Digital contact tracing firm fined by ICO over breach of data laws
Watchdog says most companies kept within the law
A firm established last year to provide businesses with digital contact-tracing services has been fined by the Information Commissioner's Office for breaching data laws.
Based in St Albans, Tested.me Ltd was incorporated in June 2020. The NHS Covid-19 app did not launch until late September and, during last summer and autumn, the firm was one of many external providers that allowed businesses around the country to display QR codes that could be scanned by customers for the purposes of contact-tracing.
Having assisted in gathering personal data of citizens, the Hertfordshire company then broke data-protection laws by sending them – without adequate consent – about 84,000 marketing emails between September and November, according to the ICO.
The regulator has fined the company £8,000 for doing so.
The ICO claimed that it has also engaged with a range of other commercial QR code providers that have supported businesses during the pandemic “to ensure they were also handling people’s personal information properly”.
“The checks, which took place over the past six months, found that most of the companies understood the relevant laws and the importance of processing personal data fairly and securely,” the watchdog added. “ICO experts also met with some of them to help improve their practices.”
As the economy begins to open up and more contact-tracing info is gathered, businesses unsure of their obligations can turn to ICO guidelines, which advise them to store data no longer than 21 days, and not to use it for any marketing purposes.
Firms are also encouraged to “adopt a data protection by design approach from the start when they develop new products… [and to] make privacy policies clear and simple so that people understand how their information will be handled”.
CMA created team last year to better understand and oversee the use of automated technologies in business
Report claims efforts led by advertising firm will aim to stoke concern among parents and could feature public stunts designed to alarm passers-by
The Centre for Data Ethics and Innovation has called for a competitive market for assurance providers
As government launches comms campaign claiming security function will enable child abusers, data-protection watchdog claims debate is ‘unbalanced’