Kogan fined $310k after breaching Spam Act

On 10 December 2020, the Australian Communications and Media Authority (ACMA) issued an infringement notice (Infringement Notice) to Kogan Australia Pty Ltd ACN 152 570 351 (Kogan) (a subsidiary of ASX listed Kogan.com Ltd ACN 612 447 293) stating that the electronics and appliances brand had contravened section 18(1) of the Spam Act 2003 (Cth) (Spam Act). 

The Infringement Notice required the payment of a $310,880 penalty consistent with the calculations set out by Schedule 3 section 5(1) of the Spam Act.  In addition, Mr Paul Miszalski, Acting Executive Manager of Kogan signed an enforceable undertaking offered by the ACMA (Enforceable Undertaking) outlining measures that the company needs to take after their breach of the Spam Act.

Section 18(1) of the Spam Act – what does it say?

Section 18 of the Spam Act is titled ‘commercial electronic messages must contain a functional unsubscribe facility’ and subsection (1) of the provision states:

“A person must not send, or cause to be sent, a commercial electronic message that:

(a)  has an Australian link; and

(b)  is not a designated commercial electronic message;

unless:

(c)  the message includes:

(i)  a statement to the effect that the recipient may use an electronic address set out in the message to send an unsubscribe message to the individual or organisation who authorised the sending of the first-mentioned [email]; or

(ii)  a statement to similar effect; and…

(e)  the [email] is reasonably likely to be capable of receiving:

(i)  the recipient’s unsubscribe message (if any); and

(ii)  a reasonable number of similar unsubscribe messages sent by other recipients (if any) of the same message;

at all times during a period of at least 30 days after the [email] is sent…”

Why was the Infringement Notice issued?

The Infringement Notice specifies at [3.4.] that the link in Kogan’s commercial emails directed recipients to an electronic address where they were required to set up a password meaning that they “…could not unsubscribe unless they took additional action to register an account with Kogan, set a password and login to the Kogan account.”

Accordingly, ACMA saw Kogan’s conduct as a breach of section 18(1)(c) of the Spam Act.  This was because the relevant link did not take recipients to a webpage that allowed them to unsubscribe but one where they had to create a password.^[1]  In addition, ACMA saw this electronic address as not reasonably likely to be cable of receiving the unsubscribe notice within 30 days after the recipient unsubscribed putting Kogan in breach of section 18(1)(e) of the Spam Act as well.^[2]

The Enforceable Undertaking

The Enforceable Undertaking specifies measures that Kogan must take to ensuring that it does not breach the Spam Act again.^[3]  Non-compliance with the Enforceable Undertaking by Kogan would result in an order by the Federal Court.^[4]

Under the Enforceable Undertaking, Kogan was first required to appoint an Independent Consultant to review its current procedures, policies and training systems in relation to their compliance under the Spam Act and to identify any improvements they could make in regard to, among other things:

• Kogan receiving, keeping a record of and acting on all unsubscribe requests;
• all commercial emails containing a functional way to unsubscribe; and
• Kogan recording and analysing all commercial email complaints to identify any recurring trends.^[5]

The Independent Consultant would then provide a report with recommendations based off the above.^[6]  Kogan was to begin the official appointment of the Independent Consultant within 10 days of receiving confirmation of their execution of the Enforceable Undertaking from the ACMA (Commencement Date).^[7]

Secondly, the Enforceable Undertaking required Kogan to develop an implementation plan in response to the Independent Consultant’s recommendations within 40 business days after receiving their report.^[8]  Subject to approval of the implementation plan by Kogan’s Board, it was to provide a copy of it to the ACMA.  Further, Kogan was required to report any further breaches of the Spam Act they identify to the ACMA within 10 business days of them identifying their breach.

Thirdly, Kogan was required to train all personnel that may be or are currently responsible for the creation or sending of commercial emails on compliance with the Spam Act within 45 days of the Commencement Date.[9]  Kogan must repeat the training every twelve (12) months for the duration of the Enforceable Undertaking.

Takeaways

As seen by what has been imposed on Kogan, ACMA takes breaches of the Spam Act seriously.  Not having a functional unsubscribe system on commercial electronic messages, such as emails or text messages, can have serious monetary and compliance costs on the sender.

Links and further references

Legislation

Spam Act 2003 (Cth)

Further information about Spam Act compliance

If you are currently a business or company that sends commercial electronic messages and you are concerned about your compliance with the Spam Act, contact us for a confidential and obligation-free discussion:

Disclaimer

This article contains general commentary only.  You should not rely on the commentary as legal advice.  Specific legal advice should be obtained to ascertain how the law applies to your particular circumstances.

[1] Infringement Notice [3.4.].

[2] Infringement Notice [3.4.].

[3] Enforceable undertaking [4].

[4] Spam Act 2003 (Cth) s 39.

[5] Enforceable undertaking [5.1.1].

[6] Enforceable undertaking [5.1.2.].

[7] Enforceable undertaking [5.2.].

[8] Enforceable undertaking [6.1.1].

[9] Enforceable undertaking [7.1.].

---

Related insights about Spam Act compliance