Unsubscribe means unsubscribe: Ticketek pays over $500,000 for breaching Spam Act

On 19 October, the Australian Communications and Media Authority (ACMA) reported that Ticketek has paid a $515,040 infringement notice for sending around 98,000 text messages and emails in breach of the Spam Act 2003 (Cth) (Spam Act). This lends weight to an announcement earlier this year by ACMA that enforcement of unsubscribe rules would be one of its compliance priorities for 2023-24.

Summary: Conduct and penalty

ACMA commenced its investigation in October 2022, following complaints by consumers that they were receiving marketing material without their consent, or, after they had attempted to unsubscribe. ACMA found Ticketek had contravened the Spam Act between 1 February and 18 October 2022 by sending:

• over 41,000 texts and emails to recipients without their consent, due to a mischaracterisation of the communication; and
• around 57,000 text and emails to recipients more than 5 days after they had unsubscribed from receiving marketing communications.

In addition to payment of the infringement notice, ACMA has accepted a three-year court-enforceable undertaking from Ticketek. This will, among other requirements, require Ticketek to appoint an independent consultant to review its policies and practices, and issue a report of recommendations.

Mischaracterisation of content

Under the Spam Act, an electronic communication with a commercial or marketing purpose cannot be sent without the recipient’s consent – this contrasts to a factual communication, which does not require such consent. Communications often mix both types of material – but if they do, even when the communication is primarily for factual purposes, consent is still required for the marketing content. As recently expressed by ACMA Chair, Nerida O'Loughlin:

“Even if the purpose of a message is to provide factual information to customers, if it also includes marketing content, or links to marketing content, it can only be sent with consent.”

Ticketek was found to have breached the Spam Act when it sent emails about ticket and event details that also contained marketing content in the form of links to upcoming events, advertising material and Ticketek’s social media pages. Even though the marketing content was not the primary purpose of the email, its inclusion meant that Ticketek needed to obtain the consent of the recipient to receive marketing content.

Failure to unsubscribe

The Spam Act provides that where an individual unsubscribes, or otherwise withdraws their consent, from receiving commercial communications, the withdrawal must take effect within 5 business days. Ticketek continued to send such communications after the expiry of that period. In commenting on this breach, ACMA emphasised that businesses must ensure they set up proper processes and systems to comply with “consumer choice and consent”.

This infringement comes in a year where ACMA identified the enforcement of unsubscribe rules as one of its key compliance priorities. ACMA stated that there would be a concentrated focus on businesses that do not act on opt-out requests. This focus has seen several businesses issued with significant infringement notices in the last year. For example, DoorDash was issued an infringement notice for over $2 million in August for sending 566,000 emails to customers who had unsubscribed, and 515,000 texts messages without an unsubscribe facility.

Key takeaway

While electronic marketing has become a common aspect of modern business, care must continue to be taken to comply with the Spam Act and other regulatory rules to avoid incurring both financial and reputational harm. In particular, the Ticketek infringements highlight that:

1. Consent must be clearly held to send any marketing content, no matter how little – noting that social media links were highlighted by ACMA. This includes marketing material within a communication that is primarily for a non-marketing purpose.
2. Strict compliance with the Spam Act’s timeframes and other processes is required. Businesses need to ensure they have the proper systems in place to comply with these requirements – particularly unsubscribe requests.