Regulatory complexity causes trouble for Australian businesses

14 Dec 2017

  • Privacy and Compliance

The recent release of the Australian Communications and Media Authority (ACMA) Quarterly Report on Action on Unsolicited Communications (July 2017 – September 2017) featured Upside.Digital at the top of the ‘Actions take’ list.

“$39,600 Infringement Notice paid by Upside.Digital Pty Ltd for breaching Spam Act,” the report states. The report also highlights that 263,000 spam complaints were received and that there was an increase from the previous quarter of almost 30,000 complaints relating to SMS.

Without additional information and context, you would be forgiven for assuming that non-compliance with marketing rules is rife within the industry.  But this is in fact not the case.  Adding some context to the complaints reveals a very different picture about compliance issues and industry compliance.  

For a start, industry is overwhelmingly compliant with marketing communications rules, which is evident by the decrease in email spam complaints from the last quarter.  The increase in SMS complaints was largely attributable to the Marriage Equality debate – and not a reflection on industry compliance. 

Generally, in our experience, non-compliance with relevant marketing and communications rules is not wilful or intentional, but a result of the struggle to navigate the complex regulatory environment.

Without context, the report raises more questions than insights - How many complaints related to non-spam messages or exempt organisations? Which sections of the Spam Act were breached? How were they breached? Was it intentional? What have companies done about the breaches? How did this affect consumers?

The Upside.Digital story

Upside.Digital, a customer acquisition and optimisation agency, has been creating digital campaigns for its clients since 2009. Working across a number of digital channels, email has formed a significant part of its service offering.

“Historically the best performing channel in terms of ROI has been email, so one of the main services we offer is lead and traffic generation via email marketing,” says Lee Bush, Director at Upside.Digital. “This means that we represent hundreds of publishers with email lists that can either send solus or newsletter inclusions to promote third party offers.”

According to Lee, regular checks of processes, as well as a solid understanding of the Spam Act, has always been standard practice at the agency, along with having a tight publisher terms and conditions in place.

Complexities around the Spam Act 2003

So, it’s no surprise that ACMA’s investigation came as a shock.

The six-month investigation by the ACMA found that emails sent in 2015 by a publisher, a long-term partner of Upside.Digital, did not comply with three sections of the Spam Act.

During the investigation, ACMA were unable to verify opt-in for some email recipients, which falls under Section 16 of the Spam Act, addressing unsolicited commercial electronic messages.

They also found that some emails did not contain adequate contact information for the sender, which infringes the requirement for accurate sender information under Section 17 of the Spam Act.

“Despite previous advice we received that a link to contact details was sufficient, this is not the case,” says Lee.

“It is simply not enough to clearly display all of the publisher’s (the sender) details along with the advertiser’s name. The “authoriser” (in most cases being the advertiser) must also clearly display their contact details.”

This is an example where industry practice and regulatory interpretation do not necessarily align, resulting in confusion for brands about compliance.  According to Lee, many companies are still not complying with this section of the Act as they’re not aware of its precise scope and application.

“Even emails I see coming in from tier one companies still aren’t compliant with that particular clause.”

The third issue ACMA identified was an insufficient functional unsubscribe facility in some of the emails, infringing on Section 18 of the Spam Act.

While the publisher received a $20,000 fine, Upside.Digital copped a hefty $39,600 infringement notice for the non-compliance.

“The emails that were sent during the investigation period from the publisher mainly contained our clients’ campaigns, which in turn meant that it was the ACMA’s view that Upside.Digital was also responsible because they ‘caused’ the emails to be sent,” Lee says.
In this case, there were three parties that were seen to be ‘causing’ the emails to be sent – firstly, the publisher, who literally hit ‘Send’; then the agency (Upside.Digital) who engaged the publisher; and finally the advertiser who promoted their product or service.  Only the first two received a fine.

Following the investigation by ACMA, Upside.Digital worked closely with ACMA to rectify the breach and committed significant resources aimed, not only at ensuring future compliance, but to educate its clients, publishers and advertisers about the compliance issues identified by ACMA, and in particular about the scope and requirements of section 17. 

Impact on the brand

While Upside.Digital’s long-standing clients were very understanding, Lee says the publication of the infringement notice caused them more than a headache.

“It has taken a lot of phone calls and significant time spent on working with our clients, publishers and ACMA to repair our reputation.”

But Lee’s team didn’t stop at mending relationships with clients and working closely with ACMA to ensure this doesn’t happen again.

“We’ve also taken it upon ourselves to do auditing above and beyond what the ACMA have said we need to do. We’re also putting together tangible processes for our publishers to follow. I think there needs to be a definite education piece around this as well.”

“We have also taken a further obligation on ourselves to be the auditor and arbitrator within the email-publishing network. Despite the resource cost, we apply a stringent, repeatable and scalable process to ensure that all parties are understand and are compliant with the Spam Act.”

Lee says clients and publishers seek out their advice, as there is a lack of understanding around the complexities on the Spam Act.

“Inadvertently we’ve become a bit of sounding board for some clients and publishers, saying “This is what we’re doing as well, how do we change it?””

Context and clarity are vital

Irene Halforty, ADMA’s Legal and Regulatory Manager says compliance training is imperative.

“As the regulatory landscape can be quite complex and difficult to interpret, we cannot stress enough the importance of training,” Irene says.

“Courses like ADMA’s Privacy and Marketing Compliance course can really assist in clarifying the more difficult areas of regulations.

Becoming a member of an industry association like ADMA also means that you can stay up to date with the latest changes and receive vital guidance over the phone or via email, when you need it.”

Lee agrees, “One of the reasons we recently became an ADMA member is not only to be part of the ADMA community, but to also highlight our commitment to ongoing best practices across the digital landscape for our publishers and advertisers.”

Lee also suggests that there needs to be a bridge between regulation and practicality in a fast moving and ever-changing industry.

Legal terms can sometimes be vague and confusing, and interpretations can change over time and apply differently to different technologies and technological advancements. For example, with dynamic content and ads now served in email, how will 17 (b) relate to this? Technically, each ad unit should contain the advertiser's contact details, but in reality, this doesn’t occur.

The way forward

ACMA is currently investigating whether some of its functions, including compliance and enforcement of the Spam Act and commercial electronic messages, could be referred to industry for self-regulation.  As the peak industry body for data-driven marketing and advertising, ADMA has been consulting with ACMA during this investigation about the role ADMA currently fulfills, and could potentially fulfill, in relation to compliance and enforcement of spam.

Ms Jodie Sangster, CEO of ADMA states that “in our experience, instances of non-compliance generally are not intentional or wilful, but result from the lack of understanding by brands as to the precise scope and application of the relevant rules that apply to different channels, or where the regulator’s interpretation of the rules are not consistent with industry practice.”

“In saying that, companies that intentionally and wilfully disregard the rules, should face some penalty as their actions leave a stain on all marketing and advertising activities, and undermines what is the most important - good customer experience,” says Sangster.

While ACMA is considering the potential for self-regulation, it is unlikely that spam regulations will disappear and ADMA will continue to advocate for more harmonised rules that make it easier for marketers and advertisers to understand and comply with.  In addition, ADMA will continue to work with relevant regulators to ensure their interpretation takes into account industry perspectives and practices. 

ADMA has submitted suggestions to the ACMA to provide more context in its Reports on enforcement activities to ensure a more accurate representation of industry compliance and compliance issues.

“Regularly check in with marketing bodies like ADMA on any recent compliance changes or best practices if you plan to embark on a particular digital channel like email,” says Lee. “And don’t take what is already happening in the landscape as “best practice”.”

Find out more about ADMA membership now.

Not an ADMA member? You can still keep up-to-date with the latest in the compliance and regulatory space by subscribing to our newsletter.

Need more info?