- Jul 27, 2015
The Department of Health has conceded that the initiative to trace contacts of people infected with Covid-19 was launched without carrying out an assessment of its impact on privacy.
The Open Rights Group (ORG) says the admission means the initiative has been unlawful since it began on 28 May. It involves people being asked to share sensitive personal information. This can include:
The Department of Health and Social Care says there was no evidence of data being used in an unlawful way. ORG had threatened to go to court to force the government to conduct a data protection impact assessment (DPIA) - a requirement under the General Data Protection Regulation (GDPR) for projects that process personal data. A letter from the Department of Health to the group confirmed that a DPIA was a legal requirement and had not been obtained.
- their name, date of birth and postcode
- who they live with
- places they recently visited
- names and contact details of people they have recently been in close contact with, including sexual partners.
ORG's executive director, Jim Killock, said the government had been "reckless" in ignoring this legally-required safety step and had endangered public health. "A crucial element in the fight against the pandemic is mutual trust between the public and the government, which is undermined by their operating the programme without basic privacy safeguards," he added.