking my call ad count as TCPA consent?
No. Clicking an ad is a UI action, not a legal consent instrument. TCPA prior express written consent needs a signed agreement, specific to your company, naming the phone number, and stating the consumer agrees to autodialed or prerecorded calls. A click satisfies none of those elements. You need a separate, clearly worded opt-in with an affirmative consumer action before you dial.
What is the penalty for a TCPA violation in a click-to-call campaign?
The TCPA sets statutory damages at $500 per call for unintentional violations and $1,500 per call for willful or knowing violations under 47 U.S.C. § 227. Because each call is a separate violation and these cases run as class actions, a campaign with tens of thousands of unconsented calls can generate exposure in the tens of millions of dollars before any class multiplier.
Do I need to scrub click-to-call leads against the National DNC registry?
Yes. National DNC compliance under the FTC's Telemarketing Sales Rule is a separate obligation from TCPA consent. Even with valid TCPA written consent, you can't place a telemarketing call to a number on the National DNC registry unless the consumer gave your specific company express written permission. Run DNC scrubs before each dialing session using a current registry download.
How long do I have to honor a revocation of consent?
The FCC's 2024 consent revocation order requires companies to honor opt-out requests within a reasonable time, and the rule sets 10 business days as the outer limit. Revocation can arrive through any reasonable channel: a verbal request on a call, an email, a text, or re-registration on the DNC list. Missing the window turns a consent gap into a potential willfulness finding.
Does the TCPA apply to B2B click-to-call campaigns?
It depends on the number type. The TCPA's ATDS restrictions apply to cellular numbers regardless of whether the call purpose is B2B. If you dial a business owner's mobile number from an automated system, TCPA applies. Calls to business landlines have more flexibility under the TCPA, though the FTC's Telemarketing Sales Rule and state laws still apply. Getting express consent for B2B mobile numbers is the safest approach.
What records do I need to keep for TCPA click-to-call compliance?
At minimum, retain consent records (timestamp, IP address, exact disclosure text shown), call logs (number, time, agent, campaign), DNC scrub logs (date and registry version), and revocation records. The TCPA's statute of limitations is four years, so keep records at least that long. If you buy leads, keep written warranties from your lead vendors confirming their consent practices.
Can I use a third-party lead vendor's consent for my click-to-call campaign?
Only if the vendor obtained consent that specifically names you (or is one-to-one under the FCC's 2024 rule) and the disclosure language met TCPA standards. Generic "partner" consent that lumps dozens of companies together has been rejected by courts and the FCC. Get written warranties from your vendor, read their actual consent language, and don't assume their compliance is your compliance.
What is prior express written consent for click-to-call?
Under 47 C.F.R. § 64.1200(a)(2), prior express written consent is a signed agreement, including electronic signatures, that clearly authorizes a specific seller to call the consumer at a specific number using an ATDS or prerecorded message for marketing purposes. The agreement must state that consent is not a condition of purchase. Pre-checked boxes, buried privacy policy language, and generic terms of service do not satisfy this standard.
How does Facebook v. Duguid affect click-to-call compliance?
The Supreme Court's 2021 Facebook v. Duguid decision narrowed the ATDS definition, holding it requires a system that uses a random or sequential number generator to store or produce numbers. Systems that only dial from a stored list without that generation may fall outside the definition. But many click-to-call platforms still qualify under the narrower reading, so get a written assessment from your vendor rather than assuming you're safe.
Do state laws add extra requirements for click-to-call campaigns?
Yes. Florida, Texas, Oklahoma, and several other states run their own telephone solicitation laws with independent private rights of action. Florida's FTSA, for example, allows $500 per call in damages and covers autodialed calls without requiring the caller to be a "telemarketer" under the narrow federal definition. California's CPUC rules add another layer. A national campaign makes federal TCPA compliance the floor, not the ceiling.
How do I get access to the National Do Not Call registry for scrubbing leads?
You access the National DNC registry through the FTC's website at donotcall.gov. The first five area codes are free. Additional area codes carry a fee set by the FTC, and a full national subscription covers all registered numbers. You need a subscription to legally scrub your call lists, and you should download a fresh copy before each major dialing campaign so you're working from current data.
What should a TCPA-compliant opt-in form look like for a click-to-call landing page?
The form needs an unchecked checkbox near the submit or call button, with disclosure language that names your company, states the consumer agrees to autodialed or prerecorded calls, identifies the phone number field, and notes that consent is not required to buy anything. Keep the disclosure close to the action the consumer takes. Archive the form version and the exact text shown at each consent for your records.
What is the one-to-one consent rule and does it affect click-to-call?
The FCC's 2024 one-to-one consent rule, set to take effect in January 2025 before the Eleventh Circuit vacated it (so check current status), required TCPA consent to identify a single seller rather than a broad list of partners. For click-to-call lead generators selling to multiple buyers, that means each buyer needs its own consent record. The rule directly affects multi-buyer lead distribution models common in insurance, mortgage, and home services.
Sources
- U.S. Congress, Telephone Consumer Protection Act, 47 U.S.C. § 227: TCPA prohibits using an ATDS or prerecorded voice to call mobile numbers without prior express consent
- FCC, 47 C.F.R. § 64.1200(a)(2), Prior Express Written Consent Rule: Prior express written consent requires signed agreement naming the seller, number, and marketing purpose, with no purchase condition
- U.S. Congress, 47 U.S.C. § 227(b)(3), TCPA Damages Provision: TCPA provides $500 per violation for unintentional violations and $1,500 per violation for willful or knowing violations
- FTC, National Do Not Call Registry, donotcall.gov: National DNC Registry is maintained by the FTC; first five area codes free, additional area codes fee-based
- Marks v. Crunch San Diego, 904 F.3d 1041 (9th Cir. 2018): 9th Circuit held that a system storing and dialing numbers without human intervention met ATDS definition even without random number generator
- Van Patten v. Vertical Fitness Group, 847 F.3d 1037 (9th Cir. 2017): 9th Circuit held that consent given to one entity does not automatically transfer to a new owner or related company
- Supreme Court of the United States, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court narrowed ATDS definition to systems using random or sequential number generator to store or produce numbers
- FTC, Telemarketing Sales Rule, 16 C.F.R. § 310: TSR prohibits telemarketing calls to National DNC registered numbers regardless of TCPA consent status