The Information Commissioner's Office (ICO) has fined American Express £90,000 for sending over 4 million unsolicited marketing emails between 1 June 2018 and 21 May 2019 to existing customers without consent.
Many of these emails were messages purportedly providing customers with information about their account but they also promoted American Express products, encouraged customers to spend on their credit cards and download a mobile app. American Express had rejected customer complaints on the basis these were ‘service messages’ which did not require consent.
The ICO disagreed and decided this was a serious breach of regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (SI 2003/2426) (PECR) because of American Express’ failure to take reasonable steps to avoid the breach, which could have included consulting the ICO's guidance on direct marketing.
Amongst others, the emails were sent to customers who had opted out of marketing messages. The ICO held that the emails were marketing messages because they included content calculated to
The ICO said,
"Service messages contain routine information such as changes to terms and conditions and payment plans or notice of service interruptions. Direct marketing is defined as any communication of advertising or marketing material directed at particular individuals. It is against the law to send marketing emails to people unless consent has been freely given. This is contained in Regulation 22 of the Privacy and Electronic Communications Regulations 2003."
The fine is a reminder to exercise some judgment before sending emails to customers who may not have also provided consent to receive marketing messages. Do not assume that it is acceptable to disguise a marketing email as a ‘service message’ (for example an update about their account or the service which is really a promotion). These emails are still a breach of the rules if sent without the recipients’ valid consent. What matters is the content rather than the label the sender gives it.
How can Tozers help?
If you would like any help or support with data protection, then visit our dedicated Intellectual Property pages or contact our expert team.