The Spam Act 2003 (Spam Act) regulates the sending of commercial electronic messages (CEMs) and prohibits the sending of these messages except in certain limited circumstances.
CEMs are messages sent for the purpose of offering, supplying, providing, advertising or promoting:
- goods or services
- land or an interest in land
- a business opportunity or investment opportunity.
The Spam Act regulates the sending of email, mobile phone messages (SMS, MMS) and instant messaging. It is enforced by the ACMA. The Spam Act does not cover faxes, voice telemarketing or internet pop-ups. Voice telemarketing and fax marketing are covered by the Do Not Call Register Act 2006.
The type of CEMs that real estate agents may commonly send include emails or SMS messages promoting open for inspections, follow up messages to a person after they have viewed or inspected a property, emails or SMS messages referring to advertised properties on a website, or an email or SMS message to solicit the listing of a person's property.
The Spam Act is based around three key conditions that govern the sending of all CEMs:
There are two forms of consent
Whether you are targeting new customers, managing existing databases, or purchasing contact lists, you always need a person's consent before you can send them CEMs. There are two types of consent—express and inferred.
What is 'express consent'?
When an individual or organisation provides their email address or mobile telephone number, and you plan to send them a CEM, you must first obtain their express consent.
Examples of methods for obtaining express consent include:
- ticking a box on a form or website clearly stating that by ticking the box they agree to receive marketing messages
- over the phone, or face-to-face, as long as the recipient is clearly aware that he or she may receive commercial messages in the future.
The person must know what they are consenting to. It should be noted that express consent does not last forever, and can be withdrawn at any time.
When can consent be inferred?
Inferred consent can come about in two ways, through an existing business or other relationship or through conspicuous publication of a work-related electronic address in certain limited circumstances.
If an organisation has a strong business relationship with the holder of an electronic address—for example, the address holder is a subscriber to a service, or a client it deals with on an ongoing basis—consent to receiving messages from that organisation may be inferred.
If you are not confident that the existing business relationship is strong enough to infer consent, or are unsure whether the recipient will want your messages, you should obtain express consent.
Consent may also be inferred when someone conspicuously publishes their work-related electronic address (for example, on a website, brochure or magazine); and your business wants to send them a CEM. With conspicuous publication, there must be a strong link between what you are promoting and the recipient's role. You cannot infer someone's consent just because you believe your product or service would benefit them. However, if a publication includes a statement that the person does not want to receive unsolicited CEMs at that address, you can not infer consent.
Under the Spam Act, it is the responsibility of the sender to prove that consent exists. Therefore, businesses should keep a record of all instances where consent is given, including who gave the consent, when it was given and how.
It is unlikely that consent obtained by duress or deception would satisfy the legislative requirements. Examples of methods that may not be adequate to establish consent include:
- where a person signs an attendance sheet, and provides a mobile telephone number or email address, but it is not made clear to that person that, by doing so, he or she is giving consent to receive CEMs (for example, because the relevant text is too small, or located at the bottom of the sheet where it may not be apparent to the person completing the sheet)
- where a sign is displayed at an open inspection stating that, by attending the inspection, a person is giving his or her consent to receive CEMs-in such cases, it may not be clear whether a person has agreed to, or even saw, the statement on the sign.
If recipients don't object, is that consent?
No, silence does not constitute consent. Just because a person does not actively unsubscribe from your mailing list does not mean they consented in the first instance to receiving CEMs from you. You must have either express or inferred consent before you send such messages.
Cold calling—can I send messages to prospective customers?
You cannot email or SMS prospective customers unless express or inferred consent already exists. Unsolicited CEMs include messages that aim to 'test the water', or gauge the recipient's interest in receiving future commercial messages. These kinds of messages are in themselves CEMs, as they seek to establish a commercial relationship. You need to gain consent through other means.
Tip: Telephoning consumers for consent may be prohibited under the Do Not Call Register Act 2006. Visit www.donotcall.gov.au to find out more.
Can someone subscribe, or give consent, on another person's behalf?
In general, consent to receive CEMs must be given by the relevant electronic account-holder—the person responsible for that account.
Can I use pre-checked tick boxes to gain express consent?
No. Pre-checked tick boxes—for example, on a website where people can join a mailing list—are not an acceptable way of gaining consent. For express consent to exist, a person must actively and deliberately give consent to receiving CEMs, either by checking the tick box themselves or by giving consent in some other clear and transparent way. They should also be aware of the purpose for which their consent is given.
Responding to a customer enquiry—do I have consent?
If you are replying to a customer enquiry, you have that person's consent to send them a CEM related to their enquiry. You may also include extra information (such as a link to your website) if the customer could reasonably expect to receive such information as a result of their enquiry.
However, every CEM must contain a functional unsubscribe facility, even if it is a one-off communication in response to an enquiry.
Generally, you cannot add a person to a mailing list on the basis of a one-off enquiry. You need to determine whether they have provided consent to receive your CEMs.
Sender identification is mandatory
Any CEM you send must contain clear and accurate identifying information about you, as the person or organisation that authorised the sending of the message. If this condition is not met, the CEM is not in compliance with the Spam Act.
Every CEM you send must also include accurate information about how the recipient can contact your organisation, or you, as an individual sender.
Businesses must make it easy for people to unsubscribe from electronic mailing lists. An unsubscribe facility must satisfy the following conditions:
- unsubscribe instructions must be presented in a clear and conspicuous way
- a request to unsubscribe must be honoured within five working days
- unsubscribe instructions must remain functional for at least 30 days after the original message was sent
- unsubscribing must be at low cost, or no cost, to the user.
Where can I find out more?
For more Spam Act-related information, including frequently asked questions, visit the ACMA website at www.spam.acma.gov.au.
Please note: this document is intended as a guide only and should not be relied on as legal advice or regarded as a substitute for legal advice in individual cases.