Lululemon fined more than $700,000 by ACMA for spam email breaches

Activewear fashion brand Lululemon has been fined $702,900 for breaching spam laws after hundreds of thousands of emails were sent without an unsubscribe option.

An investigation by the Australian Communications and Media Authority (ACMA) found Lululemon violated the rules when sending more than 370,000 emails containing “commercial content” without an option for recipients to unsubscribe.

The watchdog said the company “mischaracterised service messages, including delivery and order confirmation emails, that also had a clear marketing purpose” between December 2024 and January 2025.

Authority member Samantha Yorke said the spam rules were clear.

“Providing the ability to opt out is mandatory for marketing messages,” she said.

In a statement to the ABC, a Lululemon spokesperson said the company was committed to “delivering an exceptional guest experience that complies with all applicable legal and regulatory requirements”.

Lululemon will launch an independent review of its spam rule compliance.  (Reuters: Hollie Adams)

“We take this responsibility very seriously and have worked cooperatively with the Australian Communications and Media Authority (ACMA) to address their findings,” the spokesperson said. 

“We have completed a thorough review of our practices for communicating with our guests and have made updates to our standard guest journey emails, including our order confirmation and delivery notifications to ensure ongoing compliance.”

Shipping updates, order confirmations contained promotions

Ms Yorke said if an electronic message contained any promotional or sales content, it was “considered commercial regardless of whether the message has any other purpose”.

“In this case, Lululemon sent service emails, such as shipping updates that also contained sales material and direct links to promotions,” she said.

“This was an easily avoidable error that has led to hundreds of thousands of marketing emails being sent without a way for people to opt out.”

Ms Yorke said businesses “must have an unsubscribe option” in marketing messages.

“The simplest way to comply is to keep transactional or service messages separate from sales content and links.

“This is the fifth enforcement action the ACMA has undertaken in the last 18 months against businesses that have incorrectly treated messages as non-commercial even though they contained or had links to clearly commercial material.”

Businesses that send SMS messages now need to register their IDs

Organisations using branded identifiers in their text messages to consumers will need to register them by July 1, 2026, or risk being mistaken for a scam.

According to the ACMA record, since August 2024, CommBank, Telstra, PointsBet Australia, Tabcorp, and Betfair have been found to have breached spam rules.

Those companies, including Lululemon, have paid over $14 million combined in spam penalties. 

The watchdog added that Lululemon had entered into a “comprehensive court-enforceable undertaking committing it to an independent review of its spam rule compliance” and will need to report to the ACMA on the implementation of recommended improvements.