Australia: Commonwealth Bank Fined AUD 7.5M for Unsolicited Emails

the Australian Communications and Media Authority (ACMA) announced that it has fined the Commonwealth Bank of Australia (CBA) AUD 7.5 million (about $5 million) for breaching the Spam Act by sending unsolicited marketing emails, which was published on 17 October 2024.

Why the Fine?
The ACMA acted after receiving complaints that CBA had sent marketing emails to customers who had previously opted out of receiving such messages. Additionally, the emails reportedly lacked a working unsubscribe option, making it difficult for recipients to stop future messages.

ACMA's Findings
An investigation revealed that between November 2022 and April 2024, CBA sent over 170 million marketing emails without a proper unsubscribe feature, violating the Spam Act’s requirements. The bank also sent around 34.8 million emails to customers who had either not given consent or had withdrawn their consent to receive such messages.

What Happens Next?
As a result, CBA was fined AUD 7.5 million. In addition to the fine, the ACMA has required the bank to hire an independent consultant to review its compliance with anti-spam rules, make any necessary improvements, and report back regularly to the authority.

For more details, press release is officially published here