The laws that apply to sending unsolicited marketing emails are about to change. Businesses that marketing emails must review the way they collect consent from potential customers. These new rules will be the biggest shake up to spam and privacy laws in a long time.
We’ve written about the Spam Act rules and privacy policies. But these new laws will modify the way that businesses must engage in e-marketing activities. Australian businesses must take notice and comply with the laws or face hefty legal penalties.
In this article, our eCommerce lawyer will explain what the new rules look like and what businesses can do to start preparing for these changes.
Key Takeaways
- The way that businesses engage in email marketing and other e-marketing is expected to change in August 2024
- The Australian Communications and Media Authority is becoming increasingly active in prosecuting and fining businesses that don’t comply with the Spam Act
- Consumer protection is at the forefront of the Australian Government’s decision to strengthen the rules around e-marketing
There are pending changes to the Australian Spam Act aimed at strengthening compliance and enhancing consumer protection. These updates reflect the ongoing efforts to address issues related to unsolicited communications, especially in the context of evolving digital marketing practices.
What is changing in the e-marketing space?
There are currently two Bills being considered by the Australian Parliament:
- Privacy Legislation Amendment Bill
- Unsolicited Political Communications Legislation Amendment Bill
We’re not going to talk about unsolicited political communications in this article. You might be wondering what the Privacy Act has to do with the Spam Act. It’s important to know that these laws overlap.
The Spam Act itself isn’t expected to be changed. However, the new rules around email marketing and consent will be found in the revised Privacy Act.
The regulator in this space is the Australian Communications and Media Authority (ACMA). ACMA has issued a Statement of Expectations for 2024-25. In that statement they said that they expect businesses to:
- obtain explicit and informed consent from consumers for e-marketing activities
- rely on express consent, where terms and conditions are clear and accessible at the point of consent
- not bury terms and conditions in lengthy policies or multiple click-throughs
- to rely on double opt-in procedures to verify consent
How are email marketing laws expected to change?
A broader definition of commercial electronic messages
The types of marketing emails that will be caught by the Spam Act will be broader. It is likely to expand to include emails with indirect commercial intent. For example, promotional links in order confirmations.
ACMA has pointed out that businesses try to disguise commercial messages as non-commercial to bypass spam rules. For example, where a business needs to communicate to a customer to provide goods and services but includes some marketing content in the email.
Double opt-in requirements
Businesses may be required to adopt a double opt-in process. This means that businesses will need to change the way they obtain consent to receive commercial electronic messages (i.e. marketing emails).
To do this, businesses will need to work with their web developers. Consent may be obtained when a person initially signs up, but there must be an additional step. The person would then receive a confirmation email or message requiring them to confirm that they want to subscribe.
A shorter timeframe to process unsubscribe requests
Businesses will be required to process unsubscribe requests within a maximum of five business days.
Legal responsibility for third parties assisting with e-marketing
Businesses will be unable to play the blame game. Businesses will themselves be responsible even if they engage another company to assist with digital marketing. Outsourcing will not help businesses avoid legal responsibility.
Why are email marketing laws changing?
Set out below are some reasons given by various media bodies and Government authorities regarding the changes to e-marketing:
- the existing privacy laws were written before the current digital era. They were not designed for a time where personal data has commercial value
- there is a need to protect people from the misuse of their personal data in a rapidly evolving digital economy
- Australians are increasingly worried about their privacy online and the potential misuse of their personal information
- there is a need to ensure that businesses avoid negligent behaviour and to hold them accountable for data breaches
How can businesses ensure they comply with the new email marketing rules?
- Be transparent with customers about how their personal information will be used
- Don’t bury important information in fine print or by having to navigate through multiple links
- Change your website and customer journey so that there is a double opt-in for marketing emails
- Remember that your business could face significant penalties if you don’t comply
Frequently Asked Questions
Do I have to include a double opt in for email marketing?
Not currently. However, double opt-in will be required if the email marketing laws change in the way that they are expected to.
What are the penalties for sending unsolicited commercial electronic messages?
Currently, the penalties are:
- up to $2,220 per individual per breach. This increases if an individual sends multiple unsolicited messages
- up to $13,320 per business per breach. If the breach is repeated or serious, the fines can increase up to $2.22 million
Under the new laws, these are expected to increase significantly. There is talk of a tiered penalty system so that the more serious the breach, the greater the penalty.
Have businesses actually been fined for sending unsolicited marketing emails?
Yes, and more businesses are being targeted by regulators.
Here are two recent examples of businesses being penalised by ACMA.
- Ticketek was fined $2.55 million for sending unsolicited messages. The messages included promotional content disguised as transactional communications.
- Sportsbet was fined $3.55 million for sending emails and texts to customers who had unsubscribed.
Who should I talk to if I have questions about changes to email marketing laws?
You can speak to one of our eCommerce lawyers if you have questions about the new laws. We offer a free 15 minute legal consultation and fixed fee pricing.