American Express fined by ICO for 4m unlawful emails

The Information Commissioner’s Office (ICO) has fined American Express (Amex) £90,000 for sending more than four million marketing emails to customers who did not want to receive them.

In 2020, the ICO dished out fines worth over £42 million across 16 companies.

The fine issued to Amex is dwarfed by the £20 million fine the ICO issued to British Airways in October 2020 after its record-setting data breach, involving the details of around 500,000 customers.

The ICO said it began investigating Amex after it received complaints from Amex customers who were getting marketing emails despite having opted out from them.

The emails included details on the rewards of shopping online with Amex; getting the most out of using the card and encouraging customers to download the Amex app according to the ICO.

Amex had rejected its customers’ complaints, claiming the emails were servicing emails and not marketing.

During the investigation, the ICO found that Amex had sent over 50 million, of what it classed as, servicing emails to its customers.

The ICO said that for nearly 12 months, between 1 June 2018 and 21 May 2019, 4,098,841 of those emails were marketing emails, designed to encourage customers to make purchases on their cards which would benefit Amex financially.

The ICO alleges that this was a deliberate action for financial gain by the organisation, and that Amex also did not review its marketing model following customer complaints.

It is against the law in the UK to send marketing emails to people unless consent has been freely given, according to regulation 22 of the Privacy and Electronic Communications Regulations 2003.

However, it is legal to send servicing emails, which contain routine information such as changes to terms and conditions and payment plans or notice of service interruptions.

“This is a clear example of a company getting it wrong and now facing the reputational consequences of that error,” said Andy Curry, head of investigations at the ICO. “The emails in question all clearly contained marketing material, as they sought to persuade and encourage customers to use their card to make purchases.”

“Amex’s arguments, which included, that customers would be disadvantaged if they weren’t aware of campaigns, and that the emails were a requirement of its credit agreements with customers, were groundless. Our investigation was initiated from just a handful of complaints from customers, tired of being interrupted with emails they did not want to receive.”

He added: “I would encourage all companies to revisit their procedures and familiarise themselves with the differences between a service email and a marketing email and ensure their email communications with customers are compliant with the law.”

    Share Story:

Recent Stories


Bringing Teams to the table – Adding value by integrating Microsoft Teams with business applications
A decade ago, the idea of digital collaboration started and ended with sending documents over email. Some organisations would have portals for sharing content or simplistic IM apps, but the ways that we communicated online were still largely primitive.

Automating CX: How are businesses using AI to meet customer expectations?
Virtual agents are set to supplant the traditional chatbot and their use cases are evolving at pace, with many organisations deploying new AI technologies to meet rising customer demand for self-service and real-time interactions.