On 1 July 2024, Australia’s spam regulator, the Australian Communications and Media Authority (AMCA), released a Statement of Expectations setting out its requirements for customer consent in the context of direct marketing.
The ACMA has consistently demonstrated a clear intolerance for breaches of the spam requirements, penalising business with over AUD 15 million in spam and telemarketing fines over the past 18 months.
Under the Spam Act 2003 (Cth), businesses must obtain consent from customers (including business customers) before sending any direct marketing communications via email, SMS or other electronic means. Consent can be express or inferred, but should only be inferred where there is an existing commercial relationship between the sender and the customer which relates to the subject matter of the marketing communication.
ACMA recommends using express consent as it represents a clear and unambiguous decision by a customer to receive direct marketing. Customers can give express consent via filling in a form, ticking a box on a website, over the phone, or face to face.
Records of consent should be maintained and include details such as the method by which consent was obtained, the terms applied to the consent and the date/time of collection. Outsourced providers of marketing services should maintain appropriate consent records on behalf of their customers, and businesses remain responsible for meeting their consent obligations regardless of whether they outsource e-marketing or consent gathering to third parties.
Based on the ACMA’s expectations regarding the spam laws, best practice includes the following:
- Obtain express consent based on clear terms and conditions which are accessible to the customer at the time of seeking consent. Avoid embedding the references to consent in fine print or long privacy policies.
- Consent terms and conditions should clearly explain what the consent is for, who it is being provided to, for how long, and how a customer may withdraw their consent.
- Make sure that only current consents are relied upon – consent should be refreshed regularly.
- Consider a double opt-in approach to obtaining consent. For example, asking customers via email to confirm their consent by clicking on the link provided (which also helps to identify genuine email addresses).
- Do not use pre-ticked boxes.
- If seeking to relying on inferred consent, carefully evaluate whether there is a clear, current or ongoing relationship with the customer, and that the goods or services being marketed are directly related to that relationship. Consent should not be inferred from a one-off purchase by a customer (even where they have provided a phone number or email to receive a receipt).
- Ensure all electronic messages contain easy to use and functional unsubscribe facilities. Avoid asking customers to log in to accounts or charging customers a fee to unsubscribe.
- Ensure that customers are given the option to unsubscribe from all marketing messages (and not only certain types of messages).
- Ensure to action unsubscribe requests as quickly as possible and within 5 business days.
- Do not continue sending marketing messages after an unsubscribe request has been received, or re-contact consumers encouraging them to resubscribe.
Please reach out to us if you require any further guidance about your obligations under the Spam Act 2003 (Cth).