In 2003, Facebook wasn’t yet imagined, Twitter was still three years away and the iPhone was four years from launch. It wasn’t even possible to view a Myspace page (Myspace had just been born) with your Nokia 1100 (the best-selling phone of the time).
Technology was advancing rapidly during this period, and so was spam. The Australian government took the proactive step of introducing the Spam Act, making it illegal to send unsolicited electronic commercial messages. And while the Privacy Act covers organisations with an annual turnover of more than $3 million, most businesses with an annual turnover of less than $3 million have their direct marketing (including email marketing) governed by the Spam Act.
We don’t need to look at our inboxes to know that we are being inundated with email marketing.
But is the amount of email communication we receive in Australia any different to other countries?
Get daily business news.
The latest stories, funding information, and expert advice. Free to sign up.
To look at two measures: Australia has the ninth-largest volume of email data, but we have the 54th-largest population. Perhaps we wouldn’t be getting as much email marketing if Australia had more restrictive privacy and spam provisions.
Where does the current Spam Act fail?
As the Spam Act currently stands in Australia, it permits the receipt of massive amounts of email marketing communication that the recipient has neither requested nor is necessarily interested in. This avalanche of marketing material results in people switching off from messages they may otherwise act on if they weren’t overburdened by email marketing communication.
Where the Spam Act fails most notably is the overly liberal consent requirements — in other words, how a person agrees they want to receive email marketing.
Under the provisions of the Spam Act, the sender may infer that the recipient has consented to receive email marketing. For example, senders are permitted to send email marketing to existing customers even if they have not explicitly agreed to receive direct marketing.
In addition, the Spam Act is broadly worded, specifying that “other relationships of the individual and organisation concerned” constitutes inferred consent and failing to clarify where that inferred consent ceases.
Does this mean if someone contacts a business via email or a website contact form then consent may be inferred? The answer is not clear. But it could be understood from the inferred consent provision of the Spam Act that small businesses are well within their rights to send email marketing to all Australian customers.
The Spam Act’s consent requirements (or lack thereof) represent a significant departure from more recent spam and privacy frameworks — such as the EU General Data Protection Regulation (GDPR) and Canada’s anti-spam legislation (CASL). In those cases, express permission must be given by a recipient and evidence of the consent recorded by the sender.
When will the Australian Spam Act be updated?
In 2017, then-treasurer Scott Morrison directed the Australian Competition and Consumer Commission (ACCC) to conduct an inquiry into digital platforms in Australia. The inquiry reviewed the effect that search engines, social media platforms and other digital content aggregation platforms have on competition in media and advertising services markets.
On July 26, 2019, the ACCC released its final report from that inquiry. In it, numerous recommendations are made — with recommendation 16 specifically dealing with strengthening consent requirements, and recommendation 17 reviewing the scope of the Privacy Act and whether currently exempt entities should be subject to that act.
It’s too early to know any outcomes with certainty, but it appears one of two things will happen: either the Spam Act will be reviewed, or an amended Privacy Act will come into force which will bolster the weaknesses in the Spam Act.
Ultimately, there will be changes to the way that small businesses are permitted to manage their email marketing consent. It’s unlikely that small businesses will continue to be able to infer the consent of their customers.
If you’re using a GDPR compliant email marketing service, then you likely are already doing the ‘right things’. If not, then you may want to consider revamping your email marketing practices in light of world-leading consent standards and the proposals contained in the digital platforms inquiry.
At the end of the day, more stringent consent requirements will lead to fewer unsolicited email messages, which is a good thing for ethical small businesses. It means your tailored value-adding message has a better shot at getting the attention of your target audience — that being, the audience that has already determined they want to hear from you (and consented). And it means your marketing won’t be lost in the queue of hundreds of unrelated, unwanted email communications.