UK government may trace COVID-19 patients using mobile phone data

The ICO pledges to take into account “compelling public interest” for any potential data protection violations

The government may introduce emergency measures to trace the mobile phone data of individuals believed to have contracted coronavirus, as well as the data of those they’ve been in contact with.

UK authorities may have the powers to bend data protection laws and trace individuals to contain the spread of the virus, as a string of other countries has begun to do in response to the COVID-19 outbreak.

Israel, for example, has recently passed laws allowing its authorities to effectively spy on, and communicate with, individuals thought to have been exposed. South Korea, similarly, has used technology to implement heavy surveillance measures to clamp down on people spreading the virus.

Facing questioning by the chair of the House of Commons’ health select committee, Jeremy Hunt, the government’s chief scientific adviser Sir Patrick Vallance said that such measures certainly have merits.

“I think that would have been an absolutely brilliant thing to have had in January,” he told MPs, when asked by Hunt. 

“So at the beginning, that sort of approach makes total sense. It may well have utility later on, and may well have utility as you go to a situation where you get the armor down and you see what happens when you release. 

“So I think those technologies do have certainly a place that needs to be looked at carefully and implemented, and I know people are working very hard on that sort of approach, and as you are probably aware I think that was used extensively also in China through the WeChat app that they have.”

The UK is poised to pass a set of emergency measures under the Coronavirus Bill. Although there is no explicit mention of using data in such a way, mobile phone tracing may fall under national security provisions outlined in the legislation.

Health Secretary Matt Hancock, meanwhile, has preempted the privacy concerns that may arise by suggesting the General Data Protection Regulation (GDPR) does not inhibit the use of data for coronavirus response.

“GDPR has a clause excepting work in the overwhelming public interest,” he said. “No one should constrain work on responding to coronavirus due to data protection laws. We are all having to give up some of our liberties; rights under GDPR have always been balanced against other public interests.”

The Information Commissioner’s Office (ICO) has also issued a brief statement suggesting it would not seek to investigate or punish authorities and public sector bodies for bending data protection principles. It’s labelled itself a “responsible and pragmatic regulator” that takes into account the compelling public interest of the current coronavirus crisis.

“Data protection and electronic communication laws do not stop Government, the NHS or any other health professionals from sending public health messages to people, either by phone, text or email as these messages are not direct marketing,” the ICO said.

“Nor does it stop them using the latest technology to facilitate safe and speedy consultations and diagnoses. Public bodies may require additional collection and sharing of personal data to protect against serious threats to public health.

“The ICO is a reasonable and pragmatic regulator, one that does not operate in isolation from matters of serious public concern. Regarding compliance with data protection, we will take into account the compelling public interest in the current health emergency.”

Featured Resources

Shining light on new 'cool' cloud technologies and their drawbacks

IONOS Cloud Up! Summit, Cloud Technology Session with Russell Barley

Watch now

Build mobile and web apps faster

Three proven tips to accelerate modern app development

Free download

Reduce the carbon footprint of IT operations up to 88%

A carbon reduction opportunity

Free Download

Comparing serverless and server-based technologies

Determining the total cost of ownership

Free download

Recommended

How to manage people successfully from a distance
Business strategy

How to manage people successfully from a distance

27 Oct 2021
Identity Automation launches credential breach monitoring service
phishing

Identity Automation launches credential breach monitoring service

5 Oct 2021
Cellebrite launches industry-first remote data collection solution
data management

Cellebrite launches industry-first remote data collection solution

29 Sep 2021
Akamai to acquire cyber security firm Guardicore
Acquisition

Akamai to acquire cyber security firm Guardicore

29 Sep 2021

Most Popular

What should you really be asking about your remote access software?
Sponsored

What should you really be asking about your remote access software?

17 Nov 2021
What are the pros and cons of AI?
machine learning

What are the pros and cons of AI?

30 Nov 2021
Access brokers are making it easier for ransomware operators to attack businesses
cyber security

Access brokers are making it easier for ransomware operators to attack businesses

1 Dec 2021