Spam mail - the law and what it means to business (Part 1)

by Charisse Gray / NSW Business Chamber

The Spam Act 2003, which came into effect in April 2004, aims to reduce the amount of junk email and junk SMS messages (i.e. “spam”) in Australia.

What does the new legislation do?

The legislation has three main effects. It:

outlaws the sending of spam (subject to certain exemptions);
requires that any exempt spam must include the sender’s details; and
requires that any exempt spam must include an “unsubscribe” facility.

The legislation also prohibits address-harvesting (e.g. using software to search the Internet for electronic addresses).

The outlawing of "junk" messages

The legislation does not actually apply to “spam”. Instead “commercial electronic messages” (CEM) are prohibited.

To be a CEM, a message must be both:

an “electronic message” (which includes email and SMS, but excludes telephone calls) and
commercial” in nature, meaning in broad terms that it offers or promotes any kind of product or promotes any supplier.

For the Act to apply, a CEM must also have an Australian link. This broadly means that it originates from Australia or that the person receiving it is in Australia.

There are exemptions however, unlike the Privacy Act, there is no exemption for small businesses.

Overview of exemptions

The prohibition on spam does not apply where the:

message is not a CEM in the first place
message is exempted as a “designated” CEM or
person receiving the message has consented to it.

When is a message not a CEM?

In general terms a message is not a CEM, and therefore not prohibited, if the purposes of the message do not include the promotion of a product or supplier.

This means that ordinary personal and business correspondence (unless of the marketing variety) would not be prohibited in the first place.

What spam is exempted as a “designated” CEM?

Similarly, a message that contains no more than factual information, related commentary and basic information about the sender will be exempted as a “designated” CEM.

Messages sent by any government body, political party, religious organisation or charity regarding the supply goods or services by those bodies are also exempt (even if they are a CEM). The same applies to messages from educational institutions, provided that the message is directed to a current or former student of the institution.

Exemption where recipient has consented

A CEM may also be sent where the recipient has consented to it being sent.

Consent can be either express or inferred from either conduct or an existing relationship. For example, if there is a pre-existing business relationship between the sender and recipient of the message, then consent will be inferred. Similarly, if the relevant address is “conspicuously published” on a website then consent may be inferred.

Sender information to be included in all cases

Even if a CEM is exempted (as a “designated” CEM) or the recipient has consented to receiving it, a CEM must include information about the sender, including name and contact details.

Unsubscribe facility to be included

In addition, any CEM must include an unsubscribe facility that allows the recipient to opt out of receiving future communications. This does not apply, however, where:

• the message is a “designated” CEM that is exempted or
• there is an agreement to the contrary with the recipient.

What kind of penalties apply?

The Act provides for two different penalty regimes.

Under the first regime, the Australia Communications Authority (ACA) may simply impose a fine. If the offender pays the fine then that is the end of the matter. Different fines apply to individuals and companies. For a company, a penalty of $2,200 per message applies, up to a maximum of $110,000 if there are more than 50 messages.

Under the second regime, the ACA may apply to the Federal Court to impose a more significant penalty. In the case of corporate offender with a record of prior offences, the maximum penalty is $1.1M per day.

The Federal Court may also issue injunctions and compensation orders.

What does this mean for your business?

Practical consequences and suggestions for a typical business include the following:

Do not use email as a marketing tool except to existing customers or where consent of the recipient can otherwise be inferred.
If you have previously included an ‘opt out’ message (perhaps due to the Privacy Act) and the recipient has not opted out, then consent can be inferred and you can continue to send email to the recipient.
If you have not previously used an opt out message or obtained recipient consent in relation to any email list that you use, then consider doing so before the legislation commences.
Include your name and contact details with any marketing email you send.
Include an unsubscribe facility with any marketing email that you send or establish an agreement with recipients that an unsubscribe facility is not required.
Ensure that any email addresses included on your website are accompanied by a message stating that you do not want to receive unsolicited email.
As similar legislation has been passed in the United States, multinational companies may wish to consider introducing a worldwide corporate policy regarding spam.

(This article is of a general nature and is not intended to be legal advice. Readers should obtain legal advice before acting upon this article.)

Charisse Gray (NSW Business Chamber)

Charisse Gray is the Senior Business Writer for NSW Business Chamber and is a highly respected and much published business writer, for print and online, across a wide breadth of topical business issues.