This article is more than 1 year old

Email-spamming COVID profiteers deleted database with 'key evidence' when UK watchdog came knocking

Fined £40k after probe. Plus: ICO wants your views on its future powers

A company that fired out more than 9,000 spam emails promoting face masks has been fined £40,000 by the UK Information Commissioner's Office and ordered to stop doing it.

"The ICO investigation found that the company was not involved in the business of supplying PPE, but that the director had decided to buy face masks to sell on at a profit," the data regulator said in a statement.

Studios MG Ltd, the offending firm, sent 9,000 emails on 30 April as the country grappled with its first national lockdown, intended to halt the spread of the COVID-19 coronavirus.

The firm is also said to have "deleted a database of key evidence which would have shown the full extent of the volume of emails they had sent" after ICO investigators contacted the company.

The Companies House entry for Studios MG Ltd shows that it has one director, Malcolm Graham of Hamersmith [sic], London. In its most recent accounts for the year to February 2019, the company reported net assets of £458. As a micro-entity, its published financial statements are not required to be audited.

Andy Curry, the ICO's head of investigations, said in a canned quote: "We pursued this case because the company broke the law and invaded people's privacy. We will take action where we find systematic flouting of the law and evidence of companies trying to make money from people via nuisance marketing."

The ICO has previously fined firms that were using the pandemic as an excuse to get rich quick through spam.

Separately, the data watchdog has opened a public consultation into its own future, urging the public to express its views on how it exercises "its data protection regulatory functions of information notices, assessment notices, enforcement notices and penalty notices."

The consultation relates to the statutory guidance [draft PDF here] that regulates what the ICO does and how it does it, particularly in the issuing of fines and taking of regulatory action against companies said to have broken the UK Data Protection Act 2018. ®

More about

More about

More about


Send us news

Other stories you might like