back to article UK data regulator fines American Express up to 0.021p per email after opted-out folk spammed 4.1 million times

American Express has been fined 0.009 per cent of its annual profits by the Information Commissioner's Office (ICO) after spamming people who opted out of its marketing emails with 4.1 million unwanted messages. The £90,000 fine was announced today after the British data regulator ruled the US bank had broken the law. "This …

  1. Anonymous Coward
    Anonymous Coward

    Ah, Amex.

    We used to use them for Merchant Services, back in the day before we had any other options. When we finally dropped them for Stripe and closed our account, we continued to get emails telling us our merchant statement was ready. I called them several times about this but they were unable to find any record of an open account - no account number was on the email - so had no way of stopping the emails and suggested we "just ignore them". They eventually stopped after a couple of years.

    1. Loyal Commenter Silver badge

      Re: Ah, Amex.

      I got statements/bills from BT for several years in the early '00s after I was no longer a customer of theirs (and didn't even have a connected land-line). An equally quality organisation, I'm sure my fellow commenteriat will agree.

      1. vogon00

        Re: Ah, Amex.

        @Loyal Commenter

        I am old and grizzled enough to not be a member of this new-fangled 'commenteriat'...I am always a 'commentard' :-)

      2. sitta_europea

        Re: Ah, Amex.

        "I got statements/bills from BT for several years in the early '00s after I was no longer a customer of theirs (and didn't even have a connected land-line). An equally quality organisation, I'm sure my fellow commenteriat will agree."

        Oh, yes.

        They kept on sending me statements which showed that I was several hundred pounds in credit.

        I sent a complaint and asked them to send the money instead, since I had closed the account.

        Instead, they completely ignored the complaint and stopped sending the statements.

        They kept the money.

        1. Richard 12 Silver badge

          Re: Ah, Amex.

          So you took them to Small Claims, citing the statements of course?

  2. Mike 137 Silver badge

    Relative costs and effective action

    0.14p per message for general breaches. 9.5p for breaches involving GDPR category 9 (sensitive) data.

    In both cases derisory, and for the perpetrators just a minor cost of doing business. Until either penalties actually hurt or (preferably) enforcement actually stops abuses, nobody is going to take any notice of the law at all. And even such enforcement as the one reported only applies where large numbers of people are affected. Individuals bringing single complaints to the regulator stand practically no chance of being taken seriously, let alone gaining redress.

    Despite relatively adequate legislation, the entire data protection regime is in practice pretty much non-functional. If gauged by either its power to prevent abuses or to redress specific instances of wrongs, it's so far failed spectacularly. However it appears so far to be largely satisfactory to the EU, as we're well on the road to an adequacy decision (based on the law itself, despite almost universal non-compliance with it and pretty toothless enforcement).

    1. My-Handle Silver badge

      Re: Relative costs and effective action

      I implemented an SMS service in a website a little while ago (mainly for diagnostics to my phone), at a cost of 2.4p per message or similar. 0.14p per message is barely a rounding error, even for relatively poorly financed companies.

    2. vogon00

      Re: Relative costs and effective action

      Beautifully written comment, that.

      Mike 137 is most likely more erudite than I am , as I was thinking "It's about time the ICO stopped biting like a puppy, and more like an effing great big German Shepherd".

      Another way of putting it would be that it time for a proper adult bollocking rather than these piddly little slaps-on-the-wrist-and-you-must-try-harder efforts..

      I'm not saying the amounts involved should be huge, just enough (say 1% of last FY's net profits) to make someone take notice and feel mildly punished. I wouldn't worry about a time £1 fine either.....although raise that to a tenner and it would be a different story!

      Should be easy money for the ICO, as Amex are hardly going to shut up shop/dissolve their corporate selves to avoid paying the fine, are they.

      No, this isn't "Amex-bashing", but more "ICO Bashing" for being too soft and absolutely NOT being a deterrent.

    3. vtcodger Silver badge

      Re: Relative costs and effective action

      "In both cases derisory, and for the perpetrators just a minor cost of doing business."

      Well yes. But it'll put a big dent in the petty cash drawer for a week or two. That'll teach them not to mess with the regulators.

  3. Disgusted Of Tunbridge Wells Silver badge

    The annual profit is irrelevant.

    What matters is what was the return on these emails. Hopefully the £90k fine more than wiped that out.

    1. Loyal Commenter Silver badge

      There's probably individual account-holders who have paid them more than that in interest payments.

    2. Richard 12 Silver badge

      4.1 million, a conversion rate of 1% would be 41,000 customers spending up-to £500 more than they otherwise would.

      At £500 per customer, assume they all paid zero interest (hah!) and that Amex only get the transaction commission of ~2%.

      £410,000. Subtract the £75k fine and this one campaign still made at least £335,000 from the abused customers.

      The fine needs at least one more zero on the end before Amex would even notice.

  4. fredesmite2

    spam spam spam and eggs spam and beans spam spam !

    I get 50+ spam a day in my gmail .. nothing will stop them,.

    1. BenDwire Silver badge

      Re: spam spam spam and eggs spam and beans spam spam !

      Really? Have you flagged them as spam to the Google Mothership? That worked for me ...

  5. Inventor of the Marmite Laser Silver badge

    Given that the company ignored complaints and then argued black was white that they weren't in the wrong, suggests the regulators response is a clear example of them getting it wrong and now facing the reputational consequences of that error.

    1. John Brown (no body) Silver badge

      Yes, I was thinking that too. The comments from Amex quoted in the article seem to indicate that even after being found in breach, they still don't think they did anything wrong. Maybe the fine should be doubled every month until they see the error of their ways and admit the broke the rules?

      1. Aitor 1 Silver badge

        Fine per email

        If they got fined per email, asubstantial ammount, then things would change

  6. Gene Cash Silver badge

    Reputational consequences?

    Is anyone actually going to hear about this? As far as I know, El Reg is the only one to cover it. None of their customers, ex-customers, or prospective customers are going to ever know about this.

    1. Steve K Silver badge

      Re: Reputational consequences?

      A quick email to Private Eye.....?

    2. Anonymous Coward
      Anonymous Coward

      Re: Reputational consequences?

      The regulator should force them to send an apology email to each of their affected customers.

      oh wait....

    3. Tromos

      Re: Reputational consequences?

      One thing that would ensure there were consequences and instil a desire to ensure it never happened again would be a simple addition to the fine. Make them publish an apology and promise to not reoffend in the form of half-page adverts in 4 leading national newspapers.

  7. SuperGeek

    Missing out?

    "The bank told its customers: "We feel that Card Members would be at a disadvantage if they were not aware of these campaigns and promotional periods.""

    So you're missing out having to spend £500 to get £50? Heh. Cloud cuckoo marketing again!

    Spend £40 in store and get 5p off a litre of fuel!

    1. Roland6 Silver badge

      Re: Missing out?

      >Spend £40 in store and get 5p off a litre of fuel!

      Well, if you normally spend £40 in-store and will be putting 50 litres of fuel in the car the offer is relatively good.

      My other-half seems to have mastered the art of shopping in rotation (Tesco's, Sainsbury's, Waitrose) so as to maintain a steady flow of high-value discount vouchers. Until the end of the month it's Sainsbury's (£4.50 off a £30 spend), as for next month, vouchers are probably already in the post...

      So the question isn't so much who went out specially and spent £500 on Amex, but those who had a choice and decided to use their Amex card instead of their Visa/MC etc. for that £500+ purchase.

  8. Anonymous Coward
    Anonymous Coward

    facing the reputational consequences of that error," said ICO head

    he must have trained that in front of the mirror many, many times!

  9. sitta_europea

    "I get 50+ spam a day in my gmail .. nothing will stop them"

    "Really? Have you flagged them as spam to the Google Mothership? That worked for me ..."

    I got so pissed off with spam from google that I automated the abuse reports.

    Every one is reported to Abuseipdb, Spamcop and of course to Google themselves.

    Makes no difference at all.

    Eighteen from China tonight.

    Of course I reject them anyway, after hanging onto the line for twenty-five minutes, but all the same they're obnoxious criminals.

    The only other one that's as bad is outlook.

    1. Androgynous Cupboard Silver badge

      While I get the frustration, I'm not sure sending automated email as a response to automated email is going to form part of the solution.

  10. Blackjack Silver badge

    With fines so cheap it only encourages them to keep doing stuff like this.

  11. Allan George Dyer Silver badge

    Make the punishment fit the offer...

    They sent the messages to encourage people to spend £500, make them pay that to each recipient for the inconvenience, and the £90,000 fine to the ICO for breaking the rules. That might discourage them.

  12. Big_Boomer

    Pathetic waste of time

    Chances are the ICO pissed away £500k investigating this and then issued this pathetic fine. MAKE SPAMMERS PAY! £1 per spam for a first offence, £10 per spam for 2nd offence, £100 for 3rd, etc. In addition, they should be required to send a letter to each affected customer apologising, and as others stated publish said apology in the national press. To a company like AMEX, £90k is cheaper than their last London Office corporate jolly.

    1. AW-S

      Re: Pathetic waste of time

      In my opinion Amex isn't going to suffer reputational damage. After all it took the incident on the chin and hasn't contested the fine. It may even have identified the customers and made a token credit to their account.

      It's the ICO that once again leaves all of us wanting. It continues to disappoint. Disband it, encourage individuals to take out civil action each time and then see what happens to UK originated spam,

      1. Richard 12 Silver badge

        Re: Pathetic waste of time

        Gods no. Have you ever tried to sue a Big Co?

        It's damn near impossible, and even when you "win", you still lose because the lawyers take most of it.

        It's only worth the hassle when the numbers are very large.

        1. AW-S

          Re: Pathetic waste of time

          I have and I have won. Even a mad women can get the Prime Minister into trouble for a few quid.

          Charging Amex £12.00 per spam email - the same charge for an electronic late payment notification - is worth it. When thousands of their customers do it they will simply not be able to defend the claims and will pay up.

          Make no mistake, financial services companies always pay to save their own internal legal costs - and it' cheaper than a referral to their regulatory authority too.

      2. Christoph

        Re: Pathetic waste of time

        Well with a bit of luck they will find themselves generally referred to as SPAMex.

      3. Colin Bull 1

        Re: Pathetic waste of time

        "encourage individuals to take out civil action each time and then see what happens to UK originated spam"

        I am thinking of doing this for spam calls. Butr will I be able to claim a worthwhile amount in the small claims court, or will the court fees be enough to put them off.

        If its any consolation Trustpilot are just as bad as ICO and are a waste of space.

  13. Alan Hope

    Appalling reputational damage to the regulators.

    That sum won't even cover the cost of the admin leading to the fine.

    Zero deterrent value - the message is clear to all other businesses, you can span in the UK with absolute impunity.

  14. Avatar of They

    Our ICO

    is Sh*t.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022