Experts have raised concerns about the privacy of COVID-19 QR codes.

Private companies are harvesting data via QR code check-in systems, raising the concern that they will be used for marketing or other purposes.

The QR codes “have no effective privacy regulation”, according to Graham Greenleaf, professor of law and information systems at the University of New South Wales.

He says governments are not paying attention to the collection and use of data outsourced to a range of QR code providers.

“There is no quality control over those QR providers in relation to the privacy protections,” he said.

“The venues that hire them have no strong incentive to enforce what they do with their privacy protections and governments have abdicated from setting required standards for QR providers.

“The data that you're providing is solid gold for data aggregators, full name, email, and phone number all together, linking to one person,” Prof Greenleaf said.

He said state and territory governments could use licensing powers to force venues to impose quality standards, or that the Commonwealth Privacy Commissioner could impose a new code on QR providers.