The UK government has admitted its contact tracing programme is unlawful in a legal letter confirming it’s been running in breach of data protection laws since launch in May.
According to the letter, sent in response to a legal challenge brought by Open Rights Group (ORG) against the government for failing to confirm whether it’d met the required safeguards for the programme, Whitehall didn’t conduct a DPIA, required to ensure breaches of patients' information don't take place.
— Jim Killock (@jimkillock) July 20, 2020
A spokesperson for the Department of Health and Social Care told Sky News there was a clear distinction between the programme itself being unlawful versus the way it was handling NHS patient data being unlawful, and the latter hadn’t happened. They also claimed the programme was developed quickly due to the public health emergency caused by the pandemic.
"NHS Test and Trace is committed to the highest ethical and data governance standards - collecting, using, and retaining data to fight the virus and save lives, while taking full account of all relevant legal obligations," they added.
Adding to Whitehall’s woes, Sky News has revealed contractors working for NHS Test and Trace have been told they may be fired following reports of dozens of staff sharing patients' confidential data on social media – the outlet has seen internal communications from NHS Test and Trace warning contractors "patient identifiable information must never be posted" on social media, and “any such examples which come to light will be dealt with through the appropriate employment processes”.
— Department of Health and Social Care (@DHSCgovuk) July 20, 2020
This message was first circulated to workers 13th July before being repeated three days later.
Jim Killock, executive director of ORG, described the government as "reckless" in "ignoring a vital and legally required safety step".
"A crucial element in the fight against the pandemic is mutual trust between the public and the government, which is undermined by their operating the programme without basic privacy safeguards. The Information Commissioner's Office and Parliament must ensure Test and Trace is operating safely and lawfully. As we have already seen individual contractors sharing patient data on social media platforms, emergency remedial steps will need to be taken," he added.
