UK Government Fails to Meet GDPR Requirement in Test and Trace Program

UK Government Fails to Meet GDPR Requirement in Test and Trace Program

The UK government has failed to meet a crucial General Data Protection Regulation (GDPR) requirement in its COVID-19 Test and Trace program, putting people’s privacy rights at risk, according to the Open Rights Group (ORG).



This follows an admission by the UK’s Department of Health to the group that it has not conducted a data protection impact assessment (DPIA) – a GDPR requirement to identify and minimize data protection risks in projects that process personal information.



“The public can’t trust the program because a vital (and legally required) safety step known as a DPIA was dangerously ignored,” said the ORG in a statement.



Test and Trace was introduced in England on May 28 as part of the government’s strategy of easing COVID-19 lockdown restrictions. Under the initiative, the National Health Service (NHS) attempts to trace close recent contacts of anyone who tests positive for the virus, and if necessary, inform them that they need to self-isolate. This involves people being asked to provide sensitive data including their name, date of birth, postcode, who they live with and places they have recently visited, leading to privacy fears.



The ORG added: “The Test and Trace program has been rushed; private contractors have been employed to deliver it with large numbers of new employees. Many systems have been bolted together at short notice.



“We are doing everything we can to ensure the Test and Trace Program is made safe. That’s why we’re threatening legal action unless a proper DPIA is conducted immediately.”



In its letter to the ORG, the government ..

Support the originator by clicking the read the rest link below.