The Commonwealth Bank of Australia (CBA) has paid a $3.55 million fine for sending more than 65 million marketing emails that were difficult or impossible to unsubscribe from.
The fine - 0.0367 percent of CBA’s $9.673 billion profit in the 2021-22 financial year - is the largest penalty ever paid for breaching the Spam Act 2003, according to the Australian Communications and Media Authority (ACMA).
CBA sent the marketing emails between November 2021 and November 2022.
Of the 65 million emails, 61 million required customers to login to unsubscribe, 4 million had no functional unsubscribe facility at all, and 5000 were sent to recipients who’d already unsubscribed.
“The scale and duration of the breaches by the CBA is alarming,” ACMA chair Nerida O’Loughlin said in a statement.
“The ACMA gave it [CBA] early warnings it might have some issues and the steps it took were ineffective.
“The failure to fix the issues shows a complete disregard for the spam rules and the rights of its customers."
In addition to the fine, CBA committed to an independent review of its e-marketing practices in a court-enforceable undertaking.
The bank must also give regular compliance reports to the regulator and train its staff on spam laws.
“We will be closely monitoring the Commonwealth Bank’s compliance and the commitments it has made to review its practices. If we find future non-compliance, we will not hesitate to take further action,” O’Loughlin said.
Over the past 18 months, businesses have paid $11 million in penalties for breaching spam and telemarketing laws; this included, in 2022, crypto-currency exchange giant Binance’s $2 million fine, Sportsbet’s $2.5 million fine and Latitude Finance Australia's $1.5 million fine.
Enforcing SMS and email unsubscribe rules is one of ACMA’s 2022-23 compliance priorities.
According to ACMA's research, six in 10 Australians have received marketing emails from companies after asking to be removed from their mailing lists.