Skip to content
LegalVision

What are my Legal Obligations When Direct Marketing?

Avatar photo

By Ayatalla Lewih
Lawyer

Updated on
Reading time: 5 minutes

Meets editorial guidelines

This article meets our strict editorial principles. Our lawyers, experienced writers and legally trained editorial team put every effort into ensuring the information published on our website is accurate. We encourage you to seek independent legal advice. Learn more.

Follow us on LinkedIn
Summarise with: ChatGPT logo ChatGPT Perplexity logo Perplexity Microsoft Copilot logo Microsoft Copilot
Table of Contents

Direct marketing involves using or disclosing personal information to communicate with an individual for the purpose of promoting your goods or services. By way of example, some common direct marketing practices include:

  • Telemarketing (aka, cold calling);
  • Mail order catalogues;
  • Interactive marketing (for example, pay TV and radio); and
  • SMS marketing.

While direct marketing can be a useful tool to increase sales, businesses should have a clear understanding of their legal obligations. In this article, we explore the rules governing direct marketing and how to avoid breaching the Australian Privacy Principles (APP).

When Can I Engage in Direct Marketing?

APP 7 provides that unless an exception applies, a business must not use or disclose personal information for the purpose of engaging in direct marketing, subject to the following exceptions.

The First Exception

  • Your business has collected personal information (other than sensitive information) from an individual;
  • The individual would reasonably expect your business to use their personal information for direct marketing;
  • Your business provides a simple option for the individual to opt out if they no longer wish to receive communications through direct marketing; and
  • The individual has not made that request to your business.

The Second Exception

  • Your business has collected the personal information (other than sensitive information) from the individual or the third party;
  • The individual would not reasonably expect your business to use their personal information for direct marketing;
  • Your business provides a simple option for the individual to opt out if they no longer want you to communicate with them via direct marketing;
  • In your direct marketing, you include a prominent statement that the individual may request to opt-out or you draw the individual’s attention to this option.
  • The individual has not requested to opt out; and either
    • The individual has consented to the use of their personal information for the purpose of direct marketing; or
    • It is impracticable to gain consent.

The Third Exception

  • Your business is a contracted service provider under a Commonwealth contract;
  • Your business collected personal information (other than sensitive information) to meet its obligations under a Commonwealth contract (either directly or indirectly); and
  • It is necessary for you to use and disclose the information to meet your obligations under the Commonwealth contract.

How do I Provide a Simple Means to Opt Out?

As mentioned already, one of the requirements for direct marketing is that you provide an individual with an easy way to opt out of future communications. In your opt out option, it is best practice to ensure that you have:

  • Clear instructions written in plain English on how to opt out;
  • A process for opting out which requires minimal time and effort; and
  • A free opt out process.

Once an individual has successfully opted out, your business must not then disclose their personal information for the purpose of direct marketing.

Continue reading this article below the form
Loading form

How do I Provide a Prominent Statement for Opting Out?

When writing a statement for opting out, ensure you comply with best practice:

  • Write in plain English and avoid industry or legal jargon;
  • State your position clearly and use headings to draw attention to it; and
  • Publish your statement in a reasonable font and size, so it’s easy to read. It should not be smaller than the rest of your text.

Collection of Personal Information

A business that engages in direct marketing will likely collect and retain customer data. At the very minimum, they will keep customer names and contact details. The Privacy Act 1988 (Cth) (the Act) covers the rules surrounding the collection of personal information.

When you collect personal information that is used for marketing purposes or to share with third parties, you are required to have a privacy policy under Australian law. Always disclose to a consumer in your privacy policy the following:

  • You are keeping consumer data;
  • How you intend to use the data;
  • Customers can request access to their information and an amendment if there is an error; and
  • Consumers can opt out of having you store their data.

Ensure that you also impose obligations of third parties, for example, subcontractors who have access to personal information which you collect. Importantly, train your employees to understand the importance of privacy protection so as to promote this in your organisational culture.

Key Takeaways

Direct marketing is prohibited in Australia unless your business falls within one of the exceptions of APP 7. If you engage in direct marketing, you must provide the individual with an option to opt out and comply with that request within a reasonable period after the user has made the request. Failure to comply with the Act can result in substantial fines of up to $1.7 million for companies and $340,000 for other entities for serious and repeated privacy breaches.

If you have any questions about your legal obligations when direct marketing, get in touch with our specialist commercial lawyers on 1300 544 755.

Register for our free webinars

Demystifying M&A: What Every Business Owner Should Know

Online
Understand the essentials of mergers and acquisitions and protect your business value. Register for our free webinar.
Register Now

Social Media Compliance: Safeguard Your Brand and Avoid Common Pitfalls

Online
Avoid legal pitfalls in social media marketing and safeguard your brand. Register for our free webinar.
Register Now

Building a Strong Startup: Ask a Lawyer and Founder Your Tough Questions

Stone & Chalk Tech Central, Level 1 - 477 Pitt St Haymarket 2000
Join LegalVision and Bluebird at the Spark Festival to ask a lawyer and founder your startup questions. Register now.
Register Now

Construction Industry Update: What To Expect in 2026

Online
Stay ahead of major construction regulatory changes. Register for our free webinar.
Register Now
See more webinars >
Ayatalla Lewih

Ayatalla Lewih

Read all articles by Ayatalla

About LegalVision

LegalVision is an innovative commercial law firm that provides businesses with affordable, unlimited and ongoing legal assistance through our membership. We operate in Australia, the United Kingdom and New Zealand.

Learn more

We’re an award-winning law firm

  • Award

    2025 Future of Legal Services Innovation Finalist - Legal Innovation Awards

  • Award

    2025 Employer of Choice - Australasian Lawyer

  • Award

    2024 Law Company of the Year Finalist - The Lawyer Awards

  • Award

    2024 Law Firm of the Year Finalist - Modern Law Private Client Awards

  • Award

    2022 Law Firm of the Year - Australasian Law Awards