To send or not to send

Direct Marketing under Australian Privacy and Spamming Laws

Before you hit send on that commercial electronic message (including, amongst others, emails and SMS messages) (“CEM”) you should be aware of the application of Australian privacy and spam laws. Finding electronic addresses online or purchasing a list from a business to business list supplier (“B2B List Supplier”) can seem like a cost effective and efficient way to get your brand out to a large group of people. However, if you send CEMs in contravention of applicable legislation, harsh penalties including fines or court action may result.

Are you caught?

Privacy Act 1988 (Cth) (“Privacy Act”): Commonwealth public sector agencies and businesses with an annual turnover of $3M or more, amongst other, are captured by the Privacy Act. Certain organisations are captured regardless of turnover (see our Article covering the impact of mandatory data breach notification laws).

Spam Act 2003 (Cth) (“Spam Act”): A business is likely to be captured by the Spam Act unless it is a government body, charity, political party or educational institution.

Sending CEMs

The safest approach is always to get express consent from a recipient (e.g by telephoning the recipient before sending any CEM). If such express consent cannot be obtained, or is unreasonable to obtain, CEMs may be sent in limited circumstances. The following briefly outlines the application of the law in the following two scenarios:

  • Sending CEMs to electronic addresses that are conspicuously published (“Scenario 1”); and
  • Sending CEMs to electronic addresses that are purchased from a B2B List Supplier (“Scenario 2”).

In both scenarios, if a CEM is sent it should contain:

  1. a functional unsubscribe facility that is clearly visible to the recipient; and
  2. details of the sender including:
  •  business address;
  •  legal or trading name (including ABN / ACN); and
  •  telephone number.

Important: If the sending of a CEM is challenged on the basis that no consent is provided, the onus is on the sender to prove that consent existed. To this end, accurate records of any publications which contain conspicuously published electronic addresses or correspondence with a B2B List Supplier should be maintained.

Scenario 1

If you do not have a pre-existing business relationship with a recipient but an electronic address is conspicuously published (it is published and accessible by the public or a section of the public), you may still be able to send the CEM based on inferred consent. The following is required in such a situation:

  1. there is a strong link between the goods or services promoted in the CEM and the recipient’s role, function or duties. That is, the CEM must have a strong link to the functions or duties of the individual to whom it is sent. To this end, CEMs should not be send to generic electronic addresses where the role, function or duties of the individual cannot be ascertained; and
  2. the conspicuous publication is not accompanied by a statement to the effect that the recipient does not wish to receive commercial messages (akin to a “no junk mail” sign on a letterbox).

Scenario 2

If the electronic address of the recipient has been provided by a B2B List Supplier it is critical to ask:

  1. how the information was collected by the B2B List Supplier;
  2. what the individuals on the list consented to (you should obtain a copy of the relevant terms agreed as between the B2B List Supplier and recipient and ensure that consent for third parties to send CEMs to the recipient was provided. Note: if you rely solely on assurances from a B2B List Supplier that consent has been provided, there may be a risk that the consent has not been properly obtained; and
  3. when the consent was provided by the recipient. As a rule of thumb, if the recipient provided their consent more than 3 months prior to the time of contact it is safest to obtain consent from the recipient again.

A word about the Do Not Call Register Act 2006 (Cth)

Apart from the Spam Act and Privacy Act, it is important to be mindful of the Do Not Call Register (“DNCR”). You should not call (landline, mobile, fax) numbers listed on the DNCR for the purpose of direct marketing unless you have express consent to do so. Check the DNCR prior to making any telephone calls.

As with many aspects of law, each circumstance is unique and turns on its own facts. If you are considering using direct marketing to procure business contact one of our solicitors today to get advice on your proposed marketing technique. Remember, if you are sending CEMs in bulk, multiple breaches of applicable legislation can easily occur, exposing your business to potential claims.