Regulator cracks down: heavy fines for Spam Act violations
By Ben Hamilton
The Australian Communications and Media Authority (ACMA), the body that regulates communications, spam and online content, has been actively enforcing the Spam Act 2003 (Cth) (Spam Act). Substantial fines have been imposed on businesses found to be in violation. In this article, we provide a timely reminder to all businesses to ensure marketing messages sent to customers or prospective customers comply with the requirements under the Spam Act.
So far in 2023, businesses have been fined over $6.5 million for breaching the Spam Act. ACMA has also accepted four court-enforceable undertakings. These businesses include the food delivery service DoorDash Technologies Australia Pty Ltd (DoorDash) as well as the Commonwealth Bank of Australia (CBA).
Spam Act: recap
The Spam Act regulates the sending of ‘commercial electronic messages’. ‘Commercial electronic messages’ are messages sent using an internet carriage service or any other listed carriage service to an electronic address where the purpose of the message is to offer, advertise or promote the supply of goods, services, land or business or investment opportunities.[1]
Examples of common types of electronic messaging include emails, SMS, instant messaging services and multimedia messaging services. An electronic message does not, however, include a message that is sent by way of a ‘voice call’ over a standard telephone service and may instead be regulated under other laws, including telemarketing laws.
The Spam Act generally requires (among other things) marketing messages to contain working unsubscribe functions and to state that it is illegal to send further marketing messages to a recipient once they have unsubscribed.
It is important to note that, if the Spam Act does not apply to your business’s marketing messages, you may still need to comply with the requirements under the Privacy Act 1988 (Cth) regarding direct marketing.
Recent enforcement action
Pecuniary penalties for contraventions of the Spam Act are severe. The Spam Act also establishes alternative enforcement mechanisms, including enforceable undertakings, formal warnings and an infringement notice scheme.
ACMA has issued its largest infringement notice to date to CBA in June, for $3,552,000 along with an enforceable undertaking committing CBA to an independent review of its e-marketing practices and to implement improvements to these systems. CBA was found to have breached the Spam Act over a period of nine months. CBA had sent more than 61 million marketing emails to customers that unlawfully required them to log-in to their account to unsubscribe. CBA had also sent a further four million marketing emails that had an unsubscribe function which did not work.
More recently, ACMA issued an infringement notice to DoorDash for $2,011,320 as well as an enforceable undertaking. DoorDash had sent over 566,000 promotional emails to customers who had already unsubscribed. Further, 515,000 text messages were sent to their potential drivers without an unsubscribe function.
What does this mean for you?
Businesses must stay informed about their legal obligations when sending marketing messages to customers or potential customers. To mitigate the risk of substantial penalties, businesses should consider conducting an internal review of their e-marketing practices, ensuring compliance with applicable legislation.
Hall & Wilcox has extensive experience in this field. If you need any assistance, please contact us.
This article was written with the assistance of Andrea Franco, Law Graduate.
[1] Spam Act 2003 (Cth) s 5 and 6.