Timeline

The Spam Act 2003 (Cth) prohibits unsolicited commercial electronic messages (CEMs) like emails, SMS, MMS, and IMs with an Australian link, requiring consent, sender ID, and unsubscribe options. Enforced by the Australian Communications and Media Authority (ACMA), it commenced on 10 April 2004 (Royal Assent 12 Dec 2003), banning address-harvesting software from day one.

Amendment History

The Act has seen limited amendments, primarily technical or consequential, with no major substantive updates since 2010. Latest compilation reflects changes up to 2016.

No revisions or additions reported 2017–2026; ongoing ACMA enforcement via warnings, infringement notices (up to 20 penalty units), and civil penalties (e.g., $2.22M max per contravention for corporates).

Core Provisions

• Consent (s16): CEMs require express/inferred consent; unsubscribe must process in 5 days.

• ID/Unsubscribe (s17): Accurate sender info/contact; functional unsubscribe valid 30 days.

• Harvesting (Part 3): Bans software/lists for bulk spam generation.

• Penalties (Part 4): Civil pecuniary; injunctions/enforceable undertakings (Parts 5–6).​

Related Legislation

Complements anti-spam efforts across channels and privacy.

• Do Not Call Register Act 2006: Bans unsolicited telemarketing calls; ACMA-enforced, opt-out registry.

• Telecommunications Act 1997 (Part 26): Industry codes, customer equipment standards; ACMA oversight.​

• Privacy Act 1988: Australian Privacy Principles for data in marketing; no derogation from Spam Act.​

• Online Safety Act 2021: Covers cyber-abuse/marketing harms; image-based abuse overlaps.​

• Spam Regulations 2024: Details enforcement, infringement notices (Schedule 3).​

The Act remains stable, effective via ACMA actions (e.g., recent prosecutions for non-consent SMS/WhatsApp).