Confirmation the Test and Trace programme breaches privacy regulations follows reports of patients’ confidential data being shared online
The UK government has admitted that its contact tracing programme, that Boris Johnson pledged would be ‘world beating’, is unlawful in a legal letter which confirms that it has been breaching data protection laws since it has been running in May.
Confirmation of the programme failing to adhere to privacy regulations comes after it has been revealed that contractors working for the NHS Test and Trace initiative have been told they may lose their jobs following reports of dozens of staff sharing confidential data on patients to social media.
This comes after Boris Johnson has indicated at PMQs that he has not yet read the government-commissioned report that sets out urgent measures required to prepare for the potential of a second wave of COVID-19 pandemic, telling the Commons that he was only “aware” of it.
According to the legal document, the government did not conduct the appropriate data privacy impact assessment (DPIA), which is a required procedure to ensure that breaches of patients’ information don’t occur.
The legal letter was sent in response to a challenge against the government, brought forward by Open Rights Group (ORG), for failing to confirm whether the required safeguards for the programme had been met.
In the letter, the government’s legal advisers accepted that the government was required by law to have completed a DPIA at the time of the launch of the Test and Trace programme on the 28th of May.
The lawyers add that a single data privacy impact assessment covering the whole of the Test and Trace project has still not been completed, but is currently being worked on and that a number of separate DPIAs covering different parts of the programme were in place.
A spokesperson for the Department of Health and Social Care has drawn a distinction between the government programme being unlawful itself and the legality of the way in which it was handling NHS patients’ data being, claiming that: “There is no evidence of data being used unlawfully.”
“NHS Test and Trace is committed to the highest ethical and data governance standards – collecting, using, and retaining data to fight the virus and save lives, while taking full account of all relevant legal obligations,” they added.
Jim Killock, the executive director of ORG, described the government as “reckless” in “ignoring a vital and legally required safety step”.
“A crucial element in the fight against the pandemic is mutual trust between the public and the government, which is undermined by their operating the programme without basic privacy safeguards.”
“The Information Commissioner’s Office and Parliament must ensure that Test and Trace is operating safely and lawfully,”
“As we have already seen individual contractors sharing patient data on social media platforms, emergency remedial steps will need to be taken,” Mr Killock added.
This comes after senior judges have ruled that Shamima Begum, who is one of three east London schoolgirls to travel to Syria to become members of the so-called Islamic State, should be permitted to return to the United Kingdom to challenge the removal of her British citizenship.