An Australian online marketplace, Oneflare, recently had to pay $75,600 for breaching the Spam Act 2003 (‘Spam Act’). Oneflare sent commercial messages to a large number of people, breaching its responsibilities under the Spam Act. If your business uses electronic advertising, you should understand what the Spam Act means for you and how to avoid making Oneflare’s mistakes. This article will explain:
- Oneflare’s mistake;
- what Oneflare had to promise to do to rectify the situation; and
- some of the key requirements under the Spam Act.
The ACMA Investigation
After receiving many complaints about unwanted messages, the Australian Communication and Media Authority (ACMA) investigated how Oneflare was finding and communicating with individuals without consent. It found that Oneflare sent messages to phone numbers available on public directories and did not provide an unsubscribe option.
What Does the Spam Act Say?
The Spam Act contains certain rules that businesses must abide by, including:
- when businesses can and cannot send commercial electronic messages; and
- what text these messages must include.
‘Commercial electronic messages’ include digital forms of direct marketing (e.g. emails or text messages). These are distinct from physical messages (e.g. sending letters by post).
To send an electronic marketing message, you must:
- have consent from the recipient to send marketing messages;
- identify your business as the sender; and
- include an option to unsubscribe within the message.
Consent
To receive consent from recipients, you can obtain either express or implied consent. You will need to keep a record of this consent.
You can obtain express consent by asking the customer if you can send them marketing messages.
You may receive implied consent from a customer when they purchase a product from you and you send them marketing material about similar products.
You can also infer consent if the customer conspicuously displays a work-related email. This means that if a work-related email address is accessible to the public (e.g. on a businesses’ website) and there is no statement withholding consent, you may be able to send messages to this email address. The key issue here is that the email address and your communication must both be work-related. Any personal or unrelated marketing you wish to send to personal email addresses would not fit within this exception.
Identification
Any message you send should include your businesses’ name so that the recipient knows who the message has come from.
Unsubscribe
Every commercial or marketing message you send should include an unsubscribe function, such as:
- a link to unsubscribe; or
- the steps the recipient should take to opt out of receiving messages from you (e.g. “to opt out, reply ‘stop’”).
If a customer requests to unsubscribe or opt out, you must action their request within five days.
ACMA may conduct investigations in response to complaints from individuals who feel that a business is spamming them. It is important to ensure that you always comply with the Spam Act so that you can easily explain your processes if ACMA decides to investigate you.
The Spam Act applies to any business that sends commercial electronic messages. However, if you are an APP entity, you will also need to comply with the Privacy Act when you send commercial electronic messages. APP entities are businesses who:
- have an annual turnover of more than $3 million;
- trade in personal information;
- provide a health service; or
- contract with the government.
These businesses must comply with the Australian Privacy Principles (APPs).
Continue reading this article below the formHow Did Oneflare Breach the Spam Act?
Oneflare had neither express nor implied consent from the recipients of its messages. Rather, Oneflare simply contacted individuals on a public database. These individuals never expressed an interest in receiving communications from Oneflare. Lastly, the messages that Oneflare sent did not contain an unsubscribe function.
As well as paying the $75,600 fine, Oneflare had to make statements in an enforceable undertaking to promise to comply with the Spam Act. Oneflare also had to appoint an independent consultant to review its internal advertising procedures.
The enforceable undertaking revealed that Oneflare tried to infer consent simply because the recipients’ contact details were available on a public database. ACMA found that Oneflare could not infer consent by conspicuous publication because Oneflare’s advertisements did not relate to the work-related business of the recipients. That these details were publicly available did not mean that the recipients had provided either express or implied consent to receiving marketing from Oneflare. Oneflare had to remove these contact details from its system.
Oneflare’s key mistakes were that it:
- had not received consent;
- could not rely on ‘conspicuous publication’; and
- did not offer an unsubscribe function to recipients.
Key Takeaways
If you plan to send electronic marketing messages, you should ensure that you do not wind up in the same position as Oneflare. To avoid doing so, you should:
- ensure you have consent;
- identify yourself as the sender of the message; and
- allow recipients to unsubscribe from future messages.
If you have any questions about your business’ compliance with the Spam Act, contact LegalVision’s Data and Privacy lawyers on 1300 544 755 or fill out the form on this page.
We appreciate your feedback – your submission has been successfully received.
