UK gov faces legal action over Test and Trace data retention

Privacy campaigners urge Matt Hancock to take "urgent responsibility" to protect peoples' data

The UK government could face legal action unless it accepts its legal responsibilities for the Test and Trace data obtained by hospitality venues.

In a letter sent to health secretary Matt Hancock, the Open Rights Group and Big Brother Watch have urged the government to commit to ensuring the safety of data provided by customers of venues such as pubs, bars, restaurants, cafes, and workplace canteens.

The two privacy rights organisations have instructed data rights agency AWO to send a pre-action letter following multiple reports of businesses misusing the data collected as part of the Test and Trace scheme, such as for marketing purposes and harassment.

Earlier this month, the Information Commissioner’s Office (ICO) confirmed it had contacted 15 companies that provide contact-tracing services to hospitality venues in order to assess their approach to data protection responsibilities. This came after The Times found that the personal details of pub and restaurant customers had been allegedly harvested and sold without their consent.

An ICO spokesperson confirmed that “collecting personal details for customer logs must not be a way to develop vast marketing databases by the backdoor”.

Personal details of pub customers had also been used for harassment, with some women reporting that they had been contacted by venue employees who had obtained their details through the Test and Trace scheme.

Big Brother Watch director Silkie Carlo said that the organisation has “already had to act for young women who have been harassed by bar staff after their contact details were not safely kept”.

“It was purely magical thinking for the health secretary to believe that such extreme requirements, unmatched by the proper legal safeguards, would not put many people at risk. He must take urgent responsibility,” she said, adding that “denying his proper legal responsibility puts an unfair burden on small businesses who are already struggling to survive”.

Jim Killock, executive director of the Open Rights Group, said that the government is failing in its most basic and fundamental duty of care for its citizens”. 

“We’ve long argued that we won’t be able to defeat a global pandemic without building and maintaining public trust in Government’s public health measures. The Government’s refusal to ensure its Test and Trace programme protects people’s data further erodes trust in arguably the most important tool in preventing a second wave of coronavirus infections.

"This is extremely concerning as we’re about to experience a possible second wave of infections across the country during the winter months,” he added.

A DHSC spokesperson told IT Pro that Test and Trace “is committed to the highest ethical and data governance standards and there is no evidence of data being used unlawfully”.

“It is vital we do all we can to control the spread of the virus. Businesses have already stepped up to ensure they are supporting the NHS Test and Trace effort – it is essential that they keep contact logs and display NHS QR codes so there is consistency across the country and the public can seamlessly provide their details,” a spokesperson said.

They added that although DHSC cannot comment on ongoing or potential legal proceedings, it has been in contact with the Open Rights Group. 

Featured Resources

Four cyber security essentials that your board of directors wants to know

The insights to help you deliver what they need

Download now

Data: A resource much too valuable to leave unprotected

Protect your data to protect your company

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Why CEOS should care about the move to SAP S/4HANA

And how they can accelerate business value

Download now

Recommended

Webhose and Signal Corp boost data breach detection
Security

Webhose and Signal Corp boost data breach detection

7 Oct 2020
ICO to relax GDPR enforcement during coronavirus economic downturn
General Data Protection Regulation (GDPR)

ICO to relax GDPR enforcement during coronavirus economic downturn

16 Apr 2020
The NHS teams up with Apple and Google on coronavirus tracking app
privacy

The NHS teams up with Apple and Google on coronavirus tracking app

14 Apr 2020
Health sites are 'unlawfully' sharing medical data with Facebook and Google
data protection

Health sites are 'unlawfully' sharing medical data with Facebook and Google

7 Apr 2020

Most Popular

46 million Animal Jam accounts leaked after comms software breach
Security

46 million Animal Jam accounts leaked after comms software breach

13 Nov 2020
macOS Big Sur is bricking some older MacBooks
operating systems

macOS Big Sur is bricking some older MacBooks

16 Nov 2020
Huawei Mate 40 Pro 5G review: A tragically brilliant Mate
Mobile Phones

Huawei Mate 40 Pro 5G review: A tragically brilliant Mate

26 Nov 2020