CBA fined for spam
Print
Commonwealth Bank has been fined $7.5 million for breaching Australia’s spam laws.
An investigation by the Australian Communications and Media Authority (ACMA) has revealed that between November 2022 and April 2024, CBA sent more than 170 million marketing emails without including a way to unsubscribe, as required by the Spam Act 2003.
Of these, 34.8 million were sent to recipients who had not consented or had withdrawn consent.
This is CBA's second major violation in two years, following a $3.55 million penalty in May 2023 for sending 65 million emails without proper unsubscribe functions.
Despite this, the bank failed to fix its systems, leading to further breaches.
ACMA Chair Nerida O’Loughlin called CBA’s repeated non-compliance unacceptable.
“Australians are sick and tired of this kind of spam intruding on their privacy, and it’s clear CBA did not have its systems in order,” she said .
O’Loughlin further noted that the bank had “incorrectly classified millions of messages as non-commercial”, exempting them from standard marketing rules.
While the law allows service messages to be sent without consent, ACMA found CBA’s messages promoted products and services, including credit card debt plans, CommBank Yello benefits, and Myer points offers.
“If a message includes marketing content or direct links to marketing content, it is a commercial message and must give people the option to unsubscribe,” O'Loughlin said.
As part of the resolution, CBA has agreed to a three-year, court-enforceable undertaking, which includes an independent review and system improvements to ensure compliance. ACMA will closely monitor the bank's actions.
Maximum penalties under the Spam Act can reach $626,000 per day for first-time offenders, and up to $3.13 million per day for repeat breaches.
ACMA has prioritised enforcing these rules in 2024-25 and has collected over $20 million in fines from various companies in the past 18 months.
CBA apologised for its actions, with a spokesperson stating; “We are committed to meeting our obligations and we’re dedicating significant time and resources to this”.
