Sorting trash from treasure: a checklist for complying with spam laws

Aug 2023


Crisis Management ‘How To’: Don’t Throw Your Hands In The Air!

In our latest post, we turn to crises – and, more importantly, how to manage them. Crises can take a number of forms and by their nature they happen unexpectedly without warning.  Inhouse counsel have an important role in identifying risks in order to prepare for a crisis.  While a crisis is unfolding, inhouse counsel are critical in protecting privilege and providing legal advice in the moment.

Australia’s place in the Hydrogen race

Scott Gardiner delivers his latest fun fact on hydrogen, for anyone who shares his insatiable interest in this clean fuel of the future. In this post, KWM’s Co-Global Head of Projects Energy and Resources looks at the global landscape. Can his home nation - Australia...

Caroline Hayward and Brian Whelan discuss recent developments in relation to spam laws. How can you ensure your messages are positively received? They offer a checklist that outlines how to reduce the risk of non-compliance when preparing your next round of marketing activity.

The Australian Communications and Media Authority (ACMA) recently imposed Australia’s largest ever penalty of AU$3.6m on a business for sending spam. This is a stark reminder to businesses to refresh their understanding of the laws surrounding commercial electronic messages.

The regulatory landscape: the net tightens

Over the past 18 months, ACMA has strengthened its “no tolerance” approach to noncompliance with spam laws. In addition to penalties, this can include enforceable undertakings for businesses to review their policies and implement training and education programs for staff.

ACMA has flagged spam compliance as a continuing priority for 2024. Major organisations investigated recently include food delivery service DoorDash.

What is spam?

Following the introduction of the spam laws in 2003, most organisations will have well embedded processes for their marketing materials.  However, “spam” is to be distinguished from “scam”, and it may not be front of mind when terms like phishing, hacking and ransomware are currently more prevalent.

The spam laws regulate the use of “commercial electronic messages”.  As you would imagine, this is a message such as an email or an SMS/text.

An electronic message is “commercial” if it offers goods or services for sale or promotes or advertises a business opportunity or investment.

Spam doesn’t need to be sent in bulk – a single message can constitute spam under the legislation.

What are the requirements?

Each commercial electronic message must:

  • identify who is responsible for sending it (easy -that’s you!)
  • include information describing how the sender can be contacted (usually this is an email address), and
  • ensure that a functional unsubscribe facility is included (this is usually a link to a new page or email reply).

By “functional”, the information given and email address should be current for at least 30 days from the date the message was sent.

Consent is key

To avoid creating spam – you must have the recipient’s consent. Consent may be express or inferred.

  • Express consent is where a person has specifically requested email / SMS messages (eg ticked an ‘opt-in’ box, or declared in writing that they wish to receive marketing from the sender). Best practice is to ensure express consent.
  • Inferred consent is where there has been no direct request, but a recipient may reasonably expect to receive such messages.

From an individual’s perspective, to avoid spam, they should be careful of ticking boxes or entering competitions where personal information is collected, to avoid giving express consent inadvertently.

Getting your message across

Marketing increasingly relies on commercial electronic messages to reach target customer groups.  The spam laws were introduced to prevent a high frequency of unsolicited messages disturbing people and potentially causing other important messages to be lost in the barrage.

In addition to potential penalties and enforceable undertakings, businesses should also consider the commercial, financial and reputational risks associated with sending spam messages.

Most importantly, a sender wants a message to be received and read – not relegated to the “spam” or junk folder of an inbox and, above all, not deleted having been left unread!

What is not spam?

Messages (even if they are unwanted or just plain annoying!) are not spam if they aren’t commercial in nature – such as appointment or payment reminders, or notifications of a service or product fault – messages which are factual in nature and which identify the sender.

There are also certain limited exemptions for government bodies, political parties, educational institutions and charitable organisations.

Is it spam?

Between 2018 and 2019, a major supermarket sent marketing emails to consumers after they had unsubscribed from previous mailouts

Spam. By previously unsubscribing, Customers had not consented to receive further emails. By sending further emails, the supermarket had not honoured requests from customers to be unsubscribed.

In 2019, a political figure sent unsolicited text messages to an unknown number of voters

Not spam. Even though many were left wondering how their number had been obtained, registered political parties are exempt from requirements to obtain consent.

Every day, millions of Australians receive calls, emails and text messages impersonating a company or government agency (eg “you have an overdue toll fee”) or using other tactics to target personal or financial information

Not spam. These are more likely to be scams (or phishing attempts.

Are you complying with your responsibilities?

Do you have consent?

Unsolicited marketing emails or messages must not be sent to an individual without prior consent (express or inferred).

This means you should not:

  • have a pre-ticked consent check-box
  • bundle or bury consent requests with acceptance of T&Cs.

Best practice is to require express opt-in consent.

Have you identified yourself or your organisation?

If your organisation authorises the sending of the email or message, your organisation must be clearly identified in the email (including contact information).

Is it easy to unsubscribe or opt out?

Every mail-out must contain a straight-forward and opt-out or unsubscribe function ie a “One Click” approach. Customers must not be required to provide more personal information, to log in or to create an account simply to unsubscribe.

The unsubscribe link in a message must remain active for at least 30 days after the message has been sent.

Unsubscribe requests must be honoured within 5 days of receipt.

Is your message exempt from consent and unsubscribe requirements?

Certain commercial messages are exempt from consent and unsubscribe requirements depending on the sender and the nature of the content for example, payment reminders (see above).

 Have you considered other related laws, regulations and rules?

There are various other laws that must be considered such as the Privacy Act and the Do Not Call Register Act.

Further information

ACMA publishes guidelines to assist organisations in complying with the spam laws and can be contacted for general advice.

If you or someone in your organisation wants guidance on the spam laws and how to prepare your next marketing message to customers, please reach out to your KWM contact. If your business needs specialised advice on navigating spam laws, please contact Patrick Gunning or Kendra Fouracre.

Check out other insights from our Office of General Counsel team – from our inhouse to yours:


Caroline is the General Counsel of King & Wood Mallesons and oversees KWM’s Office of General Counsel. Caroline has practiced law in Australia, Ireland and Canada and specialised in energy and resources before being appointed as General Counsel (which was one of the first appointments of its kind in Australia at the time).

Caroline believes in the importance of a cohesive and engaged team to support the objectives of the OGC function to deliver value and high quality advice to the business.

Caroline loves her firepit in winter and the beach in summer, watching basketball and reading all year around (with an occasional Bridgerton binge thrown in!).

Brian Whelan

Brian is an Insurance and Construction Disputes Lawyer on secondment as Legal Counsel to KWM’s Office of General Counsel. Before becoming a lawyer, Brian practiced as an Occupational Therapist and has worked across both Government and Private sectors in Ireland, the UK and Australia as a safety, injury, and insurance specialist.

In addition to articles on KWM Pulse, you may also find some of Brian’s contributions on KWM’s insights page or published in our annual Insurance Pocketbook.

When he’s not working, Brian is kept busy by a young family – however he holds onto fond memories of, cycling, DJ-ing, mixing cocktails and skiing holidays.

Subscribe to KWM Pulse Updates