UK data regulator fines American Express up to 0.021p per email after opted-out folk spammed 4.1 million times American Express has been fined 0.009 per cent of its annual profits by the Information Commissioner's Office (ICO) after spamming people who opted out of its marketing emails with 4.1 million unwanted messages. The £90,000 fine was announced today after the British data regulator ruled the US bank had broken the law. "This …
We used to use them for Merchant Services, back in the day before we had any other options. When we finally dropped them for Stripe and closed our account, we continued to get emails telling us our merchant statement was ready. I called them several times about this but they were unable to find any record of an open account - no account number was on the email - so had no way of stopping the emails and suggested we "just ignore them". They eventually stopped after a couple of years.
@Loyal Commenter
I am old and grizzled enough to not be a member of this new-fangled 'commenteriat'...I am always a 'commentard' :-)
"I got statements/bills from BT for several years in the early '00s after I was no longer a customer of theirs (and didn't even have a connected land-line). An equally quality organisation, I'm sure my fellow commenteriat will agree."
Oh, yes.
They kept on sending me statements which showed that I was several hundred pounds in credit.
I sent a complaint and asked them to send the money instead, since I had closed the account.
Instead, they completely ignored the complaint and stopped sending the statements.
They kept the money.
0.14p per message for general breaches. 9.5p for breaches involving GDPR category 9 (sensitive) data.
In both cases derisory, and for the perpetrators just a minor cost of doing business. Until either penalties actually hurt or (preferably) enforcement actually stops abuses, nobody is going to take any notice of the law at all. And even such enforcement as the one reported only applies where large numbers of people are affected. Individuals bringing single complaints to the regulator stand practically no chance of being taken seriously, let alone gaining redress.
Despite relatively adequate legislation, the entire data protection regime is in practice pretty much non-functional. If gauged by either its power to prevent abuses or to redress specific instances of wrongs, it's so far failed spectacularly. However it appears so far to be largely satisfactory to the EU, as we're well on the road to an adequacy decision (based on the law itself, despite almost universal non-compliance with it and pretty toothless enforcement).
Beautifully written comment, that.
Mike 137 is most likely more erudite than I am , as I was thinking "It's about time the ICO stopped biting like a puppy, and more like an effing great big German Shepherd".
Another way of putting it would be that it time for a proper adult bollocking rather than these piddly little slaps-on-the-wrist-and-you-must-try-harder efforts..
I'm not saying the amounts involved should be huge, just enough (say 1% of last FY's net profits) to make someone take notice and feel mildly punished. I wouldn't worry about a time £1 fine either.....although raise that to a tenner and it would be a different story!
Should be easy money for the ICO, as Amex are hardly going to shut up shop/dissolve their corporate selves to avoid paying the fine, are they.
No, this isn't "Amex-bashing", but more "ICO Bashing" for being too soft and absolutely NOT being a deterrent.
4.1 million, a conversion rate of 1% would be 41,000 customers spending up-to £500 more than they otherwise would.
At £500 per customer, assume they all paid zero interest (hah!) and that Amex only get the transaction commission of ~2%.
£410,000. Subtract the £75k fine and this one campaign still made at least £335,000 from the abused customers.
The fine needs at least one more zero on the end before Amex would even notice.
Yes, I was thinking that too. The comments from Amex quoted in the article seem to indicate that even after being found in breach, they still don't think they did anything wrong. Maybe the fine should be doubled every month until they see the error of their ways and admit the broke the rules?
One thing that would ensure there were consequences and instil a desire to ensure it never happened again would be a simple addition to the fine. Make them publish an apology and promise to not reoffend in the form of half-page adverts in 4 leading national newspapers.
"The bank told its customers: "We feel that Card Members would be at a disadvantage if they were not aware of these campaigns and promotional periods.""
So you're missing out having to spend £500 to get £50? Heh. Cloud cuckoo marketing again!
Spend £40 in store and get 5p off a litre of fuel!
>Spend £40 in store and get 5p off a litre of fuel!
Well, if you normally spend £40 in-store and will be putting 50 litres of fuel in the car the offer is relatively good.
My other-half seems to have mastered the art of shopping in rotation (Tesco's, Sainsbury's, Waitrose) so as to maintain a steady flow of high-value discount vouchers. Until the end of the month it's Sainsbury's (£4.50 off a £30 spend), as for next month, vouchers are probably already in the post...
So the question isn't so much who went out specially and spent £500 on Amex, but those who had a choice and decided to use their Amex card instead of their Visa/MC etc. for that £500+ purchase.
"I get 50+ spam a day in my gmail .. nothing will stop them"
"Really? Have you flagged them as spam to the Google Mothership? That worked for me ..."
I got so pissed off with spam from google that I automated the abuse reports.
Every one is reported to Abuseipdb, Spamcop and of course to Google themselves.
Makes no difference at all.
Eighteen from China tonight.
Of course I reject them anyway, after hanging onto the line for twenty-five minutes, but all the same they're obnoxious criminals.
The only other one that's as bad is outlook.
Chances are the ICO pissed away £500k investigating this and then issued this pathetic fine. MAKE SPAMMERS PAY! £1 per spam for a first offence, £10 per spam for 2nd offence, £100 for 3rd, etc. In addition, they should be required to send a letter to each affected customer apologising, and as others stated publish said apology in the national press. To a company like AMEX, £90k is cheaper than their last London Office corporate jolly.
In my opinion Amex isn't going to suffer reputational damage. After all it took the incident on the chin and hasn't contested the fine. It may even have identified the customers and made a token credit to their account.
It's the ICO that once again leaves all of us wanting. It continues to disappoint. Disband it, encourage individuals to take out civil action each time and then see what happens to UK originated spam,
I have and I have won. Even a mad women can get the Prime Minister into trouble for a few quid.
Charging Amex £12.00 per spam email - the same charge for an electronic late payment notification - is worth it. When thousands of their customers do it they will simply not be able to defend the claims and will pay up.
Make no mistake, financial services companies always pay to save their own internal legal costs - and it' cheaper than a referral to their regulatory authority too.
"encourage individuals to take out civil action each time and then see what happens to UK originated spam"
I am thinking of doing this for spam calls. Butr will I be able to claim a worthwhile amount in the small claims court, or will the court fees be enough to put them off.
If its any consolation Trustpilot are just as bad as ICO and are a waste of space.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
