Skip to main content

Commonwealth Bank penalised $3.55 million for spam breaches

""

The Commonwealth Bank of Australia (CBA) has paid a record $3.55 million penalty after it sent more than 65 million emails that did not comply with Australia’s spam laws.

An Australian Communications and Media Authority (ACMA) investigation found CBA sent more than 61 million marketing emails to customers that unlawfully required them to log-in to unsubscribe. CBA sent a further 4 million marketing emails that did not have a functioning unsubscribe facility.

The CBA was also found to have sent more than 5,000 marketing emails to customers who had asked to unsubscribe from these messages.

ACMA Chair Nerida O’Loughlin said companies must give people the option to unsubscribe from marketing messages and must make it easy to do so when consumers want to exercise their rights.

“The scale and duration of the breaches by the CBA is alarming, especially when the ACMA gave it early warnings it might have some issues and the steps it took were ineffective. The failure to fix the issues shows a complete disregard for the spam rules and the rights of its customers,” said Ms O’Loughlin.

“Consumers are frustrated by marketing intrusions on their privacy, especially when there is no option, or it is difficult, to unsubscribe,” Ms O’Loughlin said.

This is the largest penalty imposed by the ACMA for breaches of the spam laws. In addition, the ACMA has accepted a three-year court-enforceable undertaking from CBA committing it to an independent review of its e-marketing practices and to implement improvements. CBA must also give regular compliance reports to the ACMA and train its staff on Australia’s spam laws.

The Spam Act 2003 requires marketing messages to contain working unsubscribe facilities. Making consumers log-in or provide personal details to unsubscribe is also generally prohibited. Once a message recipient has unsubscribed, sending further marketing messages is also against the law.

“We continue to see large and well-known businesses who should know better than breaching the spam laws. This action is a further warning to all businesses that non-compliance with Australia’s spam laws will not be tolerated,” Ms O'Loughlin said. 

“We will be closely monitoring the Commonwealth Bank’s compliance and the commitments it has made to review its practices. If we find future non-compliance, we will not hesitate to take further action.”

Enforcing SMS and email subscribe rules is an ongoing compliance priority for the ACMA. Other recent ACMA Spam Act enforcement actions can be found here.

Over the past 18 months, businesses have paid $11 million in penalties for breaching spam and telemarketing laws. The ACMA has also accepted 12 court-enforceable undertakings and given 1 formal warning.

Consumers can make a complaint about spam here. For more information on how to reduce unwanted emails, texts and phone calls, visit the ACMA website.



MR 18/2023

Back to top
ONLINE ENQUIRY