The UK Government has been threatened with legal action unless it takes responsibility for Test and Trace data collection in the hospitality sector.
Two privacy rights groups, Big Brother Watch and the Open Rights Group, have threatened to take action against the government following reports that personal details have been misused for marketing purposes.
In September it was announced that hospitality venues such as pubs, bars, restaurants cafes are required to collect personal information as part of new contact tracing laws.
The new regulations mean that all affected businesses have to register with the Information Commissioner as ‘data controllers’ and follow strict data protection laws.
Businesses are also legally required to refuse entry to anyone who declines to use the NHSX App or provide accurate personal details.
Jim Killock, Executive Director of Open Rights Group, warned that ensuring public trust is critical as the government looks to prevent a second wave of the virus.
“The government’s refusal to ensure its Test and Trace program protects people’s data further erodes trust in arguably the most important tool in preventing a second wave of coronavirus infections,” he said.
Big Brother Watch Director, Silkie Carlo said it is unrealistic to expect hospitality venues to meet the new requirements, which put an “unfair burden” on small businesses that are already struggling to survive.
“This extraordinary law entails the mass recording of personal data in a way that raises serious questions of legality and safety. It poses a serious risk to privacy and data rights,” she said.
“We’ve already had to act for young women who have been harassed by bar staff after their contact details were not safely kept. It was purely magical thinking for the Health Secretary to believe that such extreme requirements, unmatched by the proper legal safeguards, would not put many people at risk,” Carlo added.
The groups announced they will also challenge the government’s failure to conduct and publish a Data Protection Impact Assessment (DPIA) or explain how businesses are to securely collect and store personal details.
- UK’s digital governance services falling behind demands
- Scotland and UK combine subsidies to boost gigabit-speed broadband
- A fake Microsoft Teams email campaign is targeting users
Data rights agency AWO has been instructed to send a pre-action letter to Matt Hancock, Secretary of State for Health and Social Care, threatening legal action unless the government accepts its legal responsibilities and commits to taking action.
Ravi Naik, Legal Director of AWO said the government is failing in its duties to ensure that the systems it deploys are lawful and respect individual rights.
“The government has failed to understand the basics of data protection law in implementing these Regulations. Failing to understand the basics of data protection before demanding venues collect vast data sets is alarming enough,” he said.
“However, that basic mistake permeates and infects the entire operation of this data collection endeavour,” Naik added.