The rise of online businesses has allowed for the proliferation of online exchange. Inboxes are filling up, and personal information is transferred from one end of the internet to the other. There are, however, regulatory frameworks that exist to ensure that consumer information is kept safe. If you are an online business or a business that has a significant online component, it is important to understand your legal obligations under the Spam Act 2003 (Cth) (“the Spam Act”) and the Privacy Act 1988 (Cth) (“the Privacy Act”). This article will highlight the key points that small businesses need to consider when they begin trading online.

What Is Spam?

An online business needs to understand how they can send electronic messages that are commercial in nature. This is particularly relevant to e-Commerce stores, mobile apps, social networks or service-based businesses that use electronic messages to reach their customers. Many people are generally aware what amounts to spam. However, the Spam Act doesn’t provide an exact legal definition. Some characteristics of spam include:

  • an electronically transmitted message, 
  • commercial in nature (e.g. advertising or offers), 
  • unsolicited by the receiver, and
  • connected to Australia (e.g. sent or received by an Australian e-mail address).

What do I Need to Know?

There are three main factors to consider if you plan to send electronic messages to customers or potential customers. The first is that if you do so, you need consent from the recipient. For example, in e-Commerce stores, this is often dealt with in the store’s ‘Sales Terms and Conditions‘. Secondly the electronic message needs to identify the business who is sending the communication. Lastly, there must be an option for the receiver to unsubscribe from the receipt of such messages.

The Spam Act exempts certain electronic messages. These are largely messages that originate from government bodies, political parties, charities or educational institutions.

Privacy Defined

It is beneficial for online businesses to be aware of the Australian Privacy Principles (APPs), even if your business may not legally need to comply with the Privacy Act. It is nevertheless useful to comply with the APP so that your customers are aware of how you plan to use their information. The APP deals with aspects such as:

  • the management of personal information;
  • the collection of personal information;
  • the use and disclosure of personal information;
  • the storage of personal information; and
  • the ability for consumers to access or amend personal information.

Privacy differs from spam as it deals with information that you have already received as a business, and focusses on informing your customers of your policy when it comes to the collection of their information. Depending on your online business, you may be collecting personal information or sensitive information to develop your business. If this is the case, it is important to be aware of your privacy obligations.


Many online businesses will encounter the need to request or contact customers for information. The Spam Act and Privacy Act covers these transactions. This is an important factor for online business models as it relies on ongoing interactions not always sustained through face-to-face contact. If you are an online business, speak to our team of specialist online lawyers who can advise you of your obligations to your customers.

Questions? Please get in touch on 1300 544 755.

Kristine Biason
If you would like further information on any of the topics mentioned in this article, please get in touch using the form on this page.
Would you like to get in touch with Kristine about this topic, or ask us any other question? Please fill out the form below to send Kristine a message!