Cannabis companies nationwide are facing yet another statutory obstacle that can have serious (and potential ruinous) consequences for the emerging industry if not appropriately addressed—the Telephone Consumer Protection Act (“TCPA”). There is a recent uptick in class-action lawsuits filed against cannabis companies across the country premised on alleged violations of the TCPA including lawsuits in Michigan and California. These complaints allege cannabis companies sent unsolicited marketing text messages or placed automated phone calls to individuals without their consent. Cannabis dispensaries and other cannabis-related businesses should add TCPA compliance protocols to their checklist of regulatory requirements to be satisfied in this quickly emerging industry.


Enacted in 1991, the TCPA heavily regulates the ability to send phone, text, or facsimile messages through automatic telephone dialing systems. Non-compliance with the statute can be costly, as companies found to have violated the TCPA can be liable for $500 per call or text sent in violation of the Act, and up to $1,500 for willful or knowing violations. Damages are also not capped under the TCPA, so even a small number of texts or calls sent to a large number of recipients can lead to hefty damage awards. The ability to recover significant damages results in most TCPA claims being brought as class-actions. As a result, it is imperative that cannabis businesses that communicate with customers via text or by phone understand the rules governing the TCPA to avoid or at least minimize their liability exposure.

Why the Cannabis Industry?

The legalization of cannabis around the country has resulted in the proliferation of the cannabis industry almost overnight. The nature of how many cannabis businesses operate makes the developing industry an easy target for TCPA lawsuits. Many cannabis businesses are limited by state law or municipal ordinances in the advertising methods they may employ, and are prevented from using some social media channels. Thus, these companies must rely on automated text messaging to reach their customer base for marketing purposes—which can lead to potential violations of the TCPA. Cannabis companies often offer discreet delivery or curbside pickup to their customers in which communication by text or by phone is vital. The ongoing COVID-19 pandemic contributes to the increased need for remote communications. Causing even more problems are new cannabis startup companies seeking to quickly enter the market. Due to the other regulatory and financial obstacles they must already overcome to launch the business, compliance with the TCPA can often take a backseat to what these newer companies view as more pressing matters to address.

Key Considerations and What Cannabis Companies Can Do to Protect Themselves

Cannabis companies need to be proactive and ensure they are minimizing the risks of potential TCPA lawsuits against them. This is especially true given that most commercial general liability or other business type insurance policies explicitly exclude TCPA claims from coverage, leaving the business itself to foot the bill for defense costs and potentially large damage awards.

While many (if not most) cannabis companies utilize third-party companies to handle communications with their customers, they are not shielded from direct liability under the TCPA for the actions of a third-party they use. As a result, cannabis companies should thoroughly vet any third-parties they utilize to ensure they are in constant compliance with the TCPA. Cannabis companies should also revisit the specific provisions used in agreements with third-parties as broad indemnification clauses could leave a business on the hook for some or all of the costs of the third-party company’s defense if independently sued.

Now is also the time for newer businesses, and even more established cannabis businesses for that matter, to consider having their communication protocols reviewed to ensure TCPA compliance. Methods of securing, documenting and preserving evidence of consent as well as protocols for processing revocations of consent are central to TCPA compliance.

For more information regarding this article, please contact Rosa Tumialán and Peter Grace.

For information regarding Dykema’s Privacy and Data Security Team, please contact Cindy Motley.

To sign up for Dykema’s Privacy and Data Security Blog e-mail updates, please click here.

As part of our service to you, we regularly compile short reports on new and interesting developments and the issues the developments raise. Please recognize that these reports do not constitute legal advice and that we do not attempt to cover all such developments. Rules of certain state supreme courts may consider this advertising and require us to advise you of such designation. Your comments are always welcome. ©2020 Dykema Gossett PLLC.