Security News > 2021 > May > UK data regulator fines American Express up to 0.021p per email after opted-out folk spammed 4.1 million times

UK data regulator fines American Express up to 0.021p per email after opted-out folk spammed 4.1 million times
2021-05-20 13:45

American Express has been fined 0.009 per cent of its annual profits by the Information Commissioner's Office after spamming people who opted out of its marketing emails with 4.1 million unwanted messages.

"Between 1 June 2018 and 21 May 2019, 4,098,841 of those emails were marketing emails, designed to encourage customers to make purchases on their cards which would benefit Amex financially. It was a deliberate action for financial gain by the organisation. Amex also did not review its marketing model following customer complaints," said the ICO in a statement.

In Amex's case, 49 per cent of its customers had not opted in to receive marketing emails or had explicitly opted out - yet many of these collectively received the millions of messages sent by the bank anyway.

The maximum fine for a breach of PECR is £500,000, though the regulator indicated it would impose a £90k penalty in a preliminary notice back in February, to which Amex did not object.

The £90k fine equates to 0.021p per nuisance email however it is discounted to £72k if paid by 15 June.

This would mean the regulatory cost to Amex of doing business by sending 4.1 million unlawful marketing emails would be about 0.017p per message.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/05/20/amex_fine_50m_spam/