Making Science

ICO issues big fines for nuisance comms to We Buy Any Car, Saga and Sports Direct

David Murphy
ICO Head of Investigations, Andy Curry

We Buy Any Car, Saga Services, Saga Personal Finance and Sports Direct have been fined a collective total of £495,000 by the Information Commissioner’s Office for sending a total of more than 354m nuisance messages.

We Buy Any Car was fined £200,000 for sending more than 191m emails. The firm also sent 3.6m nuisance texts. Saga Services Ltd and Saga Personal Finance were fined £150,000 and £75,000 respectively for instigating more than 157m emails between them. Sports Direct was fined £70,000 for sending 2.5m nuisance emails.

None of the companies had permission from the people they were communicating with to  send them marketing emails or texts.  

We Buy any Car sent emails to people who had requested an online valuation of their vehicles. The Information Commissioner found that the initial emails sent after a valuation request were made within the law, but that subsequent emails which also promoted the We Buy Any Car service were unlawful because they contained marketing as well as being sent without consent. The company sent more than 191m emails between April 2019 and April 2020, plus 3.6m text messages.  

Both Saga Services Ltd (SSL) and Saga Personal Finance (SPF) instigated emails using partner companies and their affiliates. These companies used data lists of people who had not given the companies permission to contact them. SSL instigated more than 128m emails between November 2018 and May 2019 and SPF more than 28m over the same period.

The companies say they relied on indirect consent, however the laws around electronic messages are stricter as they are more intrusive and this form of consent is not adequate. In addition to the fines, both companies have also been issued with Enforcement Notices ordering them to stop any illegal direct marketing within 30 days or face court action.

Sports Direct sent 2.5m emails as part of a re-engagement campaign between December 2019 and February 2020 with people they had not contacted for some time. They were unable to show any evidence of consent to contact the recipients.  

The ICO has issued 17 fines totalling more than £1.7 million so far this year (2021/22) for breaches of direct marketing laws. You can read more about this enforcement action here and our work to recover fines here.

Andy Curry, ICO Head of Investigations, said: ”Getting a ping on your phone or constant unwanted messages on your laptop from a company you don’t want to hear from is frustrating and intrusive.

“These companies should have known better. Today’s fines show the ICO will tackle unsolicited marketing, irrespective of whether the messages have been orchestrated by a small business or organisation, or a leading household name. The law remains the same and we hope today’s action sends out a deterrent message that members of the public must have their choices and privacy respected

“Companies that want to send direct marketing messages must first have people’s consent. And people must understand what they are consenting to when they hand over their personal information. The same rules apply even when companies use third parties to send messages on their behalf.”

David Greenberg, CMO at marketing automation firm Act-On, said the fines were a stark reminder of the consequences companies will face – regardless of their size – if they fail to respect the privacy of their customers and don’t ensure communication with customers is permission-based.

“Over the years we have seen consumers become far more open to receiving marketing communications from brands and organisations – particularly via text – but we have also seen brand experience become an important tenet in a customer’s loyalty," he said. "While it is crucial to abide by GDPR, brands must understand the detriment they are having on brand experience and customer satisfaction by spamming customers with unwanted messages on their personal devices.

“To avoid customers feeling like they are being spammed by your brand, any messages must be personalised and have a focus on information the customer will want to know, such as delivery updates, offers, purchase confirmations, loyalty point balances and event details. Pre-setting frequency caps is a great way of keeping on top of the number of messages or emails a customer has received in order to avoid overwhelming them.”