Regulator finds its teeth: Australian supermarket giant issued with record fine for spam breaches

Australian supermarket giant, Woolworths, was recently issued a record AUD$1,003,800 infringement notice by the Australian Communications and Media Authority (ACMA), for  multiple, significant breaches of the Spam Act 2003 (Cth).

The ACMA found that Woolworths had committed more than five million breaches of Australian spam laws between 1 October 2018 and 17 July 2019 when it continued to send unsolicited marketing emails to more than 1.2 million of its customers who had previously unsubscribed to receive such emails, and in some cases on multiple occasions. 

This is the largest penalty paid for breach of spam laws in Australia, almost doubling the previous record of AUD$504,000 issued against Australia's telecommunications provider, Optus, earlier this year (read article here). 

In comparison to Optus, Woolworth's infringement impacted approximately 60% more consumers and spanned a longer period of time. 

The ACMA further found that Woolworths had failed to act after previously being warned by the regulator of potential non-compliance issues arising from consumer complaints. 

In addition to its record spam fine, Woolworths also accepted a three-year court enforceable undertaking to:

  • appoint an independent consultant approved by the ACMA to review its systems, processes and procedures;
  • implement improvements;
  • report to the ACMA as to the status of improvements, complaints it has received from consumers and all instances of non-compliance; and
  • undertake training to ensure compliance.

What is spam?

Spam is unwanted or unsolicited marketing message sent by email, mobile phone messaging (SMS, MMS) or instant messaging [1] and governed by the Spam Act 2003 (Cth), which prohibits the sending of such messages which are commercial in nature[2] and have an Australian link (for example, sent to or from someone in Australia).[3]

A message is commercial in nature if it offers, advertises or promotes goods, services, land or business and investment opportunities. 

What rules apply to spam in Australia?

Three general rules apply to the permitted sending of spam to recipients in Australia:

  1. The sender must have the recipient's consent to receive the marketing message.[4] This may be express consent (e.g. where the recipient proactively confirms in writing and/or selects a tick box to receive spam) or inferred consent (e.g. from a pre-existing business relationship or if the recipient's contact details are publicly available and the message is work/business related).[5] It is also worth noting that in Australia, silence does not constitute consent[6] and the ACMA has indicated that senders using pre-checked tick boxes is not an acceptable way to gain consent.[7]
  2. The message must clearly identify the sender.[8]
  3. The message must contain a functional unsubscribe facility.[9]

Consequences for breach of Australia’s spam rules can result in civil penalty and/or injunction from the Federal Court, infringement notice, court enforceable undertakings or issue of a formal warning. Repeat corporate offenders can face penalties of up to $2.1 million a day.

Key takeaways

In an increasingly digitalised era, and even more so since COVID-19, businesses are shifting practices online as a vital way to reach, and communicate with, consumers quickly and more efficiently. 

However, with this increase in digital engagement, whether by email marketing, SMS, MMS or instant messaging platforms, businesses must remain aware of, and vigilantly comply with, local spam laws, when sending such messages in Australia. 

The ACMA's decision to issue record fines against Optus, and now Woolworths, within the year to date, provides a timely reminder for all businesses to check whether they have appropriate and sufficient systems, policies and procedures in place to meet, and maintain, their legal requirements under Australian spam laws. 

It also sends a clear warning that the regulator is not afraid to use its powers in its crack down on spam and to encourage compliance.

[1] Spam Act 2003 (Cth) s 5.

[2] Ibid s 6.

[3] Ibid s 7.

[4] Ibid s 6.

[5] Ibid sch 2 s 2.

[6] ACMA v Clarity1 Pty Ltd [2006] FCA 1399.

[7] ACMA Factsheet 161.

[8] Spam Act (n 1) s 17.

[9] Ibid 18.

Latest insights

More Insights
headphones and keyboard

European consumer organisation challenges in-game monetisation landscape as unfair

Oct 10 2024

Read More
flower

AI - Litigation Risks in the UK & the EU

Oct 10 2024

Read More
camera

EU VAT: new rules for livestreaming, virtual events, small businesses, and art sales starting 1 January 2025 – 3 key insights

Oct 07 2024

Read More