The Unsolicited Electronic Messages Act comes into force on 5 September 2007. The legislation is intended to prohibit unsolicited commercial electronic messages with a New Zealand link from being sent. The new law will initially pose challenges for marketers. Businesses have less than six months to get their house (particularly their electronic marketing lists) in order to comply with the Act.
The legislation will require marketers to obtain the consent of the receiver of any commercial electronic message before the message is sent. The term "commercial electronic message" includes electronic messages (email, SMS text, instant messages, but not voice calls or facsimile) that market goods, services, land or business opportunities. There is a list of exceptions.
Key points for compliance
The Act requires compliance from 5 September in four key areas:
- as noted above, a commercial electronic message must not be sent unless the receiver has first consented to receiving the message
- all commercial electronic messages must (unless agreed otherwise) include a "functional unsubscribe facility" which allows the recipient (at no cost) to inform the sender that such messages should not be sent to them in the future
- all commercial electronic messages must include information which clearly identifies the person who authorises sending the message and how that person can be contacted
- "Address-harvesting software" must not be used in connection with, or with the intention of, sending unsolicited commercial electronic messages. "Address-harvesting software" is software that searches the Internet for electronic addresses and collects and compiles those addresses. Restrictions also apply to the use of lists produced (directly or indirectly) by use of this software.
Practical steps towards compliance
Practical steps to take in the lead-up to 5 September to ensure compliance with the new Act include the following:
- ensure that marketing lists used are "cleaned" such that all recipients on the list have provided "consent" (express, inferred or deemed – see below) to receiving commercial electronic messages in terms of the Act
- have a process for maintaining and updating of electronic marketing lists to comply with the Act (including a process for keeping accurate records of all consents, as well as persons who have used the unsubscribe facility)
- put in place protocols regarding the required regulatory content in commercial electronic messages – the unsubscribe facility and the contact details
- decide who in the organisation will be permitted to send commercial electronic messages (to ensure such messages are only sent to recipients who have consented)
- ensure that personnel are educated about the need for compliance with the Act.
From 5 September, the consent requirement applies to all commercial electronic messages sent, whether to new contacts or existing contacts. This means that senders of commercial electronic messages will need to have consents from persons on their existing electronic marketing lists.
A positive consent (or an "opt-in") to receive future emails is required. Including an unsubscribe message – "tick the box if you don’t want to receive these types of emails" – will not of itself suffice for consent.
The consent requirement applies to the sending of one-off emails as well as bulk mail-outs.
The consent of recipients can be either express, inferred or deemed.
Express consent is a direct indication from the recipient that they consent to the sending of the message. This consent can be given by the person responsible for the electronic address or any other person who uses it.
Inferred consent arises from the conduct and the business and other relationships of the sender and the recipient. Such relationships giving rise to consent are likely to exist, for example, between a service provider and subscribers to the service. Recently the Federal Court of Australia has observed that it can be reasonably inferred (in the absence of evidence to the contrary) that a purchaser by email order would wish to be kept aware of the business of the vendor. In the case in question the purchaser’s consent to receiving future emails could reasonably be inferred. However, the Court also recognised that whether consent can be inferred from the relationship of the sender and the recipient will always be a question of fact and the particular circumstances.
The deemed consent provision only applies where:
- the recipient’s electronic address has been published
- the publication is not accompanied by a "no spam" type statement, and
- the message being sent to the recipient is relevant to the recipient in a business or official capacity.
On the flipside, if you use an email addresses on a business website, you should include a "no spam" statement if you do not wish to be "deemed" to have consented to receiving marketing messages.
Things to look out for
There are a number of fishhooks in the new legislation that will need to be specifically addressed. The Act affects not only those who send the commercial electronic messages but also those who are directly or indirectly knowingly concerned in the sending of them. However, telecommunication service providers are not caught by the new legislation merely by the fact of their providing telecommunication services that enable the electronic messages to be sent.
Also, even although a message does not contain marketing material, it may still be caught by the new legislation if it provides a link or directs a recipient to a message that does contain marketing material.
If you have not already done so it is now time to start thinking about a strategy for compliance with the Unsolicited Electronic Messages Act. The earlier businesses start to embark on "cleaning" their email lists, the easier it will be to ensure compliance by 5 September when the Act comes into force.