Sorting trash from treasure: a checklist for complying with spam laws – Lexology

Review your content’s performance and reach.
Become your target audience’s go-to resource for today’s hottest topics.
Understand your clients’ strategies and the most pressing issues they are facing.
Keep a step ahead of your key competitors and benchmark against them.
add to folder:
Find out more about Lexology or get in touch by visiting our About page.
The Australian Communications and Media Authority (ACMA) recently imposed Australia’s largest ever penalty of AU$3.6m on a business for sending spam. This is a stark reminder to businesses to refresh their understanding of the laws surrounding commercial electronic messages.
The regulatory landscape: the net tightens
Over the past 18 months, ACMA has strengthened its “no tolerance” approach to noncompliance with spam laws. In addition to penalties, this can include enforceable undertakings for businesses to review their policies and implement training and education programs for staff.
ACMA has flagged spam compliance as a continuing priority for 2024. Major organisations investigated recently include food delivery service DoorDash.
What is spam?
Following the introduction of the spam laws in 2003, most organisations will have well embedded processes for their marketing materials. However, “spam” is to be distinguished from “scam”, and it may not be front of mind when terms like phishing, hacking and ransomware are currently more prevalent.
The spam laws regulate the use of “commercial electronic messages”. As you would imagine, this is a message such as an email or an SMS/text.
An electronic message is “commercial” if it offers goods or services for sale or promotes or advertises a business opportunity or investment.
Spam doesn’t need to be sent in bulk – a single message can constitute spam under the legislation.
What are the requirements?
Each commercial electronic message must:
By “functional”, the information given and email address should be current for at least 30 days from the date the message was sent.
Consent is key
To avoid creating spam – you must have the recipient’s consent. Consent may be express or inferred.
From an individual’s perspective, to avoid spam, they should be careful of ticking boxes or entering competitions where personal information is collected, to avoid giving express consent inadvertently.
Getting your message across
Marketing increasingly relies on commercial electronic messages to reach target customer groups. The spam laws were introduced to prevent a high frequency of unsolicited messages disturbing people and potentially causing other important messages to be lost in the barrage.
In addition to potential penalties and enforceable undertakings, businesses should also consider the commercial, financial and reputational risks associated with sending spam messages.
Most importantly, a sender wants a message to be received and read – not relegated to the “spam” or junk folder of an inbox and, above all, not deleted having been left unread!
What is not spam?
Messages (even if they are unwanted or just plain annoying!) are not spam if they aren’t commercial in nature – such as appointment or payment reminders, or notifications of a service or product fault – messages which are factual in nature and which identify the sender.
There are also certain limited exemptions for government bodies, political parties, educational institutions and charitable organisations.
Is it spam?
Between 2018 and 2019, a major supermarket sent marketing emails to consumers after they had unsubscribed from previous mailouts
Spam. By previously unsubscribing, Customers had not consented to receive further emails. By sending further emails, the supermarket had not honoured requests from customers to be unsubscribed.
In 2019, a political figure sent unsolicited text messages to an unknown number of voters
Not spam. Even though many were left wondering how their number had been obtained, registered political parties are exempt from requirements to obtain consent.
Every day, millions of Australians receive calls, emails and text messages impersonating a company or government agency (eg “you have an overdue toll fee”) or using other tactics to target personal or financial information
Not spam. These are more likely to be scams (or phishing attempts.
Are you complying with your responsibilities?
Do you have consent?
Unsolicited marketing emails or messages must not be sent to an individual without prior consent (express or inferred).
This means you should not:
Best practice is to require express opt-in consent.
Have you identified yourself or your organisation?
If your organisation authorises the sending of the email or message, your organisation must be clearly identified in the email (including contact information).
Is it easy to unsubscribe or opt out?
Every mail-out must contain a straight-forward and opt-out or unsubscribe function ie a “One Click” approach. Customers must not be required to provide more personal information, to log in or to create an account simply to unsubscribe.
The unsubscribe link in a message must remain active for at least 30 days after the message has been sent.
Unsubscribe requests must be honoured within 5 days of receipt.
Is your message exempt from consent and unsubscribe requirements?
Certain commercial messages are exempt from consent and unsubscribe requirements depending on the sender and the nature of the content for example, payment reminders (see above).
Have you considered other related laws, regulations and rules?
There are various other laws that must be considered such as the Privacy Act and the Do Not Call Register Act.
add to folder:
If you would like to learn how Lexology can drive your content marketing strategy forward, please email [email protected].
© Copyright 2006 – 2023 Law Business Research


Leave a Reply

Your email address will not be published. Required fields are marked *