Posted by Ruth Bowen, Risk and Best Practice Lawyer
SPAMEX: American Express the latest global brand to receive a fine from the ICO
Last month the Information Commissioner’s Office (ICO) fined American Express Services Europe Limited (AMEX) £90,000 for sending more than four million marketing emails to customers who did not want to receive them.
These customers had “opted out” of receiving direct marketing communications and the ICO found that Amex was in “serious contravention” of Regulation 22 of the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR).
The ICO had only received a very low number of complaints from individuals (in single figures) who had opted out of receiving AMEX’s marketing e-mails, but despite this they decided to fully investigate. AMEX tried to put forward the view that the e-mails they had sent were not “marketing” e-mails but “servicing” e-mails. This distinction is very important, on the basis that “servicing” e-mails would not be classified as “direct marketing” and therefore not fall foul of PECR.
What is the difference between “servicing” e-mails and “direct marketing” e-mails
The ICO go into some detail on the AMEX matter as to what they consider direct marketing versus “servicing” e-mails. The ICO appears to be taking a strict interpretation of this. ICO guidance states:
Routine customer service messages do not count as direct marketing – in other words, correspondence with customers to provide information they need about a current contract or past purchase (eg information about service interruptions, delivery arrangements, product safety, changes to terms and conditions, or tariffs). General branding, logos or straplines in these messages do not count as marketing. However, if the message includes any significant promotional material aimed at getting customers to buy extra products or services or to renew contracts that are coming to an end, that message includes marketing material and the rules apply.
In the AMEX e-mails, the ICO focus on the point that the e-mails were seeking to achieve a financial benefit to AMEX. The ICO stated that “None of the e-mails in question were neutrally worded and purely administrative in nature. Instead, each e-mail sought to encourage the customer to make purchases on their AMEX card (and, in the case of the AMEX App e-mails, also to make use of this product).” In particular the ICO draw attention to the following in the e-mails:
- A newsletter encouraged customers to book tickets for exclusive events, many of which were paid for
- They encouraged customers to make purchases on their cards which qualified for special offers or by highlighting rewards and benefits for use of their card
- They offered rewards for downloading the AMEX App
Other interesting points
AMEX tried to argue that the e-mails needed to be sent due to legal and contractual requirements arising from Credit Agreements they had in place with the recipients of the e-mails. The ICO responded that the legal and contractual requirements referred to by AMEX cannot override the statutory protection afforded by Regulation 22 of PECR. The ICO further stated that consent by an individual to receive marketing material is not “freely given” if it is a condition of receiving AMEX’s services in circumstances where such consent is not necessary for contractual performance by AMEX. The ICO also stated that consent is not informed if the “legal and contractual requirements” relied on by AMEX are not set out prominently and separated from other terms and conditions but are contained within overall terms and conditions.
AMEX also put forward to the ICO that their customers would be at a disadvantage if they were not made aware of the campaigns and promotional periods they were offering. The ICO responded that there is no exemption under Regulation 22 of PECR which allows organisations to send marketing e-mails which they consider advantageous for subscribers where they have not received prior consent to do so.
The ICO found that AMEX had been negligent but not deliberately contravened PECR.
The AMEX case highlights the importance of not sending marketing e-mails (or e-mails containing some marketing elements) to people who have opted out, as well as the pitfalls of trying to rely on the statutory exemptions and the difficulties of relying on terms and conditions with customers. The ICO are clearly taking a strict and narrow interpretation of the definition of marketing materials which they define as “any advertising or marketing material” and “any messages which include some marketing elements, even if that is not their main purpose”.
If you need any further clarification about this please speak to a member of our GDPR team.
0800 923 2073 Email us
There are many areas of the law that aren’t black or white. Grey Matters is our know-how programme to help you discuss these intricacies.