Key Themes from Recent Spam Penalties by ACMA
Sending unsolicited emails, or spam, can not only damage your organisation’s reputation but also land you in hot water with the Australian Communications and Media Authority (ACMA). Unlike some other regulators (the OAIC springs to mind) the ACMA is well-resourced and tasked with cracking down on scams and spam.
The ACMA has identified ‘enforcing SMS and email unsubscribe rules’ as one of its compliance priorities for 2023. In this post, we’ll analyse some of the fines ACMA’ has issued to companies for sending out spam and also outline key takeaways.
What is SPAM?
Spam is an unsolicited online commercial message (email, text, SMS etc) sent without permission. Many countries have laws limiting the sending of spam, mostly just impacting senders within that country.
In Australia, the Spam Act 2003 (Cth) and the Spam Regulations aim to reduce unsolicited electronic marketing material sent by Australian organisations. Compliance with that act is enforced by the ACMA.
We discussed SPAM and consent in more detail in the following two posts:
Notable Recent ACMA Penalties
The ACMA has been particularly active of late in pursuing Australian organisations that have breached Australian spam laws.
It published details of around five infringement notices annually since 2020. Although 2023 is off to a slow start, with only one case at the time of writing, we expect that to grow given this year’s focus on spam.
Below we look at those spam actions:
2023 Spam Penalties
A $50,000 Penalty Against BetDeluxe
BetDeluxe operates in the online gambling industry. The ACMA issued a penalty of $50,172 after BetDeluxe forwarded over 104,000 SMS that did not offer unsubscribe functionality and 820,000 SMS that did not provide required information about the sender.
“Any spam can be annoying, but when gambling is involved the risk of financial and emotional harm can be pronounced, so it’s important that wagering operators take compliance very seriously.” – ACMA Chair Nerida O’Loughlin
2022 Spam Penalties
Binance Australia’s $2 Million Penalty
Binance Australia, a cryptocurrency exchange, received an infringement notice for more than $2 million after it sent more than 5.7 million commercial emails that didn’t offer acceptable unsubscribe functionality. The company also sent 25 emails without the consent of the recipients.
Users were either unable to unsubscribe or were required to opt out by logging into an account.
As well as the fine, Binance was ordered to appoint an independent consultant to review its current procedures and practices and make improvements based on its recommendations (read more here).
Latitude Financial’s $1.55 Million Penalty for SPAM
Latitude Financial (which made headlines recently following a mammoth data breach) paid a $1.55 million penalty in 2022 for its breaches of the Spam Act 2003.
Specifically, Latitude Financial was penalised for sending over three million emails and text messages without any unsubscribe functionality. It attempted to get around the SPAM laws by mischaracterising emails as ‘informative’ not commercial. Informative or transactional emails are not subject to the same requirements as apply to spam emails.
“Companies cannot promote their products and services to customers under the guise of simply providing them with factual information. Customers must be able to withdraw their consent and stop receiving commercial messages. That choice must be actioned within 5 days,” said ACMA Chair Nerida O’Loughlin.
Sportsbet’s Record $2.5 Million Penalty
Sportsbet agreed to a $2.5 million penalty and to provide around $1.2 million in refunds to customers in 2022. It sent out more than 150,000 marketing text messages and emails to more than 37,000 people who had tried to unsubscribe. It sent a further 3,000 marketing messages with no unsubscribe functionality.
“We received complaints from people stating they were experiencing gambling-related problems and were trying to manage the issue by unsubscribing from Sportsbet’s promotions,” ACMA Chair Nerida O’Loughlin said. “Sportsbet’s failures in this matter had the real potential to contribute to financial and emotional harm to these people and their families.”
Key Trends in Australia’s SPAM Penalties
Based on the penalties outlined above and the complete list of ACMA spam penalties, we identified the following key trends and takeaways:
- The action against BetDeluxe, a sole trader, shows that the ACMA is willing to spend time and resources tackling spam complaints against companies of any size. Individual business owners and small businesses should not feel too small to be seen when it comes to marketing and consent non-compliance, especially if involved in ‘problematic’ industries like on-line gambling
- There have been two infringement notices sent to online wagering providers within the past 12 months. The online gambling industry, and other areas like cryptocurrency (regarded by some as akin to gambling) will be of particular concern for the ACMA, particularly where spam is targeting vulnerable people and making it difficult for them to unsubscribe.
- Consent is key. If you do not have consent or you are unsure if you have consent, it’s best to err on the side of caution and not send the email..
- You must include easy-to-access unsubscribe functionality in your marketing messages.
- It’s crucial that you have processes set up to manage unsubscribes in a timely manner. If someone unsubscribes and you don’t handle that promptly, the ACMA will definitely have concerns.
The ACMA has published a guide to infringement notices. It was most recently updated in February 2023.
Privacy Compliance with Privacy 108
The Privacy 108 team are expert in the application of SPAM and privacy laws.
Contact us if you have any questions or need any advice on ensuring compliance with Australia’s SPAM and privacy laws.