Sending unsolicited emails, or spam, can not only damage your organisation’s reputation but also land you in hot water with the Australian Communications and Media Authority (ACMA). Unlike some other regulators (the OAIC springs to mind) the ACMA is well-resourced and tasked with cracking down on scams and spam.
The ACMA has identified ‘enforcing SMS and email unsubscribe rules’ as one of its compliance priorities for 2023. In this post, we’ll analyse some of the fines ACMA’ has issued to companies for sending out spam and also outline key takeaways.
Spam is an unsolicited online commercial message (email, text, SMS etc) sent without permission. Many countries have laws limiting the sending of spam, mostly just impacting senders within that country.
In Australia, the Spam Act 2003 (Cth) and the Spam Regulations aim to reduce unsolicited electronic marketing material sent by Australian organisations. Compliance with that act is enforced by the ACMA.
We discussed SPAM and consent in more detail in the following two posts:
The ACMA has been particularly active of late in pursuing Australian organisations that have breached Australian spam laws.
It published details of around five infringement notices annually since 2020. Although 2023 is off to a slow start, with only one case at the time of writing, we expect that to grow given this year’s focus on spam.
View a complete list of the penalties issued by the ACMA.
Below we look at those spam actions:
BetDeluxe operates in the online gambling industry. The ACMA issued a penalty of $50,172 after BetDeluxe forwarded over 104,000 SMS that did not offer unsubscribe functionality and 820,000 SMS that did not provide required information about the sender.
“Any spam can be annoying, but when gambling is involved the risk of financial and emotional harm can be pronounced, so it’s important that wagering operators take compliance very seriously.” – ACMA Chair Nerida O’Loughlin
Binance Australia, a cryptocurrency exchange, received an infringement notice for more than $2 million after it sent more than 5.7 million commercial emails that didn’t offer acceptable unsubscribe functionality. The company also sent 25 emails without the consent of the recipients.
Users were either unable to unsubscribe or were required to opt out by logging into an account.
As well as the fine, Binance was ordered to appoint an independent consultant to review its current procedures and practices and make improvements based on its recommendations (read more here).
Latitude Financial (which made headlines recently following a mammoth data breach) paid a $1.55 million penalty in 2022 for its breaches of the Spam Act 2003.
Specifically, Latitude Financial was penalised for sending over three million emails and text messages without any unsubscribe functionality. It attempted to get around the SPAM laws by mischaracterising emails as ‘informative’ not commercial. Informative or transactional emails are not subject to the same requirements as apply to spam emails.
“Companies cannot promote their products and services to customers under the guise of simply providing them with factual information. Customers must be able to withdraw their consent and stop receiving commercial messages. That choice must be actioned within 5 days,” said ACMA Chair Nerida O’Loughlin.
Sportsbet agreed to a $2.5 million penalty and to provide around $1.2 million in refunds to customers in 2022. It sent out more than 150,000 marketing text messages and emails to more than 37,000 people who had tried to unsubscribe. It sent a further 3,000 marketing messages with no unsubscribe functionality.
“We received complaints from people stating they were experiencing gambling-related problems and were trying to manage the issue by unsubscribing from Sportsbet’s promotions,” ACMA Chair Nerida O’Loughlin said. “Sportsbet’s failures in this matter had the real potential to contribute to financial and emotional harm to these people and their families.”
Based on the penalties outlined above and the complete list of ACMA spam penalties, we identified the following key trends and takeaways:
The ACMA has published a guide to infringement notices. It was most recently updated in February 2023.
The ACMA’s compliance priorities for 2022-2023 are available here.
The Privacy 108 team are expert in the application of SPAM and privacy laws.
Contact us if you have any questions or need any advice on ensuring compliance with Australia’s SPAM and privacy laws.
"*" indicates required fields
"*" indicates required fields
Privacy 108 collects your name and email to send you our newsletter. If you do not provide this information, we will be unable to send it to you. We may use third-party service providers (such as email marketing platforms) to distribute our communications. Some providers may store information overseas, including in the United States. For more information about how we handle your personal information, including how to access or correct it or make a complaint, please see our Privacy Policy or contact us at hello@privacy108.com.au. You can unsubscribe at any time using the link in our emails or by contacting hello@privacy108.com.au.
