ARTICLE
14 July 2025

What are the Privacy Laws for Direct Marketing?

L
LegalVision

Contributor

LegalVision logo
LegalVision, a commercial law firm founded in 2012, combines legal expertise, technology, and operational skills to revolutionize legal services in Australia, New Zealand, and the UK. Beginning as an online legal documents business, LegalVision transitioned to an incorporated legal practice in 2014, and in 2019 introduced a membership model offering unlimited access to lawyers. Expanding internationally in 2021 and 2022, LegalVision aims to provide cost-effective, quality legal services to businesses globally.
Explore Firm Details
Understanding how Australian privacy and spam laws affect your direct marketing is the best way to avoid legal complaints.
Australia Consumer Protection
Stephanie Long
Your Author LinkedIn Connections

In Short

  • Australian privacy and spam laws, including the Privacy Act and Spam Act, govern direct marketing practices.
  • Businesses must obtain consent before sending marketing materials and comply with rules for emails, texts, and post.
  • APP entities (businesses with turnover above $3 million) must adhere to strict guidelines when conducting direct marketing.

Tips for Businesses

Understand whether your business is an APP entity and obtain consent from recipients for all direct marketing, including emails, text messages, and letters. Make sure to include clear identification of your business and an easy way for recipients to unsubscribe. Consult a legal expert if needed.

Marketing is an integral part of growing your business. Using marketing strategies that directly target specific people can significantly impact your company's success. However, it is crucial to understand what you can and cannot do when running a marketing campaign. Understanding how Australian privacy and spam laws affect your direct marketing is the best way to avoid legal complaints. This article will explore the laws regarding both offline and electronic direct marketing.

What Type of Marketing Do You Want to Send?

The privacy and spam laws in Australia apply to different types of marketing. These laws are the Privacy Act and the Spam Act. To understand your obligations under these laws, the first step is deciding what kind of marketing you want to send. For example, you may plan to send the following: 

  • emails; 
  • text messages; or 
  • letters via post.

Is My Business an APP Entity?

Before sending direct marketing materials to anyone, you must determine whether your business is an 'APP entity' under the Privacy Act. This is because only APP entities must comply with the Privacy Act. 

The key test of whether you are an APP entity is if your company has an annual turnover of $3 million or more.

Regardless of turnover, you may still be required by law to comply with the APPs. Other tests include whether your business conducts activities that make handling personal information riskier. For example, a doctor holding health information is an APP entity. A business that buys and sells personal contact details will also be an APP entity. The APPs will also apply to you if you: 

  • operate a residential tenancy database; 
  • are a credit reporting body, meaning you provide personal information to other businesses so that they can judge the credit worthiness of an individual; or
  • are a contractor that provides services under a Commonwealth contract. 

If your business falls into this classification, you must consider how the Privacy Act  applies to your business before directly sending any marketing material to anyone.

Which Laws Apply to Sending Letters?

Before sending a marketing letter via post, you must consider which laws will apply. Privacy laws sometimes apply to businesses sending marketing through the post.

If you do not address the letter to anyone specifically, privacy laws will not be applicable. For example, where the letter reads, 'To the occupant'. However, if you address the letter to a person's name and their address, privacy laws may be relevant.

If you are an APP entity, and the Privacy Act applies to your business, consider whether the receiver of your letters has consented to you sending them. If you do not have consent, you need to consider whether you collected the contact details from the person and if they would reasonably expect you to send them letters.

Sending Letters With Consent

To obtain proper consent for sending direct marketing:

  • the person must know what they have consented to;
  • consent must be optional; and
  • consent must be specific. Consent will be specific, for example, if it is a clear statement next to a tick box.

If you have received consent, you can send the letter. You must say in the letter that the person may withdraw their consent at any time. You must also provide an easy way to do this, and if they choose to withdraw consent, you must stop sending them marketing letters.

Sending Letters Without Consent

If you do not have consent, you may still be able to send marketing letters in some circumstances. This is where the person gave you their contact details and would reasonably expect you to send them letters. A person may also reasonably expect to receive direct marketing from you if: 

  • they are an existing customer of yours; and
  • you have stated in your  privacy policy that you may send direct marketing.

In the letter, you must also include a similar statement that the recipient can request that you stop sending marketing materials.

In some limited circumstances, you can still send direct marketing if you collected the contact details from a third party or if it is impracticable to obtain consent. However, it is best to speak to your lawyer before you do so to ensure you are compliant with the relevant laws.

What Laws Apply to Sending Emails or Text Messages?

If you wish to send marketing emails or text messages, the laws that apply are slightly different from those that apply to sending letters. The Spam Act requires that you meet three requirements when sending an electronic marketing message, namely:

  1. consent;
  2. identification of your business as the sender; and
  3. an unsubscribe function in the message.

1. Consent

To obtain consent, the Spam Act says you can receive either:

  • express consent; or 
  • implied consent. 

For example, express consent can look like a phone call between your business and a customer, where, during the call, you ask if you can send marketing emails. Likewise, the customer says 'yes' and provides their email address.

In this scenario, you should:

  • keep a record of the call;
  • note if they provided consent;
  • note how they provided consent; and 
  • record the date of the call. 

An example of inferred consent is a text message sent to a customer about a sale you are having. It is inferred that, as a customer of your business, they will be interested in your products and sales.

You can only use inferred consent to send content related to your existing relationship with that person.

2. Identify Yourself as the Sender

You must identify your business in the email or text message as the sender of the marketing content. You should also include your business' name and contact details. 

3. An Unsubscribe Function

If you send an electronic marketing message, you must also include an  unsubscribe link. The link should be operational for at least 30 days after sending the message. If someone requests to unsubscribe, you must unsubscribe them within five working days.

Spam Consent Factsheet

Before sending electronic messages, learn how your business can comply with the Spam Act with our free Spam Consent Factsheet.

Download Now

Key Takeaways

If you plan to send marketing material directly to consumers, you will need to consider how privacy and spam laws will affect you. You can then design your marketing campaigns to take the different legal requirements into account. This may include: 

  • obtaining consent;
  • identifying your business as the sender;
  • outlining how to contact your business; and 
  • providing an unsubscribe function.

If you have any questions about sending direct marketing materials and your legal obligations, our experienced privacy lawyers can assist as part of our LegalVision membership. For a low monthly fee, you will have unlimited access to lawyers to answer your questions and draft and review your documents. 

Frequently Asked Questions

What is considered a marketing message?

The Spam Act is rather broad on this point, instead covering all electronic messages your business sends. However, there is an exception for "designated commercial electronic messages.' This includes messages that consist of only factual information but may include certain additional factual details, such as your name, logo and contact details. For example, you may send administrative communications confirming bookings or changes of address.

Are there other actions that break the spam rule?

Aside from the above, you cannot use address-harvesting software or any lists the software creates. You also cannot help others to break the spam rules, encourage others to break the spam rules or be directly or indirectly, knowingly concerned with breaking the spam rules.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Authors
Photo of Stephanie Long
Stephanie Long
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More