back to article UK data watchdog fines 'pandemic partner' biz £8k: It sent 84,000 marketing emails to people who'd given info for track and trace

The UK's data watchdog has fined a company £8,000 for sending 84,000 direct marketing emails without consent to people who had provided their personal data for contact tracing purposes. The Reg readership will have no problem in calculating this in their heads but for anyone feeling a bit slow today, that's just over 9.5 pence …

  1. Dwarf Silver badge

    A hefty fine

    At least such a hefty fine will act as a strong deterrent to others not to flout the rules

    I wonder if they still have the marketing database and where they will use it next ?

    1. Archivist

      Re: A hefty fine

      Did I miss the sarcasm flag?

      1. Anonymous Coward
        Anonymous Coward

        Re: A hefty fine

        the real sarcasm flag is no flag. And in this case, you missed the "Fail".


        Or... did I miss your sarcasm about missing sarcasm flag?

        but sarcasm aside, what's the real message about the 8K fine? One message I gather is: business is a'booming, brother!

    2. oiseau Silver badge

      Re: A hefty fine

      At least such a hefty fine will act as a strong deterrent to others ...

      I see what you're doing. =^P

      Seriously now:

      It is quite evident that the only way to get this sort of behaviour to stop is to take draconian measures, of the sort these outfits will not be able to recover from.

      Because, yes, they still have the databases and will be selling them on.

      The UK's data watchdog should heavily fine the company responsible for this scam as well as the outfit/s on whose behalf they were made ie: the end beneficiaries of said scam.

      And don't just fine the company/ies: fine all the members of the board at the companies involved, from CEO down.

      Any other action by the autorities is, as has long ago been demonstrated, utterly useless.


      1. HildyJ Silver badge

        Re: A hefty fine - draconian measures

        I used to think fining management would be enough.

        But I now think it has to be more draconian.

        Wipe their damnable databases. And the backups, back to when the incident occurred.

      2. Terry 6 Silver badge

        Re: A hefty fine

        Yes. Fining a fly-by-night company a trivial amount of cash that they probably won't even bother to pay is pretty much the definition of ineffectual.

        There has to be a sanction on the end users of dodgy data acquisitions, removing their impunity, and on the individuals responsible for doing the acquiring for an ICO to have any effect.

      3. Shadow Systems Silver badge

        At oiseau, re: draconian measures.

        Lock them in a room. Subject them to Vogon poetry for the next two weeks without pause. Hose the quivering blobs of exploded flesh down the drain. Punishment done. =-D

        I first considered forcing them to listen to me play the bagpipes to be the punishment, but then I remembered it's on My Skippy's List. Damn that list. =-J

        1. Jim Whitaker

          Re: At oiseau, re: draconian measures.

          Remember, a gentleman is someone who knows how to play the bagpipes but doesn't. ;-)

      4. Cynical Pie

        Re: A hefty fine

        They can't fine the Board members, there is no personal liability under PECR if its a Company sending the messages.

        While the current IC is a waste of space you can't blame her for the failings of central government and the fine regime they put in place for a particular piece of legislation

  2. Flak

    just, only, a paltry, the pitiful sum of ...

    There is a word or phrase missing in the headline - pick one of the above or add a similar one of your own choice.

    UK data watchdog fines 'pandemic partner' biz $%&*!!!! £8k

  3. Anonymous Coward
    Anonymous Coward

    Incorporated in June 2020

    It appears ICO operates now a stunningly effective '2-strike policy': a gentle pat that's worth 8K, but maybe, just maybe, gets paid, and a large slap, which folds the company (which promptly re-unfolds itself in no time), in which case, no money at all, as no real tools to effectively extract this money. I wonder if they they learnt from the Middle East context (re. Israeli 'roof tapping')?

    p.s. I'd love to see a simple chart: ICO total yearly - expenses, on one side, v. ICO total yearly - fines RECEIVED.

    1. Cynical Pie

      Re: Incorporated in June 2020

      You can, its called their Annual Report which they are required to lay before Parliament and is available on the ICO website

  4. Pascal Monett Silver badge

    "it had faced technical difficulties"

    It would appear that it faced no difficulty in hoovering up email addresses and then deciding to "inform" said people of a "special opportunity".

    Don't come crying that you don't know how to handle someone who registers twice and only consents once. You should have a procedure on how to handle that, it's nothing technical.

    I think the ICO was rather lenient on this matter. It seems obvious to me that TML's intent was to get consent using a purposefully vague definition of marketing "materials", which consent it could then use as it pleased to "accidentally" email 80K+ people.

    You don't accidentally email tens of thousands of people based on a misunderstanding.

    This was the plan, and it will happen again.

    So, who still thinks that the NHS sharing patient data with 3rd parties is a good thing ? Outside of NHS management, obviously.

    1. Primus Secundus Tertius

      Re: "it had faced technical difficulties"

      "So, who still thinks that the NHS sharing patient data with 3rd parties is a good thing ? "

      Answer: the Treasury.

      The Treasury will sell any public data, but everything about themselves remains secret. Time that policy was reversed.

      1. Gordon 10 Silver badge

        Re: "it had faced technical difficulties"

        Whilst I dont disagree with your point I came here full of the same piss and vinegar only to discover reading between the lines that these guys had effectively set themselves up as a MITM generating QR codes to be passed along to the NHS.

        So this was essentially a MITMA *on* NHS Track and Trace not *by* Track and Trace. I leave it to the reader to decide if the enabling of a MITM is a deliberate action by the Govt to enable some arms length Pork Barrelling.

    2. ThatOne Silver badge

      Re: "it had faced technical difficulties"

      They tick all the boxes; First they're trying to "monetize" data they've collected under a false excuse, then they simply "misunderstand requests from people to no longer receive marketing comms", (ie they simply ignore those requests). This was clearly an operation to create a nice fresh marketing database, and those £8000 are just operational costs.

      That's why I don't ever give my data anymore, even if I'm promised it will save baby seals or cure cancer: I've been around long enough to know it only will serve to spam me silly.

      1. Shalghar Bronze badge

        Re: "it had faced technical difficulties"

        Try getting your ID card in germany for a laugh.

        Not only are the poor people on the other side ofthe counter obliged to hand you a glossy paper, glorifying anything "online" about that NFC chip in your ID card, they also have to make you sign that you received the marketing paper.

        On top of that, the marketing paper that encourages you to imprint your fingerprint into the chip and to "enable online functionality" not only threatens you with additional fees, should you choose not to "enable" your ID card immediately but decide to do that later, they also tell you that throwing your ID data through anything internetty* ensures that you know who has access to your most personal information and credentials.

        At least that point is right, as the answer is :"everyone and his dog".

        So its not only shady "consent" scammers, the german state also operates likewise.

        *(If you decide to invest around 120 Euros to buy a state approved ID card reader AND manage to find any state institution that not only has a working online platform but also allows you to do anything useful with your "enabled ID", you will still have to wait several days to whatever long time it takes until the official papers have been sent back to you via the appropriately named snail mail...)

  5. Terry 6 Silver badge

    ICO ffs

    The ICO ought to be able to recognise a disingenuous, cynical abuse of members of the public's information. They're not children.

    They ought to be aware that people signing in to a venue do not routinely ask to be sent marketing information and so realise that any marketing consent that is incidental to or included with the purpose of a specific consent is a breach unless there is clear evidence otherwise, e.g. a separate agreement with words to the effect "I also wish this organisation to send me their marketing".

    It's not unreasonable. Some restaurants, for example, will ask you to sign up for "Information and special offers". It's up front, it's clear and it's specific -- rather than a general agreement that they can send you any kind of crap from any source they choose to be involved with.

    1. ThatOne Silver badge

      Re: ICO ffs

      > The ICO ought

      So true, a pity I can only upvote you once.

      Since the only logical explanation (the ICO is staffed by terminally ingenuous people of below average intelligence) doesn't really stand, what's happening here? Corruption? Lack of interest? Impotence? Despondency? My money is on the latter: They know they're fighting a forest fire with just a glass of water and a handkerchief, so they just go through the motions.

      (Icon about what they'd really need.)

  6. Anonymous Coward

    All marketing people are scum.

    And you can quote me on that.

    1. Anonymous Coward
      Anonymous Coward

      Re: All marketing people are scum.

      Patience friend. The B ark to Mars is almost ready.

      1. Flocke Kroes Silver badge

        Re: All marketing people are scum.

        The B Ark is more than ready. The one successful landing so far exceeds the requirements for a B Ark.

      2. macjules Silver badge

        Re: All marketing people are scum.

        I thought we were putting them all into Boeing Starliner spacecraft .. the ones with 99% landing success rate.

        Of course the rest of us will have long perished from the lack of COVID-19 deep clean sanitisation staff.

        1. Anonymous Coward
          Anonymous Coward

          Re: All marketing people are scum.

          Well, we already have plenty of 7373 MAX handy. A couple of tours over impossible to reach, uninhabited places should do the trick. No need for negative PCR teste either.

    2. MutantAlgorithm

      Re: All marketing people are scum.

      Obligatory Bill Hicks link -

      1. Anonymous Coward
        Anonymous Coward

        Re: All marketing people are scum.

        I'll raise you a George Carlin.


        1. MutantAlgorithm

          Re: All marketing people are scum.

          Nice! I'll give you that one :-)

  7. Dave559 Silver badge

    "commissioner asked complainant to provide further details of any complaint they had made"

    "The commissioner asked this complainant to provide further details of any complaint that they had made to TML directly."

    This is the most infuriating thing about the way the ICO works. An organisation has misused your data; why on earth should it be up you to follow-up with the dodgy organisation (potentially risking further data misuse in the process, now that you have put your head above the parapet, and at the very least probably continuing to receive spam while you wait for them to get around to replying), that's what the watchdog is supposed to be for, for it to take action on your behalf, with the full force of the law and the state behind it.

    This whole sleazy affair shows exactly why "spam me harder" should always be opt-in consent, and never opt-out, and that sleazy "implied consent through existing relationship" loophole (a relationship which does not previously exist before you fill in the form, stretching the truth beyond breaking point) should never ever have been allowed.

    1. Anonymous Coward
      Anonymous Coward

      Re: "commissioner asked complainant to provide further details of any complaint they had made"

      The establishment doesn't care. That's been obvious for at least a decade now.

      Anyone who still believes in the integrity of our governance needs to have a closer look at how the world has changed for the worse.

    2. Rol

      Re: "commissioner asked complainant to provide further details of any complaint they had made"

      Expecting a government, who's individual members, live large on their portfolio incomes, to do something about curtailing the profits of those portfolios, is asking a little too much.

      Better that the government is made up of lottery losers - Every four years, 646 names get picked out from the entire population, and they are forced to run the nation on our behalf.

    3. Mike 137 Silver badge

      Re: "commissioner asked complainant to provide further details of any complaint they had made"

      "to take action on your behalf"

      Ultimately it is supposed to, but only after you've given the other party an opportunity to redress the wrong first. I'm not a lawyer but that would appear to be a basic principle of tort law.

      However this report from NOYB about a supervisory authority's response to complaints (admittedly in the EU) is rather troubling. I've experienced something that seemed rather similar on occasion here in the UK.

  8. Anonymous Coward
    Anonymous Coward

    Thanks for the heads up.

    Added these scum to my PiHole's blacklist

  9. Anonymous Coward
    Anonymous Coward


    I'm wondering if any/all of the 3 directors of this 10 month old company know any of Boris' cabinet members on a personal level ...

  10. Pen-y-gors

    This is not rocket science.

    £8K is a joke.

    By now every business should understand and be able to implement the basics of data protection, no excuse.

    I mean, our community caffi has been using paper T&T forms (several thousand to date) and after 3 weeks they come to me to be incinerated (without adding email addresses to a spreadsheet).

  11. the Jim bloke Silver badge

    Penalties for health related transgressions

    Should involve compulsory, involuntary organ donation.

    From the directors of the company.

    It may not fix the problem but it might fix someone else's..

  12. ITMA Bronze badge

    The "real" meaning of ICO

    Their TLA is always misinterpreted.

    It is not, as many think "ICO" but in fact "IC0". Which stands for "I Care 0 (zero)".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022