Government Threatened with Legal Action Over Track and Trace

UK privacy campaigners have urged the government to take responsibility for ensuring its Test and Trace program is not abused or face legal action under data protection laws.

Big Brother Watch and the Open Rights Group (ORG) have told data rights agency AWO to send a pre-action letter to the government following multiple reports that data collected by hospitality venues is being misused.

ORG executive director, Jim Killock, clarified on Twitter that he wants the government to take ownership of the problem, as required by the GDPR.

“Government needs to take responsibility for the way that pubs and restaurants collect and use data. They need to make it safe for us and simple and easy for venues,” he argued.

“We believe that GDPR requires government to take responsibility, assess the risks and mitigate the risks. They are, we believe, a ‘Joint Controller.’ This means they are legally obliged to take joint responsibility for the data they compelled businesses to collect.”

Over the past few months several stories have circulated in the media about women suffering harassment by individuals who have obtained their contact details from lists maintained by pubs and bars as part of their Track and Trace obligations.

Other reports suggest that data gathered by venues for the scheme is being subsequently sold on to third parties for marketing purposes, without the data subject’s knowledge or informed consent—a key pillar of the GDPR.

Tom Chivers, digital privacy expert at ProPrivacy, welcomed the rights groups’ efforts to hold the government to account on this.

“We're delighted to see the government finally being held to account for the short-sighted decision to pass the burden of track and trace data collection onto pubs, bars, and restaurants - an industry that effectively had to learn the ins and outs of GDPR overnight,” he argued.

“While some of the blame for these issues does indeed rest with the businesses, we have to ask who is ultimately accountable for this? The government has failed to provide proper help… for these businesses.”

What’s Hot on Infosecurity Magazine?