Saturday, September 08, 2007

Spam and "inferred" consent

The Unsolicited Electronic Messages Act 2007 came into force on Thursday, and businesses are scrambling to comply with its provisions. The Act was intended to establish an "opt-in" system, in which people had to expressly solicit electronic messages. Unfortunately, I'm seeing a number of messages in my mailbox where businesses say things like this:

Under the Unsolicited Electronic Messages Act 2007, due to come into effect on 6 September 2007, you must consent to receiving commercial emails. Consent can be either explicit, inferred or deemed.

From our previous association, we infer that we have your consent to continue sending emails from time to time.

Or even this:
In order to ensure we are fully compliant with the act, we must ensure that you are happy to continue to receive these messages and updates.

What do you have to do?

Absolutely nothing. If you are happy to continue to receive updates from us you need do nothing at all. However, if you do not wish to receive any future updates from us, simply send an email to my personal email address [Address removed] with unsubscribe in the subject line.

The latter of course is simply "opt-out".

While in both cases I was happy to receive the messages, this simply isn't good enough. While the Act allows consent to be reasonably inferred from "the conduct and the business and other relationships of the persons concerned", the examples given by Internal Affairs make it clear that there has to be a strong expectation of follow-up communication. Their FAQ makes it even clearer - you can not establish consent by emailing people and asking them to unsubscribe, and goes on to say

Many recipients may treat [such a message] as spam and not respond or even open it. There is no real relationship when the communication is one-sided and the recipient's silence should not be taken as acquiescence.
(Emphasis added)

I'd say that's pretty definitive, neh?

So, what should you do if you receive such an email? Complain. Businesses are clearly trying to evade the law, and they won't learn unless they get whacked for it. Such compaints will likely only result in a warning rather than a $2,000 fine per email, but if it changes the behaviour of our businesses, it is worth it.