Keeping spam in the can: the Unsolicited Electronic Messages Act 2007

It is estimated that more than 100 billion spam emails are sent every day throughout the world. The Unsolicited Electronic Messages Act 2007 was introduced to reduce spam in New Zealand. Now that the Act is over a year old, solicitors Jessie Parker and Nick Laing ask the inevitable question: is there any cause for celebration?

History

The Unsolicited Electronic Messages Act 2007 (the Act) follows similar anti-spam laws adopted in Australia and the United Kingdom which prescribe an "opt-in" regime. The opt-in regime starts with the presumption that unwanted electronic messages are spam unless the sender can show that the recipient consented to receiving them. The alternative approach is the "opt-out" regime which requires the recipient to notify the sender that its messages are unwelcome. By adopting the opt-in approach, New Zealand has taken a firm stance against spamming. The reality is that for the relatively small number of businesses in New Zealand that generate sales through sending emails, non-compliance with the Act could potentially be very costly.

Key provisions

The Act prohibits the sending of unsolicited commercial electronic messages. Electronic messages include emails and SMS text messages, but not faxes.

An electronic message is "commercial" if it:

• promotes or markets goods, services, land or a business or investment opportunity;

• assists a person to obtain a dishonest financial advantage from another person; or

• provides a link, or directs a recipient to, information that does one or more of the above things.

There are certain exceptions to this. For example, messages that provide a quote requested by the recipient or complete a transaction that the recipient has agreed to are not commercial messages for the purposes of the Act.

Any commercial electronic message will be "unsolicited" unless it:

• is sent with the consent of the recipient – consent may be express, deemed or inferred;

• contains a functional unsubscribe facility; and

• clearly identifies the sender.

The Act also prohibits the use of address harvesting software (i.e., software that trawls the internet, collects and indexes email and other electronic addresses) with the intention of sending unsolicited commercial electronic messages.

Any cause for celebration?

One year on, it is interesting to consider some of the lesser known provisions of the Act:

• the application of the Act to organisations outside of New Zealand;

• the deemed authorisation provisions; and

• enforcement issues, in particular the civil proceedings that were commenced in the High Court in December last year.

Organisations outside New Zealand

Section 8 of the Act provides that the Act extends to "relevant persons" who engage in conduct outside New Zealand to the extent that such conduct results in an unsolicited commercial electronic message being sent in New Zealand. The definition of "relevant person" includes "an organisation that carries on business or activities in New Zealand". This wording is without statutory equivalent.

Many of us are familiar with the reference to "carrying on business in New Zealand" in section 332 of the Companies Act 1993. However, the reference to "activities" arguably extends the application of the Act further than the Companies Act 1993. It is likely this was intentional so as to capture all spam-related activities. Arguably any organisation that solicits business in New Zealand via unsolicited commercial electronic messages would be caught by section 8 of the Act.

Deemed authorisation

Section 17 of the Act contains a deemed authorisation provision. It provides that where person A sends an electronic message on behalf of person B, person B is deemed to have authorised the sending of the message. This is particularly relevant where a company (person B) employs an agent or another company (person A) to send, for example, marketing or promotional messages on its behalf.

Issues may arise where the contract between person A and person B does not closely define the scope of the authorisation. Subsection 17(2) of the Act provides that person A only sends a message on behalf of person B if person A has the authority to do so. The Act does not clearly specify what constitutes authority. If an agreement provides that person A is authorised to market person B's products electronically, has person B authorised person A to send spam?

It should be made clear in contracts for the provision of electronic marketing services that the scope of the services does not extend to sending unsolicited commercial electronic messages in breach of the Act. It may be sufficient for the contract to include a provision requiring person A to comply with all relevant laws in providing the services.

Enforcement

The New Zealand Department of Internal Affairs (DIA) is responsible for enforcing the Act. The DIA has stated that its focus in enforcing the legislation will initially be on assisting companies to comply with the Act, rather than taking a punitive approach. However, in December 2007 the DIA raided four properties in Christchurch and seized 22 computers in connection with a large international spamming operation. The DIA commenced High Court proceedings against three of the spammers, seeking payment of a pecuniary penalty for breaches of the Act.

In Chief Executive, Department of Internal Affairs v Atkinson¹ the first penalty was imposed under the Act. Due to the large-scale of the spamming operation and its impact on New Zealand, the court held that the starting point for the penalty should be the maximum amount of $200,000. It was noted that the deterrent effect of a penalty would be lost if the penalty only marginally increased the cost of the illegal activity. However the court considered that the second defendant was entitled to a substantial discount because:

• the spamming began before it was illegal to do so (although it continued after the Act was in force); and

• the second defendant had cooperated with the DIA and had given an undertaking in relation to future compliance with the Act (which is enforceable under section 34 of the Act).

The High Court therefore ordered the second defendant to pay $100,000. The case is continuing against the first and third defendants, who have contested the allegations that they breached the Act.

Recently the Federal Court in Perth awarded a financial penalty of $4.5 million against a company and $1 million against its managing director for multiple breaches of Australia's Spam Act 2003. In New Zealand, such large damages amounts are not contemplated under the Act which provides for court-ordered penalties of up to $200,000 for an individual or $500,000 for an organisation.

 

¹ (High Court, Christchurch, 19 December 2008)

Enquiries and information

For more information on any of the cases, articles and features in Commercial Quarterly, please email Diane Graham or call her on 64 9 916 8849.