American Express’s £90k fine: Not the wisdom of crowds, the stupidity of group-think
According to a quick LinkedIn search, there are between several hundred and a few thousand people employed at American Express claiming expertise in compliance, risk or regulation. I know that most won’t be focused on the UK market or customer comms and marketing, but I’m sure that those that are would (virtually) fill more than a big room with considerable cleverness and costs of employment.
In which case it’s reasonable to ask why American Express has just been found guilty of sending over 4 million illegal marketing emails by the Information Commissioner’s Office and fined £90,000 for doing so?
Amex’s error was rooted in its disregard of the Privacy and Electronic Communications Regulations (PECR) rules. Specifically, it broke the – pretty fundamental – bar on sending emails with marketing messages to customers who had opted out of marketing communications. Views and interpretations of what constitutes marketing can, of course, vary widely – but (whether you, I or Amex like it or not) the ICO has a very a clear definition. Direct communications are either Service comms or Marketing comms and Marketing means any kind of promotion or marketing of goods or services.
American Express argued that it included information on offers, promotions, loyalty bonuses and its member app in its emails because “Card Members would be at a disadvantage if they were not aware of these campaigns and promotional periods” and even that the emails provided “…benefits reinforcement, rather than marketing materials”. This smacks of wishful thinking, at best. And data privacy compliance has little scope for wishful thinking. Worse, it’s evidence of group-think (the inept, incurious sibling of the wisdom of crowds).
Companies can and should look at data privacy challenges creatively, by using different perspectives or techniques – which is just what the innovators in the emerging world of privacy tech are doing. But wishful thinking and group-think just won’t cut it and will create potentially unmanageable compliance and customer experience risks.
The world’s full of organisations that are either wilfully or naively ignorant of the laws and regulations that govern marketing and customer engagement in order to maintain customers’ rights and protect their data privacy. Amex shouldn’t be one of them.
Sometimes it pays to get an independent perspective, free from wishful thinking and organisational group-think.
If you think your organisation could do with that, then drop me a line firstname.lastname@example.org