Digital contact tracing firm fined by ICO over breach of data laws

Written by Sam Trendall on 19 May 2021 in News

Watchdog says most companies kept within the law

Credit: Pixabay

A firm established last year to provide businesses with digital contact-tracing services has been fined by the Information Commissioner's Office for breaching data laws.

Based in St Albans, Ltd was incorporated in June 2020. The NHS Covid-19 app did not launch until late September and, during last summer and autumn, the firm was one of many external providers that allowed businesses around the country to display QR codes that could be scanned by customers for the purposes of contact-tracing. 

Having assisted in gathering personal data of citizens, the Hertfordshire company then broke data-protection laws by sending them – without adequate consent – about 84,000 marketing emails between September and November, according to the ICO.

Related content

The regulator has fined the company £8,000 for doing so.

The ICO claimed that it has also engaged with a range of other commercial QR code providers that have supported businesses during the pandemic “to ensure they were also handling people’s personal information properly”.

“The checks, which took place over the past six months, found that most of the companies understood the relevant laws and the importance of processing personal data fairly and securely,” the watchdog added. “ICO experts also met with some of them to help improve their practices.”

As the economy begins to open up and more contact-tracing info is gathered, businesses unsure of their obligations can turn to ICO guidelines, which advise them to store data no longer than 21 days, and not to use it for any marketing purposes.

Firms are also encouraged to “adopt a data protection by design approach from the start when they develop new products… [and to] make privacy policies clear and simple so that people understand how their information will be handled”. 


About the author

Sam Trendall is editor of PublicTechnology


Share this page




Please login to post a comment or register for a free account.

Related Articles

Consumer regulator seeks £100k leader for algorithm work
19 January 2022

CMA created team last year to better understand and oversee the use of automated technologies in business

Home Office to spearhead anti-encryption public comms campaign
17 January 2022

Report claims efforts led by advertising firm will aim to stoke concern among parents and could feature public stunts designed to alarm passers-by 

DCMS agency recommends industry kitemark for AI systems
5 January 2022

The Centre for Data Ethics and Innovation has called for a competitive market for assurance providers

End-to-end encryption: ICO says delaying use of technology ‘leaves everyone at risk – including children’
25 January 2022

As government launches comms campaign claiming security function will enable child abusers, data-protection watchdog claims debate is ‘unbalanced’