Amex Fined £90,000 for Sending 4 Million Spam Emails in a Year

The UK data regulator has fined American Express (Amex) £90,000 for sending over 4 million spam emails to customers within one year.

“During the investigation the ICO found that Amex had sent over 50 million, of what it classed as, servicing emails to its customers,” the UK Information Commissioner’s Office (ICO) said.

“The ICO revealed that for nearly 12 months, between 1 June 2018 and 21 May 2019, 4,098,841 of those emails were marketing emails, designed to encourage customers to make purchases on their cards which would benefit Amex financially.”

Amex’s argument that they were servicing emails designed to inform their customers of ongoing campaigns was deemed groundless by the UK Information Commissioner’s Office (ICO).https://www.ad-sandbox.com/static/html/sandbox.html

As the data regulator discovered, complaints showed the messages were instead direct marketing emails sent to customers who opted out.

The company also rejected the complaints and decided not to review its marketing model, considering that the marketing emails were a requirement of Credit Agreements with customers.

“Our investigation was initiated from just a handful of complaints from customers, tired of being interrupted with emails they did not want to receive,” added Andy Curry, ICO Head of Investigations.

Also Read: Data Protection Officer Singapore | 10 FAQs

“I would encourage all companies to revisit their procedures and familiarise themselves with the differences between a service email and a marketing email, and ensure their email communications with customers are compliant with the law.”

By sending marketing emails to those who didn’t freely consent to receive them, Amex broke Regulation 22 of the Privacy and Electronic Communications Regulations 2003 (PECR) that give people specific privacy rights in relation to electronic communications.

While the UK data watchdog can impose monetary penalties of up to £500,000 on data controllers, it decided to fine Amex only £90,000 because the company did not “deliberately set out to contravene PECR in this instance.”

Also Read: Practitioner Certificate in Personal Data Protection: Everything You Need to Know

Amex can pay this fine by June 17 and, if the payment is made in advance, the Commissioner will also reduce it by 20% to £72,000.

“This is a clear example of a company getting it wrong and now facing the reputational consequences of that error,” the ICO Head of Investigations added.

“The emails in question all clearly contained marketing material, as they sought to persuade and encourage customers to use their card to make purchases.”

In April, the financial services American Express company reported a net income of $2.2 billion for Q1 FY2021 and Q1 revenue of $9.1 billion.