Businesses have been warned to verify the legality of their marketing efforts after supermarket chain Woolworths was fined a record $1 million for sending emails to customers who had unsubscribed from its mailing list.
The retail giant agreed to an enforceable undertaking with the Australian Communications and Media Authority (ACMA) on Thursday, after the regulator identified more than five million separate breaches of spam laws between October 2018 and July 2019.
Woolworth’s systems, processes and practices were “inadequate” for compliance with the Spam Act 2003, ACMA chair Nerida O’Loughlin said.
“Woolworths failed to act even after the ACMA had warned it of potential compliance issues after receiving consumer complaints,” O’Loughlin said in a statement.
“Australians have the right to unsubscribe from marketing emails that they do not want to receive. In this case, consumers claimed that they had tried to unsubscribe on multiple occasions or for highly personal reasons, but their requests were not actioned by Woolworths.”
It appears a significant number of breaches related to couples with shared emails, where both parties were signed up as Woolworths Rewards members under the same address.
When one customer unsubscribed but not the other, Woolworths inadvertently continued to send emails to the remaining party at the same address.
Woolworths did not confirm what proportion of the breaches were related to shared emails, but WooliesX managing director Amanda Bardwell said the supermarket fixed the issue in 2019.
“We respect the right of our Rewards members to choose how and when we communicate with them and apologise for failing to act on all unsubscribe requests as required under the law,” Bardwell said in a statement.
“While we were acting on unsubscribe requests from individual Rewards members, we did not assume it meant other members sharing that email address had to be opted-out as well.
“The ACMA has made clear it expects all communications to an email address to stop in such scenarios.”
As part of its enforceable undertaking, Woolworths has agreed to appoint an independent consultant to review its spam compliance every 12 months for the next three years.
The chain will also provide six-monthly reports to the ACMA about what steps the company is taking to improve its spam compliance.
While Woolworths is the highest-profile spam case to emerge in recent years, there have been more than $1.7 million in fines handed out over the past 12 months for breaking spam and telemarketing laws.
The ACMA has accepted six other undertakings and given seven formal warnings to businesses in that time.
Email marketing: Consent is key
Tal Williams, partner at Holman Webb Lawyers, tells SmartCompany businesses need to make sure they have customer consent when sending marketing communications via email.
“That consent can be obtained via online click wrap agreements, signed terms and conditions or under an enforceable contract,” Williams says.
“In some limited circumstances consent can be implied by conduct – but it is high risk to rely on this implication. Express consent is always best.”
Williams says companies also need to ensure they have systems in place to properly control customer data they hold, including email addresses.
Crucially, Williams notes that even though Woolworths appears to have suffered from some software and technology issues, they were nonetheless liable for sending emails to unsubscribed customers.
“Intentional or not – it is still a breach,” Williams says.
Richard Prangell, director of Viridian Lawyers, says businesses must also make it easy for consumers to unsubscribe from their mailing lists.
“The laws governing spam vary substantially between countries, and so do marketing systems and practices, so in an interconnected world, it’s understandable that Australian businesses aren’t always clear on what rules apply to them,” he tells SmartCompany.
“I would recommend that Australian businesses educate their marketing and IT staff on their Spam Act obligations, and update their systems if need be.”