Marketing SMS Under the Microscope: Does a Website Link Count as Sender Identification?

Sending marketing messages via SMS is a complex discipline. Since regulation was first introduced, senders have been grappling with a near‑impossible challenge: how to meet all legal requirements within the technical limit of 160 characters per message, while still leaving enough room for the actual communication the SMS is meant to deliver. The difficulty of this task is underscored by a recent judgment of the Supreme Administrative Court (case No. 6 As 68/2025‑28). In its ruling, the court upheld a fine imposed by the Office for Personal Data Protection and clarified what an SMS must contain in order not to be classified as an unlawful commercial communication.

Three mistakes that led to a fine

A company operating a chain of massage salons was found to have erred in sending marketing SMS messages in three key ways: 

• it obtained consents to sending commercial communications through a procedure that the Supreme Administrative Court (SAC) described as not freely given, as the consents were incorporated directly in the terms of booking its services; 
• in some SMS messages, it failed to clearly state its business name as the sender; and
• it did not provide customers with a sufficiently direct option to unsubscribe from receiving marketing messages.

As a result of these failings, the company was found guilty of three administrative offences under the Act on Certain Information Society Services (the “Act”).  The Office for Personal Data Protection imposed a fine of CZK 40,000, which was subsequently upheld by the SAC.

Automatic consent when booking services is not valid consent

The company’s first failure lay in the fact that it incorporated consent to the processing of personal data and the sending of marketing messages directly into the terms of booking its services.  Customers were left with no real choice: either they accepted advertising messages, or they could not book a service at all.

Referring to European case law (including the Meta Platforms and Planet49 decisions), the SAC confirmed that consent forced in this way is invalid.  Consent must always be freely given and expressed through an active step taken by the user. Both automatic consent incorporated into booking terms and pre‑ticked checkboxes are inadmissible. Customers must be able to use a service even if they refuse marketing communications.

On this point, the judgment is predictable and, from a practical perspective, easy to understand. Where marketing consent is “hidden” in booking terms or effectively made a condition for concluding an order, such an approach is highly risky.  Businesses should therefore check that their consent mechanisms are transparent and genuinely based on the customer’s active action.

In the present case, this was a relatively clear‑cut situation in which marketing consent was tied to the option to book a service, without any evident objective reason for this. That does not mean, however, that any link between certain personal data processing and the provision of a service is automatically impermissible.  The judgment addresses an evidently disproportionate scenario, but does not further clarify the boundary between inadmissible forced consent and cases where specific processing is genuinely relevant to how a service is set up.

Is a website link really not enough?

The second conclusion of the judgment relating to sender identification is more intriguing.  In its SMS messages, the company included only a link to its website, but not its business name. Moreover, according to the Office for Personal Data Protection, there was also another company whose business name was similar to the brand under which the company concerned operated. The company argued in its defence that it was well known to customers under its brand, and that a link in the SMS directing recipients to its website provided sufficient guidance to identify the company.

The SAC, however, adopted a relatively strict interpretation on this point. In its view, the identity of the sender must be clear directly from the commercial communication itself, without requiring the recipient to look it up elsewhere. If this information is missing and the recipient is forced to look up the sender’s identity on their own, this is precisely the activity that the sender should have undertaken themselves.

That raises the question of whether such an interpretation is practical and applicable in all circumstances, and whether it goes beyond the wording of the Act. The Act requires that a commercial communication must not conceal or obscure the identity of the sender; it does not explicitly impose an obligation to include the company’s business name in the text of every message. It is therefore legitimate to ask whether providing a link to an official website containing full details about the sender can still be considered “concealment” of identity.

This is particularly relevant in the context of SMS marketing, where every character counts and the entire space for a single communication is limited to 160 characters (if it is to remain one message). Against this backdrop, the requirement for the sender to squeeze not only the marketing message itself, but also full identification and other mandatory information into such a short text comes across as excessively formalistic. Moreover, many businesses communicate externally primarily under a brand name that customers know well, whereas their full business name often means little to recipients. 

The SAC’s reasoning is somewhat inconsistent here. While the judgment rejects a website link as a sufficient means of identifying the sender, it simultaneously accepts that a direct link would be sufficient for the purpose of unsubscribing.  Why, then, is the same mechanism acceptable for unsubscribing, but insufficient for sender identification?  The judgment offers no answer to this question.

Unsubscribing must be simple, direct and effective

The third area of criticism concerned the way unsubscribing from commercial communications was set up. Under the Act, every commercial communication must include a valid address that enables direct and effective termination of the subscription. In its commercial communications, the company merely included a link to its website, rather than a direct option to unsubscribe.  According to the SAC, this was insufficient, as such commercial communications contained no actual procedure explaining how to stop receiving SMS messages.  The company should have incorporated this information directly into commercial communications themselves, for example in the form of a direct link or a clear instruction enabling immediate unsubscribing.

On this point, it is hard to disagree. Even so, the judgment still leaves some questions unanswered. If unsubscribing is meant to be “direct and effective”, it is not self‑evident that a web link is always the most appropriate solution.  In many cases, it may work perfectly well. The SAC’s judgment can be read as endorsing the use of a link as an unsubscribe tool, provided it is configured in such a way that the recipient can make the choice easily and without further searching. One interesting argument raised in this context is that not all SMS recipients necessarily have internet access. However, does that then imply an obligation to offer, for example, the option to reply to the SMS? In our view, such an interpretation would be difficult to sustain in today’s realities. What should matter is not a prescribed form, which the Act does not, after all, mandate, but whether the recipient can genuinely unsubscribe without unnecessary obstacles and without having to search any further. 

What to take from the judgment in practice?

The judgment does not, and cannot, answer all the practical questions associated with SMS marketing. If you use SMS marketing, start by reviewing your booking and order forms. Consents must be transparent and freely given. They must not, without proper justification, be made a condition for providing the service. Consent checkboxes should not be pre‑ticked.

You should also carefully review the wording of your SMS messages. Each message must clearly state who the sender is, directly in the text of the message. Where at all possible, use your business name. Do not rely on the assumption that customers know you under a particular brand. In light of the current case law, a link will not save you. Yes, however absurd it may sound, you may end up having to include both your business name (for the authorities) and your brand (for customers) in a single SMS.

At the same time, make the unsubscribe option as simple as possible. The customer must have the option to stop receiving messages immediately and without effort. 

For practitioners, the SAC’s ruling is important primarily because it confirms a very strict approach to the formal requirements applicable to marketing SMS messages. At the same time, it shows that the current interpretation of this regulation in the Czech Republic is running up against the technical limits of the communication channel itself and that it may lead to some rather absurd conclusions. We will therefore continue to advocate, including through articles like this one, for a more nuanced and practically workable interpretation.