Blog Layout
Contact tracing and coronavirus
Simon Hunt • 29 October 2021
Contact tracing and coronavirus: your data rights – 24 September 2020
The UK and devolved governments have announced a number of additional measures to help stop the spread of COVID-19. Some organisations are now required by law to collect customer information to support contact tracing schemes, and there are government apps you can download so people can trace the spread of the virus.
The ICO has been supporting businesses and government to ensure that data protection and privacy is built into these new measures from the start.
Whenever an organisation uses your information, it’s important for you to be aware of your personal data rights. We’ve put together some tips on things you should expect:
Your personal data should be kept secure
Businesses collecting your information for contact tracing should do so in a secure way. This means they shouldn’t use open log books or ask you to add your name to a list. If you’re concerned an organisation isn’t keeping your data secure you should raise your concern with them first. If you’re still dissatisfied, you can complain to the ICO.
Your personal data should only be used for contact tracing
Businesses shouldn’t misuse your personal information. Organisations and their staff members have an obligation to look after your personal information. For example, businesses shouldn’t use your contact details to send you further marketing or sell it on for others to target you. And staff members shouldn’t use your phone number or other contact details to get in touch with you for personal reasons.
If you’re worried about how an organisation is handling your personal information, you have the right to raise your concerns. However, if you feel uncomfortable speaking directly to the organisation, the ico can help help. You can call our helpline and our team will be able to advise on what to do, how you can make a complaint to us and what will happen next.
You should understand how your personal data will be used
Whenever you give an organisation your personal data they should tell you how your information will be used. If you download either the NHS COVID-19 app, the Protect Scotland app or the StopCOVID NI app, it should be clear what personal data is being collected, why it is being collected and how long it will keep this information.
Organisations collecting information for contact tracing should be transparent that they are only collecting the information for the purposes of contact tracing. If they want to collect information to send you updates or offers, this should be done separately and should be made clear to you.
You have the right to access your personal information
You have the right to ask an organisation for copies of the personal information it holds about you. The ico have detailed guidance on how you can ask an organisation for copies of your information.
What if I don’t experience this?
If you’re unhappy with how an organisation has been looking after your personal information you have the right to raise a concern. We have advice on the steps you can take here.
On Sunday 31st October, many people will be gathering to carve pumpkins (if they haven’t already) and go out trick or treating – weather permitting or course. Sunday also marks another occasion, Elizabeth Denham who is the current Information Commissioner and heads up the ICO, will be stepping aside (after a 3 months extension) to make way for John Edwards, the incoming Commissioner as appointed by the DCMS. Edwards, who was previously New Zealand’s Privacy commissioner, has in the past stated that he will be “fair and impartial in his dealings with tech companies” . However, he has been reported in the past as describing Facebook as “morally bankrupt pathological liars” So what can we expect from our new Commissioner? In an interview with Damien Green MP, he was quoted as saying “These are nation state-sized commercial enterprises” and that it is becoming “increasingly difficult to engage them on the national level”. An insight into his way of thinking can be found in a statement he gave earlier this year regarding the current Commissioner Ms Denham’s’ handling of the ICO’s investigation into leaked CCTV footage that led to Matt Hancock’s demise as Health Secretary. The Sun newspaper published an article which showed him kissing aide Gina Coladangelo in his departmental office, which was in breach of Covid-19 rules. Mr Hancock then later resigned from the Cabinet after CCTV footage was published. “I don’t know how it got to the press, but I think investigating the security of the government facility such as that, and the way in which it is responsible for data it is entrusted with, is an entirely legitimate activity of an Information Commissioner” The ICO had faced earlier criticism over raids that were carried out on 2 homes in the south of England where it seized computer equipment, as it probed the alleged data breach relating to the incident. Edwards did have this to say: "What I really want to do is make privacy easy. And I think I can translate that to the UK. I want to make data protection easy – easy for industry to implement at low cost, easy for consumers to exercise privacy-friendly choices in their marketplace, and easy for people to access remedies when things go wrong." After all the sweets have gone, the candles put out, and the pumpkins have been put onto compost piles (or chopped up and placed in food bins in our case) Mr Edwards will be getting his teeth into his new job, so good to you sir, let's see what the next Commissioner is capable of. What do you think, has Ms Denham done a good enough job? Will Edwards wage war on the big tech giants, or treat them "fairly & impartially?"
With the G7 summit taking place earlier this year in Carbis Bay, Cornwall the ICO has followed up with a virtual meeting earlier this month to discuss the issue of Cookie Pop-up's
