Opt Out Notice: What It Is and When You Need It in Australia

Direct marketing is a powerful way to reach customers - but in Australia, you can’t send promotional emails, SMS or make sales calls without giving people a clear and simple way to say “no thanks”. That’s where an opt out notice comes in.

If you’re building your customer base, you’ll want to make sure every marketing message includes a compliant opt out, and that your systems actually action those requests. It’s not just best practice - it’s a legal requirement under Australian law.

In this guide, we’ll explain what an opt out notice is, when you must provide one, what it needs to say, and how to set up a practical process inside your business so you stay compliant while you grow.

What Is An Opt Out Notice In Australia?

An opt out notice is the clear instruction you give customers so they can stop receiving your direct marketing. It must be easy to find, simple to use and free (or no more than the usual cost of using a service like SMS).

In Australia, opt out notices are required by multiple laws, including the Spam Act 2003 (for commercial emails and SMS), the Privacy Act 1988 and the Australian Privacy Principles (for direct marketing generally), and the Do Not Call Register Act 2006 (for telemarketing).

In plain English: whenever you send promotional content, you need to tell people how to unsubscribe - and you need to honour that request quickly.

When Do You Need To Provide An Opt Out Notice?

If you’re communicating for marketing purposes, you should assume you need an opt out. Common scenarios include:

• Email newsletters, promotions or abandoned cart emails
• SMS offers, reminders or flash sales
• Telemarketing and outbound sales calls
• In-app or push notifications that promote products or services
• Personalised ads and remarketing that rely on identifiable customer data (you’ll typically reference opt-outs in your Privacy Policy and preference centre)

Under the Spam Act, each commercial email or SMS must include a functioning unsubscribe facility that works for at least 30 days after sending. Unsubscribe requests must be actioned within five business days.

Under the Privacy Act’s Australian Privacy Principle 7 (APP 7), organisations that use or disclose personal information for direct marketing must provide a simple way to opt out, and stop marketing if someone opts out.

If you make sales calls, you’ll also need to comply with Australia’s telemarketing laws, including respecting the Do Not Call Register and giving call recipients a straightforward way to say “don’t call me again”.

What Must An Opt Out Notice Include?

There’s no single mandated sentence you must use, but your opt out notice needs to be:

• Clear: people should immediately understand how to unsubscribe.
• Simple: one or two clicks for email, a one-word reply like “STOP” for SMS.
• Functional: the link or reply option must work for at least 30 days after sending.
• Free or low-cost: the opt out can’t cost the recipient more than the standard cost of using the service (e.g. a standard SMS fee).
• Effective: once someone opts out, you must stop marketing to them for that channel.

Email And SMS (Spam Act)

For emails, include a visible unsubscribe link that leads to a page where the user can opt out in one step (no forced log-ins or long forms). For SMS, include a reply instruction like “Reply STOP to opt out” or a short link to unsubscribe on a mobile-friendly page.

It’s also best practice to identify your business clearly in the message. The Spam Act requires that commercial messages accurately identify the sender and include contact details.

If you’re reviewing your email practices more broadly (signatures, disclaimers, and footer content), keep in mind an email disclaimer doesn’t replace a proper unsubscribe - they do different jobs. If you need guidance on disclaimer content, see our practical notes on email disclaimers.

Telemarketing (Do Not Call Register)

At the start of your call, state who you are and the purpose of the call. If the person asks not to be called again, you must add them to your internal do-not-call list and stop calling them for marketing. Your team should be trained to handle opt outs on the spot and record them correctly.

Before running a campaign, you also need to wash your calling list against the Do Not Call Register unless an exemption applies (for example, some charity calls). Your opt out process must work even if a number isn’t on the national register - if they say no thanks, stop calling.

Websites, Cookies And Personalisation

If you collect personal information for targeted advertising or analytics, your Privacy Policy should explain how you use that data and how people can opt out of marketing or profiling. Many businesses also provide a preferences page where customers can toggle different types of communications.

While Australia doesn’t have EU-style cookie consent rules, the Privacy Act still requires transparency. If your site uses tracking technologies, it’s good practice to provide a clear banner and a Cookie Policy that explains how users can manage cookies or opt out of certain tracking.

Collection Notices And Offline Channels

When you collect personal information (for example, at point of sale or through a competition entry form), your Privacy Collection Notice should tell people if you plan to use their details for direct marketing and how they can opt out later. Make sure any paper forms, QR codes or tablets you use clearly reference your opt out and privacy information.

How To Implement Opt-Outs In Your Business

Strong wording is only half the story - you also need a reliable process so opt outs are captured and honoured every time.

1) Map Your Marketing Channels

List every way you contact customers for marketing: newsletters, lifecycle emails, SMS, push notifications, telemarketing, printed mailers, social media custom audiences, retargeting, and in-app messages. Each channel needs its own opt out mechanism that actually works.

2) Configure Your Tools

Most email and SMS platforms provide built-in unsubscribe features. Turn these on and test them regularly. For custom-built systems, work with your developer to create one-click unsubscribe pages and unique links for each recipient so the process is seamless.

3) Centralise Suppression Lists

When someone opts out, that status should flow across systems that send marketing. For example, if a customer unsubscribes from email, your CRM and ad platforms should also stop including them in lookalike or retargeting lists (if your policy promises that). Keep suppression lists secure and up to date.

4) Set Timeframes And Ownership

The Spam Act requires you to process unsubscribe requests within five business days. Assign responsibility (e.g., marketing operations) and set an internal SLA shorter than the legal maximum, so you have a buffer.

5) Capture Consent Properly

Opt outs work best when you also capture consent correctly at the start. Record how and when consent was obtained (e.g., tick box at checkout, double opt-in timestamp). This helps you respect customer choices and defend your practices if questioned.

6) Train Your Team

Anyone who communicates with customers should know how to handle opt outs. Script telemarketing opt-out responses. Show your support team where to record a request. Make it easy for staff to do the right thing.

7) Align Your Policies And Notices

Your public-facing documents should match what you do in practice. Review your Privacy Policy, Collection Notices and website messaging to ensure they accurately describe your marketing and opt-out options. If you’re unsure how the Privacy Act applies to your business, it’s worth speaking with a data privacy lawyer.

Common Mistakes (And How To Avoid Them)

Here are the pitfalls we see most often - and simple ways to stay on track.

• Hidden or tiny unsubscribe links: Place the opt out clearly in your email footer and use simple wording like “Unsubscribe”. Test on mobile and dark mode.
• Broken links or reply STOP doesn’t work: Test every campaign before sending. Monitor bounce logs and error reports so you can fix issues fast.
• Making people log in or complete long forms: Unsubscribe should be a single action. Avoid forcing account creation or multiple checkboxes to opt out of everything.
• Delays in processing opt outs: Automate where possible, and set your internal SLA to 24-48 hours so you always meet the five-business-day legal limit.
• Resubscribing people without fresh consent: If someone has opted out, don’t add them back unless they actively re-subscribe or give new consent.
• Using purchased lists: This is high-risk under the Spam Act and often non-compliant. Build your own list with clear consent and provide opt outs in every send.
• Confusing disclaimers with compliance: Footer disclaimers can’t replace an unsubscribe link. They serve different purposes - keep a proper opt out and handle disclaimers separately.
• Ignoring channel differences: Opted out of SMS doesn’t always mean “no email” (unless your policy says so). Be clear about what each opt out covers, or offer a preference centre so people can choose.

How Opt Out Notices Tie Into Your Broader Compliance

Opt outs aren’t a standalone task - they’re part of your privacy and consumer law compliance picture. Make sure you’ve covered the basics:

• Consent and transparency: Tell customers how you’ll use their information, give them a choice, and follow through. Keep your Privacy Policy up to date and easy to find.
• Direct marketing rules: Your opt outs should align with Australia’s email marketing laws (Spam Act) and APP 7 under the Privacy Act.
• Telemarketing obligations: Respect the Do Not Call Register and provide on-call opt outs in line with telemarketing laws.
• Cookies and tracking: Be clear about tracking technologies and give users control through a banner, preference tools and a Cookie Policy.
• Internal accountability: Document your processes, keep suppression lists secure, and audit them periodically.

If you’re rolling out new marketing channels or replatforming your tech stack, that’s a great moment to review your privacy documents - including your Privacy Collection Notice - so your customer messaging and legal terms stay in sync.

Practical Examples You Can Use (And Adapt)

These short examples can help you get started. Always adapt the wording to your business and test the process behind it.

Email Footer

“You’re receiving this email because you subscribed at checkout or on our website. To stop these emails, click Unsubscribe.”

SMS Message

“20% off ends tonight. Use code SAVE20 at checkout. Reply STOP to opt out.”

Telemarketing Script Snippet

“If you’d prefer not to receive sales calls from us in the future, please let me know and I’ll update our records immediately.”

Privacy Collection Notice (Excerpt)

“We may use your contact details to send you news and offers. You can opt out at any time by clicking Unsubscribe in our emails or contacting us at support@.com.”

Governance Tips For Growing Teams

As your database and team grow, governance keeps you compliant and consistent.

• Policy library: Maintain a single source of truth for your privacy and marketing rules. Keep your public documents (like your Privacy Policy) consistent with internal playbooks.
• Access controls: Limit who can export lists, edit suppression data or change unsubscribe templates.
• Vendor management: If agencies or platforms send on your behalf, make sure contracts require them to include opt outs, process requests within required timeframes, and return suppression data to you.
• Audit cadence: Quarterly checks on unsubscribe rates, broken links and processing times can flag issues early.
• Incident handling: If you mistakenly send marketing to someone who opted out, apologise promptly and fix the root cause. This also supports your broader privacy response plan.

Key Takeaways

• An opt out notice is mandatory for most direct marketing in Australia and must be clear, simple and free to use.
• Emails and SMS must include a working unsubscribe, and you need to process requests within five business days under the Spam Act.
• Telemarketing requires on-call opt out options and respect for the national Do Not Call Register.
• Back up your opt out wording with solid processes: centralised suppression lists, platform configuration, clear ownership and staff training.
• Keep your Privacy Policy, Cookie Policy and Privacy Collection Notice aligned with what you actually do, and update them as your marketing evolves.
• Test regularly, avoid common pitfalls (like hidden links or broken STOP replies), and only resubscribe people with fresh consent.

If you’d like a consultation on setting up compliant opt out notices and privacy processes for your small business, you can reach us at 1800 730 617 or team@sprintlaw.com.au for a free, no-obligations chat.