What are the rules for SMS marketing in Australia?

Controversial opinion, but I believe that done with consideration and strategy in mind, SMS marketing is an under-utilised marketing channel that all businesses should be exploiting. Before you start sending SMS messages, what are the rules about SMS Marketing in Australia that you need to follow? 

I feel that too many Australian businesses are jumping on the SMS marketing bandwagon before fully understanding what they need to do in order to remain compliant with their SMS marketing. Combined with an increase in SMS phishing scams, this unconsidered approach results in campaigns that look spammy and lack trust, damaging a brand’s reputation long-term. 

Real talk, this feels like an apt time for this article, in very recent news another big corporate brand has been slapped with a hefty fine for being non-compliant when it comes to marketing. This time it was Pizza Hut being fined $2.5million for sending over 10million non-compliant marketing messages between January and May 2023, of which 5.9million were unsolicited SMS messages. So, how do you remain compliant?

What are the rules about SMS Marketing in Australia?

Just like with email marketing, you must actually have a person’s permission to send them SMS marketing messages. You must also always provide a way for your customers to opt-out of SMS Marketing messages in every SMS you send. 

But what does this actually mean for SMS Marketing rules in Australia?

1. You Need Marketing Consent

Your customer must provide consent, whether that is explicit or inferred, to allow you to send them marketing messages (SMS or email). Whilst I get a lot of business owners ask me if this is actually that important and “Do I really need to do this”. You should understand that a failure to do this is actually illegal. It puts you in breach of the 2003 Spam Act (some *light* reading here).

It’s not just me being fastidious about marketing insisting that you have some basics in place when it comes to your marketing before you start sending email or SMS marketing. It’s the law. Sorry mate.

Regardless of the legalities of gaining the consent of your SMS database, it’s also important to consider that an unexpected SMS marketing message is unlikely to be warmly received. It may cause more damage than good for your brand’s reputation.

This consent may or may not be collected separately from the point at which you collect email marketing consent. Personally I think it’s best to collect it separately and time-stamp the point at which you receive said consent. This will help future-proof your database should more stringent data protection measures come into play in Australia, bringing Australia in-line with regions where these regulations already exist. FYI this is done effortlessly in Klavyio. We’re a Klavyio agency partner, so ask us if you want us to help you set it up for you.

I am not a fan of sneaking marketing consent in, under the radar. Many businesses will opt to hide the fact that by ‘downloading our free pricelist’ or ‘registering for early access’ you’re actually opting in to receive marketing. It’s often hidden in the terms and conditions.

I don’t like this for 2 reasons:

  1. It’s deceptive. Just be honest. We’re not stupid.
  2. It’s illegal in other global territories and I think you should be forward-thinking in your marketing. Because, let’s face it, it’s inevitable that someday Australia will catch up to the rest of the world when it comes to data protection.

Marketing consent is a complicated topic to understand, I’ve tried to explain it with working examples in relation to email marketing here.

2. You need a Privacy Policy

If you’re collecting any of your customers data whether that’s browsing information using cookies, their email or SMS consent, their personal details or their financial details. You need a Privacy Policy.

Think about it this way. You’d want to be sure your own data is secure and protected when you transact with another business, so why don’t you grant your customers that same respect?

Fun fact, this one’s tied up with the 1988 Australian Privacy Act.

I recommend Foundd Legal as a great place to get a legally compliant Privacy Policy template for Australia and a range of other legal templates for your business (head’s up this is an affiliate link, I get a kickback if you purchase from this link, it doesn’t affect the price you pay).

3. You need to clearly identify yourself as the sender in any SMS

One of the main rules about SMS Marketing in Australia that will help stop your message looking like Spam is to clearly identify yourself as the sender in any message that you might send.

You could choose to customise your sender ID (that’s the name that the SMS comes from). 

Or you might choose to identify yourself before the body of the text message if you can’t customise your sender ID.

If you’re wondering, it’s definitely better to customise your sender ID, it feels more trustworthy and makes your message more visible in the recipient’s inbox.

4. You must provide an effortless way to unsubscribe

You must provide a way to unsubscribe in the text message itself. We see way too many non-compliant messages landing in our inbox. (Real estate agents, here’s looking at you.)

This could take the form of a link that the recipient clicks to unsubscribe or it could be a shortcode that they text (e.g. text STOP to 67434 to unsubscribe).

Either option must be low-cost or free and remove the recipient from future SMS Marketing campaigns within 5 days to be compliant.

5. You must be compliant with the data privacy laws in the recipient’s location

Another rule to consider when sending SMS marketing (or any marketing for that matter) is that it doesn’t matter where your business is headquartered. If you’re contacting overseas subscribers, you must be compliant with marketing legislation in their geographical location. 

Specifically, let’s chat (very) briefly about GDPR. GDPR is a policy that came into effect in May 2018 that protects the data of members of the EU (and the UK). This means that you must have explicit consent to contact customers who fall under EU/UK Justristicions. There are similar laws in place in the State of California.

Under Australian Privacy Principles you have to have inferred or explicit consent to send marketing messages. This is the grey, wishy-washy area of our PRivacy protection, in my opinion. Under GDPR regulations inferred consent is not sufficient, all your consent must be explicit. An easy way to think of this is that you need your customers to actively ‘opt in’ or tick a box saying they agree to get your marketing. If they haven’t done this, chances are you don’t have the right to send email or SMS marketing to these contacts.

Want to start doing SMS Marketing better? Give us a shout – we’ve worked on SMS marketing for businesses big and small and would love to help you create SMS marketing that doesn’t suck.

Thanks for reading this article, I also need you to understand:

  1. I’m always going to recommend marketing that is legally compliant to the best of my knowledge, but I’m not a lawyer.
  2. Because I’m not a lawyer, I’m not qualified to provide advice about the legal compliance of the marketing that you’re doing. Any guidelines I provide are based upon my understanding as a marketing professional (not a legal professional).  If you want to be sure your marketing is legally compliant, I will always recommend getting in touch with Foundd Legal or another qualified legal professional.