New spam rules confirm customers want to ‘unsubscribe’, not ‘manage their preferences’

The Australian Government has updated the nation’s spam rules, supporting the current approach taken by the spam regulator in its enforcements and guidance – that organisations sending commercial electronic messages must make it simpler for customers to ‘unsubscribe’.

The Spam Regulations 2021 (Cth) (regulations) provide more specific instructions on the operation and application of the Spam Act 2003 (Cth) (Spam Act), providing greater clarity and certainty for companies and regulatory compliance advisers alike.

Keep unsubscribe request methods simple

For commercial electronic messages sent on or after 1 April 2021, the regulations make it clear that when the recipient makes an unsubscribe request (using the electronic address that they’ve been directed to use in the message) they should generally not be required to:

• use a premium service;
• provide further personal information (other than the electronic address to which the commercial electronic message was sent);
• log into or create an account; or
• pay a fee or charge to the sender or a related person (with some exceptions, including where the sender is also the telco providing the message service).

The regulations also confirm that the recipient shouldn’t pay more than the ‘usual cost’ (i.e. for using that type of electronic address via the same kind of technology on which they received the commercial electronic message) to action their unsubscribe request.

Speaking of technology, fax messages are specifically excluded from the definition of commercial electronic messages by the regulations. The Government has explained that the rationale for this exception was, in part, because Do Not Call Register legislation contains provisions prohibiting marketing faxes being sent to numbers registered on the Do Not Call Register. But presumably the fact that barely anyone born after 1980 remembers what a fax machine is may have also reduced the need for regulatory intervention.

Marketers, beware!

Likely the biggest practical impact (particularly for marketers) of the regulations will be the restrictions around requiring a recipient to provide further personal information and/or log into or create an account to action their unsubscribe request. The regulator, the Australian Communications and Media Authority (the ACMA), has already made it very clear that it does not look favourably on this approach, imposing significant infringement notices for these types of practices.

In February 2021, the ACMA issued in excess of AUD$300,000  in penalties to Kogan (which includes the Dick Smith brand) after it sent more than 42 million marketing emails to consumers from which they could not easily ‘unsubscribe’. Instead, the recipients of Kogan’s emails needed to take additional steps to request to unsubscribe, including setting a password and logging into a Kogan account.

The ACMA found that this conduct was a breach of the Spam Act requirement for commercial electronic messages to contain a functional unsubscribe facility.

The regulations now take this even further, with the amendments to the regulations clarifying and updating requirements in relation to unsubscribe facilities and explicitly stating that an entity cannot require the message recipient to:

• provide personal information (other than the electronic address to which the commercial electronic message was sent), or
• log into or create an account with the entity who sent or authorised the commercial electronic message,

in order to unsubscribe.

The Government’s explanatory statement makes it clear that the intention of these regulations is to provide ‘great clarity to industry, ensure consumer protections are maintained an also provide greater certainty to the ACMA in its role regulating commercial electronic messages.’

The specific requirements in the regulations appear to have been a response to growing consumer sentiments against the practices some organisations have adopted of using a ‘manage my preferences’ link, or similar approach, to facilitate unsubscribe requests. In fact, during the Government’s review of the regulations, consultation with key stakeholders revealed that regulators, including the ACMA and the Australian Competition and Consumer Commission (the ACCC), had received complaints about unsubscribe processes.

In particular, consumers advised of being unable to unsubscribe from receiving commercial electronic messages unless they provided their personal information or logged into or created an account.

Make reviewing your spam compliance a top priority before it’s too late

In the past two years, businesses have paid over AUD2.1million in ACMA-issued infringement notices for breaching spam and marketing laws. In 2020, Woolworths made headlines when it was issued over AUD1 million in infringement notices for Spam Act breaches related to continuing to send emails to unsubscribed email addresses.

To avoid suffering a similar fate, organisations relying on a link to ‘manage my preferences’ in their electronic direct marketing (eDM) campaigns will need to seriously reconsider this approach to ensure they are not at risk of breaching the Spam Act, and that the recipient is not required to enter any further personal information to effect their unsubscribe request.

Ideally, all of your business’ EDM practices, including the functionality and capacity of unsubscribe processes should be reviewed to prevent large-scale systemic breaches of spam and privacy laws.

Given spam compliance enforcement is now an area of increased regulatory activity (and substantial penalties), now would be an ideal time to review your business’ overall spam compliance – not only its unsubscribe practices.

Read our other blogs for more spam and privacy compliance tips. Or to book a complimentary 30-minute strategy session to discuss spam compliance or your business’ direct communications procedures, contact a PBLawyer today. Call 1300 774 788 or email service@peripheralblue.com.au.