In the rush to get your business up and running, it can be easy to forget the consequences of spam. Spamming can have heavy consequences and can run up to $1.8 million of fines per day. In particular, using a customer’s email from a COVID contact-tracing form can incur serious penalties.
The Spam Act of 2003 can look complex, however, keeping in line with its regulations isn’t too tricky. The key is to avoid a few common pitfalls that we’ll explore below.
Not Getting Consent
Someone providing their email to log-in to a website is NOT consent. Nor is simply knowing a customer’s contact email. They need to have given their express or inferred consent. To determine which is needed a distinction is drawn between:
- People you have an existing business relationship with; and
- People who are just contacts.
In the former, inferred consent is sufficient. This can be useful for offering businesses services. However, for people who are just contacts, you will need express consent.
a) Express Consent
To get express consent, the recipient needs to knowingly give permission to receive marketing emails. They can do this by filling in a form, ticking a box on a website, over the phone, or, face to face. Ironically you cannot obtain express consent over an email – that in of itself would be a marketing email.
If consent is contentious in legal proceedings, you as the sender will have the burden of proof of proving consent. As a result, it is important to keep records of the consent given to receive these emails.
b) Inferred Consent
Inferred consent is a much trickier grey area of the law. The legal test used is a ‘reasonable expectation’ of the recipient that they will receive future emails. Common examples of inferred consent include:
- When you have a pre-existing business relationship
- Where they have ‘conspicuously’ provided their email (for e.g. they have published their email on their website)
- Where you have been provided a business card with an email
Importantly where inferred consent is gained, the email should be related with the domain of their consent. For example, if someone puts up an email on a retail business website, they should expect any marketing emails to be related to retail.
Besides this, you cannot use a list from an address-harvesting software to send marketing emails. When in doubt, don’t send.
Not Identifying Yourself
Be sure to identify yourself in any marketing emails. Importantly, the email needs to identify:
- Your name or the name of your business; and
- Contact details for your business.
Generally, a legal business name, an ABN and contact details including an address, phone number and email are sufficient.
Not Offering an Option To Opt-Out
The most important feature is the one-click ‘unsubscribe’ button. The option needs to be visible and easy-to-use. In addition, any request to unsubscribe needs to be actioned within five working days. Fortunately, most marketing platforms such as MailChimp automate this process for you. To avoid any arbitration use very clear buzzwords which indicate the option such as ‘unsuscribe’ or ‘STOP.’
Exempt Emails
Not all emails have to abide by these laws! Emails which are ‘purely factual’ are exempt. This can look like emails which advise a recipient or are for their safety. However, sending a factual email does not justify sending commercial emails to the customer later.
Furthermore, the Spam Act also allows exemptions to governments, political parties, charities and educational institutions.
Summary
While sending mass marketing emails can be a great way of retaining a customer base, laws are understandably in place to prevent spam. Make sure to always receive consent, identify yourself, and provide an option to opt-out. Where the emails you’re sending involve complexities such as inferred consent or sold mail lists you should talk to our business lawyers for clarification.
