A recent case in which Woolworths Group Limited (Woolworths) was fined $1,003,800 by the Australian Communications and Media Authority (ACMA) for over five million breaches of the Spam Act 2003 (Cth) (the Spam Act) is a stark reminder of the importance of establishing and maintaining rigorous controls to ensure that commercial electronic messages are only sent to those persons who actually want to receive them.
This infringement notice is the largest ever issued in the ACMA’s history and follows a trend towards increasing the severity of penalties for non-compliance with the Spam Act and the ACMA shining a light on infringement.
This and other recent cases have shown how easy it is to overlook these important obligations, and provide us all with an opportunity for businesses to take stock, and look again at their compliance programs – particularly in an environment where the public is becoming tired of receiving unwanted messages, and the ACMA is increasingly turning its attention to contraventions.
Section 16 of the Spam Act prohibits the sending of unsolicited commercial electronic messages to recipients in Australia.
The obligation is very simple on its face. However compliance can at times be complex and easily overlooked – particularly for organisations who use multiple channels or databases for reaching the public. Compliance involves not only ensuring that potential recipients in Australia have consented to receiving commercial electronic messages from you, but also ensuring that if they change their mind and withdraw their consent, you update your database and make sure that you do not send them any more messages of that nature.
Section 5 of the Spam Act defines an “electronic message” as a message sent using an internet carriage or any other listed carriage service to an electronic address in connection with:
This typically includes emails, text messages and instant messages but does not include faxes, telemarketing calls or internet popups.
Any communication which satisfies the definition of an “electronic message” will be subject to the obligations imposed by the Spam Act. There is some question as to whether a notification in an App can constitute an “electronic message” so until a Court makes a decision or the ACMA gives some guidance, care will need to be taken in how notifications are delivered and how the giving and withdrawal of consent are managed. However, even if the Spam Act does not apply to App notifications, the Australian Privacy Principles would still apply.
There are a few simple rules that businesses need to know, in order to comply with the Spam Act.
Firstly, businesses must ensure that potential recipients of its electronic messages have actually consented to receiving these messages. Consent can either be express, or reasonably inferred from the recipient’s conduct, and business and other relationships between the parties.
Secondly, businesses must ensure their commercial electronic messages contain an unsubscribe facility that:
Thirdly, businesses must ensure their commercial electronic messages accurately identify the name of their business and include the correct contact details for their business.
Fourthly and most importantly, once a potential recipient withdraws their consent, it needs to be acted upon. Although this sounds trite, compliance may not be so simple for businesses with multiple – and perhaps unconnected – databases. The unsubscribe request needs to be acted upon across all applicable databases. Few things will undermine a business’ goodwill, and drive recipients to report the receipt of a message from the business, as sending repeated messages to the recipient after an unsubscribe request (or more than one).
Authored by:
Antoine Pace, Partner
Hazel McDwyer, Partner
Zein Jomaa, Lawyer