In part one (here), we touched on figuring out what is and isn’t a ‘commercial electronic message’ under the Spam Act. Now you’ve drafted your message, but you’re not ready to go yet – it cannot be sent unless the recipients have provided their consent.
The Spam Act devotes an entire schedule to the definition of express and inferred ‘consent’.
As the name suggests, express consent requires that the individual has agreed to receiving the message. This can be achieved through the individual ticking a check box, agreeing verbally or providing an email address for that purpose. Something along the lines of “I consent to receiving updates about your company’s products or services” would do nicely.
Note that messages requesting consent can’t be sent; you’ve either got the consent or not. Also, pre-checked tick boxes, however clever and sneaky, won’t get you the required consent.
Inferred consent is consent that can be reasonably inferred from the conduct of the recipient or the relationship between the sender and recipient.
Where the relationship is such that the recipient would have a reasonable expectation of receiving commercial messages, you’ve got inferred consent.
- where a recipient subscribes to a particular publication, it may be reasonable to infer that the recipient would consent to receiving messages about other services offered by the publisher;
- consent can be inferred from the conspicuous publication of a work-related email address because that address is accessible to a section of the public and is not accompanied by a statement withholding consent (ie you can trawl websites and send emails to people stupid enough to publish their email addresses online (like, um, us)); and
- where individuals have volunteered their email addresses to a marketing database and that database is on-sold to a business, this may be a basis to infer consent.
But it’s not case closed once express or inferred consent is established. Next time we’ll take a look at the content requirements with which each commercial electronic message must comply: adequate sender identification and a compliant unsubscribe.