ACMA enforcement action: do your marketing communications comply with the Spam Act's unsubscribe rules?

Telstra has been fined $626,000 after an investigation by the Australian Communications and Media Authority (ACMA) found that the communications company sent close to 10.5 million text messages that did not comply with the Spam Act. The ACMA investigation revealed that the majority of the messages, over 10.3 million texts, included a non-compliant unsubscribe facility.

The ACMA found that the unsubscribe facility used by Telstra in its texts breached the Spam Act because it required the recipient to log in to their account, or provide additional personal information, before they could unsubscribe. Those requirements contravened the specific rules in the Spam Act regarding unsubscribe facilities.

The fine issued to Telstra was the maximum that was able to be applied by ACMA in an infringement notice based on the timing of the contraventions. This brings the amount of spam penalties issued by the ACMA over the past 18 months to over $16 million.

What are the Spam Act's unsubscribe rules?

To comply with the Spam Act, SMS and email marketing must generally include an easy and effective way for recipients to opt out from receiving marketing messages.

Specifically, SMS and email marketing must include a functional unsubscribe facility that:

• has clear instructions on how to unsubscribe (or "opt-out" or "stop")

• is actioned within 5 working days

• does not charge a fee

• does not cost more than usual for the recipient to send (eg. the cost of sending an SMS)

• works for at least 30 days after the message was sent

• does not require the recipient to create or log in to an account, or provide personal information (other than the number or email address to which the message was sent).

The above requirements apply except to the extent (if any) they are inconsistent with an agreement between the sender and the recipient.

Where did Telstra's unsubscribe facility go wrong?

Telstra's texts directed recipients to call a 1800 number to opt out. When a recipient called the 1800 number, they were authenticated via Interactive Voice Response (IVR) which asked the recipient to enter their customer PIN. If the recipient was unable to enter a PIN, the call was directed to an agent who required the recipient to provide their full name and date of birth before progressing the unsubscribe request.

The ACMA found that the above process did not comply with the Spam Act's unsubscribe rules because:

• requiring the recipient to enter a PIN was equivalent to requesting the recipient to log into an account with Telstra; and

• requiring the recipient to provide their full name and date of birth was a requirement to provide additional personal information.