Security News > 2021 > May > Regulator fines COVID-19 tracker for turning contact data into sales leads
You've probably assumed, or at least hoped, when you've handed over data during the pandemic "For the greater good of all", that the company collecting it would treat it with more than the usual amount of care.
The ICO noted that immediately below the abovementioned consent checkbox was wording that said, "To comply with Government Guidance during the Covid-19 pandemic, we are collecting your name and contact details. We will store these for 21 days only before deleting them in line with GDPR regulations. Your details will not be shared with any other company or organisation."
If the company no longer has your contact data, it no longer has anything to which it can connect your "I consent" check-box, so it couldn't market to you even if it wanted to.
Me's use of the undefined "Alliance" in its consent wording, given that there was no way to figure out how broad that "Alliance" might be and therefore how many "Allied" companies might end up with the contact data.
Me had opted in a second time when later visiting another venue using the company's service, and the company had no way of checking whether they had opted out before.
What to do? If you're a user, sit down and decide how much your contact data is really worth.