Last updated 2026-07-11

TL;DR
TCPA class actions are one of the most expensive litigation risks an outbound team faces. Settlements run into the millions. Plaintiffs' attorneys actively recruit class members, and courts have expanded who counts as a covered caller. The statute allows $500 to $1,500 per call or text, per violation, with no cap once a class is certified.
Why are TCPA class action lawsuits so expensive compared to individual suits?
Individual TCPA suits are annoying. Class actions are company-ending. The math is simple: statutory damages under 47 U.S.C. § 227(b)(3) run $500 per violation for negligent violations and $1,500 per willful violation [1]. Multiply that by a modest class of 10,000 members who each got three unconsented texts, and you're staring at $45 million in theoretical exposure before your attorney bills a single hour.
Courts don't always award the full statutory amount, and most cases settle long before a jury sees them. But the threat of that math is exactly why defendants pay. A 2021 analysis by WebRecon found that TCPA case filings in federal courts have numbered in the thousands per year, with the volume spiking around regulatory changes and high-profile settlements that pull more plaintiffs' attorneys into the space [2].
The class action vehicle amplifies every compliance failure. One bad list. One vendor who didn't scrub the National DNC Registry. One autodialer used without proper consent documentation. Any of those becomes a class-wide problem the moment a skilled plaintiff's attorney can show a common question of law or fact under Federal Rule of Civil Procedure 23. That's the standard for certification, and TCPA cases fit it almost naturally, because the underlying conduct (sending a batch of calls or texts) is by definition uniform across the class.
What does the TCPA actually say about class action exposure?
The core language sits in 47 U.S.C. § 227, the Telephone Consumer Protection Act of 1991 [1]. The statute doesn't prohibit class actions, and courts have consistently held that TCPA claims work well for class treatment because the fixed statutory damages mean individualized damages inquiries don't predominate.
Section 227(b)(3) reads, in part: "A person or entity may, if otherwise permitted by the laws or rules of court of a State, bring in an appropriate court of that State... an action to recover for actual monetary loss from such a violation, or to receive $500 in damages for each such violation, whichever is greater." [1] The trebling provision (up to $1,500) kicks in when the court finds the defendant willfully or knowingly violated the statute.
The FCC has piled significant regulatory guidance on top of the statute. The 2012 FCC Order (In the Matter of Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, CG Docket No. 02-278) tightened prior express written consent requirements for telemarketing calls and texts to cell phones, which means many pre-2012 consent records are worthless under current standards [3]. That shift spawned a wave of class actions attacking consent documents companies thought were airtight.
If you want the full background on what the statute covers, the tcpa overview is a good place to start before you get into litigation specifics.
How big are recent TCPA class action settlements, and what caused them?
The settlement numbers are large enough that they've changed how insurance underwriters price telemarketing liability coverage. A few documented examples show you the range.
Capital One settled a TCPA class action for $75.5 million in 2014, one of the largest at the time, covering consumers who received autodialed calls to their cell phones [4]. Facebook settled for $650 million in a related biometric privacy case that intersected with TCPA-style mass communication claims. More recently, the cash app tcpa class action settlement drew attention as a fintech company faced claims over automated outreach to users.
The credit one tcpa settlement is another useful case: a creditor using autodialed calls to reach customers, many of whom said they never gave proper consent or had revoked it, ending in a multi-million dollar resolution.
What caused these? In almost every major case, the same cluster of failures shows up: (1) autodialer use without documented prior express written consent, (2) failure to honor revocation requests promptly, (3) calling reassigned numbers where the original subscriber had consented but the current one hadn't, and (4) weak vendor oversight, where a third-party lead generator handed over numbers that turned out to be scrubbed off DNC lists or came from consumers who never opted in at all.
| Settlement / Case | Approximate Amount | Primary Allegation |
|---|---|---|
| Capital One (2014) | $75.5 million | Autodialed calls to cell phones without consent [4] |
| Dish Network (2017) | $61 million | DNC violations, calls after do-not-call requests [5] |
| Caribbean Cruise Line (2015) | $76 million | Prerecorded calls without consent |
| Wal-Mart (2017) | $10 million | Calls to reassigned numbers |
| Wells Fargo (2018) | $142 million | Autodialed calls to cell phones [4] |
These are documented public settlements. The pattern is consistent: violations at scale, poor consent records, and thin DNC scrubbing all lead to eight-figure outcomes.
Which outbound calling and texting practices trigger TCPA class actions most often?
Plaintiffs' attorneys hunt for patterns that repeat across thousands of class members. So they target practices that are, by nature, applied uniformly to large lists.
Autodialer use is the single biggest trigger. The TCPA restricts using an automatic telephone dialing system (ATDS) to call or text cell phones without prior express consent [1]. After Facebook v. Duguid (2021), the Supreme Court narrowed the ATDS definition to systems that use a random or sequential number generator, which helped some defendants [6]. But many outbound dialers still qualify, and plaintiffs have gotten creative in arguing capacity even when a system isn't actively generating random numbers.
Prerecorded messages are an independent trigger. Even if you've got a human agent ready to take the call, if the campaign uses a prerecorded greeting or voicemail drop, that's a separate TCPA exposure that doesn't touch the ATDS debate at all [1].
DNC violations are the other big class action source. Calling numbers on the National Do Not Call Registry without an established business relationship or written permission hands plaintiffs a clean, easy-to-prove violation. Because DNC scrubbing is (or should be) a mechanical process, failure to scrub looks like a systematic policy choice to a class action attorney. The do not call list rules and the mobile phone do not call list protections both feed into this exposure.
Reassigned numbers get underappreciated. The FCC's 2018 reassigned numbers database was built specifically to help callers avoid reaching people who never consented [3]. Companies that don't check it before dialing are sitting on a class action waiting to be filed.
Vendor-supplied leads deserve their own paragraph. If a vendor sold you a list and that list includes consumers who never opted in, you, as the calling party, are typically the defendant. The TCPA doesn't let you fully outsource liability to your lead generator, though indemnification clauses in vendor contracts are your main practical remedy after the fact.
How did Facebook v. Duguid change TCPA class action risk in 2021?
Facebook, Inc. v. Duguid, 592 U.S. 395 (2021), was the Supreme Court's first direct ruling on the ATDS definition [6]. The Court held, 9-0, that to qualify as an ATDS under the TCPA, a system must use a random or sequential number generator, either to store numbers or to produce them for dialing. Systems that dial from a stored list of specific numbers, with no random or sequential generation component, are not ATDSs under this definition.
For outbound teams, this was genuinely good news on paper. Predictive dialers that work from fixed lists got a lot safer overnight. Plaintiffs could no longer argue that any software capable of dialing without human intervention counted as an ATDS.
The picture has complications, though. First, some state laws, especially Florida after its 2021 mini-TCPA, use broader autodialer definitions that don't track the federal standard. Florida's Telephone Solicitation Act reached equipment that makes calls "in whole or in part" without human intervention, which is far wider than the federal definition [7]. Second, prerecorded message claims and DNC claims don't depend on the ATDS question at all. Duguid narrowed one exposure lane without closing the others. Third, some plaintiffs have successfully argued that certain dialing systems do use random or sequential number generation internally, and courts have been inconsistent on how deeply they'll examine a system's architecture.
The practical takeaway: Duguid reduced class action risk. It didn't eliminate it. Teams using dialers should still get a technical opinion from a vendor or attorney on whether their system qualifies as an ATDS under the post-Duguid standard.
What TCPA trends are courts and the FCC focused on right now?
A few active fronts are worth watching closely if you run an outbound team.
The FCC's one-to-one consent rule took effect on January 27, 2025. Under this rule, a consumer's prior express written consent must be obtained separately for each company that will contact them. A single consent form that names 50 lead buyers is no longer valid for any of them [3]. This rule goes straight at the lead generation model where aggregators collect one opt-in and resell it to many callers. If your leads come from a third-party generator, confirm that each lead's consent names your company specifically, or you're already operating on consent you can't legally rely on.
Revocation rules are tightening. The FCC's 2024 rulemaking on consent revocation confirmed that consumers can revoke consent through any reasonable means, and companies must honor that revocation within a "reasonable time," which the FCC has indicated should generally be no more than ten business days [3]. Ignoring a texted "STOP" and firing off two more marketing messages before your system processes it is exactly the pattern that makes a plaintiff's attorney's case easy.
State mini-TCPAs keep multiplying. Florida (2021), Oklahoma (2022), Washington, and several others have passed state-level telemarketing laws that in some cases exceed federal TCPA protections [7]. State laws mean you can face a state court class action with different (sometimes stricter) standards even when you're compliant with federal rules. Managing cold calling compliance now takes a 50-state awareness that most small teams don't have.
AI-generated voice calls are pulling new FCC attention. The FCC ruled in February 2024 that AI-generated voices in robocalls qualify as artificial voices under the TCPA, so they require the same prior express written consent as any other prerecorded message [3]. As AI voice tools get cheaper and easier to reach, expect this to become a significant source of new class action filings.
How do plaintiffs' attorneys find and build TCPA class action cases?
Understanding the plaintiff's side makes you a much better defendant, or ideally keeps you from becoming one at all.
Professional plaintiffs exist. There's a documented class of individuals who register multiple phone numbers, put them on the DNC list, then wait for calls. One well-known individual, named in multiple court cases, was found to have registered over 35 phone numbers specifically to generate TCPA claims. These are edge cases, but they show how low the barrier to filing a TCPA suit really is.
Most class actions start with a real consumer complaint. One person gets unwanted calls, talks to an attorney, and the attorney uses discovery to pull the call logs, marketing lists, and consent documentation for the whole campaign. If those records show 50,000 similar calls, the attorney has a class. Discovery in TCPA cases is especially useful to plaintiffs, because call logs and dialer records are almost always electronically stored and producible.
Plaintiffs' law firms advertise for TCPA clients. Search for "TCPA settlement claim" and you'll find dozens of firms with intake forms for anyone who has received unwanted calls or texts. That builds a self-reinforcing cycle: settlements generate press coverage, press coverage generates new clients, new clients generate new cases.
The absence of an arbitration clause is a major enabler. Many large TCPA settlements happen because the company's terms of service didn't include a class action waiver or mandatory arbitration clause, so the case went straight to federal court. If your outbound contacts involve a consumer relationship with terms of service, an arbitration clause is worth discussing with your attorney. It won't erase TCPA exposure, but it can change the litigation terrain a lot.
What does a TCPA class action timeline look like from complaint to settlement?
Most TCPA class actions never go to trial. They settle, and the timeline from complaint to settlement approval typically runs 18 to 36 months, though complex cases stretch longer.
Here's a rough sequence. The complaint gets filed in federal district court. The defendant usually moves to dismiss on grounds like standing (Spokeo, Inc. v. Robins, 578 U.S. 330 (2016) raised Article III standing questions defendants still use) [8] or failure to plead an ATDS. If the case survives that motion, discovery opens and the real cost starts: producing call records, dialer specifications, consent documentation, marketing lists, and vendor contracts. This phase alone can cost a defendant $500,000 to $2 million in legal fees before anyone talks settlement.
Class certification is the inflection point. If the court certifies the class, the defendant's exposure multiplies immediately and the pressure to settle turns intense. Most defendants settle shortly before or after the certification decision. A certified class covering 100,000 consumers at $500 per violation, even for a single call each, is a $50 million exposure that no rational board will litigate to trial.
After settlement, class members get notice, have a window to opt out or object, and then the court holds a fairness hearing. Plaintiffs' attorneys typically take 25% to 33% of the settlement fund. Individual class members often receive $10 to $150 each, which is why the attorneys have a much stronger financial reason to bring these cases than the individual consumers do.
How can small outbound teams reduce TCPA class action exposure?
You don't need a 50-person compliance department. You need a few non-negotiable practices applied consistently.
First, document consent at the moment of collection. Prior express written consent has to be captured in a way that's dated, attributable to a specific consumer, and tied to a specific disclosure that names your company [3]. A screenshot of a web form, a timestamped API log from your lead vendor, or a signed document all work. A verbal claim that "they checked a box" does not.
Second, scrub every list before every campaign. The National DNC Registry requires companies to scrub against it at least every 31 days [5]. Plenty of companies scrub before launch, then run the campaign for 90 days without re-scrubbing, which means consumers who registered after the first scrub are getting called with no protection. The do not call telemarketer list rules make this a hard deadline, not a suggestion.
Third, build a real revocation workflow. Every channel you use (calls, texts, emails) needs a clear path to revoke and a mechanical process to suppress that number or address inside the required window. "STOP" texts need to process before the next send, not at the end of the week.
Fourth, audit your vendors. The question you need answered in writing is: "For each number on this list, when and how was consent obtained, and does the consent document name our company specifically?" If your vendor can't answer that, the list is a liability.
LeadCompliant's free TCPA compliance kit gives you consent documentation templates and a pre-campaign checklist you can use today. It's a starting point, not a substitute for legal counsel on your specific campaigns, but it closes the most common gaps that make companies easy targets.
For teams doing any volume of outbound texting, the text message marketing compliance requirements deserve their own review, separate from your call compliance process.
What defenses actually work in TCPA class action cases?
Defense strategies vary by the facts, but a few consistently give defendants real ground to stand on.
Established business relationship (EBR) is a partial defense for DNC claims. If a consumer made a purchase or inquiry within the last 18 months (or 3 months for inquiries), you have an EBR that allows calls to that consumer even if they're on the National DNC list, as long as the consumer hasn't asked you to stop [5]. EBR does not protect against ATDS or prerecorded message claims. Only DNC claims.
Prior express written consent, properly documented, is the main defense for ATDS and prerecorded message claims. The key word is documented. Courts have rejected defenses where the caller claimed consent existed but couldn't produce a contemporaneous record. "We always had consumers check a box" is not evidence.
The Duguid ATDS definition defense stays viable for systems that genuinely dial from fixed lists without random or sequential generation. Getting a technical declaration from your dialer vendor explaining the system's architecture is now standard practice in TCPA litigation.
Good faith reliance on FCC guidance has been argued with mixed results. Where a company followed an FCC interpretation that was later overturned (as happened several times with the ATDS definition between 2012 and 2021), courts have sometimes cut or eliminated damages. This defense has narrow application, but it's real.
Arbitration clauses and class action waivers in consumer contracts have held up in some TCPA cases, effectively forcing plaintiffs into individual arbitration instead of class treatment. Enforceability depends on how the clause is drafted and the specific relationship between the company and the consumer.
Does TCPA class action risk apply to B2B outbound teams too?
Mostly no, with important exceptions. The TCPA's cell phone protections attach to the telephone number, not the type of call. If you're calling a mobile number that happens to belong to a business contact, the TCPA applies to that call the same way it would to a consumer call [1]. The fact that you meant to reach a business person doesn't change the analysis.
This matters a lot for B2B teams using purchased lists or data append services. If your list includes mobile numbers for your target contacts, you have TCPA exposure on every autodialed call, regardless of the commercial context. The B2B exception many salespeople believe in isn't in the statute. What does exist is a practical reality: individual business users are less likely to file TCPA complaints, and plaintiffs' attorneys tend to focus on higher-volume consumer campaigns. But "less likely to be sued" is not the same as "compliant."
Landlines are different. The TCPA's restrictions on ATDS calls are specific to cell phones. Landlines face the prerecorded message restrictions but not the ATDS restrictions, which is why many B2B teams working from desk-phone lists have less acute TCPA class action exposure from their dialing practices specifically.
If your B2B cold call campaigns use mobile numbers, treat them with the same consent and scrubbing discipline you'd apply to a consumer campaign. The risk profile is different but the legal standard is the same.
How should you get the do-not-call list and stay current with scrubbing requirements?
The FTC manages the National Do Not Call Registry. Companies that make telemarketing calls must register at donotcall.gov, pay a fee (currently $79 per area code per year, with the first five area codes free), and access the registry to scrub their call lists before dialing [5]. Scrubbing has to happen within 31 days before any call, which means if your campaign runs longer than a month you need to re-scrub mid-campaign.
Many outbound teams hand scrubbing to their dialer or CRM platform. That's fine operationally, but you need to verify the platform is actually pulling fresh registry data at the required frequency, not running against a cached copy from three months ago. Get that confirmation in writing from your vendor and keep it.
For the registration process and how do i get the do not call list access, the FTC's donotcall.gov is the authoritative source.
State DNC lists add another layer. Several states run their own registries you must check separately from the federal one. Indiana, Wyoming, and others maintain state lists with their own registration requirements and scrubbing intervals. If you're running national campaigns, a scrubbing vendor that covers both federal and state DNC registries is worth the added cost.
Frequently asked questions
What is the average TCPA class action settlement amount?
Documented large TCPA settlements have ranged from $10 million to over $140 million, with cases like Wells Fargo settling for $142 million and Dish Network settling for $61 million. The actual recovery per class member is often $10 to $150, but the total fund reflects the scale of the alleged violations. Smaller companies often settle in the $1 million to $10 million range when class sizes are more limited.
Can a small business be hit with a TCPA class action?
Yes. The TCPA does not limit exposure by company size. A small team running one campaign to 30,000 cell phones with an autodialer and no proper consent faces the same $500 to $1,500 per-call exposure as a Fortune 500 company. The practical difference is that small businesses are less likely to be targeted first, but a plaintiff's attorney who spots a clean violation won't pass on it because of the company's revenue.
Does the TCPA apply to text messages the same way it applies to calls?
Yes. The FCC confirmed in 2003 that text messages are calls under the TCPA, so the same prior express written consent requirements apply to marketing texts sent via ATDS or with a prerecorded component. Texts sent through short code platforms or bulk SMS tools usually run through systems that qualify as ATDSs under many readings of the statute, making consent documentation just as critical as for voice campaigns.
How did Facebook v. Duguid change TCPA class action exposure?
The 2021 Supreme Court decision narrowed the ATDS definition to systems that use a random or sequential number generator. Systems dialing from fixed stored lists without such generation are not ATDSs under the federal standard. This helped defendants whose dialers work from fixed lists, but it didn't touch prerecorded message claims, DNC claims, or state-level mini-TCPA claims, which stay fully intact.
What is the FCC's one-to-one consent rule and when did it take effect?
The FCC's one-to-one consent rule took effect January 27, 2025. It requires that prior express written consent for telemarketing calls and texts be obtained separately for each company that intends to contact the consumer. A single opt-in form listing multiple lead buyers no longer provides valid consent for any of them. This directly affects companies that buy leads from aggregators who collect consent on behalf of many buyers.
What is prior express written consent and how do I document it?
Prior express written consent is a signed agreement (an electronic signature or checked web form box counts) in which the consumer authorizes a specific named company to contact them via autodialer or prerecorded message at a specified phone number. The FCC's 2012 order requires this consent before the call or text, not after. Documentation should include the consumer's name, the number, the date and time of consent, and the exact disclosure language shown to them.
Can I be liable for TCPA violations if a vendor made the calls on my behalf?
Generally yes, if the vendor acted at your direction and on your behalf. Courts have held that companies can be vicariously liable for TCPA violations by their vendors, agents, and lead generators under theories of actual authority, apparent authority, or ratification. Vendor contracts should include TCPA compliance representations, indemnification clauses, and audit rights, but those clauses help you recover from the vendor. They don't eliminate your liability to the plaintiff.
How often do I need to scrub my call list against the National DNC Registry?
The FTC requires companies to scrub call lists against the National Do Not Call Registry within 31 days before any call. A campaign that runs longer than 31 days must be re-scrubbed mid-run. Failure to scrub creates a DNC violation for every call made to a registered number, and those violations pile into class action territory quickly when a campaign reaches thousands of numbers.
What should I do if a consumer revokes consent by texting STOP?
Process it immediately and suppress that number from all future campaigns. The FCC's 2024 guidance on revocation confirmed that consumers can revoke consent through any reasonable means and companies must honor revocation within a reasonable time, generally read as no more than ten business days. Sending more marketing messages after a clear revocation request is exactly the pattern plaintiffs' attorneys look for when building a class action around systematic consent failures.
Are there state-level TCPA equivalents that create additional class action risk?
Yes. Florida's Telephone Solicitation Act (2021) uses a broader autodialer definition than post-Duguid federal law and allows a $500 per-call private right of action. Oklahoma, Washington, and other states have similar legislation. State mini-TCPAs mean a company can be federally compliant but still face a state class action. If you run campaigns in multiple states, you need a state-by-state review of your dialing and texting practices.
Do B2B outbound calls to mobile phones carry TCPA risk?
Yes. The TCPA applies to the phone number, not the purpose of the call. Autodialed or prerecorded calls to a mobile number belonging to a business contact are subject to the same TCPA consent requirements as consumer calls. B2B teams using purchased lists that include mobile numbers should apply the same consent documentation and DNC scrubbing practices they would use for consumer campaigns.
What is the statute of limitations for TCPA class actions?
Most federal circuits apply a four-year statute of limitations to TCPA claims under 28 U.S.C. § 1658, the general federal question limitations period. Some circuits have debated whether a one-year state limitation applies instead, but the four-year period is the safer assumption for compliance planning. This means call records and consent documentation should be retained for at least four years after the campaign ends.
Does having an arbitration clause protect me from a TCPA class action?
It can help a lot. Properly drafted arbitration clauses with class action waivers in consumer-facing terms of service have been upheld in some TCPA cases, forcing plaintiffs into individual arbitration rather than class treatment. Enforceability depends on how the clause is presented and whether the consumer had meaningful notice. This is not a substitute for real compliance, but it changes the litigation landscape enough to be worth discussing with your attorney.
Sources
- U.S. Government, 47 U.S.C. § 227, Telephone Consumer Protection Act: TCPA statutory damages are $500 per violation, trebled to $1,500 for willful violations; ATDS and prerecorded message restrictions apply to cell phones
- WebRecon LLC, TCPA Lawsuit & FDCPA Lawsuit Statistics: TCPA case filings in federal courts have consistently numbered in the thousands per year
- Public court records, Capital One TCPA settlement 2014 and Wells Fargo TCPA settlement 2018: Capital One settled for $75.5 million in 2014; Wells Fargo settled for $142 million in 2018 for autodialed calls to cell phones
- FTC, National Do Not Call Registry, donotcall.gov: Companies must scrub call lists against the registry within 31 days before any call; registry access costs $79 per area code per year with first five free; Dish Network settled for $61 million for DNC violations
- U.S. Supreme Court, Facebook, Inc. v. Duguid, 592 U.S. 395 (2021): Supreme Court held 9-0 that an ATDS must use a random or sequential number generator; dialing from a stored list without such generation does not qualify
- Florida Legislature, Florida Telephone Solicitation Act, Fla. Stat. § 501.059: Florida's 2021 mini-TCPA uses a broader autodialer definition covering equipment that makes calls in whole or in part without human intervention, broader than post-Duguid federal standard
- U.S. Supreme Court, Spokeo, Inc. v. Robins, 578 U.S. 330 (2016): Article III standing requires a concrete injury; TCPA defendants use this to argue bare statutory violations without real-world harm lack standing
- FTC, Telemarketing Sales Rule, 16 CFR Part 310: Telemarketing Sales Rule governs DNC requirements and established business relationship rules, including 18-month purchase EBR and 3-month inquiry EBR