Review of the MCCA Direct Marketing Model Code of Practice - Report

Terms of Reference 3

The current relevance and validity of the Model Code’s objectives in view of changes in the regulatory and technological environments

Numerous changes have taken place in the regulatory and technological environments since the Model Code was introduced in 1997. However, such changes have not been reflected in the Model Code. This is largely due to Provision 66 in the Model Code, which stipulates that an established MCCA Working Party shall review the Model Code three years after its release and at periodic intervals thereafter.

Submissions to the Working Party identified the introduction of the new privacy regime, the BPM, changes to the Corporations Regulations 2001, widespread technological developments and associated changes to marketing techniques as influences on the current relevance and validity of the Model Code and its objectives. These changes to the direct marketing environment are discussed below.

The Privacy Act 1988 (Cth)

The ten National Privacy Principles (NPPs) in the Privacy Act 1988 (Cth) set out the minimum standards for private sector organisations in the collection, use, disclosure, quality and security of information. Additionally, they establish the rights of the individual to access and correct information, the transfer of information overseas and special rules for the handling of sensitive information.

As currently framed, the Model Code does not directly address matters covered by the NPPs. Submissions suggested the Model Code could usefully allow for developments in this area. For example, the OFPC argued that by not including the NPPs the Model Code does not fit within the current regulatory framework for privacy. The VICPC suggested the inclusion of the NPPs in the Model Code would signal a national desire for consistency.

ADMA supported these views and indeed responded to the introduction of the NPPs by reflecting them in the ADMA Code.

NSWPC while welcoming of the inclusion of the NPPs in the Model Code warns that these provisions do not necessarily address what many people regard as privacy intrusive aspects of direct marketing. These include intrusive marketing solicitation such as overly frequent telephone calls, unsolicited faxes and e-mails.

A number of other privacy issues were raised in submissions, including the collection and use of publicly available information, the distribution of direct marketing material with non-direct marketing material, the removal of deceased persons from mailing lists and the time taken to comply with the privacy regime. These issues have arisen since the introduction of the NPPs. Some submissions suggested that the current privacy landscape does not go far enough. That is, the Working Group should consider whether the Model Code should take the lead in extending the existing NPPs in a number of areas.

Other privacy issues

Use of public registers

Various submissions raised privacy concerns relating to direct marketers using public registers to develop mailing lists and for other direct marketing purposes. The APF did not see the inclusion of the NPPs in the Model Code as adequate response to these concerns given that the NPPs do not necessarily require marketers to obtain a consumer’s consent to use personal information. The APF suggested the Model Code ‘should make it clear that marketers cannot use such information freely for direct marketing just because it is in the public domain’.

The VICPC suggested the use of public registers for direct marketing relies on responsible information management and consumer confidence and without both a scheme of licensing or registration may need to be introduced.

Tempering these views, the OFPC suggested that any approach taken by the Model Code to address this issue would need to be consistent with the current base rules in the Privacy Act. The OFPC acknowledged that further public debate on this issue is required but the development of good practice in this area could be a useful addition to the Model Code¹³. The OFPC has also recently released Information Sheet 17 — 2003: Privacy and Personal Information that is Publicly Available¹⁴, which aims to give helpful and practical advice to organisations about how the Privacy Act applies to personal information that is publicly available.

In its submission ADMA argued that the Model Code should not address this issue given neither the Privacy Act nor the NPPs draw a distinction between data derived from a private or public data source.

The CFA argues that a consumer who believes his or her personal information has been used without their permission for marketing purposes has no reliable recourse. Complaints can be made, as can a request for information to be deleted. However, finding out where the information was gathered in the first instance, or being certain that a request to delete information has been actioned relies on the good faith of the company involved. Additionally the CFA indicate that it is frequently the case that the company doing the marketing is not the company whose product or service is being advertised.

The distribution of direct marketing material with non-direct marketing material

The issue of direct marketing material being distributed with non-direct marketing material (for example, direct marketing material being included in a letter containing a consumer’s bank statement) was also raised in submissions. Currently, the NPPs permit organisations to use personal information for the secondary purpose of direct marketing in specific circumstances. In particular, NPP 2.1(a) permits the use and disclosure of personal information when the secondary purpose is related to the primary purpose.

The submissions presented differing views on the extent to which this privacy issue should be addressed in the Model Code. ADMA suggested that this issue is covered in the NPPs and therefore inclusion of the NPPs in the Model Code would appropriately address the issue. Conversely the APF suggested that the NPPs do not go far enough in this area and consumers should be allowed to opt-out of receiving any direct marketing material when it is distributed with non-direct marketing material.

The removal of deceased persons from direct marketing lists

The issue of direct marketing to deceased persons was raised in the VICPC’s submission where it was argued that current legislation fails to adequately address this issue. The VICPC argued that inadvertent marketing to deceased persons makes little commercial sense and has implications for the privacy of relatives. Introduction of the NPPs into the Model Code is unlikely to impact on this problem.

The Working Party recognises that ADMA has worked with the Council on the Ageing, Centerlink and the Australian Funeral Directors Association to address this issue. The 1999-2000 ADMA Code Authority Annual report indicates that this coalition distributed a registration form to Australian funeral directors allowing next of kin an opportunity to register the deceased when other affairs are being finalised. Information was included in the free Centerlink publication, What to do when someone dies.

Timing issue

The NPPs and in particular NPP 2.1(c) advocate an opt-out position for direct marketing. The opt-out approach allows businesses to send marketing information to consumers, giving them the option of ceasing the correspondence at any time. It does not however specify a timeframe in which a direct marketer should cease sending material to consumers after being asked to do so.

A major area of consumer dissatisfaction identified in the review was the apparent difficulty in being removed from marketing lists despite repeated requests.

ADMA believes that the Model Code should require names to be suppressed within one month of the request being made. The OFPC would support the Model Code (with appropriate consultation) providing good practice standards to direct marketers on updating lists within a specified time.

The Australian E-Commerce Best Practice Model (the BPM)

The BPM provides voluntary guidance to industry and consumers on the elements of an effective self-regulatory consumer protection framework in e-commerce.

Submissions suggested that there are a number of areas in the BPM that could be reflected in the Model Code. Various submissions suggested that the Model Code should provide guidance on the issue of obtaining a consumer’s consent when engaging in direct marketing through commercial e-mail, similar to the approach used in the BPM. Also, the OFPC suggested that these could include information dealing with on-line security and authentication mechanisms as well as direct marketing to minors in the electronic environment.

Technological developments

Technological developments in recent years have greatly expanded the types of direct marketing methods employed by organisations. Commercial e-mail and the use of the Internet have become popular advertising instruments among marketers. This improved interconnectivity has meant that direct marketing has become faster and cheaper, and with improved technology, organisations now have the ability to process large amounts of personal data. Submissions made it clear that this factor has significant implications for privacy.

Unsolicited commercial email (spam)

Complaints and enquiries to privacy offices indicate that spam has a significant privacy impact for Australians, particularly with respect to the collection and re-use of personal information such as e-mail contact details. Concerns were expressed during the review about the collection and use of e-mail addresses and the building of detailed profiles of individuals, particularly where the individuals concerned do not know about or do not have the ability to control such practices.

A number of consulted parties called for a consent-based (opt-in) approach to unsolicited commercial e-mail to be included in the Model Code.

The OFPC believes that a qualified opt-in approach could be justified on the grounds that this approach has already been decided on, following extensive consultation in the BPM. Additionally, the OFPC states in the Guidelines for the NPPs that ‘as the cost of e-mailing is negligible, ordinarily it will not be ‘impracticable’ to seek consent where an organisation chooses on-line methods of contact or communication’¹⁵.

The IIA indicated that commercial e-mail should be subject to an opt-in provision, given the cost of using this method is borne by the Internet Service Provider (ISP) and consumers, rather than the organisation sending the e-mail.

A qualified opt-in position is also consistent with recent recommendations by NOIE contained in The Spam Problem and How it Can be Counted. This review, released on 16 April 2003, proposed a multi-level approach to addressing spam, including through:

• The introduction of national legislation banning the sending of commercial electronic messaging without the prior consent of end users unless there is an existing customer-business relationship (referred in the BPM context as a qualified opt-in approach);
• The requirement for all commercial electronic messaging to contain accurate details of the sender’s name and physical and electronic addresses;
• Collaboration with industry bodies to implement codes of practice to ensure the compliance of their members with national legislation;
• Requirement for ISPs to make available to clients filtering options from an approved schedule of spam filtering tools at reasonable cost, and evaluate and publicise spam filtering options and products;
• Australia working together with international organisations such as OECD and APEC to develop global guidelines and cooperative mechanisms to combat spam; and
• The development of a major information campaign to raise awareness of the nature of spam, provide simple technical advice and a basic guide to anti-spam products.

Cookies

The use of cookies by organisations has become more widespread since the Model Code was released. An issue for consumers is that when cookies are used on a web-site it is possible to collect information about users which can subsequently be linked to an identifiable individual¹⁶.

The APF argues that ideally organisations should not force users of their web-sites to accept cookies — that is, they should respect the preference of some users to disable cookies in their browser settings.

The VICPC echoed this sentiment. The VICPC argued that organisations should provide users with clear and comprehensive information in advance about the purpose of cookies and offer the possibility to refuse them.

The Privacy Commissioner’s Guidelines on the NPPs address, to some extent, the issue of cookies under NPP 1.3¹⁷. The Guidelines provided for NPP 1.3(a)(b) suggest that ‘if an organisation collects personal information using a cookie, web bug or other means, it could give the NPP 1.3 information in a statement clearly available on the website; for example, it could be linked directly from the homepage and other pages that make use of the devices’.

SMS

SMS stands for Short Message Service and refers to the ability to send and receive messages to and from a customer’s mobile telephone. Currently a single short message can be up to 160 characters of text length.

The Australian Communications Industry Forum (ACIF) states that the use of SMS within Australia is expanding rapidly. It is anticipated that marketing via SMS will become increasingly popular to the industry due to its targeted effect. Like other forms of advertising, some customers may consider marketing via SMS intrusive. Moreover, mobile telephones have limited capacity to store messages and recipients have no choice but to open them.

SMS is a store and forward service. That is, short messages are not sent directly from sender to recipient, but are sent via an SMS network. Once the SMS network receives an SMS message it temporarily stores it and waits for the destination address and delivery routing requirements analysis to be completed before the message is forwarded to the intended destination. If the message cannot be delivered to the mobile telephone (for example, due to the mobile telephone being switched off or network congestion) the SMS network will continue to make delivery attempts over some predetermined period (for example, days) until the message either expires or the message has been successfully delivered. As such it is not possible to accurately predetermine the time of delivery for any particular SMS message.

The telecommunications industry through the ACIF has issued an industry code¹⁸ on SMS issues. The objectives of the ACIF Code are to:

• reduce the incidence of unsolicited marketing messages received by customers; and
• promote the responsible use of SMS for marketing purposes.

While particularly intrusive to consumers, with SMS messages being significantly more difficult than e-mail to screen or ignore, there currently exists a natural cost barrier against bulk SMS messaging in Australia. This may be one factor helping to limit growth in SMS spam in the current environment.

Telemarketing hours

NSWPC argues that the scale of telemarketing and its perceived intrusiveness have both grown since 1997 and argues that inclusion of the NPPs in the Model Code may not adequately address such concerns.

The NSWPC records do not indicate major problems with automated or predictive dialling which is contrary to the experience of both the UK and United States¹⁹. Nevertheless the NSWPC believes it is appropriate to keep this issue under review in the Australian context.

As discussed, Regulation 7.8.22 of the Corporations Regulations 2001 for the hawking of certain financial products was recently amended with the effect that since 6 November 2002 the hawking of certain financial products by telemarketers is no longer permitted on a Sunday and since 11 March 2003, no longer permitted on a national public holiday.

On the question of telemarketing hours, the OFPC indicated that the Privacy Act has no specific regard in this matter but does suggest the Model Code could give guidance or best practice advice and examples in areas such as these.

Alternatively, the APF’s submission suggested that the current telemarketing hours of 8.00 am to 9.00 pm are reasonable for default hours and should remain. However, the submission further states that any organisation which undertakes telemarketing on a regular basis should be required to have a facility to record, on request, different acceptable hours for each consumer, and to use and respect this information when making subsequent calls.

ADMA argued in its submission that Anzac Day should be included in restricted days for telemarketing but did not go as far as to include Sundays or the additional public holidays established in Regulation 7.8.22 of the Corporations Regulations 2001.

Third-party marketers

Concern was raised within the Working Party that the Model Code does not adequately cover third parties used by direct marketers to carry out various aspects of the marketing process. It was proposed that the Model Code as it currently stands does not provide guidance on the conduct of contractors, sub-contractors and agents hired by a direct marketing company.

Within the industry, this issue has been recognised by ADMA. The Association has amended its Code of Practice so ADMA members now must ensure their suppliers become familiar with the Code compliance obligations of the member.

Conclusion

It is recognised by the Working Party that the inability of the Model Code to reflect the above changes has limited its ability to reflect best practice guidance for the industry in the current environment. However, it is the Working Party’s view that these changes have not limited the relevance or validity of the objectives of the Model Code’s which remain valid and broadly based. The Working Party accordingly believes the current objectives, ‘to enhance the potential for consumers to benefit from distance selling, and to improve the market for reputable business’ should remain unchanged.

The Model Code also sets out ways in which it seeks to achieve its objectives. This is by:

• ensuring that consumers have access to the product and service information they need to make informed choices;
• promoting ethical sales practices and ensuring that fair trading principles are complied with;
• ensuring that consumers have access to appropriate returns policies, complaints procedures and remedies where there is a problem with a sale; and
• protecting consumers from unreasonably intrusive telemarketing practices.

Although the Model Code’s objectives remain current and valid, it is the Working Party’s view that each of these four indicators need to be re-examined to ensure they promote industry ‘best practice’ in the current regulatory and technological environments. For example, given the uptake of a range of emerging direct marketing methods since the Model Code was released, it is the Working Party’s view that the last of these indicators should cover all ‘intrusive direct marketing practices’, and not just telemarketing practices.

A major difficulty for the Working Party during the review process was in quantifying the extent to which the Model Code has actually achieved its objectives. It is the Working Party’s view that the development of benchmarks will allow a clearer assessment of the extent to which the Model Code is achieving its objectives in the future. This is because benchmarks will provide the Working Party with a mechanism to monitor and effectively measure the Model Code’s effectiveness.

¹³ The issue of public registers is being considered in a number of public inquiries at the Australian Government and State Government levels, for example, by the Joint Select Committee on Electoral Matters in the context of the review of the 2001 Federal election and by the Victorian Privacy Commissioner in the report of his inquiry into the appropriate re-use of personal information on a register containing details of building permits.

¹⁴ A copy of this information sheet can be obtained at http://www.privacy.gov.au/publications/is17_03.html.

¹⁵ A full copy of the Guidelines for the NPPs can be obtained at http://www.privacy.gov.au/publications/nppgl_01.html.

¹⁶ The Working Party accepts that this may not be the reason why the cookie was originally established.

¹⁷ NPP 1.3 concerns notifying individuals when collecting information from them directly. An organisation must take reasonable steps to ensure that the individual is made aware of the identity of the organisation, the fact that he or she is able to gain access to the information, the purpose for which the information is collected, the organisations (or the type of organisations) to which the organisation usually discloses information of that kind, any law that requires the particular information to be collected, and the main consequences (if any) for the individual if all or part of the information is not provided.

¹⁸ The ACIF code can be obtained at www.acif.org.au/ACIF/files/c580_2002.pdf.

¹⁹ In these countries there has been regulatory intervention to set appropriate standards for such equipment. This covers issues such as hanging-up before the person has an opportunity to answer, calls falling out because no operator is available, delays in connecting to an operator and the use of recorded and computer generated messages.

Next: Addressing the Terms of Reference - Terms of Reference 4
Return to: Report Contents