Anti-spam laws in Australia – what your business needs to know

There is no doubt that direct marketing is one of the most valuable marketing and communication tools available for your business. Why? Direct marketing gives you total control over the messaging and images contained within. It also enables you to communicate directly with your prospects or customer segments 1:1. It’s immediate. It’s powerful. It’s personal.

However, it’s exactly because of this inherently intimate nature that direct marketing can also feel intrusive to consumers, especially when a message is unexpected. The arrival of email, mobile phones and mass digital communications in the mid to late 1990s only amplified the volume and impact of marketing messages.

So in 2003, with the digital revolution in full swing and direct marketing via email becoming increasingly prevalent, the Australian Government introduced the Spam Act 2003 (Cth) (Spam Act). The Spam Act was designed to relieve consumers of the ‘junk mail’ burden and, importantly, create rules prescribing how companies are permitted to directly communicate with them via “commercial electronic messages” (including, but not limited to, email and SMS).

What is the Spam Act?

The Spam Act is Australian law that sets out the rules that govern the sending of commercial electronic messages. Breaches have serious consequences for businesses.

At its core, it contains three fundamental requirements to be met when sending any commercial electronic message – consent (of recipient), identification (of sender), and a clear opt out functionality.

Your business’ responsibilities

1. You must obtain the recipient’s consent to receive communications via commercial electronic message (e.g. email or SMS) from you. This can be express consent (via an ‘opt-in’ check box, for example) or inferred. Depending on the circumstances, you can sometimes infer consent from current customers, for example, who have purchased a product or service from your business. Importantly, if you are relying on an ‘opt in’ check box, you should not supply a pre-ticked checkbox on your online forms.
2. You need to ensure the recipient knows exactly who you are/your business is by clearly identifying yourself and your contact details – including your ABN/ACN – in your communications. Yours should be a name they recognise, so make sure it’s not ‘buried’ in clever graphics or misleading content.
3. You should provide a simple method for recipients to ‘opt-out’ or ‘unsubscribe’ from receiving any further communications from you with every commercial electronic message sent. You must ensure that this unsubscribe facility remains functional for at least 30 days after your message is sent, and make sure that you honour a request to ‘unsubscribe’ within 5 business days.

It’s important to understand that these requirements apply to every single commercial electronic message that your business sends. Your systems and processes must be designed to ensure that all of your direct marketing complies with the rules. With so many companies sending automated messages and outsourcing their electronic direct mail (eDM) functions, it’s easy to appreciate how systemic breaches can arise, with higher risk of an error being applied across all of the emails sent out.

Harsh penalties for non-compliance

Many marketers fall into the trap of thinking the rules are simple. Beware, though. Systemic and/or technical errors can cause breaches on a massive scale, and many of the penalties are calculated per individual breach (i.e. for each non-compliant message sent and/or number of days that an unsubscribe is not functional).

If your business is found to have not complied with the rules set out in the Spam Act, it will be issued with a written warning. Following on from that, for continued non-compliance or failure to correct issues with your direct marketing channels, an infringement notice will be issued which may result in a penalty.

And penalties can be steep. In July 2020, Australian supermarket giant, Woolworths, was issued with an infringement notice for more than $1 million dollars for continuing to send emails to unsubscribed email addresses, even after being warned by the national regulator, the Australian Communications and Media Authority (ACMA).

The ACMA has made it clear that large scale breaches of this type will not be tolerated.

In addition to financial penalties, companies that breach the spam rules also risk significant reputational damage, with regulatory actions like the one above attracting widespread media attention and coverage.

Anti-spam compliance is everyone’s responsibility

Companies need to ensure ‘buy-in’ from all internal stakeholders to achieve ‘whole company’ compliance.

The requirements outlined above may seem straightforward, however as with any legal area, there is lots of room for lack of understanding and awareness to affect your compliance.

Depending on the size of your business, it’s highly advisable that you operationalise compliance, which means ensuring guidelines and practices are clear and cohesive across the whole company. Every department or business function that is involved in the sending of eDM or SMS campaigns must be aware of its responsibilities,  from the content and consent requirements, right through to the functionality of the ‘unsubscribe’ facility and implementation of ‘unsubscribe’ requests at the back-end.

In addition to Spam Act compliance, your organisation may also need to comply with applicable privacy laws in relation to the use or disclosure of personal information for the purpose of direct marketing, including under the Australian Privacy Principles (APPs) in the Privacy Act 1988 (Cth). Because of the complex nature of the overlapping requirements and the differences in privacy laws across jurisdictions, it is advisable to seek specific advice on your marketing activities and practices from legal advisers who are familiar with the requirements that apply to your business.

If you have questions or would like to understand your responsibilities as a business owner or marketer regarding anti-spam laws, speak to a PBLawyer today. Contact us.