Light bulb Limited Spots Available: Secure Your Lifetime Subscription on Gumroad!

Jan 23, 2026 · 5 min read

This Company Ignored Email Opt-Out Requests—And Got Fined Under GDPR

A Romanian financial services company learned the hard way that unsubscribe requests are not optional under European law.

When you click unsubscribe and emails keep coming, it is frustrating. In the European Union, it is also illegal. A Romanian financial services company was recently fined after a customer complained that marketing emails continued despite multiple requests to stop. The investigation revealed a pattern of compliance failures that many companies share, and it reinforces why email privacy rights matter.

European government building with scales of justice representing GDPR enforcement against email violations

What Happened

The Romanian Data Protection Authority received a complaint from a customer who continued receiving commercial emails after explicitly objecting. Under GDPR, the right to object to direct marketing is absolute. When someone says stop, you must stop.

The investigation uncovered multiple violations:

  • The company continued processing the individual's email address for marketing after the objection was lodged
  • No simple and free opt out mechanism was provided
  • The company failed to respond appropriately to requests to delete personal data
  • Transparency information required by GDPR was incomplete or missing

The authority ordered corrective measures including responding to the complainant's requests, reviewing databases and applications to ensure opt outs are properly processed, updating transparency notices, and training staff on direct marketing rules.

Your Rights Under GDPR

If you are in the European Union or the company you are dealing with operates there, you have specific rights regarding marketing emails:

  • Right to object: You can object to direct marketing at any time, and the company must comply with no exceptions
  • Right to erasure: You can request deletion of your personal data, including your email address
  • Right to transparency: Companies must clearly explain what data they collect, why, and how they use it
  • Right to access: You can request a copy of all personal data a company holds about you

When companies fail to respect these rights, data protection authorities can impose fines and require corrective action.

The Soft Opt In Exception

Not all marketing emails require prior consent under EU law. The ePrivacy Directive includes what is called a soft opt in exception. Companies can send marketing without explicit consent if:

  • They obtained your email during a previous sale or service
  • The marketing is for similar products or services
  • You were given a clear opportunity to opt out when your email was collected
  • Every subsequent email includes a simple unsubscribe option

However, even under this exception, once you object, the emails must stop immediately. The company in this case failed that basic requirement.

The EU Court of Justice recently clarified these rules in a case involving a Romanian online publisher. The court confirmed that when companies rely on the soft opt in, they do not need a separate GDPR legal basis. But they must still honor opt out requests without exception.

What This Means Outside Europe

GDPR's reach extends beyond EU borders. Any company that markets to EU residents must comply, regardless of where the company is based. American, Asian, and other non EU companies have all faced GDPR enforcement actions for violating European users' rights.

Even if you are outside the EU, this case illustrates a principle that should apply everywhere: when someone asks to be removed from a marketing list, that request should be honored promptly and completely. Unfortunately, not all jurisdictions have the same enforcement mechanisms.

What You Can Do

If you are receiving unwanted marketing emails despite opting out:

  • Document your opt out attempts with dates and screenshots
  • Send a formal written request citing your GDPR rights if you are in the EU
  • File a complaint with your national data protection authority if the company does not comply
  • Consider using disposable email addresses for signups to limit exposure

Data protection authorities take these complaints seriously. While individual fines may be modest, the requirement to overhaul systems and train staff creates lasting change. Every complaint reinforces that email privacy rights are not suggestions. They are enforceable law.