The UK government could face legal action unless it accepts its legal responsibilities for the Test and Trace data obtained by hospitality venues.
In a letter sent to health secretary Matt Hancock, the Open Rights Group and Big Brother Watch have urged the government to commit to ensuring the safety of data provided by customers of venues such as pubs, bars, restaurants, cafes, and workplace canteens.
The two privacy rights organisations have instructed data rights agency AWO to send a pre-action letter following multiple reports of businesses misusing the data collected as part of the Test and Trace scheme, such as for marketing purposes and harassment.
Earlier this month, the Information Commissioner’s Office (ICO) confirmed it had contacted 15 companies that provide contact-tracing services to hospitality venues in order to assess their approach to data protection responsibilities. This came after The Times found that the personal details of pub and restaurant customers had been allegedly harvested and sold without their consent.
An ICO spokesperson confirmed that “collecting personal details for customer logs must not be a way to develop vast marketing databases by the backdoor”.
Personal details of pub customers had also been used for harassment, with some women reporting that they had been contacted by venue employees who had obtained their details through the Test and Trace scheme.
Big Brother Watch director Silkie Carlo said that the organisation has “already had to act for young women who have been harassed by bar staff after their contact details were not safely kept”.
“It was purely magical thinking for the health secretary to believe that such extreme requirements, unmatched by the proper legal safeguards, would not put many people at risk. He must take urgent responsibility,” she said, adding that “denying his proper legal responsibility puts an unfair burden on small businesses who are already struggling to survive”.
Jim Killock, executive director of the Open Rights Group, said that the government is “failing in its most basic and fundamental duty of care for its citizens”.
“We’ve long argued that we won’t be able to defeat a global pandemic without building and maintaining public trust in Government’s public health measures. The Government’s refusal to ensure its Test and Trace programme protects people’s data further erodes trust in arguably the most important tool in preventing a second wave of coronavirus infections.
"This is extremely concerning as we’re about to experience a possible second wave of infections across the country during the winter months,” he added.
A DHSC spokesperson told IT Pro that Test and Trace “is committed to the highest ethical and data governance standards and there is no evidence of data being used unlawfully”.
“It is vital we do all we can to control the spread of the virus. Businesses have already stepped up to ensure they are supporting the NHS Test and Trace effort – it is essential that they keep contact logs and display NHS QR codes so there is consistency across the country and the public can seamlessly provide their details,” a spokesperson said.
They added that although DHSC cannot comment on ongoing or potential legal proceedings, it has been in contact with the Open Rights Group.
-
Women show more team spirit when it comes to cybersecurity, yet they're still missing out on opportunitiesNews While they're more likely to believe that responsibility should be shared, women are less likely to get the necessary training
-
OpenAI's new GPT-4.1 models miss the mark on coding tasksNews OpenAI says its GPT-4.1 model family offers sizable improvements for coding, but tests show competitors still outperform it in key areas.
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
“Limited resources” scupper ICO probe into EasyJet breachNews The decision to drop the probe has been described as “deeply concerning” by security practitioners
-
Surge in workplace monitoring prompts new ICO guidelines on employee privacyNews Detailed guidance on how to implement workplace monitoring could prevent data protection blunders
-
TikTok could be hit with £27m fine for failing to protect children's privacyNews Social media firm issued with a notice from the ICO for potential violations of UK data protection laws
-
What is AdTech and why is it at the heart of a regulation storm?In-depth The UK data regulator has come under heavy fire for consistently delaying much-needed action, privacy groups say
-
ICO crackdown on AI recruitment part of three-year vision to save businesses £100 millionNews ICO25 outlines a fresh approach that involves releasing learning materials, advice, and a new ICO-moderated discussion forum for businesses
-
Clearview AI fined £7.5m over improper use of UK dataNews Australian facial recognition firm collected 20 billion images from the internet without consent in order to build its database
-
UK data watchdog cut IT spending by £1.2 million during pandemicNews The ICO’s IT budget has been slashed by around 23% since 2019
