'Millions' of spammy emails with no opt-out? That'll cost you $650K, Experian
Credit-reporting giant disagrees with FTC, will hand over the pocket change to make Feds go away
Experian has agreed to cough up $650,000 after being accused of spamming people with no opt-out button.
That sum will hardly be felt by the credit-reporting giant as its profits totaled $1.1 billion last year. The penalty stems from a complaint filed against it by the US Department of Justice on behalf of the Federal Trade Commission.
According to the Feds [PDF], California-based Experian Consumer Services, also known as ConsumerInfo.com, spammed folks with marketing offers after they signed up for free accounts to limit third-party access to their credit reports.
By limiting access, we mean freezing credit reports so they can't be accessed by fraudsters and identity thieves nor banks and other institutions.
These subsequent marketing emails, which number in the millions, we're told, promoted additional Experian services and included detailed information about the users' lives. Some of them asked people to confirm a car that Experian had linked to the user's account was, in fact, their vehicle; others offered a service to boost their credit score; and some promised free scans of the dark web to determine if any of their personal info had been leaked.
The one thing they didn't do — and this is where Experian allegedly ran afoul of the law — was provide an easy way for people to opt-out.
According to the complaint, filed last week, the corporation allegedly failed to provide a "clear and conspicuous notice" to consumers that they could opt-out of receiving further marketing messages, and also failed to provide a mechanism for doing so.
Both of these allegedly put the credit company in violation of America's Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003 (CAN-SPAM Act), the Controlling the Assault of Non-Solicited Pornography and Marketing Rule (CAN-SPAM Rule), and the Federal Trade Commission Act.
- Watchdog vows crackdown on 'harmful' world of surveillance-by-data-broker
- Experian, T-Mobile US settle data spills for mere $16m
- Google Cloud shores up log permissions for builder bot
Note: we are saying "allegedly" an awful lot here because in agreeing to forking out the civil penalty from whatever change it found under the couch, Experian neither admits nor denies any of the allegations in the Feds' legal complaint.
An Experian spokesperson confirmed today the emails were not sent to European customers, which avoids a messy GDPR showdown, and gave The Register the following statement:
Although we disagree with the FTC's allegations, the agreement allows us to move forward and continue to focus on serving consumers the best way possible.
Consistent with our goal to ensure consumers have clear and relevant information, in addition to the changes requested by the Federal Trade Commission, we also have launched a new Email Preferences Center, found at the bottom of every marketing email communication, that goes further.
By providing our customers with account updates and information, we're empowering them to take control of their financial lives, safeguard their identity and improve their financial health.
In addition to paying the $650,000, er, business fee, Experian has to obey a court-issued order [PDF] prohibiting the corporation from sending future spam emails that do not give folks an opt-out mechanism and otherwise violating CAN-SPAM.
"Signing up for a membership doesn't mean you're signing up for unwanted email, especially when all you're trying to do is freeze your credit to protect your identity," said Samuel Levine of the FTC's Bureau of Consumer Protection. "You always have the right to unsubscribe from marketing messages." ®