No. Current contract is that QR-code is just a URL shared physically (not digitally) - you scan it to access the URL, no data sharing is expected. Yet you can ask user to share their data at your website (i.e. form with an email).
Businesses should not automatically have access to personal information based on a QR scan as it diminishes the explicit consent facet of a secure digital identity. In our partnership with Cyber Infrastructure (CIS) around enterprise CX solutions, we see consistent evidence of trust being a major motivator for adoption - if a user feels that a simple scan can expose them without their knowledge, they abandon the process and the technology fails to help with operational efficiency. Recently, the Federal Trade Commission raised concern about how scammers use QR codes to steal consumer information - these kinds of breaches have left the public feel skittish about scanning. Businesses that only capture personal data through consented forms of intent, like secure login or digital signature step, fortify themselves against compliance risk considerations under frameworks such as GDPR and begin to earn long-term market trust needed for real digital transformation. **Another take** Any interaction point in the digital continuum needs to place lower friction above all but not do so in a way that is subversive. Consumers are savvy in recognizing businesses that prioritize opacity in favor of intrusive information capture; reciprocity leads to a stronger digital path where individuals consent to cross physical thresholds to interact with digital doors.