Entrance to RPC building - dark

ICO fines American Express for blurring service emails with marketing emails

Published on 02 August 2021

What is the difference between service emails and marketing emails, and what happens if you get it wrong?

The key takeaway

Take great care to avoid including marketing material in service emails to customers who have not consented to marketing communications. If the material is targeted at specific individuals and advertises any of the business’ goods or services, or contains any significant promotional material aimed at encouraging customers to purchase extra products or services, it is highly likely to be subject to the strict rules on consent-based direct marketing.

The background

The Information Commissioner’s Office (ICO) has fined American Express Services Europe Limited (Amex) £90,000 for sending more than four million unsolicited marketing emails to its customers.

Over a 12-month period, between 1 June 2018 and 31 May 2019, Amex sent over 50 million service emails to its customers. These emails prompted complaints from customers who were disgruntled at receiving marketing material contained within these emails, despite having opted out of marketing communications.

The ICO’s investigation

The ICO was prompted to investigate as a result of complaints from five Amex customers in 2019. They asserted that they were receiving marketing emails despite having opted out of them. Amex rejected the complaints, alleging that the emails were service emails, not marketing emails and as such were not covered by the specific rules around electronic marketing.

The ICO found that Amex had sent over 50 million service emails to its customers, and that over four million of those emails were marketing emails. The emails in question included details of the rewards of shopping online with Amex, advice on how to get the most out of using the card and encouragement for customers to download the Amex app. They were designed to encourage customers to make purchases on their cards which would benefit Amex financially, and therefore amounted to a deliberate action for financial gain by the company.

Amex argued that customers would be disadvantaged if they were not informed about campaigns, and that the emails were a requirement of its Credit Agreements with customers. The ICO disagreed, and fined Amex £90,000 for its conduct in sending the unlawful marketing emails.

Why is this important?

Amex’s case highlights the importance of being vigilant on what can be a fine line between a service email and a marketing email. Service messages contain routine information, such as changes to terms and conditions and payment plans, notice of service interruptions, or information around product safety. By contrast, direct marketing is any communication of advertising or marketing material that is directed at specific individuals. This distinction is critical, and the latter should only be sent to those who have given their consent to receiving marketing emails – noting the strict rules which apply to direct marketing messages under Regulation 22 of the Privacy and Electronic Communications Regulations 2003 (PECR).

The maximum fine for a breach of PECR is £500,000. The fact that Amex were fined £90,000 on this occasion shows that the ICO take these kinds of complaints seriously, even in circumstances where only a handful of complaints were received. It considered the breach to be serious and therefore worthy of a noticeable fine.

Any practical tips?

All companies should familiarise themselves with the differences between a service email and a marketing email and thereby ensure that their email communications with customers are compliant with PECR. The ICO has published helpful guidance on the difference between marketing and service emails, which can be used as a point of reference. See the ICO’s draft Direct Marketing Guidance for the latest on this.

It is also prudent for companies to regularly revisit and monitor their procedures to ensure that marketing messages are not inadvertently slipping into service emails, at least not to customers who have not consented to receive them.

Summer 2021