Privacy campaigners have accused the UK government of breaching data protection laws by creating a coronavirus testing and tracking app that is not yet available to the public.
The Open Rights Group (ORG), a campaign group for free speech, has confirmed that it will file a complaint with the Information Commissioner's Office (ICO) about the national rollout of the app following the Covid-19 pandemic.
The group also sent letters to UK Health Secretary Matt Hancock, NHSX (the body responsible for keeping the National Health Service up to date with the latest technology) CEO Matt Gould, and Public Health England (PHE) CEO Duncan Selby, requesting information about the app's data protection.
In its complaint, ORG accuses the NHS and PHE of failing to complete a Data Protection Impact Assessment, which is required by law through the General Data Protection Regulation. The ORG has accused the NHS and PHE of failing to complete the Data Protection Impact Assessment required by law through the General Data Protection Regulation.
ORG stated that this is necessary "given the experimental system and the sensitive nature and scale of the data being processed," adding that both healthcare organizations that confirmed that no data protection impact assessment had been conducted were in violation of the GDPR.
ORG campaigners also called the app's 20-year data retention period excessive, while also questioning its commercial and research purposes. They also claimed to have discovered unspecified security issues that put people at risk and said the app's privacy notice is flawed.
Jim Killock, executive director of the Open Rights Group, called on the ICO to take action and enforce the law, accusing the government of starting too soon with this development.
He said: "If we continue in this manner, public trust will be undermined and people will refuse to participate in the Track and Trace program. Public health objectives are being undermined by the lack of privacy and data protection basics in place."
He also said.
The complaint is filed by Ravi Naik, legal director of the data rights agency AWO. He also criticizes the app's approach to data protection, stating: "Rushing to start test-and-trace without following basic legal requirements is problematic. These legal obligations are not just compliance points. [They are designed to ensure that risks are identified and mitigated. Failure to conduct these assessments raises concerns among clients that these risks are not being properly considered.
Comments