Monday, June 21, 2021

Regulator fines COVID-19 tracker for turning contact information into gross sales leads – Bare Safety

The Information Commissioner’s Office (ICO, the UK’s data protection regulator) has just issued a fine for “spamming without consent”.

That doesn’t sound very newsworthy on its own, but the interesting thing about this story is the circumstances under which the email addresses were collected in the first place.

The company that’s in trouble goes by the name Tested.me, and according to the ICO it was formed in the middle of 2020 to help businesses in the UK meet the government’s hurriedly imposed coronavirus track-and-trace rules.

Unfortunately for Tested.me, they also asked for consent to use contact data for purposes other than coronavirus tracking…

…but the way in which they went about it was not deemed appropriate by the ICO.

The company was fined £8000 (just over $11,000), which it must pay by 2021-06-08.

Intriguingly, the ICO is offering a £1600 “early payment discount” if the fine is paid in advance of the final deadline, although “early” in this case means anywhere up the day before, namely 2021-06-07.

We suspect that the main reason for offering this discount is not, in fact, to collect the money more quickly, but because anyone taking advantage of “early payment” cannot then appeal against the judgement.