The New Zealand Government has recently enacted legislation that will affect any organisation which uses email or text messages as a marketing tool. Substantial penalties apply to those who breach the new law. It will therefore be important for businesses to take action to ensure that their email practices and databases comply.
The Unsolicited Electronic Messages Act 2007 (Act) was passed on 27 February 2007. The Act is designed to regulate the proliferation of unsolicited electronic messages, commonly known as spam. The Act attempts to do this by:
- Prohibiting commercial electronic messages from being sent to a person in New Zealand without that person's consent.
- Requiring all commercial electronic messages to include accurate information about the person who authorised the sending of the message and a functional unsubscribe facility.
- Restricting the supply, acquisition and use of address-harvesting software and any electronic address list produced using that software.
While the Act is unlikely to have much of an impact on the bulk of spam, which originates overseas, it may be seen as New Zealand doing its part in the international fight against spam. No more than ten per cent of spam comes from New Zealand. New Zealand is one of the last OECD countries to enact antispam law. The new law affects most public and private sector organisations in their normal operations and imposes a number of obligations on organisations in relation to emails being sent on behalf of the organisation that promote goods and services.
What the Act is designed to prohibit
Under the Act, a person must not send, or cause to be sent, a commercial electronic message that has a New Zealand link and which is unsolicited.
Each of the following elements must be proven before a breach of the Act occurs.
What is an electronic message?
An electronic message is defined in the Act as a message sent using a telecommunications service and to an electronic address. The definition is designed to capture emails and text messages. However, voice calls and facsimiles are expressly excluded from the definition.
What constitutes a commercial electronic message?
A commercial electronic message is an electronic message that, as its primary purpose, markets or promotes goods, services, land, interests in land, or business or investment opportunities. A commercial electronic message includes those messages which assist or enable a person to dishonestly obtain a financial advantage or gain from another person, or the message might provide a link (or direct a recipient) to a message with the same purpose.
What is a New Zealand link?
The requirement for an electronic message to have a New Zealand link significantly limits the coverage of the Act. For the Act to apply to a commercial electronic message, the sender, recipient or computer/server must be located in New Zealand.
When is an electronic message unsolicited?
There is no prohibition on sending a commercial electronic message if the recipient of the message has provided their prior consent to receiving that message. The onus on proving this would be the responsibility of the person who is asserting that this is the case (this will invariably be the sender of the information). The Act also prohibits the sending of commercial electronic messages to anyone who has opted out of receiving messages from that sender (and thereby withdrawn their consent to receiving the commercial electronic messages). The withdrawal of consent is deemed to take effect five working days from the time that such a request is made, and must be at no cost to the electronic message recipient which may be a concern for providers of text-marketing campaigns.
Employees sending messages
The Act provides that organisations will be liable for the electronic messages sent or authorised by their employees where the employee had authority to do so. The Act deems the organisation, rather than the individual, as responsible for authorising the sending of an unsolicited commercial electronic message.
Other key requirements of the Act
The Act requires that any commercial electronic message that is sent must include accurate sender information. Sender information includes who authorised the sending of the message and how that person may be contacted - such information being valid for at least 30 days from the sending of the message. Regulations made under the Act, when enacted, may specify further conditions about information to be included in commercial electronic messages.
Other requirements of the Act include:
- The need to include a functional unsubscribe facility on commercial electronic messages.
- The prohibition on the use of address harvesting software and harvested address lists.
What is not covered by the Act
The following types of electronic messages are exempt from the prohibitions and requirements of the Act:
- Quotes or estimates that were requested by the recipient.
- Messages that facilitate, complete, or confirm a commercial transaction that the recipient previously agreed to enter into with the person who authorised the sending of the message.
- Messages that provide warranty information, product recall information, or safety or security information about goods or services used or purchased by the recipient.
- Notification of factual information about a subscription, membership, account, loan, or similar relationship involving the ongoing purchase or use by the recipient of goods or services offered by the person who authorised the sending of the message, or the recipient's ongoing subscription, membership, account, loan, or similar relationship.
- Messages that provide information directly related to an employment relationship or related benefit plan in which the recipient is currently involved, participating, or enrolled.
- Messages relating to the delivery of goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed.
- Information about goods or services offered or supplied by a government body, a court or tribunal or messages that have any other purpose set out in the regulations.
The Act does not cover situations where a commercial electronic message is sent without the knowledge or permission of the sender. For example, computers that are hijacked by a virus that causes emails to be sent would not be a breach of the Act.
There are a number of defences regarding the sending of messages by mistake, and a person does not contravene the Act if the person merely supplies a carriage service that enables the electronic message to be sent thereby ensuring that Internet and telecommunications service providers do not breach the Act.
The enforcement regime under the Act is a civil penalty regime, with the Department of Internal Affairs being the government enforcement agency. It has the power to issue a formal warning or a civil infringement notice and then has the option of seeking an order from the High Court for an injunction or pecuniary penalty in response to the breach of the Act. Fines can be substantial, being up to $200,000 for individuals and $500,000 for companies.
When will the law take effect?
There is a six month ‘run in’ period from the date of enactment to allow individuals and companies to prepare themselves for the changes. Information Technology Minister, David Cunliffe, said this transition period is designed to, ‘Give organisations a reasonable period of time to ensure their email practices and databases comply with the Act.’ We recommend that businesses use the next six months wisely or they may face serious consequences for failing to take action.
An ISP Spam Code of Practice which sets out ISP obligations and spam complaint handling procedures is currently being prepared by InternetNZ, together with the Telecommunications Carriers’ Forum, the Marketing Association and the ISP Association (ISPANZ). It is expected that the Code will come into effect at the same time as the Act.
A practical guide to complying with the Act
Compliance with the new legislation will require both a technical and legal solution. To ensure your email practices and databases comply with the Act, you should:
Phillips Fox has changed its name to DLA Phillips Fox because the firm entered into an exclusive alliance with DLA Piper, one of the largest legal services organisations in the world. We will retain our offices in every major commercial centre in Australia and New Zealand, with no operational change to your relationship with the firm. DLA Phillips Fox can now take your business one step further − by connecting you to a global network of legal experience, talent and knowledge.
This publication is intended as a first point of reference and should not be relied on as a substitute for professional advice. Specialist legal advice should always be sought in relation to any particular circumstances and no liability will be accepted for any losses incurred by those relying solely on this publication.
Specific Questions relating to this article should be addressed directly to the author.