Woolworths pays record $1m fine for spamming customers

Woolworths has been fined $1 million for breaching Australia’s anti-spam laws more than 5 million times over the course of a year.

The Australian Communications and Media Authority (ACMA) said the $1,003,800 infringement notice is the largest it has ever issued.

The fine was handed down - and paid - after the grocery giant “sent marketing emails to consumers after they had unsubscribed from previous messages”, in contravention of the Spam Act 2003.

The emails were sent between October 2018 and July 2019.

ACMA chair Nerida O’Loughlin said an investigation “found Woolworths’ systems, processes and practices were inadequate to comply with spam rules.”

“The spam rules have been in place for 17 years and Woolworths is a large and sophisticated organisation,” she said. 

“The scale and prolonged nature of the non-compliance is inexcusable.

“Woolworths failed to act even after the ACMA had warned it of potential compliance issues after receiving consumer complaints.

“In this case, consumers claimed that they had tried to unsubscribe on multiple occasions or for highly personal reasons, but their requests were not actioned by Woolworths because of its systems, processes, and practices.”

WooliesX managing director Amanda Bardwell said that many of the breaches "were the result of technical and systems issues, which we fixed in 2019."

“Subsequent breaches occurred because we continued sending communications to email addresses shared by multiple [Woolworths] Rewards [loyalty scheme] members, where only one member had made an unsubscribe request," Bardwell said in a statement.

“While we were acting on unsubscribe requests from individual Rewards members, we did not assume it meant other members sharing that email address had to be opted-out as well.

“The ACMA has made clear it expects all communications to an email address to stop in such scenarios.

“We accept this position and have unsubscribed all members who share an email address where at least one of those members has told us they want to unsubscribe.”

It wasn't immediately clear how Woolworths distinguishes between different users of a single email address.

It may be that the company tracks device identifiers associated with a single email address, but that would not be indicative of the number of people accessing an address; it could show a single person with multiple devices set up to receive email from a single account.

Further comment was being sought by iTnews at the time of publication.

Woolworths has agreed to a “comprehensive” three-year court-enforceable undertaking [pdf] and has paid the fine.

“The ACMA will be actively monitoring Woolworths’ compliance with the spam laws and the commitments it has made to the ACMA,” O’Loughlin said.

“[These] actions should serve as a reminder to others not to disregard customers’ wishes when it comes to unsubscribing from marketing material.”