The ICO has fined a company for sending direct marketing emails to people who provided their personal data for contact tracing purposes. Tested.me Ltd (TML) of St Albans, provides digital contact tracing services which work by offering people a QR code to scan when arriving at businesses’ premises. The company sent nearly 84,000 nuisance emails at the height of the Covid-19 pandemic between September and November last year, when businesses were using private QR code providers to collect personal data to meet the government’s contact tracing rules. The ICO fined TML £8,000 for using personal data for marketing without adequate valid consent, this is against the law. Separate to the Tested.me investigation, the ICO responded to the rise in the use of QR code technology to help meet the rules by contacting 16 QR code providers to ensure they were also handling people’s personal information properly.

Source: ICO