Home BusinessJames Watt Faces UK Data Privacy Complaints Over BrewDog Shareholder Contact Controversy

James Watt Faces UK Data Privacy Complaints Over BrewDog Shareholder Contact Controversy

by Thomas Weber

LONDON – James Watt, the founder of BrewDog, is facing complaints with the UK’s data privacy regulator following an unexpected attempt to regain control of the brewing company he sold earlier this year.

The complaints center on the methods used to contact thousands of former shareholders during the launch of a new venture, Second Best. The move comes after the collapse of the original company’s crowdfunding structure, which left a vast number of retail investors without value and intensified scrutiny of how their data and economic interests were handled during the sale and subsequent administration.

The situation highlights the precarious nature of equity crowdfunding and the strict regulatory boundaries governing corporate data during insolvency and asset transfers. Under the Information Commissioner’s Office (ICO) framework, which enforces the UK’s post-Brexit version of the EU’s General Data Protection Regulation, the processing of personal data must have a lawful basis, a requirement now at the center of the dispute between Watt and his former investors. Regulators can in serious cases levy multimillion-pound fines or order companies to stop using disputed data altogether, making the outcome significant for other distressed businesses seeking to communicate with former stakeholders.

The transition of BrewDog from a founder-led disruptor to a corporate asset involved a complex divestment:

  • Sale Date: March 2026
  • Acquirer: Tilray (US-based cannabis and drinks firm)
  • Transaction Value: £33 million
  • Assets Included: Brand, intellectual property, UK breweries, and 11 bars
  • Investor Impact: Shares held by more than 200,000 “Equity for Punks” crowdfunding investors rendered worthless

The deal followed BrewDog’s heavily marketed “Equity for Punks” retail share offers, which for more than a decade had been held up as a model for fan-led ownership in consumer brands. When the company fell into administration, however, ordinary investors were pushed to the back of the creditor queue, exposing how little protection equity crowdfunders enjoy once a business fails.

On July 15, 2026, Watt announced a plan to buy back the company through Second Best. The proposal sought the support of 43,000 former investors, offering them a stake in the new venture equivalent to what they previously held in BrewDog, provided free of charge. Supporters have framed the move as an attempt to restore value to those who lost out in the collapse, but critics note that any restructuring around a new vehicle still depends on strict compliance with data and securities rules.

However, the outreach triggered immediate alarm among recipients. Several shareholders reported receiving emails from Watt without having provided their contact details to the new entity, raising concerns that General Data Protection Regulation rules had been bypassed. Under GDPR, personal data originally collected for one purpose – in this case, administering shareholdings in BrewDog – cannot normally be reused for a substantially different purpose, such as marketing a new investment-style scheme, without a fresh lawful basis and, in many cases, renewed consent.

“A communication was sent to my fellow shareholders in BrewDog following legal advice, using lawfully obtained data, and in connection with their legitimate interests as shareholders,”

Watt stated in response to the allegations. He did not specify the source of the shareholder contact information or whether the new communications were treated as marketing, shareholder updates, or some hybrid category – a distinction that matters under data protection and financial promotions rules.

The dispute involves multiple parties currently managing the remnants of the former business. Tilray, which now operates the BrewDog brand, has distanced itself from the activity and is keen to avoid becoming entangled in any regulatory fallout from events that sit outside the assets it acquired.

A spokesperson for Tilray stated that the company “did not acquire Equity for Punks shareholder data as part of its acquisition of the BrewDog brand and assets; that records system remains under the control of BrewDog plc (in administration).”

The spokesperson further clarified that Tilray Brands and its management have no affiliation with Second Best and did not authorize the use of any acquired data for Watt’s communications, underscoring the separation between the operational business now trading as BrewDog and the insolvent corporate shell that once raised money from small investors.

The role of AlixPartners, the administrator for the remaining entity of BrewDog plc, is critical to the investigation. In UK corporate insolvency, the administrator typically controls the company’s records and data silos to ensure a legal wind-down or sale, and must balance creditors’ interests with compliance obligations under data protection law. If data was accessed without administrative authorization, it could constitute a significant breach of corporate governance and data law, raising questions about internal controls, systems access and the responsibilities of directors once an insolvency office-holder has been appointed.

Ravi Naik, legal director at data protection specialist AWO, noted that the case raises fundamental questions regarding how the recipients were selected and whether the campaign complied with current law. Lawyers say regulators are likely to examine not only the original data source but also the rationale offered for contacting some former investors and not others, and whether “legitimate interests” – the legal basis invoked by Watt – was properly assessed and documented.

James Watt (left) and Martin Dickie, the co-founders of BrewDog, at their brewery in Ellon, Aberdeenshire, in 2016. Photograph: Alan Richardson

Marc Knox, a former shareholder, indicated he was prepared to file a formal complaint with the ICO after discussing the unsolicited email with other investors. Campaigning investors say they want clarity not only on whether their details were misused, but also on how future restructurings will be allowed to engage retail backers whose money was lost in high-profile crowdfunding schemes.

The ICO has confirmed it does not comment on individual cases but is currently considering the complaints in accordance with its standard regulatory process. The watchdog maintains the authority to impose financial penalties or compel changes to data handling practices if a GDPR breach is established. Any formal ruling in the BrewDog case would resonate far beyond a single Scottish brewer, setting a precedent for how far founders, administrators and new owners can go in repurposing shareholder data when a consumer brand collapses – and who is ultimately accountable when the lines between marketing, restitution and governance start to blur.

You may also like

Leave a Comment