Several industry members have asked us to publish case studies online so that they can familiarise themselves with our approach towards compliance and, educate themselves more efficiently (i.e. rather than having to contact the Department to request compliance advice).
The following examples are outcomes of investigations by the Electronic Messaging Compliance team, and communications from the team to entities requesting information and guidance on the Unsolicited Electronic Messages Act 2007.
- Case Study Example #1: Purchased Database
- Case Study Example #2: Unsubscribe Facility
- Case Study Example #3: Inferred Consent
- Case Study Example #4: Deemed Consent
- Case Study Example #5: Express Consent
Company A purchased a database from Company B.
Company A proceeded to market and promote their goods and services by sending emails to addresses contained within the purchased database.
We received several complaints from recipients of Company A’s emails. The complainants stated they had not consented to receiving commercial electronic messages from Company A.
A subsequent investigation by the Department determined that Company A did not have consent to send commercial electronic messages to the complainants.
The Department found that:
Company A could not demonstrate that the recipients consented to receiving the commercial electronic messages. Section 9(3) of the Unsolicited Electronic Messages Act 2007 places an onus of proof on the sender of the email to demonstrate the recipient consented to receiving commercial electronic messages.
Many of the addresses were not conspicuously published for the purposes of ‘deemed consent’ (Section 4). Several recipient addresses were reserved only for domain registrant purposes, and therefore not published by a person in a business or official capacity.
The messages sent were not, in most cases, relevant to the business, role, functions, or duties of the person in a business or official capacity. The Department issued Company A with a written Formal Warning after identifying 11 breaches of the Act’s enforcement provisions. A formal warning is at the lowest end of the Department’s enforcement spectrum and carries no financial penalty.
An investigation into Company B and their supply of non-compliant databases is ongoing.
- The dangers of using email addresses from a purchased database
- Consent to send commercial electronic messages
In September 2011 Company C sent commercial electronic messages to its email database of current customers, marketing and promoting certain goods and services.
The Department received a complaint regarding the email's lack of unsubscribe facility (a requirement of section 11 of the Unsolicited Electronic Messages Act 2007).
A subsequent investigation by the Department determined that Company C had sent a substantial number of commercial electronic messages, none of which contained a functional unsubscribe facility.
The Department had previously issued Company C with a written Formal Warning in 2010 for breaches of sections 9 and 11.
As a result, the Department has since issued Company C with a Civil Infringement Notice for their ongoing failure to provide a functional unsubscribe facility in its emails to customers.
The Department received several complaints in May 2011 regarding a company sending emails marketing and promoting their goods to previous customers with whom they had interacted via Trademe.
Following enquiries made by the Department, the company stated they had not collected express permission at the point of sale, but instead believed they were able to legitimately contact the customer under inferred consent.
The Department found inferred consent did not exist in this instance, as a business relationship did not exist between the company and the recipients of the emails; and the emails in question were sent several months after the initial transaction took place. The Department issued a formal warning to the company.
A member of industry contacted the Department with the following inquiry:
To whom it may concern
I thought I'd check before proceeding with an electronic marketing campaign to prospective new contacts.
Am I right in assuming that an email published on a website that does not include a ‘no spam’ statement is public information and therefore their consent has been deemed and I can send them an electronic message that either contains marketing material and or a link that directs a recipient to a message that contains marketing material?
Assuming, of course it includes a functional unsubscribe facility and information that identifies myself and how I can be contacted.
The Department’s response was:
Thanks for your enquiry.
As the regulator the Department may provide information regarding compliance with various aspects of the Unsolicited Electronic Messages Act 2007. The Department is also unable to provide what is called a "letter of comfort" (i.e. approval), advising that you can take a particular action. Any information provided in this communication is not legal advice and is given without prejudice. The Department suggests that you seek your own independent legal advice if you have any further concerns regarding compliance with the legislation in relation to this enquiry
According to the Act, consent is deemed to have been given when:
- An electronic address has been conspicuously published by a person in a business or official capacity, and
- The publication of the address is not accompanied by a statement to the effect that the relevant electronic address- holder does not want to receive unsolicited commercial electronic messages at that address, and
- The message sent to that address is relevant to the business, role, functions, or duties of the person in a business or official capacity
To answer your question, a message can only be sent to an address when that address has been conspicuously published by a person on a website. That person must be acting in their business capacity. Additionally, the message marketing and promoting your goods and services must be relevant to the company or individual address-holder that is being contacted.
We received the following inquiry:
We are about to offer a service to our customers (Medical Centres) that will make it easy for them to send medical related reminders to their patients via SMS (TXT) and email.
Are we able to contact these customers without having gained their express consent?
Response from the Department:
Thanks for your enquiry.
The Act’s focus is ensuring the sender has the recipient’s consent. The Act has 3 forms of consent:
- Express consent is consent, whether given by the relevant electronic address holder or any other person who uses the relevant electronic address.
- Inferred consent is defined as "the consent that can reasonably be inferred from the conduct and the business and other relationships of the persons concerned; and any other circumstances specified in the regulations".
- Deemed consent is where the electronic address is conspicuously published by the person in a business or official capacity (website, brochure or magazine etc), and the publication of the address is not accompanied by a statement to the effect that the relevant electronic address holder does not want to receive unsolicited electronic messages sent to that address. This message must however, be relevant to the business, role, functions or duties of the person in their business or official capacity.
Given the information you have provided, I would suggest you would be relying on inferred consent (assuming the medical centres haven’t gained express consent to contact their customers via email or SMS). Inferred consent may exist because the medical centres have a relationship with their customers, and also because it would be seen as reasonable for them to be contacting their clientele.
In saying this, the Act only applies to ‘commercial electronic messages’- ie messages sent marketing and promoting the goods and services of the sender. Section 6(b)(iv) provides an exemption where a commercial electronic message does not include a message that:
- "provides notification of factual information about a subscription, membership, account, loan or similar relationship involving the ongoing purchase of use by the recipient of goods and services offered by the person who authorised the sending of the message, or the recipients ongoing subscription, membership, account, loan or similar relationship". The above section is likely to be more applicable to your customers than inferred consent.