Marketing & comms compliance
Spam Act, Do Not Call Register, advertising of therapeutic goods, greenwashing, and online safety obligations.
10
Obligations
3
Regulators
11
Recent enforcement
Regulators
Obligations (10)
- criticalCWLTHcurrentComply with online safety industry codes (Phase 1 + 2)
Eight industry sections covered by binding codes under the Online Safety Act 2021.
- highCWLTHcurrentWash outbound marketing lists against the Do Not Call Register
Lists must be washed within 30 days of the call/SMS unless valid consent.
- highCWLTHcurrentComply with Basic Online Safety Expectations + industry codes
Social media services, app distribution services, and other captured providers must meet the BOSE and industry codes.
- highCWLTHcurrentComply with the Therapeutic Goods Advertising Code
Advertising of therapeutic goods to consumers must comply with the TGA Advertising Code and prohibited representations.
- highCWLTHcurrentInfluencer + ad disclosure under ACL + AANA Code
Paid content must be clearly disclosed as advertising — #ad #spon are not enough on their own.
- highCWLTHcurrentPre-2025 ban on unsolicited credit limit increase invitations
Credit card limit increase offers cannot be sent without prior written consent.
- highCWLTHcurrentAPP 7 direct marketing
APP 7 restricts using or disclosing personal information for direct marketing and requires a simple opt-out — when it applies, the exceptions and penalties.
- highCWLTHcurrentComply with the Spam Act 2003 (consent, identify, unsubscribe)
All commercial electronic messages must have consent, identify the sender, and offer a working unsubscribe.
- mediumCWLTHcurrentLoyalty programs must comply with ACL transparency + UCT
Loyalty program T&Cs governed by ACL — UCT regime + misleading conduct.
- mediumCWLTHcurrentComply with AANA Code of Ethics + community guidelines
Self-regulatory advertising standards enforced by Ad Standards (formerly ASB).
Recent enforcement
- ic-australiatransparency notice2025eSafety multiple platform notices 2024-2025
eSafety issued BOSE transparency notices to multiple platforms 2024-2025 — Meta, X, TikTok, Telegram, Discord etc.
- acmainfringement2024ACMA Spam Act enforcement — 2024 wave
ACMA infringement notices across 2024 against multiple companies for Spam Act + DNCR breaches — totals exceed $10M in penalties.
- acmainfringement$2.0M2024ACMA infringement — Doordash (Spam Act)
DoorDash sent ~500K commercial messages with non-functional unsubscribe.
- ic-australiatransparency notice2024eSafety transparency notices to multiple platforms 2024
eSafety issued BOSE transparency notices to Meta, Google, Microsoft, Apple + others.
- ic-australiainfringement$958K2024eSafety v Telegram (BOSE notice)
Telegram failed to respond to a BOSE transparency notice on terrorist and child sexual exploitation material controls.
- acmainfringement$412K2024ACMA infringement notice — Uber Australia Pty Ltd (Spam Act)
Uber sent more than 2 million commercial electronic messages without consent or proper unsubscribe facility.
- ic-australiaremoval notice2024eSafety v X Corp (Sydney church stabbing content removal)
eSafety issued global removal notice for footage of Sydney church stabbing; X Corp partially complied (geo-blocking AU only) + legally challenged.
- ic-australiainfringement$610K2023eSafety v X Corp (BOSE notice)
X Corp failed to respond adequately to a Basic Online Safety Expectations notice on child sexual abuse material safeguards.
- acmacourt enforceable undertaking$3.5M2023ACMA enforcement — Commonwealth Bank (Spam Act)
CBA sent more than 65 million emails over a 4-year period containing inadequate or non-functional unsubscribe facilities.
- acmainfringement$2.5M2023ACMA enforcement — Pizza Hut Australia (Spam Act)
Pizza Hut sent over 10 million marketing messages without consent or proper unsubscribe over 2-year period.
- oaicdetermination2021Commissioner-initiated investigation into 7-Eleven Stores Pty Ltd
7-Eleven collected facial images and faceprints from customers via in-store tablets as part of a customer feedback program. Consent processes were inadequate.