Commonwealth Bank was fined by the communications watchdog which found between November 2023 and April this year the big four bank had sent 170 million emails to Australians without offering the ability to unsubscribe.

Of those, 34.8 million, or a little more than one fifth, had never consented to being contacted by the bank or withdrawn their consent entirely.

CBA over the past 18 months has been fined for more than $11m by the Australian Communications and Media Authority for breaching the spam act, including 65 million emails which failed to provide an unsubscribe option in May last year.

ACMA chair Nerida O’Loughlin described the behaviour as “intrusive” and said “Australians are sick and tired of this kind of spam” which she said impedes on their privacy.

A spokesman for the bank told The Australian CBA was sorry for sending “non-compliant” messages to its customers.

“We acknowledge and accept the findings of the ACMA’s investigation into our compliance with certain provisions of the Spam Act, having co-operated fully with that investigation,” he said.

It’s understood some of these emails which breached the act were concerning updates on the bank’s products and policies.

“Timely and relevant information for our customers is incredibly important, and the way we classify that information to meet our regulatory requirements and customer expectations is an absolute priority,” the spokesman said. “We are committed to meeting our obligations and we’re dedicating significant time and resources to this.”

Ms O’Loughlin said several companies have failed to understand the Spam Act which presents clear messaging about what it is and what isn’t considered in breach of the rules.

“The rules are clear, if a message includes marketing content or direct links to marketing content, it is a commercial message and must give people the option to unsubscribe,” Ms O’Loughlin said.

“We have seen several companies get this wrong and businesses are on notice to check how they are classifying messages as commercial or non-commercial.”

CBA is one of several major Australian companies which have been fined a combined $18m over the past 18 months for breaching the act .

In 2023 ACMA handed out about $7m worth of fines to major companies in Australia. That included Kmart, fined $1.3m in November, DoorDash, fined $2m in August, and CBA, fined $3.55m in June.

Others companies fined for breaching the spam act include Sportsbet, which was hit with a $2.5m penalty in February, 2022, and Latitude which was hit with a $1.55m in September 2022 and Crypto exchange Binance which was fined $2m for breaching the Spam Act in December last year.

Kogan, Optus, Woolworths and Outdoor Supacentre have also been hit with fines of $1m or less for breaching the act.

Ms O’Loughlin said ACMA’s second investigation, following the $3.55m fine in June 2023, revealed that CBA incorrectly classified millions of messages as non-commercial.

The investigation found that the emails either promoted a product or service including insurance, credit and loans or the bank itself.

CBA has accepted an three-year court enforceable undertaking to address the issues, with the bank committing to an independent review.

More Coverage

Regulators ‘overlap’ in scam prevention draft

Joseph Lam

Retailer’s huge fine for customer spam

Emma Kirk

Originally published as CBA fined $7.5m for 170 million emails breaching Spam Act