None of us are strangers to the multiple advertising emails and text messages received daily. How can you opt-out and fight this unsolicited commercial advertising or “spam”?

Summary of relevant legislation

1. Electronic Communications and Transactions Act, 25 of 2002 (“ECTA”)

In terms of Section 45 of ECTA, any person who sends unsolicited commercial communications to consumers, must provide the consumer with the option to cancel the subscription to the mailing list and, on request of the consumer, provide the identity of the source from which the consumer’s personal information was obtained.

If the consumer is unable to opt-out of unsolicited communications or the sender refuses to provide the information on where and how contact details were obtained, Sections 45(3) and (4) provide that the sender is guilty of an offence.

Unfortunately, this Section is of limited practical use as there are no guidelines as to how it will be practically enforced or how consumers can use it to their advantage.

2. The Consumer Protection Act, 68 of 2009 (CPA)

The CPA defines “direct marketing” as “an approach in person, by email or electronic communication with the direct or indirect purpose of promoting or offering to supply any goods or services in the course of business”.

Direct marketers may market their products and services to consumers until they choose to opt-out.

Section 11 says that a recipient may refuse to accept, opt-out or pre-emptively block direct marketing communications. The sender must confirm receipt of the recipient’s instruction in writing and exercise the instruction free of charge.

The CPA also contemplates the creation of the National Opt-Out Registry (“NOR”). The purpose of this database, also known as the “do not contact registry”, is for marketers to either proactively block consumers that are already on the list or tailor their marketing frequency accordingly. However, the NOR has not been implemented yet.

3. The Protection of Personal Information Act, 4 of 2013 (“POPIA”)

Although POPIA was signed into law in November 2013, only some of its sections are in effect and the final commencement date is still to be set by the Presidency. Once in effect in its totality, it will repeal Section 45 of ECTA.

POPIA distinguishes between existing customers and new customers when considering the requirement to obtain consent for direct marketing practices. As a rule, opt-out consent will be required for existing customers while opt-in consent will be required for new or prospective customers.

Section 66 of POPIA regulates the use of electronic communication and essentially prohibits the use of emails for direct marketing. But there are certain exceptions, i.e. where the individual consents to communications and if the consumer is a customer of the marketer.

If the recipient is a customer of the marketer, marketing may only be sent if the consumer’s contact details were obtained through the sale of goods or services, or if the marketer’s aim is to advertise similar products or services as the customer initially bought. Any direct marketing communication must contain the identity of the person on whose behalf it is sent and the option for the consumer to opt-out at any time.

Section 69 of POPIA places further restrictions on when direct marketing in the form of electronic communication (spam) may be sent. Either consumers should consent to the use of their personal information (opt-in) (consent may only be requested once) or there should be an existing relationship between the sender and recipient. An existing relationship does not give unlimited freedom to the marketer to make repeated connections and the consumer will remain entitled to opt-out of future communications.

POPIA will completely change the digital marketing model from an opt-out form of consent to an opt-in one. It is further restrictive in the sense that there will be only one chance to opt-in but unlimited chances for the consumer to opt-out. A marketer may only request a consumer’s consent once to send him or her direct marketing.

POPIA also places further restitutions on marketers that distribute personal information of consumers that they have in their possession to a third party. A mailing list with a consumer’s personal information may not be distributed to a third party without the consumer’s consent as it infringes on their right to privacy. Only if the marketer obtained the consumer’s specific consent that a third party may process his or her personal information and contact him or her, the marketer may distribute the information to such party.

It is still uncertain how POPIA will interact with the NOR if it is implemented, but the assumption is that marketers will be forced to first consult the NOR first in any case.

What about the Internet Service Providers Association (ISPA) and the Wireless Application Services Providers’ Association (WASPA)?

ISPA members are bound by ISPA’s Code of Conduct which requires internet service providers (ISPs) to take active steps in preventing spam from originating on their networks. ISPA also tracks and identifies spammers and provides a platform for consumers to report spam. If the ISP fails to take action as requested, a complaint can be lodged with ISPA.

WASPA is the industry body for wireless application service providers and deals with SMS marketing and their Code of Conduct, which also refers to ECTA and the CPA. If a consumer receives a spam SMS, he or she can reply to the message with the word “STOP”, as all WASPA members are required to honour this. If this fails, a consumer can report spam to WASPA and WASPA will take action by means of its complaints process.


There are various regulations, restrictions and sanctions regarding spam in South African legislation. However, the application and true combatting of spam remains a major problem. As our legislation is updated, spammers get smarter and find new ways to harass consumers, but with the knowledge of the law and the actions that can be taken, consumers can and should continue to fight spam.

Listen to our podcast about this article.