The Australian Communications and Media Authority (ACMA) has released its investigation report which concluded that the Commonwealth Bank of Australia (CBA) had made 5,949 contraventions of subsubsection 16(1) of the Spam Act [Unsolicited commercial electronic messages must not be sent] and
65,788,949 contraventions of subsection 18(1) of the Spam Act [CEMs must contain a functional unsubscribe facility].

ACMA issued an infringement notice which required the CBA to pay a record $3.552 million penalty.

The investigation focused on 3 categories of CEMs:
a. CEMs sent to any electronic address between 8 September 2021 and 18 November 2022, where the unsubscribe facility did not work,
b. For recipients who clicked on the CEM unsubscribe facility that did not work, CEMs were sent to those electronic addresses more than 5 business days after the unsubscribe attempt between 8 September 2021 and 30 November 2022, and
c. CEMs sent to any electronic addresses between 30 November 2021 and 5 August 2022, where the unsubscribe facility required the recipient to log-in to an account to unsubscribe.

CBA claimed the unsubscribe facility did not work because of a technical issue that affected customers who attempted to unsubscribe using an unsubscribe facility in its email CEMs.

CBA admitted that the messages sent without including a functional unsubscribe facility occurred due to human error or oversight.

In addition, the ACMA has accepted a three-year court-enforceable undertaking from CBA committing it to an independent review of its e-marketing practices and to implement improvements.

CBA must also give regular compliance reports to the ACMA and train its staff on Australia’s spam laws.

If you found this article helpful, then subscribe to our news emails to keep up to date and look at our video courses for in-depth training. Use the search box at the top right of this page or the categories list on the right hand side of this page to check for other articles on the same or related matters.