The UK government could face legal action unless it accepts its legal responsibilities for the Test and Trace data obtained by hospitality venues.
In a letter sent to health secretary Matt Hancock, the Open Rights Group and Big Brother Watch have urged the government to commit to ensuring the safety of data provided by customers of venues such as pubs, bars, restaurants, cafes, and workplace canteens.
The two privacy rights organisations have instructed data rights agency AWO to send a pre-action letter following multiple reports of businesses misusing the data collected as part of the Test and Trace scheme, such as for marketing purposes and harassment.
Earlier this month, the Information Commissioner’s Office (ICO) confirmed it had contacted 15 companies that provide contact-tracing services to hospitality venues in order to assess their approach to data protection responsibilities. This came after The Times found that the personal details of pub and restaurant customers had been allegedly harvested and sold without their consent.
An ICO spokesperson confirmed that “collecting personal details for customer logs must not be a way to develop vast marketing databases by the backdoor”.
Personal details of pub customers had also been used for harassment, with some women reporting that they had been contacted by venue employees who had obtained their details through the Test and Trace scheme.
Big Brother Watch director Silkie Carlo said that the organisation has “already had to act for young women who have been harassed by bar staff after their contact details were not safely kept”.
“It was purely magical thinking for the health secretary to believe that such extreme requirements, unmatched by the proper legal safeguards, would not put many people at risk. He must take urgent responsibility,” she said, adding that “denying his proper legal responsibility puts an unfair burden on small businesses who are already struggling to survive”.
Jim Killock, executive director of the Open Rights Group, said that the government is “failing in its most basic and fundamental duty of care for its citizens”.
“We’ve long argued that we won’t be able to defeat a global pandemic without building and maintaining public trust in Government’s public health measures. The Government’s refusal to ensure its Test and Trace programme protects people’s data further erodes trust in arguably the most important tool in preventing a second wave of coronavirus infections.
“This is extremely concerning as we’re about to experience a possible second wave of infections across the country during the winter months,” he added.
A DHSC spokesperson told IT Pro that Test and Trace “is committed to the highest ethical and data governance standards and there is no evidence of data being used unlawfully”.
“It is vital we do all we can to control the spread of the virus. Businesses have already stepped up to ensure they are supporting the NHS Test and Trace effort – it is essential that they keep contact logs and display NHS QR codes so there is consistency across the country and the public can seamlessly provide their details,” a spokesperson said.
They added that although DHSC cannot comment on ongoing or potential legal proceedings, it has been in contact with the Open Rights Group.
Digital document processes in 2020: A spotlight on Western Europe
The shift from best practice to business necessity
Four security considerations for cloud migration
The good, the bad, and the ugly of cloud computing
VR leads the way in manufacturing
How VR is digitally transforming our world
Deeper than digital
Top-performing modern enterprises show why more perfect software is fundamental to success