Security News > 2021 > May > American Express Fined for Sending Millions of Spam Messages
American Express Services Europe has been fined £90,000 by a U.K. regulator, which found the company illegally blasted out 4 million marketing emails to customers who had opted out of receiving them.
Amex claimed the emails weren't marketing messages, but service communications, which are allowed under U.K. information privacy regulations.
An investigation by the U.K.'s Information Commissioner's Office found that out of 50 million emails Amex sent and classified as "Service" emails over a 12-month period, 4,098,841 were marketing messages, "Designed to encourage customers to make purchases on their cards which would benefit Amex financially. It was a deliberate action for financial gain by the organization," the ICO announcement of the fine explained, adding the company continued the practice even following consumer complaints.
Privacy and Electronic Communications Regulations gives customers in the U.K. control over the marketing messaging they receive, and grants the ICO authority to fine companies in violation of basic rules.
"I would encourage all companies to revisit their procedures and familiarize themselves with the differences between a service email and a marketing email and ensure their email communications with customers are compliant with the law."
"Many countries have laws that regulate sending spam," Bambenek told Threatpost by email.