MANAGEMENT
Professional
Updates
New spam regulation
foreshadowed
By Gordon Hughes, Partner, and Ian Oi, Special Counsel,
Blake Dawson Waldron
O
n 18 September 2003, the Australian Federal
Government tabled anti-spam legislation in
the Australian House of Representatives, in the
form of the Spam Bill 2003 (Cth) and the Spam
(Consequential Amendments) Bill 2003 (Cth).
The Spam Bill, if enacted in its present form,
will implement a national regulatory scheme that
has international reach.
The proposed legislation will have a
potentially significant impact on the marketing
activities of some organisations.
It should be emphasised that at the time of
publication, the Bill has passed the House of
Representatives but the non-government parties
have proposed amendments in the Senate, and
therefore the precise form of the final legislation
remains to be determined.
Overview of the spam legislation
In summary, the Bill regulates:
• the sending of certain commercial electronic
messages with an Australian link (as defined in
the Bill) and
• the dissemination and use of addressharvesting software and electronic address lists
directly or indirectly produced using that
software (harvested-address lists), where the
necessary Australian connection is established.
A person who contravenes the Bill may have
to pay civil penalties (of up to AUD$1 100 000 per
day for repeat offender companies) and may be
the subject of an injunction.
The commercial electronic message
rules and exceptions
Under the Bill, the three basic rules for
commercial electronic messages with an Australian
link are:
• unsolicited commercial electronic messages
must not be sent (unless the recipient consents)
• all commercial electronic messages must
include accurate sender information and
• all commercial electronic messages must
contain a functional unsubscribe facility.
Consent can be given expressly or it can be
• The implications of the new Spam Bill
for marketing activities
• Overview of the provisions in
the new Bill
• Relationship to the Privacy Act
reasonably inferred from the conduct, business
and other relationships of the recipient of the
message. Consent is not to be inferred from mere
publication of the recipient’s email address.
However, it can be inferred if the email address
was conspicuously published and:
• the email address was a work-related address
• it would be reasonable to assume that the
address was published with the addressee’s
consent and
• the publication does not specifically exclude
consent.
The unsolicited commercial electronic
messages rules do not apply if:
• the message is (with some qualification) only
factual
• it is sent under a reasonable mistake of fact or
• the person authorising the sending of the
message is (with some qualification):
– a government body
– a registered political party
– a religious organisation
– a charity or charitable institution or
– an educational institution.
Address-harvesting software
rules and exceptions
Under the Bill, the three basic rules for addressharvesting software and harvested-address lists are:
• a person must not supply or offer to supply
address-harvesting software and harvestedaddress lists (or rights to use them)
• a person must not acquire address-harvesting
software and harvested-address lists (or rights
625
Professional
Updates
MANAGEMENT c o n t i n u e d
•
•
•
•
to use them) and
a person must not use address-harvesting
software and harvested-address lists.
Exceptional situations where rules do not apply:
the ‘must not supply or offer to supply rule’ is
not broken if:
– the supplier had no reason to suspect that
the supplied address-harvesting software
or harvested-address lists would be used in
connection with sending unsolicited
commercial electronic messages or
– the supplier did not know (and could not,
with reasonable diligence, have
ascertained) that the customer had a
relevant Australian connection
the ‘must not acquire rule’ is not broken if the
acquirer of the address-harvesting software or
harvested-address lists did not intend to use
them in connection with sending unsolicited
commercial electronic messages and
the ‘must not use rule’ is not broken if the use
of the address-harvesting software or
harvested-address lists is not in connection
with sending unsolicited commercial
electronic messages.
It is, however, up to the alleged rule-breaker to
prove that the above exceptions apply.
626
N O V E M B E R 2 0 0 3 K E E P I N G G O O D C O M PA N I E S
Necessary Australian nexus
The Bill expressly extends to acts, omissions,
matters and things outside Australia. However:
• the commercial message rules only operate if
the message has an Australian link, such as:
– the message originating in Australia
– the sender being physically in Australia or
an organisation centrally managed and
controlled in Australia
– the message being accessed by a computer,
server or device in Australia
– the message being received by an
addressee physically in Australia or who is
an organisation centrally managed and
controlled in Australia or
– it being reasonably likely that, for a
message sent to a non-existent address (if
the address existed), the message would
have been accessed using a computer,
server or device in Australia.
• the address-harvesting software rules only
operate if there is a relevant Australian nexus,
such as the rule breaker being physically in
Australia or a body corporate or partnership
carrying on business or activities in Australia. For
the ‘must not supply rule’, the Australian nexus
may also include the acquirer being physically in
Australia or a body corporate or partnership
carrying on business or activities in Australia.
Basic Spam Bill concepts at a glance
Spam
Despite its use in the title of the Bill, the term
‘spam’ is not defined. Instead, the Bill regulates
‘unsolicited commercial electronic messages’.
Electronic messages
Electronic messages are messages sent using an
Internet or other carriage service to an electronic
address. However, voice calls from a standard
phone services are specifically excluded from
being electronic messages.
Commercial electronic messages
A commercial electronic message is an ‘electronic
messages’ which, having regard to its content, the
way in which it is presented and the type of
content which can be accessed via links or other
contact information, is designed to achieve one of
a number of specified commercial purposes, for
instance:
• offering to supply/provide, advertising or
promoting goods, services, land, business
opportunities or investment opportunities
• advertising or promoting suppliers or
prospective suppliers/providers of the above
and
• assisting or enabling a person, by a deception,
to dishonestly obtain a financial advantage or
obtain a gain from another.
The complete list of these commercial
purposes is set out in clause 6 of the Bill.
Unsolicited commercial
electronic messages
Unsolicited commercial electronic messages,
although not defined, are in effect commercial
electronic messages that have an Australian link,
are not ‘designated commercial electronic
messages’ and do not otherwise fall within an
exception set out in the legislation.
Designated commercial
electronic messages
Designated commercial electronic messages are
defined in schedule 1 of the legislation and are
restricted to factual information which may
include information about how the recipient can
readily identify the sender.
Ancillary contraventions
Apart from the primary rule breaker, the Bill also
makes the following people liable to civil
penalties:
• a person who aids, abets, counsels or procures
a contravention
• a person who induces a contravention
• a person in any way, directly or indirectly,
knowingly concerned in, or party to, a
•
contravention and
a person who conspires with others to effect a
contravention.
Other protections and exemptions
The Bill contains some protections for innocent
intermediaries. For instance, a person supplying a
carriage service is not taken to have ‘sent’ an
electronic message (or caused it to have been
sent), and does not commit an ancillary
contravention (see above), merely because they
supplied a carriage service that enables the
message to be sent. Similarly, the rules for
determining who authorised a message to be sent
will protect, to some extent, personnel of an
organisation from personal liability for messages
sent as part of their work.
Further, the Bill expressly does not apply to
the extent that it would infringe any
constitutional doctrine of implied freedom of
political communication.
Role of ACA
Enforcement of the legislation will be undertaken
by the Australian Communications Authority (the
ACA). The ACA was chosen on the basis of its
understanding of the telecommunications sector,
prior experience in conducting investigations and
enforcing legislation, and experience in working
with industry to develop appropriate codes of
practice.
To ensure that the ACA has the means to
effectively enforce the legislation, it will be able to
issue formal warnings, seek injunctions and seek
investigative and monitoring warrants from the
Courts. At the lower end of transgressions, an
infringement notice scheme will provide an
efficient and cost-effective way of providing a fast
and fair decision. For those organisations that
choose to ignore the law, the penalties could be
significant as the courts can award damages of up
to $1.1 million dollars per day, in the most severe
circumstances.
Spam (Consequential Amendments) Bill
The Spam (Consequential Amendments) Bill makes
amendments to the Telecommunications Act 1997
(Cth) and the Australian Communications Authority
Act 1997 (Cth) to enable the effective investigation
and enforcement of breaches of the Spam Bill.
Commencement of penalty provisions
The Bill provides that the penalty provisions will
come into force 120 days after receiving Royal
Assent. This will coincide with the
commencement of significant educational and
public awareness programs coordinated by the
National Office for the Information Economy and
involving new representative organisations.
627
Professional
Updates
MANAGEMENT c o n t i n u e d
Implications for marketing activities
Responsible organisations will have already
reviewed their marketing techniques as a result of
the amendments to the Privacy Act 1988 (Cth) in
2001. National Privacy Principle 2, introduced by
the Privacy Amendment (Private Sector) Act 2000
(Cth), prevents an organisation from using or
disclosing personal information for direct marketing
purposes in certain circumstances. NPP 2.1(c) allows
direct marketing, however, where (amongst other
things) it is impractical to seek an individual’s
consent and where the individual is told that he or
she can opt out of receiving any more marketing
from that organisation.
This begs the question, of course, of when it is
‘impracticable to seek consent’. The Privacy
Commissioner’s guidelines state that this involves
balancing a number of factors including:
• how often the organisation is in contact with
the individual
• the way an organisation communicates with
the individual
• the consequences for the individual receiving
the information without having consented and
• the cost to the organisation of seeking
consent.
The Privacy Commissioner’s guidelines go on
to state that ‘as the cost of emailing is negligible,
ordinarily it will not be “impracticable” to seek
consent if an organisation chooses online
methods of contact or communication’ and
therefore an organisation will generally require
express consent in order to continue direct email
marketing to individuals. Implicitly, therefore,
spammers would generally be regarded as
infringing National Privacy Principle 2.1(c) and,
certainly, a spammer would be required to comply
with any request from an individual not to receive
direct marketing by email.
The problem with the Privacy Act provisions to
date, however, has been that:
• spammers have acquired personal
information, in the form of email addresses,
through the use of address-harvesting software
or through the purpose of harvested-address
lists and
• the identity of the sender is often obscure and
the ‘unsubscribe’ option is often not functional.
The effect of the new spam legislation is that
substantial penalties will apply in future for
spammers with the necessary Australian nexus
who have used address-harvesting software or a
harvested-address list, or who engage in the
practice of attaching inaccurate sender
information or non-functional ‘unsubscribe’
facilities to their emails. ●
CSA is proud to announce the
winner of our competition to
win a bottle of 1980 Grange
Mr Lindsay Kelly FCIS, submitted a document to our website Useful Practitioner
Document Service that has been judged the winner by our panel of judges.
CSA extends congratulations to Lindsay Kelly and thanks him for an excellent
document that will be of use to his fellow members. All documents are posted
anonymously to the site. Lindsay Kelly’s document, along with others submitted
by members during the competition, is now available for your use.
Go to www.CSAust.com/Reference Centre/Useful Practitioner Documents/Access
a Document and download the documents to be found there. ●
628
N O V E M B E R 2 0 0 3 K E E P I N G G O O D C O M PA N I E S