Lululemon Pays Penalty After ACMA Finds Hundreds of Thousands of Emails Breached Spam Rules

Key Takeaways

• Penalty for Spam Breaches: Lululemon paid $455,000 (AUD $702,900) after the ACMA found it sent more than 370,000 emails with commercial content that lacked an unsubscribe option.
• Service Messages Included Marketing: Emails framed as shipping updates or order confirmations also contained promotional material and sales links, making them commercial messages under spam rules.
• Regulator Emphasizes Clear Obligation: The ACMA reiterated that any message containing marketing content must include a way for recipients to opt out.
• Part of Wider Enforcement Activity: The case marks the fifth enforcement action in the past 18 months involving businesses misclassifying promotional emails as service communications.
• Compliance Review Required: Lululemon agreed to a court-enforceable undertaking requiring an independent review of its spam compliance and regular reporting to the regulator.

Deep Dive

Athletic apparel retailer Lululemon has paid a $455,000 (AUD $702,900) penalty after Australian regulators found the company sent hundreds of thousands of emails containing marketing content without providing recipients with a way to unsubscribe.

The penalty follows an investigation by the Australian Communications and Media Authority (ACMA), which examined email communications sent between December 1, 2024 and January 5, 2025. During that period, the regulator found Lululemon distributed more than 370,000 emails that included commercial material but did not contain the legally required unsubscribe function.

According to the ACMA, the issue stemmed from how the company categorized certain communications. Messages that appeared to be routine service notifications, such as shipping updates and order confirmations, also included promotional material and links directing recipients to sales offers.

Under Australia’s spam rules, any electronic message containing promotional or sales content is considered a commercial message, even if it also serves another purpose.

ACMA Authority Member Samantha Yorke said the case underscores a mistake businesses continue to make when blending operational communications with marketing.

“In this case Lululemon sent service emails such as shipping updates that also contained sales material and direct links to promotions,” Yorke said. “This was an easily avoidable error that has led to hundreds of thousands of marketing emails being sent without a way for people to opt out.”

Yorke said the regulator’s guidance is straightforward. If a message contains marketing content, it must include a clear mechanism allowing recipients to unsubscribe from future messages.

“Businesses need to understand that marketing messages must have an unsubscribe option and the simplest way to comply is to keep transactional or service messages separate from sales content and links,” she said.

The enforcement action reflects a broader pattern the ACMA says it has been seeing across the market. According to the regulator, the Lululemon case represents the fifth enforcement action in the past 18 months involving companies that incorrectly treated messages as non-commercial even though they contained promotional material.

“The law is clear—providing the ability to opt-out is mandatory for marketing messages,” Yorke added.

Alongside the financial penalty, Lululemon has agreed to a court-enforceable undertaking requiring the company to strengthen its compliance processes. The undertaking commits the company to an independent review of its spam rule compliance and requires regular reporting to the ACMA on how it implements recommended improvements.

The regulator said the review and reporting obligations are designed to ensure Lululemon’s email communications going forward comply with Australia’s spam laws.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.