May 21, 2021

ICO fines multinational financial services company £90,000

On May 20, 2021, the UK’s Information Commissioner’s Office fined American Express Services Europe Limited (Amex) £90,000 after confirming that the company sent over four million direct marketing emails to subscribers who had not provided adequate consent.  The ICO launched an investigation after receiving customer complaints about the unwanted marketing materials and found that for a 12-month period, between June 1, 2018 to May 31, 2019, Amex sent over 50 million emails to customers that the company classified as servicing emails; however, the ICO determined that over 4 million of those emails were actually marketing emails that encouraged customers to make purchases on their cards.

According to Regulation 22 of the Privacy and Electronic Communications Regulations 2003 (PECR), it is against the law to send marketing emails to customers unless consent has been freely given, and the ICO has clearly defined the difference between marketing and services emails.  The ICO continues to encourage members of the public to report unwanted marketing emails, nuisance calls and texts.

ICO Press Release | ICO News Release | AMEX monetary penalty notice