The Commonwealth Bank of Australia (CBA) has paid a $7.5 million penalty for not complying with spam laws by sending more than 170 million emails.
CBA violated Australia's spam laws by sending 170 million marketing messages to Australians without providing a way to unsubscribe between November 2022 and April 2024 according to an investigation conducted by the Australian Communications and Media Authority (ACMA). In addition, 34.8 million of these messages were sent to people who had not consented or who had withdrawn their consent.
A $3.55 million penalty was paid by CBA in May 2023 for sending 65 million emails without working unsubscribe arrangements.
CBA's noncompliance and further breaches are unacceptable, said ACMA chair Nerida O'Loughlin.
“The ACMA took action against CBA just last year for not delivering on their customers’ rights to unsubscribe from marketing messages. We have now had to take further action after this new investigation found that CBA had incorrectly classified millions of messages as non-commercial.
“Australians are sick and tired of this kind of spam intruding on their privacy and it’s clear CBA did not have its systems in order,” O’Loughlin said.
Messages that are purely 'service' and not commercial are permitted to be sent without consent or unsubscribe facilities under the Spam Act 2003. However, the ACMA found CBA's messages either advertised products or services (including insurance, credit, and loan offerings).
“The rules are clear, if a message includes marketing content or direct links to marketing content, it is a commercial message and must give people the option to unsubscribe,” O’Loughlin said. This is to ensure that people are not receiving unwanted messages and that their privacy is respected. It also allows people to opt out of receiving marketing content if they do not wish to receive it.
“We have seen several companies get this wrong and businesses are on notice to check how they are classifying messages as commercial or non-commercial.”
The penalties highlight the serious financial repercussions of failing to adhere to spam regulations. Beyond the fines, the breaches have likely damaged CBA's reputation, potentially eroding customer trust and affecting future business prospects. Additionally, the bank may face increased scrutiny from regulatory bodies, prompting a need for stricter internal compliance measures.
The ACMA plays a critical role in regulating spam messages by ensuring organisations comply with Australia's Spam Act 2003. It conducts investigations into potential breaches, issues penalties for noncompliance, and provides guidance to businesses on how to correctly classify and manage their communications. By enforcing these regulations, the ACMA helps protect consumers from unwanted marketing messages and upholds their right to privacy.
The ACMA has also accepted a three-year court-enforceable undertaking to address the most recent issues, in addition to the financial penalty. A comprehensive independent review and implementation of improvements will be undertaken by CBA to ensure compliance, along with appropriate resources and governance.
“We will continue to closely monitor compliance with its commitments and with the spam laws,” O’Loughlin said.
Compliance with the Spam Act is crucial to protect consumer privacy and maintain trust in digital communications. It ensures that individuals have control over the marketing messages they receive, preventing unwanted intrusions into their personal lives. Adhering to these regulations also helps businesses avoid legal penalties and reputational damage, fostering a more respectful and responsible marketing environment.
In cases where a company does not have a prior record of violating spam rules, a court can fine it $626,000 per day. When a company has a prior record, it can be fined as much as $3,130,000 per day.
It is the ACMA's compliance priority for 2024–25 to enforce rules against commercial messages being misidentified as 'service' or non-commercial messages. A statement of expectations about consent in e-marketing has been released by the ACMA.
More than $20 million has been paid in spam penalties in the last 18 months.
As of 8:17 am (AEDT) Thursday, October 17, the Commonwealth Bank of Australia (CBA) stock price was $139.80, showing a slight increase of 0.51% from the previous close of $139.291. The stock reached a day low of $138.40 and a day high of $140.001. CBA's market cap stands at $228.98 billion.