Social media has changed how businesses market themselves — and how quickly a compliance misstep becomes a public one. A misleading Instagram post, an undisclosed influencer arrangement, or an unapproved testimonial can attract regulator attention and viral criticism simultaneously.
Australian marketing law applies online just as it does offline. The Australian Consumer Law, the Spam Act, the Privacy Act, and defamation law all have implications for how businesses use social media and digital marketing. Understanding where the lines are tends to be considerably more useful than discovering them after a complaint.
The Australian Consumer Law and Advertising
The Australian Consumer Law (ACL) prohibits misleading or deceptive conduct and false or misleading representations in trade or commerce. This applies to all advertising — including social media posts, online reviews, influencer content, and search advertising — not just traditional media.
Key principles:
The overall impression matters, not just the fine print. A post that contains technically accurate information but creates a misleading overall impression is still a breach. Disclaimers buried below the fold, visible only on expansion, or in tiny print may not be effective.
Comparisons must be accurate. Claims comparing a product favourably to a competitor — “better than X”, “half the price of X” — must be capable of substantiation. The ACCC actively investigates misleading comparative claims.
Pricing representations must be accurate. Showing a “was $200, now $99” price requires that the “was” price genuinely reflects what customers paid for the product previously, not an artificially inflated reference price.
Testimonials and reviews must be genuine. Publishing fake reviews, incentivising reviews without disclosure, or using testimonials selectively to create a misleading impression are all potential ACL breaches. The ACCC’s fake review guidance (updated in 2023) is explicit that businesses cannot post fake reviews, ask connected parties to post positive reviews, or pay for reviews without disclosure.
Influencer Marketing and Disclosure
The use of influencers — individuals with social media followings who promote products or services in exchange for payment, free products, or other benefits — has been a sustained focus of the ACCC.
The core obligation: where there is a commercial relationship between a brand and a promoter, that relationship must be disclosed clearly in any promotional content.
The ACCC and Ad Standards have published guidance requiring:
Clear disclosure — the commercial relationship must be disclosed in a way that is prominent and easily understood. Acceptable disclosures include hashtags like #ad, #sponsored, or #paidpartnership, or explicit statements like “I have been gifted this product by [brand].”
Positioning — the disclosure must appear before the audience engages with the content, not buried at the end of a caption or after a video.
Platform features — many platforms have built-in paid partnership or branded content labels. Using these features does not eliminate the obligation to disclose in the content itself, but they help establish transparency.
Both the brand and the influencer can face ACL liability for non-disclosure. Businesses engaging influencers may want to ensure their influencer agreements include:
- An obligation to disclose the commercial relationship
- Approval rights over content before it is posted
- A requirement to comply with the relevant platform’s policies and applicable advertising standards
- Takedown provisions if content is non-compliant
Spam Act Compliance
The Spam Act 2003 (Cth) regulates commercial electronic messages — emails, SMS, and other electronic communications sent for commercial purposes.
Three key obligations apply:
Consent. Commercial electronic messages can only be sent with the recipient’s express or inferred consent. Express consent is a clear opt-in. Inferred consent arises where the recipient has an existing relationship with the sender and would reasonably expect to receive messages — but this is narrower than many businesses assume. Pre-ticked boxes, bundled consent, and broadly worded privacy policies do not constitute adequate consent under the Spam Act.
Identification. Every commercial electronic message must clearly identify the sender — including the business name and a way to contact them.
Unsubscribe. Every commercial electronic message must include a functional unsubscribe mechanism. When someone unsubscribes, they must be removed from the list within five business days. Continuing to send messages to someone who has unsubscribed is a breach of the Act.
Penalties for Spam Act breaches can be substantial — the ACMA (Australian Communications and Media Authority) has issued infringement notices and accepted enforceable undertakings for significant penalties against businesses with inadequate unsubscribe processes.
Online Reviews: What Businesses Can and Cannot Do
Online reviews are a significant commercial asset — and a source of real legal risk.
What businesses cannot do:
- Post fake reviews in their own name or through a third party
- Ask staff, friends, or family members to post positive reviews (even if they are genuine customers)
- Incentivise reviews without disclosure (offering discounts, entries into prize draws)
- Selectively publish positive reviews and suppress negative ones in a way that creates a misleading overall impression
- Threaten legal action or use intimidation to remove negative reviews (though defamatory reviews can be reported and removed through platform processes)
What businesses can do:
- Ask customers to leave reviews (without offering incentives and without directing them to give a positive review)
- Respond publicly to negative reviews — professionally, factually, and without making counter-claims that are not substantiated
- Report reviews that are clearly fake, defamatory, or from non-customers to the platform
The ACCC’s updated guidance on online reviews (2023) is clear that review manipulation — even where the reviews are technically positive — is misleading conduct.
Defamation and Social Media
Australian defamation law applies online. A business that posts material about a competitor, a supplier, or an individual that is false, damaging to their reputation, and not defensible can face a defamation claim.
Common risk scenarios:
Responding to negative reviews. A business responding to a negative review that identifies the reviewer or makes counter-allegations about them runs defamation risk. The safest response to a negative review is measured, professional, and focused on facts you can substantiate.
Posting about competitors. Comparative advertising that impugns a competitor’s character or conduct — rather than simply comparing product features or pricing — can attract defamation liability.
Employee posts. Where an employee posts defamatory content on their personal social media account, the employer may be liable in some circumstances — particularly where the post is made in the context of their employment, or where the business’s social media policies are inadequate.
User-generated content. Businesses that operate websites or social media pages on which third parties can post comments may be liable for defamatory content posted by users, particularly once they are on notice that the content exists. The High Court’s decision in Fairfax Media Publications Pty Ltd v Voller [2021] confirmed that media companies can be liable as publishers of defamatory comments on their Facebook pages. The principles have since been applied more broadly.
Practically, businesses may want to:
- Monitor comments on their social media pages and remove defamatory or illegal content promptly
- Have a moderation policy for user-generated content on their platforms
- Train staff who manage social media accounts on the basic principles of defamation
Copyright and Social Media
Sharing images, videos, or text created by others on social media without permission can constitute copyright infringement — even where the material is publicly accessible online.
A few points particularly relevant to businesses:
Stock images. Images downloaded from Google image search are not free to use commercially. Images must be licensed (through a stock photography provider) or created and owned by the business. Using unlicensed images in commercial marketing is copyright infringement.
User-generated content (UGC). Reposting a customer’s photo — even a flattering one — without permission or a licence from the customer can infringe their copyright. Businesses wishing to use customer content in their marketing should obtain explicit permission, ideally through a clear UGC policy.
Music in video content. Using popular music in videos (even briefly) without a licence from the rights holder infringes copyright. Platforms like Instagram and TikTok have licensing arrangements that permit some use of music in content created on their platforms — but these licences typically do not extend to the same content being used on a website or in paid advertising.
Privacy Considerations in Digital Marketing
Digital marketing typically involves collecting, using, and sharing personal information — email addresses, behaviour data, device identifiers, and in some cases more sensitive data. Where the Privacy Act applies, this collection and use needs to be consistent with the Australian Privacy Principles.
Specific areas to consider:
Collection notices. When collecting personal information for marketing purposes, a collection notice is required — telling the person what information is being collected, why, and who it will be shared with. Generic “we may use your information for marketing” statements in a lengthy privacy policy are increasingly inadequate.
Tracking and cookies. Website analytics, advertising pixels (Google, Meta, LinkedIn), and retargeting cookies involve the collection and sharing of personal information. Businesses using these tools should have a cookie policy and, where required, consent mechanisms.
Third-party data. Purchasing email lists or using data from third-party data brokers creates privacy compliance questions — particularly about whether the individuals on those lists consented to their information being shared for marketing purposes.
The Bottom Line
Australian marketing law applies online, applies to influencer content, and applies to how businesses interact with reviews. The ACCC, the ACMA, and the courts have all demonstrated willingness to enforce in this space.
Most marketing compliance issues arise not from deliberate misconduct but from practices that developed informally over time — posting without thinking about disclosure, using images without checking licences, or sending marketing messages to lists without clear consent records. A periodic review of marketing practices — the content, the email list management, the influencer arrangements, and the review handling — tends to find the gaps before a regulator or plaintiff does.
This article contains general information only and does not constitute legal advice. Envision Legal accepts no liability for any loss arising from reliance on this content. You should seek independent legal advice tailored to your specific circumstances. For enquiries, contact Envision Legal.