TL;DR

  • The TCPA requires prior express written consent for autodialed or prerecorded telemarketing calls and texts. It does not specify how to prove that consent — that gap is where most disputes are won or lost.
  • “Proof of consent” is whatever evidence a defendant can produce, years after the fact, that persuades a court the consumer knowingly agreed to be contacted by the specific seller using the specific technology used.
  • Courts have consistently rejected bare assertions and after-the-fact reconstructions. They have credited contemporaneous records that reproduce what the consumer saw, what they did, and when they did it — tied to a specific lead.
  • A defensible proof-of-consent record needs five elements: the disclosure language as rendered, the seller identified, the consumer’s affirmative action, an immutable timestamp, and a chain of custody that ties it all to the phone number ultimately called.

Overview: Why Proof Is the Hard Part

The Telephone Consumer Protection Act, codified at 47 U.S.C. § 227, prohibits autodialed or prerecorded telemarketing calls and texts to mobile numbers without the recipient’s prior express written consent. The FCC’s implementing rules at 47 C.F.R. § 64.1200(f)(9) define what that consent must contain. Both the statute and the rules are clear about what consent must look like at the moment it is given.

Neither tells you what proof of consent must look like four years later, when a class-action plaintiff alleges they never agreed to anything.

That silence is not an oversight. The FCC has repeatedly declined to prescribe specific record-keeping formats, on the theory that consent is consent regardless of how it is documented. In practice, that has produced a body of case law in which two callers with identical consent procedures can have wildly different outcomes — because one of them could produce the evidence, and the other could not.

Under the TCPA, the burden of proving consent rests on the caller. The Eleventh Circuit was explicit in Murphy v. DCI Biologicals Orlando, LLC (11th Cir. 2015): “The defendant bears the burden of demonstrating that the called party gave express consent to the calls.” That burden does not shift because the publisher upstream collected the consent, because the consumer signed a generic disclosure, or because the caller paid for a third-party certificate. If the call connected, the company that placed it owns the proof problem.

What the Statute and Rules Actually Require

Before evaluating proof, it helps to be precise about what proof must establish. Prior express written consent under the FCC’s rules has five required elements:

  • A clear and conspicuous disclosure. The consumer must be informed, in plain terms, that by signing the agreement they authorize the seller to deliver telemarketing calls or texts using an automatic telephone dialing system or prerecorded voice.
  • Identification of the seller. The disclosure must name the specific seller (or, where allowed, a defined list of sellers). Generic “marketing partners” language has been a recurring source of plaintiff wins.
  • Identification of the technology. The disclosure must reference the use of an automatic telephone dialing system or prerecorded/artificial voice.
  • An understanding that consent is not a condition of purchase. The consumer cannot be forced into telemarketing consent as a prerequisite to obtaining a good or service.
  • A signature. Under the E-SIGN Act, an electronic signature — a checkbox, a typed name, a clickwrap submit action — satisfies the requirement, provided it is attributable to the consumer.

A proof-of-consent record has to do more than show that a form somewhere contained those elements. It has to show that this specific consumer, at this specific moment, was presented with this specific disclosure, and took this specific action — and that the resulting phone number is the one being called.

The Evidence Pyramid: What Courts Have Accepted

Court treatment of consent evidence has converged on a rough hierarchy. The pattern is consistent across federal districts: the closer the record sits to a faithful reproduction of the consumer’s actual experience, the more weight it carries.

Bare Assertion

A spreadsheet entry, a CRM note, a sworn declaration that “the lead came from a consenting source.” Courts uniformly find this insufficient when challenged with any countervailing evidence. In Larson v. Harman-Management Corp. (E.D. Cal. 2018), the court denied summary judgment for the caller where the only consent evidence was an internal log entry with no underlying record. A declaration is not a record; it is a claim about a record.

Generic Form Language

A copy of the standard disclosure used on the publisher’s website, with no tie to the specific consumer. Better than nothing, but easily defeated. Courts have repeatedly observed that the question is not whether some consent form existed, but whether this consumer saw this form. In Lyngaas v. Curaden AG (E.D. Mich. 2019), the court found that a defendant’s production of a generic opt-in template, without per-recipient attribution, failed to establish consent for the class.

Third-Party Certificate Without the Underlying Record

A summary certificate produced by a vendor attesting that consent occurred, but without the underlying capture of what the consumer actually saw. Mixed treatment. Some courts have credited certificates when the issuing vendor’s procedures were well documented and uncontested; others have viewed them as hearsay layered on top of hearsay. The recurring problem is that certificates summarize a process; they do not preserve an event.

The Northern District of Illinois in Bilek v. Federal Insurance Co. (N.D. Ill. 2020) provided one of the more pointed treatments, observing that consent documentation produced by a lead vendor was useful only to the extent it preserved the consumer’s specific interaction — and that summary attestations could be challenged on the same evidentiary grounds as any other out-of-court statement.

Contemporaneous Record of the Consumer’s Experience

A capture of the rendered page (or rendered call audio), the consumer’s interactions, the disclosure language as it appeared at that moment, the form state, and the submission event — tied to a specific lead ID and immutable timestamp. This is the tier where defenses succeed.

Bradford v. Sovereign Pest Control (D. Md. 2017) is one of several cases where the defendant successfully obtained summary judgment by producing detailed records of the consumer’s web interactions, including timestamps and the specific consent flow the consumer completed. The court’s reasoning was straightforward: the records established that this consumer, on this date, took the affirmative steps required to consent, and the plaintiff had not produced evidence rebutting them.

Independent Verification

Records collected by a party independent of the publisher and the buyer — typically with cryptographic integrity guarantees and a verifiable chain of custody. This is the emerging top of the pyramid, and the reason is straightforward: a court that has to decide whether to credit a record is more likely to do so when the record was not produced by the party with the most to lose. We’ve covered the distinction in self-recorded consent versus independent verification.

What Plaintiffs Argue (and Why It Usually Works)

Understanding the plaintiff’s playbook clarifies what proof has to overcome.

The two most common arguments at the motion stage are some variant of:

  • “I never gave consent.” The consumer denies seeing the form, denies submitting it, or denies being the person whose name and number appear on it. Lead fraud, household members entering data, and account takeovers all create real-world variations on this argument. The defendant’s evidence has to be specific enough to refute denial — generic form language and CRM entries usually cannot.
  • “The consent I gave wasn’t for this caller.” The consumer concedes they filled out a form but argues the disclosure didn’t actually authorize calls from the specific seller, or that the form was a deceptive consent farm, or that the disclosure was buried below the fold on mobile. The defendant’s evidence has to establish what the consumer actually saw on the device they used, including how the disclosure was visually presented at the moment of submission.

Both arguments succeed against weak evidence and fail against strong evidence. The differentiator is whether the defendant can reproduce the consumer’s experience — not just attest to it.

The Five Elements of a Defensible Proof Record

A consent record that meaningfully reduces TCPA exposure should preserve, at minimum:

  • The disclosure language as rendered. Not as it appears in the publisher’s template repository, but as it appeared on the consumer’s screen, on the consumer’s device, at the moment of submission. Mobile rendering matters because most lead traffic is mobile.
  • The seller identified. A clear tie between the disclosure shown to this consumer and the buyer whose dialer ultimately placed the call. If the disclosure named “marketing partners” without enumerating them, the record needs to demonstrate the buyer was within the disclosed scope.
  • The consumer’s affirmative action. Captured as an interaction event — the form field entries, the consent checkbox state, the submit click — with timestamps that establish ordering. A signed form is not the same as a record of signing.
  • An immutable timestamp. Tied to a trusted clock, ideally with cryptographic integrity so that the record cannot be backdated or amended after the fact. Plaintiffs and judges both ask the same question: how do we know this record reflects what happened then and not what someone wrote later?
  • A chain of custody. A traceable link from the rendered form to the phone number ultimately called. Lead handoffs, partner shares, list resales, and dialer ingestion each create opportunities for the chain to break. Each handoff should preserve and propagate the underlying consent record, not just a reference to it.

We’ve explored the deeper rationale for each of these elements in why consent certificates aren’t enough and in our complete guide to consent verification. For purposes of proof, the practical test is whether each element can be produced, on demand, for any specific lead, within the response window of a real lawsuit.

Retention: How Long the Record Has to Survive

The TCPA’s statute of limitations is four years under 28 U.S.C. § 1658. State mini-TCPAs vary — Florida’s FTSA has its own limitations period, as do Washington’s CEMA, Maryland’s MDTCPA, and Oklahoma’s TCPA analog. A defensible retention policy holds proof records for at least four years from the date of the last call to the consumer, not from the date of consent collection.

That matters because a consent record captured in January 2026 may need to support a call placed in late 2027 to a consumer who became unreachable, returned to the marketing pool, and then sued in 2030. The retention clock runs from the call, not from the click.

Operationally, this means:

  • Consent records cannot be retained “as long as the publisher relationship lasts.” Publishers exit the market; their records often go with them. Buyers should require the records be transferred, escrowed, or independently retained.
  • Retention has to be in a format that is still readable in four-plus years. Proprietary database formats with no export path are a known failure mode.
  • Records need to be searchable by phone number, not just by lead ID, because litigation arrives sorted by phone.

Revocation: When Proof Has to Adjust

Consent is not permanent. Under Van Patten v. Vertical Fitness Group (9th Cir. 2017), consumers may revoke consent through any reasonable means, and the FCC’s 2024 revocation rules (often called the FCC’s One-to-One Consent Order) tightened operational requirements for honoring opt-outs.

A proof-of-consent record is only useful if it is paired with a record of revocation events. The complete evidence trail for any individual phone number should include:

  • The original consent capture
  • Any subsequent renewals or re-confirmations
  • Every revocation event — channel, timestamp, language used
  • Any disputes or clarifications between the consumer and the caller
  • The current suppression state at the time of any call

A call placed to a number that was revoked, even briefly, is a fresh violation regardless of the strength of the original consent. The evidence has to demonstrate not just that consent existed, but that it remained in effect at the moment of the call.

For any phone number you contact, you should be able to produce the following on demand:

  • The exact disclosure language presented to the consumer, in the form it was rendered
  • A screenshot, video, or session record of the consumer’s interaction with the form
  • The identity of the seller as it appeared in the disclosure, and confirmation the caller is within that scope
  • The consumer’s affirmative action (checkbox state, click event, signature)
  • An immutable timestamp of the consent event
  • The lead-handoff chain from publisher to caller, preserving the underlying record at each hop
  • Any revocation events between consent and call
  • The retention period for each artifact, with a defined retrieval SLA
  • Backup or escrow arrangements that survive vendor or publisher exit

If any of these elements is missing or non-retrievable, the proof gap is not theoretical — it is the gap that a plaintiff’s attorney will identify in interrogatories.

Key Takeaways

  • The TCPA places the burden of proving consent on the caller. Publishers, vendors, and certificate issuers do not absorb that burden by virtue of being upstream.
  • “Proof of consent” is whatever evidence persuades a court that this consumer, at this moment, agreed to be contacted by this seller using this technology. Anything less specific tends to fail.
  • Courts have consistently rejected bare assertions and generic form language, given mixed treatment to summary certificates, and credited contemporaneous records of the consumer’s experience — particularly when produced by an independent party.
  • A defensible proof record preserves the rendered disclosure, the seller identification, the consumer’s affirmative action, an immutable timestamp, and an unbroken chain of custody to the phone number called.
  • Retention has to outlast the publisher relationship and run from the last call, not from the original consent. Records need to be searchable by phone number and exportable in formats that remain readable for at least four years.
  • Revocation records belong in the same evidence package as consent records. A call to a revoked number is a fresh violation regardless of the strength of the original opt-in.

If you’re evaluating what your current proof-of-consent record actually contains, see how independent verification compares to self-recorded approaches — or read what courts have actually accepted as proof for a deeper look at the case law.