England’s COVID test and trace programme breaks GDPR law
The NHS test and trace programme works by alerting any individuals who have been in contact with a person who has tested positive for the virus. This works by tracing people who have been in close contact with the COVID-19 positive individual, alerting them and instructing them to self isolate for 14 days to prevent furthering the spread.
On the forefront, the programme seems very useful in preventing the spread and allowing the country to move forward to a “new normal” however recently, the government has admitted that the test and trace application is unlawful due to it breaching the data protection law enforced in England, GDPR.
The government insists that the data was not breached and it was not being used unlawfully. However the data that they are collecting has been deemed as sensitive information. The data that they collect includes; Name, date of birth and address, places that the individual has recently visited and also the names and contact details (such as phone number or email address) of people that they have been in contact with including intimate partners, which may be uncomfortable for some people to disclose.
Image credits: BBC
The government has informed the ORG that they are working with the Information Commissioner's Office to ensure that all data is processed and stored in accordance with the requirements of the GDPR law.
A spokesman for the Department of Health and Social Care says that the application for contact tracing was rushed as the pandemic raged throughout the country.
The rushed development of the application could have resulted in GDPR being overlooked simply to get the application ready for use as quickly as possible.
Whilst the test and trace system may raise some security concerns, it is a key element to protecting public health and aiding the public to return to a “new normal” after the COVID-19 pandemic.
Stay safe, save lives