The company was found to have abused its access to personal data for direct marketing purposes.
A privacy regulator in the United Kingdom has fined a QR code provider for having abused the access it had to personal data so that it could use it for direct marketing, which it did at the peak of the pandemic.
The Information Commissioner’s Office issued the £8000 fine to the firm called Tested.me.
The Information Commissioner’s Office (ICO) issued a notice in which it explained that Tested.me from St Albans was fined £8000 after sending a marketing email without having first obtained the required consent from the people whose data was used.
The QR code provider had been providing its clients with contact tracing services. It made this possible by providing a quick response code that visitors to a location could scan instead of having to fill out a form manually.
That said, the company then went ahead and used that data for sending almost 84,000 spam emails between September and November 2020 when the COVID-19 pandemic was at its height in the country, said the ICO.
The ICO has been investigating a number of QR code provider companies like this one.
These investigations are being conducted to ensure that the firms are handling the data they collect in accordance with the GDPR and the equivalent regulation in the United Kingdom, the Data Protection Act 2018. According to the ICO, the investigations have shown that the majority of companies understand the laws and are complying with the regulations for fairly and securely processing personal data.
As the economy starts opening up following a lengthy lockdown, the regulator has offered guidance to firms in order to ensure that privacy policies are straightforward and simple, that they follow data protection by design guidance, and that they do not hold on to any collected data for longer than 21 days.
QR code provider companies are, for the most part, keeping compliant with the privacy and data collection regulations. That said, the ICO is conducting its checks to ensure that it keeps on top of any firms that may not understand the regulations or that are abusing their privilege deliberately.