Corporate & Commercial

Significant financial penalties for breaches of the Spam Act

20 June 2024

The Pizza Pan Group Pty Ltd, trading as ‘Pizza Hut Australia’ (Pizza Hut), recently paid a $2,502,500 penalty for breaching the Spam Act 2003 (Cth) (Spam Act) for sending commercial electronic messages to customers.

What happened?

Following an investigation by the Australian Communications and Media Authority (ACMA), it found that Pizza Hut had breached the Spam Act in connection with sending text and email messages to consumers. Pizza Hut had sent 5,941,109 text and email messages between 1 January 2023 and 4 May 2023 to customers who had not consented, or had withdrawn their consent, to receive those messages. It was also found that during the same period, Pizza Hut had sent 4,364,971 messages without providing an option for customers to unsubscribe.

ACMA had previously issued 15 compliance alerts to Pizza Hut, from February 2021 to April 2023, relating to 39 customer complaints about its marketing practices. These notified Pizza Hut of possible compliance issues in connection with the Spam Act.

What does the Spam Act say?

The Spam Act regulates the sending of commercial electronic messages that have an Australian link. An ‘electronic message’ is defined in the Act as being a message sent using an internet or other carriage service to an electronic address. In the case of Pizza Hut, this included email accounts and telephone accounts. A ‘commercial electronic message’ is defined in the Act as including a message for the purposes of offering, advertising or promoting goods or services, and business or investment opportunities.

The Spam Act prevents the sending of commercial electronic messages that have an ‘Australian link’ in certain circumstances. An Australian link exists where the message originates from Australia, the sender or entity authorising the sending of the message is located in Australia, or the message is accessed in Australia.

The Spam Act prohibits the sending of unsolicited commercial electronic messages unless the recipient has consented to the sending of the message, or another exception applies. Consent is defined under the Spam Act to mean express consent or consent that can be reasonably inferred from conduct, and the business and other relationships. The Spam Act also requires that each message includes clear and accurate identifying information of the business (including contact information) and a clear and easy ‘unsubscribe’ option for recipients.

Other examples of enforcement by ACMA

In April this year, it was reported that Luxottica (which owns eyewear brands such as OPSM, Oakley and Sunglass Hut) paid a $1,512,500 penalty and gave a three-year court enforceable undertaking to ACMA to appoint an independent consultant to review its compliance with the Spam Act. This related to 91,231 marketing emails sent without a functional unsubscribe option and 112,348 text and email messages sent to customers who had previously unsubscribed. These messages were sent between November 2022 and May 2023.

ACMA reported in June 2023 that the Commonwealth Bank of Australia (CBA) had paid a penalty of $3.55 million relating to breaches of the Spam Act. This was the largest penalty imposed for breaches of the Spam Act. CBA had:

  • sent more than 61 million marketing emails to customers that required them to log-in to unsubscribe (which is generally prohibited);
  • sent 4 million marketing emails that did not contain a functioning unsubscribe option; and
  • sent more than 5,000 marketing emails to customers who had previously unsubscribed.

CBA also provided a three-year court enforceable undertaking to commit to an independent review of its e-marketing practices and to implement improvements.

What can we learn from this?

The case of Pizza Hut serves as a timely reminder for businesses to ensure that they are complying with the requirements of the Spam Act when sending commercial electronic messages that have an ‘Australian link’. Before sending such electronic messages, businesses should consider whether:

  • they have the consent of the customer to send them the message;
  • the message contains accurate identifying information of the business;
  • the message includes a clear an easy ‘unsubscribe’ option for customers.
If you would like further information about this article, please contact:

Kathryn Speed

Principal Lawyer

P:(03) 6235 5105
M:0408 446 013
E:[email protected]
Linkedin
View profile
Let us know how we can help
Contact