England's Test and Trace Programme 'Breaks GDPR'

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,368
The Department of Health has conceded that the initiative to trace contacts of people infected with Covid-19 was launched without carrying out an assessment of its impact on privacy.

The Open Rights Group (ORG) says the admission means the initiative has been unlawful since it began on 28 May. It involves people being asked to share sensitive personal information. This can include:
  • their name, date of birth and postcode
  • who they live with
  • places they recently visited
  • names and contact details of people they have recently been in close contact with, including sexual partners.
The Department of Health and Social Care says there was no evidence of data being used in an unlawful way. ORG had threatened to go to court to force the government to conduct a data protection impact assessment (DPIA) - a requirement under the General Data Protection Regulation (GDPR) for projects that process personal data. A letter from the Department of Health to the group confirmed that a DPIA was a legal requirement and had not been obtained.

ORG's executive director, Jim Killock, said the government had been "reckless" in ignoring this legally-required safety step and had endangered public health. "A crucial element in the fight against the pandemic is mutual trust between the public and the government, which is undermined by their operating the programme without basic privacy safeguards," he added.
 

JoyousBudweiser

Level 12
Verified
Aug 22, 2013
580
GDPR is EU regulation right? If it is, does UK needs to comply with it after Brexit? I think only UK companies continuing to do business with the EU after Brexit will need to comply with the Regulation to avoid infringements and The Department of Health and Social Care won't be counted in that as it is only an internal department/organisation.
 
  • Like
Reactions: Gandalf_The_Grey

upnorth

Moderator
Verified
Staff member
Malware Hunter
Jul 27, 2015
4,368
the regulator added that, while it recognised the urgency in rolling out the programme, if the public were to have confidence in handing over their data and that of their friends, "people need to understand how their data will be safeguarded and how it will be used".
Slurping up data of anyone anywhere even without consent, is absolutely something that must be more and better restricted and regulated. The ORG previously won against the UK government, as mentioned in the article.
 

Cortex

Level 26
Verified
Aug 4, 2016
1,515
The problem with an app if it ever gets done is few people (me too) I know would install it, lack of trust being the main one as this latest revelation shows - One work colleague pointed out issues if he was having some sort of an assignation & there were problems?
 
Top