Test and Trace Breaks GDPR Say Campaigners

Written by Pronetic

Pronetic is a leading provider of core IT support for ISO 27001, Cyber Essentials and Cyber Essentials Plus compliance.

July 22, 2020

The Open Rights Group (ORG) has said that England’s COVID-19 Test and Trace programme is in breach of GDPR.

Test and Trace

The COVID-19 test and trace system requires people to share personal data such as their name and date of birth, their address, places they’ve recently visited and the personal details of those they have recently been in close contact with.

The ORG has alleged that England’s test and trace programme was deployed without the necessary Data Protection Impact Assessment (DPIA).

Seeking An Immediate DPIA

The ORG, therefore,  threatened to take the government to court unless it agreed to immediately conduct a DPIA, alleging that England’s (under the UK Government) entire Test & Trace programme had been operating unlawfully and in breach of GDPR since its launch on 28 May 2020.

Jim Killock, Executive Director of Open Rights Group has said, for example, that “The reckless behaviour of this Government in ignoring a vital and legally required safety step known as the Data Protection Impact Assessment (DPIA) has endangered public health”, and that “we have already seen individual contractors sharing patient data on social media platforms, emergency remedial steps will need to be taken”.

No Breach

The DPO says that The Department of Health and Social Care (DHSC) has admitted that Test and Trace was deployed without a DPIA and Ravi Naik, Legal Director of the new data rights agency AWO, acting on behalf of ORG said that “The Government has made two significant concessions to our clients. Firstly, when asked to justify retaining COVID-19 data for 20 years they couldn’t do so and agreed to reduce the period to 8 years” and that “Secondly, they have now admitted Test and Trace was deployed unlawfully. This is significant. It is a legal requirement to conduct an impact assessment before data processing takes place.”

The Government Says

Although Education Secretary Gavin Williamson said recently on BBC TV that there had not been any breach of the data stored and that a track and trace system needed to be set up quickly in order to help fight the virus,  the Information Commissioner’s Office (ICO) is understood to be already investigating Track and Trace and is providing guidance to the government.

What Does This Mean For Your Business?

The effects of the virus and the lockdown on UK businesses has been profound and having an effective Test and Trace system working quickly and widely may be one of the tools that could help UK businesses and the economy recover more quickly. That said, just as businesses must operate within data protection laws, and face fines for not doing so, the government also has a responsibility to do so.  As pointed out by ORG “A crucial element in the fight against the pandemic is mutual trust between the public and the Government, which is undermined by their operating the programme without basic privacy safeguards”.

You May Also Like…

0 Comments

Why Choose Pronetic

We Are ISO 27001 & Cyber Essentials Plus Certified

Be reassured that we have been externally audited. You can have complete peace of mind that the team managing your IT systems and safeguarding your data are independently vetted annually.

Seamless & Comprehensive IT Support

Our investment in people, tools and processes, continuously improved, ensures that we don’t just deliver exceptional I.T. support but include your compliance to Cyber Essentials or ISO 27001 “baked-in”. Yes, that means no more annual headaches and stress when your certification comes round.

Expert Support Money Back Guarantee

We're confident in the value we deliver. That's why we offer a 90-day, no-quibble money-back guarantee. If, for any reason, you're not completely satisfied with our IT support services, we'll provide a full refund and cancel your contract without any hassle.

Book Your Free IT Strategy Call Now!

Simply Fill In The Form Below To Receive Your Free IT Strategy Call:

By submitting this form, you consent to us using your personal information to contact you. For more information please see our privacy policy.