Understanding the Spam Act in 2024 and beyond

The digital and telemarketing landscape has changed significantly since the enactment of the Spam Act (2003) and the Do Not Call register (2006). With the Australian Communications and Media Authority (ACMA) having already issued over $15 million in fines for breaches in the past 18 months, it is clear there is a need for more guidance in this area. Whether it is the traditional application of the Spam Act to electronic commercial messages or how it applies with marketing technology today, no business wants to be found responsible of a breach. That’s why on Tuesday 24 September 2024, ADMA collaborated with the ACMA in a joint webinar to explore the Spam Act and its adjacent regulatory frameworks in how they apply in 2024 and beyond. The webinar was highly engaging with close to 1500 registrations and 700 participants tuning in live to understand more. Attendees were highly engaged throughout. Below we will outline the key takeaways from the webinar. 

Understanding the relevant legislations

There are a number of laws and associated regulation which cover commercial communication practices in Australia.  are the Spam Act 2003, the Do Not Call Register Act 2006 (DNCR), and Telemarketing Standards 2017 (TIS). The ACMA is the regulator responsible for the administration and enforcement in this area. Where the ACMA finds an organisation to be in breach of the law, there are a few actions they can initiate. The ACMA may issue a formal warning, give the organisation an infringement notice, or accept court-enforceable undertakings. Or for more serious breaches, take the matter to the Federal Court which can impose significant penalties. 

As marketers, we need to ensure our communications are compliant with these provisions, otherwise not only do we risk a breach resulting in possible significant financial penalties, but also risk potential reputational damage as well. Noting that the latter is much harder to restore compared to paying a hefty fine and amending internal processes. The pivotal points of each of the rules were explained in the webinar by ADMA’s Manager of Regulatory and Policy, Dr Rob Nicholls which we’ll outline below. 

Telemarketing

The DNCR is at the heart of telemarketing regulation. It allows individuals to stop unsolicited telemarketing calls by registering their number on the list. If a number is registered on the list, telemarketers are unable to make contact with that individual unless they have explicitly consented. 

Those engaging in telemarketing also need to be mindful of TIS which establishes minimum enforceable requirements for telemarketing and research calls. The TIS further protects customers from telemarketing practices and offers a framework to strike a balance between legitimate business needs and a customer’s right to privacy.

The Spam Act

The Spam Act regulates all commercial electronic messages. A message is deemed an electronic message if it is sent by SMS, MMS or to an email account, instant messaging account, telephone account or any other similar account. Then if there is any element that could deem that electronic message to be  ‘commercial’ , even if secondary to the purpose of the communication, it will be considered a commercial message. Getting the categorisation of the message correct is an important consideration for a marketer because once a message is deemed to be a ‘commercial electronic message’ then the requirements of the SPAM Act apply.

A fundamental component of the Spam Act is consent. To be compliant, getting the right consent(s) from customers from the outset is paramount. There are two types of consent to consider – express and inferred consent. Express consent is where the recipient opts in to receive messaging, such as ticking a box on a website, over the phone, face-to-face, or on a form etc. Explicit consent occurs when someone takes an action after being clearly notified (in a transparent way) the way in which their personal information will be used and how they can retract that consent at any time.  On the other hand, inferred consent is when it is reasonable to assume an individual would want to receive the business-related message and this assumption can be related back to a reasonable customer relationship. Of the two, express consent is considered best practice. It’s also important to keep a record of when, how and to whom an individual has given the consent for auditing purposes. 

The ability to unsubscribe has become equally as important as consent in the Spam Act. To be compliant, a functional unsubscribe option must be available. Meaning it must be as easy to unsubscribe as it is to subscribe, and the request must be actioned within five business days. Any condition like logging into or creating an account, providing further personal information or paying a fee to unsubscribe is in breach of the Spam Act.  

ACMA Statement of Expectations

On 1 July 2024, the ACMA released a Statement of Expectations (SOE) on the use of consumer consent to provide guidance to businesses that market by phone, electronic message, or both. In the webinar, ACMA Authority member Samantha Yorke detailed the SOE and clarified its intended use is to help businesses navigate the rules and customer expectations. While it has a  very regulatory-toned name, the ACMA see the resource as being a guide to good practice. The ACMA SOE sets out both consumer friendly and unfriendly practices. The friendly, such as obtaining expressed consent, and that terms and conditions should explain what the marketing is for, who will use it, how long it will be used for and how to withdraw consent. The unfriendly being ‘what not to do’ such as ‘refer a friend’ marketing to increase databases, pre-ticked opt-ins and contacting previously subscribed (now unsubscribed) customers to entice them back.  

Later in the webinar, Evan Westmore, Manager of Compliance and Intelligence at ACMA, reiterated Samantha’s earlier comments and added that the move to a SOE was primarily due to the ACMA believing it would be helpful to promote good practice for businesses rather than waiting for legislative reform, by providing the SOE as general advice in the interim. Issuing the SOE is a great way to help educate businesses on compliance rather than waiting for enforcement and thus maintaining a proactive rather than reactive mindset for compliance.

The panel discussion

Following on from the ACMA’s great summation, Peter Leonard, Chair of the ADMA Regulatory and Advocacy Working Group then joined his fellow presenters in a panel discussion facilitated by Sarla Fernando, Director of Regulatory and Advocacy at ADMA. With expertise aplenty, the insightful panel discussion covered a range of questions. Some highlight questions include:
 

> What strategies should marketers develop that build engagement rather than annoyance in their sending out of electronic messages?

To answer this, the two key words are transparency and clarity. Problems often arise because organisations are not clear and transparent at the time that they are seeking consent, which creates difficulties in establishing that there was informed consent. It can also be counterproductive to the organisation because when the individual tries to unsubscribe, it will be difficult to apply the principle that it should be as easy to unsubscribe as it is to subscribe. Clear and transparent consent practices are key to building consumer trust and best practice. Particularly when 90% of the complaints received by ACMA relate to consent issues. 

Marketers can also consider channel use and unsubscribing from specific channels as an option. Customers who have consented to contact may only have an annoyance with particular channels rather than wanting to opt out of messaging entirely. 

Whatever strategies are employed though, be sure that databases are synced and there are no broken links between internal systems or platforms by performing regular hygiene checks. This is the best approach to avoiding unintentional and unknowing breaches due to system issues.
 

> What spam trends are you seeing in the Australian market, particularly within less traditional channels such as social media, apps, bots, SMS, and instant messaging?

Unsurprisingly, the main trends are centred around emerging technologies with a move towards SMS and a reduction in telemarketing. Of these trends though, enforcement of the Spam Act doesn’t change, even though the application does.

For example, businesses are keen to automate processes wherever possible mainly for two reasons – to reduce cost and for compliance. However, while this is important businesses need to  ensure that automation  does not interfere with its compliance requirements and annoy or frustrate the customer. 

> A message with no live link to a home page could appear to be a scam. How does a brand tackle sending transactional messages without it crossing the line into being a marketing message?

The fine line that is a commercial message versus a transactional one can be difficult to navigate. Determining what the purpose of the message is and if there is a real need to engage in the communication is a starting point. If there is a genuine need to send the message and there is a purpose in linking to a non-commercial page to confirm legitimacy, such as to confirm identity – then ensuring that the link, in this case goes to a “contact us” page, is an option, this is a good strategy to employ.  In short though, it all comes down to if you are linking to commercial content or not. 
 

There were also a number of audience submitted questions that time did not permit the panelists to address live, so the ADMA team will endeavour to provide a resource to answer some of in these coming weeks.

Want to know more?

Ensure your business does not become the next case study by improving your knowledge on the Spam Act and adjacent legislations correctly in the current context. If you registered for the webinar and would like to revisit the content, the webinar is available on-demand a limited time here. Or if you’re an ADMA member, you will have indefinite access to the webinar in the member hub. 

For further information, you can also access these resources:

ADMA:
•    Spam toolkit | ADMA
•    Compliance Resources: Member Hub | ADMA
•    Marketing Content Laws - Australian Data Privacy Training | ADMA
•    Or contact ADMA at [email protected]

ACMA:
•    Telemarketing and e-marketing – common issues and mistakes | ACMA
•    Avoid sending spam | ACMA
•    Consumer consent: expectations for businesses conducting telemarketing and e-marketing | ACMA
•    Consumer consent: expectations for businesses conducting telemarketing and e-marketing | ACMA