Follow us

The Australian Communications and Media Authority (ACMA) reported on the 2 July that Woolworths Group Limited has paid a million-dollar infringement notice and agreed to a court-enforceable undertaking in response to breaches of spam laws. The infringement notice for $1,003,800 is the largest ever issued by ACMA to date.

What happened

ACMA identified more than five million breaches of the Spam Act 2003 (Cth) by Woolworths as a result of marketing emails being sent to Woolworths customers after they had unsubscribed from previous messages. The emails were sent between October 2018 and July 2019.

The size of the civil penalty reflects the number of breaches and also that Woolworths had previously been advised of potential compliance issues by ACMA.  In addition to the civil penalty, Woolworths has also provided ACMA an enforceable undertaking under which Woolworths agreed to appoint an independent consultant to review its email marketing systems each year. Woolworths would also provide training for its staff and report all non-compliant cases.

Direct marketing

The digital age has put direct marketing at the centre of today’s businesses. Direct marketing can foster innovation, promote competition and enhance customer choice.

At the same time, direct marketing provokes strong reactions from customers if they do not expect to be contacted or the marketing material is so targeted it becomes intrusive.

ACMA’s latest infringement notice and seeking of an enforceable undertaking is a continuation of their active approach to enforce the laws that regulate direct marketing and to protect the public from unlawful commercial electronic messages.


In an environment where information technology and analogue systems complexity can have a direct impact on regulatory compliance if not managed appropriately, ACMA’s action is a timely warning to organisations that engage in direct marketing – not only in terms of the cost implications of civil penalties and potentially undertakings, but also in terms of potential brand impact.  Please speak to the Herbert Smith Freehills team if you would like to discuss navigating these issues.

Background - the regulations

Direct marketing is subject to general privacy laws and other laws relating to marketing. They include:

  • Privacy Act 1988 (Cth) – direct marketing generally involves the use of personal information. Australian Privacy Principle 7 sets out a framework for consent, notice and the right to find out where personal information used by a business has come from.
  • Spam Act 2003 (Cth) – this legislation governs commercial electronic messages such as those delivered via email or SMS. A key aim of this regime is to put the individual in control over how their information is used. This includes the principle requirement that a recipient must be given the option to opt-out (or unsubscribe) of future messages.
  • Do Not Call Register Act 2006 (Cth) – telemarketing is subject to this specific legislation which, among other obligations, requires business to obtain customer consent before they conduct telemarketing. This legislation also establishes the Do Not Call Register where millions of Australians list their number to avoid receiving telemarketing calls.

Key contacts

Peter Jones photo

Peter Jones

Partner, Sydney

Peter Jones
Kwok Tang photo

Kwok Tang

Partner, Sydney

Kwok Tang