The Commonwealth, Australia's largest bank, has paid a $7.5 million fine after it sent more than 170 million emails that did not comply with spam laws.
An Australian Communications and Media Authority (ACMA) investigation found that between November 2022 and April 2024 the bank contravened law by sending marketing messages to Australians that did not include a way to unsubscribe.
And 34.8 million of these messages were also sent to people who either had not consented or had withdrawn their consent to receive these messages.
This is the bank’s second major breach of the spam rules after it paid a $3.55 million penalty in May 2023 for sending 65 million emails without working unsubscribe arrangements.
ACMA Chair Nerida O’Loughlin said the further breaches and vast scale of CBA’s non-compliance was unacceptable.
“The ACMA took action against CBA just last year for not delivering on their customers’ rights to unsubscribe from marketing messages,” said ACMA Chair Nerida O’Loughlin.
“We have now had to take further action after this new investigation found that CBA had incorrectly classified millions of messages as non-commercial.
“Australians are sick and tired of this kind of spam intruding on their privacy and it’s clear CBA did not have its systems in order.”
The Spam Act 2003 permits purely service messages that are not commercial to be sent without consent or an unsubscribe facility.
However, the ACMA found the messages either promoted products and services (including for insurance, credit and loan offerings) or promoted he bank itself.
“The rules are clear, if a message includes marketing content or direct links to marketing content, it is a commercial message and must give people the option to unsubscribe,” O’Loughlin said.
“We have seen several companies get this wrong and businesses are on notice to check how they are classifying messages as commercial or non-commercial.”
In addition to the financial penalty, the ACMA has also accepted an expanded three-year court-enforceable undertaking to address the most recent issues.
These commit the bank to a comprehensive independent review and implementation of improvements, as well as providing appropriate resources and governance to ensure its compliance.
The maximum penalty a court can give to companies not complying with spam rules is $626,000 per day where a company doesn’t have a prior record. Maximum court penalties rise to $3,130,000 per day for companies with a prior record..
Over the last 18 months businesses have paid over $20 million in spam penalties.
Have something to say on this? Share your views in the comments section below. Or if you have a news story or tip-off, drop us a line at adnews@yaffa.com.au
Sign up to the AdNews newsletter, like us on Facebook or follow us on Twitter for breaking stories and campaigns throughout the day.