Many organisations treat consent as a solved problem.
There’s a sign-up form. An unsubscribe link. A preference centre that gives customers options. On the surface, everything looks fine.
But in practice, we see many teams creating unnecessary complexity in how consent and preferences are managed. And in Australia, where spam laws are among the strictest in the world, that complexity can introduce real compliance risk.
This isn’t about intent. Most teams are trying to do the right thing. The challenge is how preference design intersects with how consent is interpreted under the Spam Act 2003.
When preference design outpaces consent clarity
A common pattern we see is the highly granular preference centre.
Customers are asked to select specific content types, product categories, or communication streams. Newsletters. Promotions. Topics. Product lines.
It feels respectful and customer friendly. But over time, it can create a gap between what a customer has explicitly consented to and what the organisation later needs to send.
Consider a simple example:
A subscriber opts in to receive a monthly newsletter and selects interest in one product category, leaving others unchecked. Later, the business needs to send a broad commercial announcement related to a different category.
At that point, teams are forced to ask an uncomfortable question. Is this within the scope of consent or not?
Under the Australian Spam Act, consent needs to be specific and current. If a customer has clearly limited what they want to receive, sending outside those bounds can shift from an operational decision into a compliance concern. ACMA has demonstrated that it is willing to enforce when consent and unsubscribe mechanisms don’t hold up to scrutiny.
The “Blue Item” scenario and why it matters
The “Blue Item” scenario is shorthand for what happens when preference design becomes more granular than consent can realistically support. It describes a common situation where a reasonable commercial message sits in a grey zone, created not by intent, but by the structure of the preference model itself.
This is where granular preference centres create tension between commercial needs and legal interpretation. Marketing teams need flexibility to communicate relevant updates. Leadership expects important messages to reach the right audience. Compliance teams need confidence that consent has been respected and can be defended.
Highly specific preference structures make that balance harder, not easier.
In a highly granular preference centre, a customer may be asked to select from options such as product updates for Category A, product updates for Category B, promotions, events and webinars, industry insights, or partner offers. They select Category A and industry insights, leaving the rest unchecked.
Six months later, the organisation launches a new Category B feature that materially improves outcomes for customers already using Category A. The use cases overlap, and the message is commercially relevant to this audience.
This communication sits in the Blue Item zone. It is a standard commercial message rather than a service or transactional update. Its purpose is to introduce a new capability and prompt consideration. At that point, teams are forced to interpret intent. Has the customer limited what they want to receive, or have they simply not expressed a view on Category B at the time?
Different interpretations lead to different decisions, and that inconsistency is where risk emerges.
A simpler, binary consent model removes this ambiguity. Consent to receive marketing from the brand establishes a clear legal foundation. Within that permission, relevance is shaped by behaviour and engagement over time, rather than static checkbox selections captured months or years earlier. Responsibility stays with the organisation, and consent remains clear, current and defensible.
Behaviour tells a clearer story than declarations
There’s another challenge with static preference checklists. They rely on what customers say rather than what they actually do.
Interests change. Behaviour evolves. A box ticked months ago is rarely a reliable signal on its own.
In our experience, relevance improves when engagement data is allowed to lead. What someone opens, clicks, browses, or consistently ignores is often a far more accurate indicator of intent than a declared preference captured once.
This is where a simpler consent model, paired with better use of data, becomes powerful. Broad consent provides a defensible legal baseline. Behavioural data then guides what is sent, when it’s sent, and when it’s better not to send at all.
Used well, this approach supports compliance while improving relevance, without asking customers to manage the relationship themselves.
Frequency is part of consent, whether you treat it that way or not
The same thinking applies to email frequency.
Many organisations offer snooze options or reduced-frequency settings. While well intentioned, these often indicate that fatigue has already set in.
Modern engagement tools make it possible to monitor saturation and engagement levels over time. This allows teams to adjust cadence before frustration appears, rather than relying on customers to ask for fewer emails.
Respecting attention is part of respecting consent.
Simplicity supports compliance
From a compliance perspective, simpler models are often stronger.
A clear opt in.
A clear opt out.
An unsubscribe that works immediately and without friction.
The Spam Act requires unsubscribe facilities to be functional and easy to use. Adding barriers such as login requirements, surveys, or multi-step flows risks undermining that requirement and damaging trust at the same time.
When customers want to leave, making it easy protects your reputation and your deliverability. And when relevance and frequency are managed well, fewer people feel the need to leave in the first place.
Design consent experiences that work for customers and teams
Preference centres aren’t inherently bad. But complexity for its own sake creates risk.
In Australia especially, it’s worth stepping back and asking whether your consent model provides clarity or constraint. Whether it reflects real customer behaviour. And whether it supports both compliance and commercial agility.
Good consent design doesn’t ask customers to manage the relationship. It shows that you’re paying attention.
If you’re reviewing preference centres, unsubscribe flows, or consent structures and want a second opinion, let’s talk it through.
