COVID 19 Test and Trace ‘breaking’ privacy law

By Euan Henderson

Cyber security apprentice

The Department of Health has confirmed its Test and Trace initiative to combat COVID 19 was launched without an assessment of the impact on Privacy being carried out.

The Open Rights Group (ORG) claims this means the initiative, launched in May, is unlawful. The Government has defended the scheme saying there is no evidence that data has been used unlawfully.

The General Data Protection Regulation (GDPR) requires that a Data Protection Impact Assessment is carried out for projects that process personal data. Therefore, with data required of the individuals including name; date of birth and postcode; who they live with; places they have visited recently and the names and contact details of those they have been in close contact with, this assessment should have been carried out to be in line with GDPR.

ORG’s executive director Jim Killock claims the Government has been “reckless” in its approach by ignoring this legally-required step. The Government says it is working with the Information Commissioner’s Office to ensure that the data is adequately secured.

The program is already being investigated by the ICO after it was reported in the Sunday Times that some contact tracers had published private patient data in WhatsApp and Facebook groups.

The ORG’s complaint stems from work carried out by Ravi Naik, a Lawyer at AWO data rights consultancy. Mr Naik said the legal requirements for data processing were more than just a tick-box exercise and added: “They ensure that risks are mitigated before processing occurs, to preserve the integrity of the system.”
“Instead, we have a rushed-out system, seemingly compromised by unsafe processing practices”

You can read more about it: