SPAM should only be found on the Supermarket shelves – not in my inbox!

A recent case in which Woolworths Group Limited (Woolworths) was fined $1,003,800 by the Australian Communications and Media Authority (ACMA) for over five million breaches of the Spam Act 2003 (Cth) (the Spam Act) is a stark reminder of the importance of establishing and maintaining rigorous controls to ensure that commercial electronic messages are only sent to those persons who actually want to receive them.

This infringement notice is the largest ever issued in the ACMA’s history and follows a trend towards increasing the severity of penalties for non-compliance with the Spam Act and the ACMA shining a light on infringement.

This and other recent cases have shown how easy it is to overlook these important obligations, and provide us all with an opportunity for businesses to take stock, and look again at their compliance programs – particularly in an environment where the public is becoming tired of receiving unwanted messages, and the ACMA is increasingly turning its attention to contraventions.

How did we get here?

Section 16 of the Spam Act prohibits the sending of unsolicited commercial electronic messages to recipients in Australia.

The obligation is very simple on its face. However compliance can at times be complex and easily overlooked – particularly for organisations who use multiple channels or databases for reaching the public. Compliance involves not only ensuring that potential recipients in Australia have consented to receiving commercial electronic messages from you, but also ensuring that if they change their mind and withdraw their consent, you update your database and make sure that you do not send them any more messages of that nature.

What is caught by the Spam Act

Section 5 of the Spam Act defines an “electronic message” as a message sent using an internet carriage or any other listed carriage service to an electronic address in connection with:

• an email account;
• an instant messaging account;
• a telephone account; or
• any similar account.

This typically includes emails, text messages and instant messages but does not include faxes, telemarketing calls or internet popups.

Any communication which satisfies the definition of an “electronic message” will be subject to the obligations imposed by the Spam Act. There is some question as to whether a notification in an App can constitute an “electronic message” so until a Court makes a decision or the ACMA gives some guidance, care will need to be taken in how notifications are delivered and how the giving and withdrawal of consent are managed. However, even if the Spam Act does not apply to App notifications, the Australian Privacy Principles would still apply.

What do we have to do to comply?

There are a few simple rules that businesses need to know, in order to comply with the Spam Act.

Firstly, businesses must ensure that potential recipients of its electronic messages have actually consented to receiving these messages. Consent can either be express, or reasonably inferred from the recipient’s conduct, and business and other relationships between the parties.

Secondly, businesses must ensure their commercial electronic messages contain an unsubscribe facility that:

• sets out unsubscribe instructions clearly;
• honours a request to unsubscribe within five working days;
• does not require the payment of a fee;
• does not cost more for the recipient to use than the usual amount for using the address (such as a standard text charge); and
• is functional for at least 30 days after the sending of the commercial electronic message.

Thirdly, businesses must ensure their commercial electronic messages accurately identify the name of their business and include the correct contact details for their business.

Fourthly and most importantly, once a potential recipient withdraws their consent, it needs to be acted upon. Although this sounds trite, compliance may not be so simple for businesses with multiple – and perhaps unconnected – databases. The unsubscribe request needs to be acted upon across all applicable databases. Few things will undermine a business’ goodwill, and drive recipients to report the receipt of a message from the business, as sending repeated messages to the recipient after an unsubscribe request (or more than one).

Key lessons and takeaways

• Compliance with the Spam Act requires the implementation of systems, processes and practices which actively manage consumer subscriptions and a business’ general obligations under the Spam Act.
• As recently stated by the ACMA Chair, pecuniary penalties imposed by the ACMA will be “…commensurate to the nature of the conduct, number of consumers impacted and the lack of early and effective action by [the business]”.
• Although the fine imposed by the ACMA to Woolworths may appear relatively large, the maximum fine that could have been levied on a per-infringement or per-day basis can potentially close a business down.
• The ACMA is putting the spotlight on enforcement – particularly highlighted over the past 12 months with the ACMA stating that “…businesses have paid over $1,753,500 for ACMA-issued infringement notices for breaking spam and telemarketing laws” and “…the ACMA has also accepted six court-enforceable undertakings and given seven formal warnings to businesses.”
• The adverse publicity associated with a fine or penalty imposed by the ACMA may have deeper and more far-reaching adverse effects on the goodwill of your business.

Authored by:

Antoine Pace, Partner
Hazel McDwyer, Partner
Zein Jomaa, Lawyer