We Buy Any Car, Sports Direct and Saga have been find £495,000 between them after sending more than 354 million nuisance messages.
We Buy Any Car was fined £200,000 for sending over 191 million emails and 3.6 million nuisance texts between April 2019 and April 2020. The Information Commissioner found that emails were sent to people who had requested an online valuation of their voices. An investigation discovered that the initial emails about the request were made within the law, however the subsequent emails were unlawful because they contained marketing as well as being sent without consent.
Both Saga Services Ltd (SSL) and Saga Personal Finance (SPF) instigated emails using partner companies and their affiliates. The companies used data lists of people who had not given the companies consent to contact them. SSL instigated more than 128 million emails between November 2018 and May 2019, and SPF more than 28 million over the same period.
Subsequently, the companies were fined £150,000 and £75,000 respectively, in addition to being issued with Enforcement Notices ordering them to stop any illegal direct marketing within 30 days or face court action.
Between December 2019 and February 2020, Sports Direct sent 2.5 million emails as part of a re-engagement campaign with people they had not contacted for some time. They were unable to produce evidence of consent to contact the recipient and thus has been fined £70,000.
Andy Curry, ICO Head of Investigations, said:
“Getting a ping on your phone or constant unwanted messages on your laptop from a company you don’t want to hear from is frustrating and intrusive.
“These companies should have known better. Today’s fines show the ICO will tackle unsolicited marketing, irrespective of whether the messages have been orchestrated by a small business or organisation, or a leading household name. The law remains the same and we hope today’s action sends out a deterrent message that members of the public must have their choices and privacy respected
“Companies that want to send direct marketing messages must first have people’s consent. And people must understand what they are consenting to when they hand over their personal information. The same rules apply even when companies use third parties to send messages on their behalf.”
This year alone (2021/22) the ICO has issued 17 fines totalling more than £1.7 million so far for breaches of direct marketing laws.
Don’t miss PrivSec Global next week, a two-day live and on-demand livestream experience.
Must see sessions include:
Digital Advertising: Death of Third Party Cookies and the Future of Digital Advertising | 22 September at 8:00am BST
Emerging Challenges in Cybersecurity: Lessons Learned and Actionable Steps to Protect Your Organization | 22 September at 10:00am BST