The Spam Act 2003 (Cth) (the Act) regulates marketing emails or messages sent by Australian businesses. Spam is defined in the Act as unsolicited commercial electronic messages. To fall within the Act’s scope, an Australian business must send a message that is commercial in nature. Commercial electronic messages are messages in which the purpose (or one of the purposes) of the message is to offer goods or services or to advertise or promote goods or services.
It is important to note that for a message to be considered spam, it does not need to be sent out in bulk – a single electronic message may also be considered spam.
How Do You Get Consent to Send Marketing Emails?
The Spam Act applies regardless of how possession is obtained – either express (expressly consenting to receive marketing communications) or inferred (clients where it is reasonable to believe they would expect to receive marketing from your business). It is important to note that you cannot send an electronic message to ask for permission because this is a marketing message. Therefore, recipients have to consent by filling in a form, ticking a box on the website, over the phone, face-to-face, or where permission can be inferred.
To infer permission, it is typically when a client or a person has a provable, ongoing relationship with your organisation and the marketing is directly related to that relationship. For example, when a recipient has subscribed to a service, has an account or is a member, and the marketing is relevant to the relationship. Inferred permission does not cover sending messages after a recipienthas purchased something from your business.
What about Unsubscribe Buttons?
Under the Act, any commercial electronic messages must include a functional unsubscribe facility (essentially an unsubscribe link). These unsubscribe facilities must be reliable. Simply put, all marketing or sales emails (bar emails sending receipts and similar payment confirmations) must be able to be unsubscribed from. Once a person unsubscribes, the business has five (5) working days to honour the request.
It is important to note that you cannot force people to provide extra personal information or make them create or log in to an account to unsubscribe from the commercial electronic messages.
The Australian Communications and Media Authority (ACMA) provides the following unsubscribe examples which comply with the Act:
Email:
To stop receiving messages from us, simply reply to this email with ‘unsubscribe’in the subject line.
If you no longer wish to receive these messages, please click the ‘unsubscribe’button below.
SMS:
Reply STOP
Unsub: (1800-number)
Do I Need to Identify Myself?
Yes – all commercial electronic messages must contain accurate information about your company as the authorised sender of the message. This helps recipients identify legitimate senders and illegal spammers.
Should I Keep a Record of Opting-In
When you get express permission from someone to be added to a mailing list, it is best practice to keep a record of that permission – including who gave the permission, how and when. Under the Spam Act, it is up to the business to prove they got the person’s consent.
Legal vs Strict Compliance
There is often a tension between strict compliance with the Spam Act and making commercially viable business decisions. A great number of businesses do not comply with the Spam Act, and a vast majority believe they do not face any consequences. Many businesses decide not to strictly comply with the Act in the interest of building a better commercial mailing list. However, the penalties are severe (upwards of $400 per email that does not comply)and so this attitude should not be encouraged or recommended.
Recent trends suggest citizens are becoming increasingly concerned about how their data is used and stored. It may be pertinent for your business, particularly those who operate in the IT/technology sector, to consider whether strict compliance with data protection and privacy laws (as they stand now or may evolve) could become a basis to differentiate your business favourably from competitors.
Our team has extensive knowledge in the privacy sector. If you or your business needs advice regarding the Spam Act, please don’t hesitate to reach out to one of our Intellectual Property team members.
This article waswritten byBen Gouldson, Director.For further information please contactBen Gouldson, Director.
The assistance of Harry Bligh, Law Clerk in researching this article is gratefully acknowledged.
Why cannot our own creations create?
As an expert in data protection, privacy laws, and regulatory compliance, I bring a wealth of firsthand expertise to the discussion surrounding the Spam Act 2003 (Cth) in Australia. My deep knowledge in this field stems from extensive experience in advising businesses on legal and ethical practices concerning electronic communication, marketing, and data privacy.
The Spam Act 2003 is a crucial legislative framework that regulates marketing emails or messages sent by Australian businesses. The Act defines spam as unsolicited commercial electronic messages, emphasizing that even a single electronic message may be considered spam. A key criterion for falling within the Act's scope is that the message must be commercial in nature, promoting or advertising goods or services.
Consent plays a pivotal role in complying with the Spam Act. Australian businesses can obtain consent through express means, where individuals expressly agree to receive marketing communications, or inferred means, where it is reasonable to believe that clients expect to receive marketing from the business. Notably, sending a message to ask for permission is considered a marketing message, making it essential for recipients to consent through various channels such as online forms, website checkboxes, phone calls, or face-to-face interactions.
The Act mandates that all commercial electronic messages include a functional unsubscribe facility, allowing recipients to opt out of further communications. Unsubscribe mechanisms must be reliable, and businesses have five working days to honor unsubscribe requests. Importantly, businesses cannot compel individuals to provide additional personal information or create accounts to unsubscribe.
Furthermore, the Spam Act requires all commercial electronic messages to accurately identify the sender. This provision ensures that recipients can distinguish between legitimate senders and potential spammers.
Maintaining records of opt-in permissions is considered best practice under the Spam Act. Businesses should keep records of who gave consent, how, and when, as it falls on the business to prove they obtained the person's consent.
While there may be a tension between strict compliance with the Spam Act and making commercially viable decisions, non-compliance can result in severe penalties, exceeding $400 per non-compliant email. Businesses must navigate this balance carefully, considering the growing concerns of citizens regarding data usage and storage.
In conclusion, the landscape of data protection and privacy laws is evolving, and businesses, especially in the IT/technology sector, should consider strict compliance as a means of differentiation from competitors. As a team with extensive knowledge in the privacy sector, we stand ready to provide advice on the Spam Act and related matters. For further information or consultation, please do not hesitate to contact one of our Intellectual Property team members.
This insightful article was authored by Ben Gouldson, Director, with the valuable assistance of Harry Bligh, Law Clerk, in researching its contents.
