What is AT&T's Privacy Policy Sharing Clause requirement for 10DLC campaigns?

AT&T requires that opt-in consent forms include a privacy policy that explicitly discloses whether consumer information collected during SMS opt-in may be shared with third parties. Campaigns where consumer data is shared with affiliates, partners, or data providers must include this disclosure in the privacy policy referenced at opt-in. Missing the sharing clause is a specific AT&T rejection trigger documented in their carrier addenda requirements.

Where must the Privacy Policy Sharing Clause appear to satisfy AT&T's requirement?

The sharing clause must appear in the privacy policy document linked at the opt-in form — not just in the opt-in disclosure text. AT&T's review process verifies that the privacy policy URL provided during campaign registration contains explicit language about data sharing practices. A generic privacy policy that does not address SMS data sharing specifically will fail AT&T's campaign registration validation.

What language satisfies AT&T's Privacy Policy Sharing Clause for 10DLC?

Compliant sharing clause language discloses: whether mobile phone numbers and opt-in data are shared with third parties, the categories of third parties if sharing occurs (affiliates, marketing partners, analytics providers), and the opt-out mechanism for data sharing. If data is not shared, the privacy policy should explicitly state 'We do not share mobile opt-in information with third parties for marketing purposes.' Both sharing and non-sharing disclosures require explicit language — silence on the topic triggers AT&T rejection.

Do other carriers require a Privacy Policy Sharing Clause like AT&T?

T-Mobile and Verizon review privacy policies during campaign registration but apply less specific enforcement on the sharing clause compared to AT&T. T-Mobile focuses primarily on opt-in form compliance and DUNS verification. Verizon's review covers overall privacy policy adequacy. Implementing the AT&T sharing clause standard satisfies all three carriers and reduces cross-carrier rejection risk.

What happens if my existing privacy policy doesn't include the AT&T required sharing clause?

Update your privacy policy to add the sharing clause before resubmitting to AT&T. Privacy policy updates can typically be published and reflected at the registered URL within 24 hours. After updating, resubmit your campaign registration with the updated privacy policy URL through RingCentral Trust Hub or your messaging platform's TCR interface. AT&T does not require a grace period for policy updates — immediate resubmission after the policy change is effective.

Privacy Policy Sharing Clause: AT&T TCR Requirement

Understanding Privacy Policy Sharing Clause Requirements

Missing privacy policy sharing clauses trigger AT&T campaign rejections as carriers cannot verify subscriber data handling transparency. AT&T requires explicit disclosure of how subscriber phone numbers and associated data may be shared with marketing affiliates or third-party service providers. Generic website privacy policies lacking SMS-specific consent sections fail carrier validation during TCR campaign review.

Business Impact:
Campaign blocked on AT&T network preventing message delivery to 100M+ subscribers

Escalation Risk:
Systemic policy violations may trigger brand-level suspension requiring reregistration

Remediation Urgency:
24-48 hours from policy update to campaign resubmission eligibility

Common Root Causes

Organizations receiving privacy policy rejections typically exhibit one of three systemic documentation failures requiring corrective implementation before campaign resubmission.

Generic Privacy Policy

Website privacy policies without dedicated SMS consent sections fail AT&T validation. Carriers require standalone messaging practices disclosure addressing consent capture, message frequency, opt-out mechanisms, and data retention specific to SMS programs.

Missing Affiliate Disclosure

Privacy policies lacking explicit third-party sharing language violate AT&T transparency mandates. Organizations must disclose if subscriber data may be shared with marketing affiliates, service providers, or platform partners for promotional purposes.

AT&T-Specific Requirement

AT&T enforces stricter privacy disclosure standards than T-Mobile or Verizon. Campaign approval on other carriers does not guarantee AT&T compliance. Universal sharing clause implementation prevents multi-carrier rejection exposure.

Need Compliant Privacy Policy Language?

MyTCRPlus Consent Management Hub includes carrier-approved privacy policy templates with SMS-specific sections meeting AT&T disclosure requirements.

Download Template

How to Resolve Privacy Policy Sharing Clause Violations

Remediation follows 4-phase protocol addressing immediate campaign blocking before implementing preventive policy architecture. Organizations completing corrective implementation within 24-48 hours achieve 85-95% resubmission approval rates on AT&T network.

1

Immediate Mitigation

Pause AT&T campaign submissions to prevent additional rejections while implementing compliant privacy policy updates. Document existing campaign configurations including use case category, sample messages, and opt-in mechanisms for resubmission reference.

Emergency Action: Organizations experiencing message delivery disruption should contact CSP technical support to confirm AT&T-specific blocking cause. Generic "policy violation" notifications may indicate sharing clause deficiency rather than content-based filtering.
2

Add SMS-Specific Section

Create dedicated SMS consent section within privacy policy addressing message frequency disclosure, carrier fee acknowledgment, and opt-out mechanism description. Section must clearly explain what types of messages subscribers receive and under what circumstances messaging may occur.

Required Elements: SMS section must reference specific consent capture mechanism (web form checkbox, SMS keyword reply, point-of-sale enrollment), state message frequency estimates, confirm standard messaging rates apply, and provide STOP/HELP keyword instructions.
3

Add Affiliate Sharing Disclosure

Include explicit third-party data sharing language within SMS consent section addressing AT&T transparency requirements. Disclosure must specify if subscriber phone numbers may be shared with marketing affiliates, platform service providers, or promotional partners.

Compliant Language Example: "By providing your mobile phone number, you consent to receive SMS messages from [Company] and its marketing affiliates. We may share your phone number with trusted service providers who help us deliver messaging services. You may opt out at any time by replying STOP."
4

Update Campaign Documentation

Modify TCR campaign registration to reference updated privacy policy URL. Campaign sample messages must match policy-disclosed messaging frequency and content categories. Resubmit campaign for AT&T review following policy URL update.

Validation Protocol: Test updated privacy policy URL accessibility from external browsers before campaign resubmission. Broken links or password-protected policy pages trigger automatic rejection. Policy must remain publicly accessible at stated URL throughout campaign lifecycle.

Validate Your Privacy Policy

MyTCRPlus Message Validator analyzes privacy policy URLs and consent documentation for carrier compliance gaps in under 60 seconds.

Run Free Diagnostic

Technical Analysis

AT&T privacy policy validation occurs during TCR campaign registration review and applies automated compliance checks against documented carrier transparency standards. Organizations failing validation receive generic "policy violation" notifications requiring manual investigation to identify specific deficiency.

Carrier Detection Mechanisms

AT&T employs automated policy scanning tools that retrieve privacy policy URLs submitted during campaign registration and analyze document structure for required disclosure elements. Detection algorithms flag policies lacking dedicated SMS sections or third-party sharing language. Manual reviewers validate flagged campaigns against documented carrier requirements before issuing final rejection determinations.

Trust Score Impact

Privacy policy compliance contributes to overall brand trust score by demonstrating transparency and regulatory adherence. Organizations with compliant policies documenting clear data handling practices score higher on trust evaluation algorithms. Missing sharing clauses do not directly reduce numerical trust scores but prevent campaigns from advancing to trust score evaluation stage. Campaign approval requires passing privacy policy validation before trust score calculation occurs.

Escalation Thresholds

Repeated privacy policy rejections across multiple campaigns may trigger brand-level compliance review escalation. Organizations receiving 3+ policy-related rejections within 30-day period face increased scrutiny on subsequent submissions. Systematic policy violations demonstrating pattern of non-compliance may result in brand suspension requiring complete reregistration. AT&T tracks rejection history at brand level rather than individual campaign level.

Regulatory Framework Alignment

AT&T sharing clause requirements align with CTIA best practices recommending explicit third-party data sharing disclosure in SMS consent mechanisms. Federal Trade Commission guidelines on transparent data handling practices inform carrier policy standards. Organizations meeting AT&T disclosure requirements simultaneously satisfy baseline TCPA transparency mandates and state-level consumer protection regulations addressing marketing consent.

Prevention Framework

Organizations eliminating privacy policy rejection recurrence implement 3 proactive policy management controls addressing AT&T transparency requirements and broader carrier compliance standards.

Dedicated SMS Policy Section

Maintain standalone SMS consent section within privacy policy addressing message frequency, consent capture mechanisms, opt-out procedures, and data retention specific to messaging programs. Update section when modifying campaign use cases or messaging cadence to maintain policy-practice alignment.

Review Frequency: Quarterly policy audit + immediate update when campaign parameters change

Explicit Sharing Disclosure

Include clear third-party data sharing language within SMS section addressing how subscriber phone numbers may be used by marketing affiliates or service providers. Specify opt-out mechanisms for data sharing separate from messaging opt-out if applicable to business model.

Compliance Benefit: Meets AT&T requirements while satisfying baseline TCPA transparency standards

Multi-Carrier Validation

Submit campaigns simultaneously to AT&T, T-Mobile, and Verizon during initial registration to identify carrier-specific policy requirements early. Monitor rejection patterns across carriers to detect systematic compliance gaps requiring universal policy updates rather than carrier-specific modifications.

Operational Impact: Reduces remediation cycles by identifying policy deficiencies before traffic deployment

Stop Privacy Policy Rejections Permanently

MyTCRPlus Consent Management Hub provides carrier-approved policy templates, compliance checklists, and automated validation tools.

Access Resources

Frequently Asked Questions

Why does AT&T require privacy policy sharing clauses?

AT&T enforces stricter transparency requirements than other carriers, mandating explicit disclosure of how subscriber data may be shared with affiliates or third parties for marketing purposes. This requirement addresses consumer protection regulations and reduces complaint-driven traffic blocking.

Sharing clause enforcement stems from AT&T's interpretation of CTIA best practices recommending clear third-party data usage disclosure. Organizations operating multi-platform messaging programs must disclose when subscriber phone numbers collected for SMS consent may be utilized by marketing affiliates or shared with service providers supporting campaign operations.

How quickly can I restore AT&T approval?

Campaign resubmission following privacy policy updates typically processes within 24-48 hours if changes meet AT&T disclosure requirements. Automated review systems validate updated policy URLs and analyze SMS section content for required sharing clause language.

Manual review may extend approval timeline to 3-5 business days for high-risk use cases or brands with previous rejection history. Organizations should monitor TCR campaign status daily following resubmission and prepare escalation protocols if approval delays beyond 72-hour window.

Will adding sharing clause improve my trust score?

Compliant privacy policies contribute to overall trust score by demonstrating transparency and regulatory adherence. While not directly increasing score numerically, policy compliance removes rejection impediments that prevent trust score evaluation.

Campaign approval requires passing privacy policy validation before trust score calculation occurs. Organizations blocked due to missing sharing clauses cannot achieve scored status until documentation deficiencies resolve. Post-remediation trust scores reflect cumulative evaluation of consent mechanisms, brand reputation signals, and message content compliance.

Do other carriers require sharing clauses?

AT&T is the primary enforcer of explicit affiliate sharing disclosure requirements. T-Mobile and Verizon evaluate privacy policy presence but enforce less stringent disclosure language standards. Universal implementation ensures multi-carrier compliance and prevents AT&T-specific rejections.

Organizations maintaining separate policies for different carriers increase operational complexity and rejection risk. Industry best practice recommends comprehensive privacy policy meeting strictest carrier requirements rather than carrier-specific documentation strategies. Single universal policy satisfying AT&T standards simultaneously addresses T-Mobile and Verizon baseline expectations.

Can I use generic privacy policy language?

Generic website privacy policies without SMS-specific sections fail AT&T validation. Privacy policies must include dedicated SMS consent section addressing message frequency, carrier fees, opt-out mechanisms, and affiliate data sharing practices specific to messaging programs.

Organizations using template privacy policies from legal document providers should customize SMS sections to reflect actual business practices. Generic disclosure language like "we may share data with partners" lacks specificity required for carrier approval. Compliant policies explicitly state subscriber phone numbers collected for SMS consent may be shared with marketing affiliates supporting campaign operations.

Related Resources

Consent Management Hub

Carrier-approved privacy policy templates with SMS-specific sections and sharing clauses

Access Templates

Message Validator

Real-time privacy policy URL validation and compliance gap identification

Run Diagnostic

TCR Error Code Database

Comprehensive reference for AT&T rejection codes and remediation protocols

Browse Database

Legal Disclaimer: This content provides general information about privacy policy sharing clause requirements and does not constitute legal advice. Root causes and remediation requirements vary based on carrier enforcement policies, campaign configuration, and business model specifics. Organizations should consult qualified legal counsel for guidance on compliance strategy. MyTCRPlus does not provide legal advisory services or guarantee specific operational outcomes following remediation implementation.

Sharing Clause Missing? AT&T Required