NHS test and trace programme ‘broke GDPR data privacy rules’



England’s NHS Test and Trace scheme has broken a key data protection law, privacy campaigners have said.

The Open Rights Group (ORG) say the programme has been unlawful since it started on May 28 because it was launched without an assessment of its impact on privacy.

The Department of Health and Social Care (DHSC) argues there is no evidence data has been used in an unlawful manner.


However, the DHSC conceded that it had not conducted a data protection impact assessment (DPIA) – a requirement under the General Data Protection Regulation (GDPR) for projects processing personal data, the ORG told the BBC.

The Government told the group it is working closely with the Information Commissioner’s Office (ICO) to ensure data is processed in accordance with the law.

But the ORG’s executive director Jim Killock told the news site that the DHSC had been “reckless” in ignoring the legally-required step and, in doing so, had endangered public health.

“A crucial element in the fight against the pandemic is mutual trust between the public and the Government, which is undermined by their operating the programme without basic privacy safeguards,” he said.

A DHSC spokeswoman said: “NHS Test and Trace is committed to the highest ethical and data governance standards – collecting, using, and retaining data to fight the virus and save lives, while taking full account of all relevant legal obligations.”

The ORG is among a number of organisations and individuals to raise privacy concerns over the scheme, with a former Cabinet minister also previously warning of “serious errors” in its implementation.

Labour’s Lord Hain said last month that the NHS had failed to carry out its legal data protection obligations prior to the launch and had entered into data sharing relationships “on unnecessarily favourable terms to large companies”.

The track and trace app has been trialled on the Isle of Wight, but the Government has suggested it may not be ready to roll out across the UK until the winter.

There have been privacy concerns around the world over the use of tracing apps, with Norway last month halting its programme.

On Sunday, The Observer reported Health Secretary Matt Hancock is set to announce local authorities will be able to access the named data of coronavirus cases as long as they abide by strict rules on data protection.



Source link

Leave a Comment

Your email address will not be published.