The Information Commissioner’s Office (ICO) has fined a QR code provider for sending direct marketing emails to people who provided their personal data for contact tracing purposes. Ltd (TML) of St Albans sent nearly 84,000 nuisance emails at the peak of the Covid-19 pandemic between September and November last year when businesses were using private QR code providers to collect personal data. 

As a result TML was fined £8,000.

Separate from the TML investigation, the ICO has also been running checks on other QR code providers to ensure they are handling people’s personal information properly and abiding to GDPR and the Data Protection Act 2018. 

The checks revealed that most of the companies understood the relevant laws and the importance of processing personal data securely and fairly. 

As the UK economy continues to open up the ICO has created guidelines for businesses to follow.