New anti-spam legislation, currently before Federal Parliament, will impose a number of obligations on organisations in the field of e-commerce. The Spam Bill 2003 is designed to tackle the proliferation of unsolicited emails and other messages such as SMS text, used by marketeers that not only clog-up recipients' inboxes and slow productivity, but often carry offensive and illegal content such as pornography and financial scams.

While the new Bill is unlikely to have much of an impact on the bulk of spam, which originates overseas, it will have some consequences for organisations and the policing of their employees' emails. The new law imposes a number of obligations on organisations in relation to emails being sent on behalf of the organisation by an employee.

Under clause 16 of the proposed legislation, a person must not send, or cause to be sent, a commercial electronic message that has an Australian link; and is not a designated commercial electronic message. A commercial electronic message is a message where one of the purposes of the message is a commercial purpose. It need not be the primary or sole purpose of the message. For instance, an offer to supply, advertise or promote goods or services, land, business opportunities etc, could be examples of messages with a commercial purpose.

If an electronic message does not have an Australian link, in other words the message did not originate in Australia (refer to the Bill for a more comprehensive definition), or was a designated commercial electronic message, then clause 16 won't apply. A designated commercial electronic message is a message that contains no more than factual information and some form of identifying information which identifies the source of the information. For instance, name, logo and contact details of the individual or organisation who sent or authorised the sending of the message. Messages that originate from government bodies, political parties, religious organisations, charities and subject to certain conditions from educational institutions will also be deemed to be a designated commercial electronic message.

Under clause 17 of the Bill, any commercial electronic message, whether solicited or unsolicited, that has an Australian link must contain certain information which clearly identifies the individual or organisation that authorised the sending of the message. This requirement also applies to designated commercial messages and will require organisations to include in each message identifying information such as the identity of the individual or organisation who authorised the sending of the message. For instance, the correct legal name and ABN of the organisation. The message must also contain information about how the recipient can be contacted.

Importantly for organisations, under clause 8 of the proposed legislation if an individual authorises the sending of an electronic message and does so on behalf of an organisation, then the organisation rather than the individual is taken to have authorised the sending of the message. Whether an employee has sent a message on behalf of their organisation will boil down to whether that employee has exceeded his or her authority. In other words, if the message was sent within the course of his or her employment then this message may be taken to have been authorised by the organisation.

Therefore, it is important that organisations take proactive measures such as restructuring their email policy, for instance, and implementing training regimes to ensure that employees within an organisation are educated on the new legislative changes, and their responsibilities within the organisation concerning the sending of emails. If these sorts of risk prevention strategies are implemented within an organisation then this may go some way to proving what messages are within the employee's authority to be sent.

Proving whether an individual has sent a commercial electronic message will depend on whether the person involved who caused the message to be sent had some knowledge of what they were doing. In other words, computers that are hijacked by a virus that causes emails to be sent would not be a breach of the proposed legislation.

There are also a number of defences under the new legislation regarding the sending of messages by mistake, and a person does not contravene the Act if the person merely supplies a carriage service that enables the electronic message to be sent.

Other provisions of the intended legislation include the need to include a functionable unsubscribe facility on messages that are deemed to be commercial electronic messages, and the prohibition on the use of address harvesting software and harvested address lists.

Compliance with the new legislation will require both a technical and legal solution, for instance, making sure all emails that are sent from an organisation have the right identifying information and do not use harvested address lists, as well as a legal review of an organisations compliance regime to make sure organisations have not 'authorised' the sending of electronic messages.

Civil penalties under the Act will be assessed according to a sliding scale for repeat offenders. An individual could be liable for up to a total of $44,000 for contraventions on a single day, while an organisation could be fined up to $220,000 in a day. Offenders with a prior record will be penalised up to a maximum of $220,000 for each day of spamming by an individual, and $1.1 million per day for organisations.


This article provides a summary only of the subject matter covered, without the assumption of a duty of care by Freehills. The summary is not intended to be nor should it be relied upon as a substitute for legal or other professional advice.