Home News After Tested.me, ICO Fines Amex For Sending Millions of Unwanted Emails

After Tested.me, ICO Fines Amex For Sending Millions of Unwanted Emails

The Information Commissioner’s Office (ICO) in the U.K. fined American Express up to £90,000 for sending four million spam emails to customers without their consent.

ICO fines American Express

We often receive calls from different bankers promoting their products and services. While these calls are largely ignored, very few question the rationale behind unsolicited calls. Owing to the data privacy of customers, organizations are forbidden to use their personal data for marketing or promotional campaigns, without their consent.

Recently, the European unit of American Express (Amex), a multinational financial services corporation, was fined £90,000 (around US$127,409) by the U.K.’s privacy watchdog, Information Commissioner’s Office (ICO), for sending more than four million spam/marketing emails to its customers within a year. The ICO stated that Amex had violated the Privacy and Electronic Communications Regulations (PECR) 2003 Act by sending marketing emails to over 50 million customers without their consent.

The ICO’s investigation found that Amex deliberately sent marketing emails for promotional and monetary gains. The issue came to light after several Amex customers complained to the ICO after receiving unwanted emails even after they opted out.

“Nearly 12 months, between 1 June 2018 and 21 May 2019, 4,098,841 of those emails were marketing emails, designed to encourage customers to make purchases on their cards which would benefit Amex financially. It was a deliberate action for financial gain by the organization. Amex also did not review its marketing model following customer complaints,” the ICO said.

“This is a clear example of a company getting it wrong and now facing the reputational consequences of that error. The emails in question all contained marketing material, as they sought to persuade and encourage customers to use their cards to make purchases. Amex’s arguments, which included, that customers would be disadvantaged if they weren’t aware of campaigns, and that the emails were a requirement of its Credit Agreements with customers, were groundless,” said Andy Curry, ICO Head of Investigations.

As per the PECR and GDPR regulations, organizations in the European Union are restricted to send unsolicited marketing campaigns via phone, fax, email, text, or any other electronic medium without customer consent. The companies are required to get approval from the customers by asking them to tick opt-in boxes to receive marketing calls, texts, or emails.

The fine on Amex comes hard on its heels after the ICO announced that it imposed an £8,000 fine (approximately US$11,300) on contact tracing service provider Tested.me for sending over 84,000 unwarranted marketing emails to its customers without their consent.