The dire public health consequence of ignoring test and trace privacy concerns

Big Brother Watch Team / September 24, 2020

Privacy organisations have today demanded the Government clarify how people’s private data will be kept safe and secure under the new Test and Trace regulations, which come into full force with the launch of the NHSX App.

Pubs, cafes, restaurants and even workplace canteens are legally required to refuse entry to anyone who declines to use the NHSX App or provide accurate personal details.

Privacy organisations the Open Rights Group (ORG) and Big Brother Watch have jointly instructed data rights agency AWO to send a legal letter to the Secretary of State for Health and Social Care demanding the Government provide information on how citizens’ data will be kept safe and secure.

The Government has so far failed to provide a public Data Protection Impact Assessment (DPIA) or explain how pubs and bars are to legally and securely collect and store the personal details of their customers. Customers must use the NHSX App, or businesses must collect their details, in order to comply with the new law.2

As a result, it appears likely that customer information may not be handled safely, legally or competently. Ad hoc collection has already come under criticism for being abused for unlawful advertising purposes and even harassing customers.

The letter also asks whether Government have conducted a DPIA for the Test and Trace programme as a whole. Back in July the Government admitted that the Test and Trace programme has been operating unlawfully from the beginning due to its failure to produce a legally required data safety assessment.3

Jim Killock Executive Director of Open Rights Group said:

“Government’s first duty is to protect its citizens. This Government’s reckless behaviour is once again endangering public health. We have long argued that the Government’s test and trace programme must be trusted by the public in order to effectively protect us from COVID-19.

“This Government’s failure to conduct the legally required data safety assessment means that no one knows how people’s details will be safely and legally collected, stored and protected by bars, restaurants, and coffee shops. No one knows what will happen if things goes wrong and this Government doesn’t seem to have thought this through.

“This Government has had 6 months to fix the test and trace programme and on the eve of the launch of this App one thing is for certain; this Government is flying by the seat of its pants.”

Silkie Carlo, Director of Big Brother Watch said:

“This law could easily lead to the mass recording of our movements and there is a serious question as to whether this is safe and lawful.

“The Government’s new approach to contact tracing is no longer based on public trust, but on exclusion, criminal sanctions and police enforcement. Many people will be rightly shocked to find they’re refused entry to coffee shops and restaurants unless they use the NHSX App or hand over their personal contact details.

“Businesses won’t be able to comply with this draconian new diktat as well as data protection law and many will be fearing sanctions. This is an excessive law that poses a serious risk to privacy and data rights.”

Ravi Naik, Legal Director at data rights agency AWO instructed to act on behalf of Open Rights Group and Big Brother Watch said:

“The Regulations come into full force without sufficient clarity as to how they will be implemented. Our clients have therefore had to ask questions to the Secretary of State as to how the regulations will be implemented, the relationship between those providing the data and the wider tracing system and basic questions about how data will be collected and stored. That they have had to ask such questions is concerning when criminal sanctions are at stake.”

Contact 

Open Rights Group 07951265812 / press@openrightsgroup.org

Big Brother Watch 07730 439257 / info@bigbrotherwatch.org.uk

Notes to the editor:

1. Copy of the letter to Secretary of State for Health and Social Care will be available upon request.

2 Under the new statutory instrument, The Health Protection (Coronavirus, Collection of Contact Details etc andRelated Requirements) Regulations 2020, a wide range of businesses must require customers to use the new NHSX App and scan a QR code to enter, or manually collect customers’ personal details – including the names of any staff members they speak to – if they do not have a smart phone.

3 See https://www.openrightsgroup.org/press-releases/government-admits-test-and-trace-unlawful/

Media coverage

Computer Weekly — Government blasted over ‘reckless’ contact-tracing security