Demand privacy protections for Test & Trace

The Government’s Test and Trace Programme risks the privacy rights of hundreds of thousands (if not millions) of individuals in the UK whose personal data has been or will be processed through the Programme.

Government has not made the effort to check our data is safe. They are making the same privacy missteps that damaged the NHSX tracker app.

Open Rights Group (ORG) was forced to take action, because the Information Commissioner is not doing its job. When the regulator fails, it is up to us to step in.

After we threatened legal action, the Government was forced to admit that the entire Test & Trace programme has been operating unlawfully since its launch on 28th May 2020.

The UK is flying blind

The public can’t trust the Programme because a vital (and legally required) safety step known as a Data Protection Impact Assessment (DPIA) was dangerously ignored.

DPIAs serve the same safety function as a health and safety or a fire assessment. Unless it is done and conducted properly, the Government will be unaware of the risks they are running. This means the Government, and the entire UK public along with them, are walking into this project blind.

The Test and Trace Programme has been rushed; private contractors have been employed to deliver it with large numbers of new employees. Many systems have been bolted together at short notice.

We are doing everything we can to ensure the Test and Trace Programme is made safer by undergoing a proper DPIA to evaluate the privacy risks.

The Story So Far

First look at vaccine passports

Countries around the world are considering introducing vaccine passports, and the UK is among them.
Read more

ICO enforcement: two years after the GDPR

On Tuesday, the Information Commissioner Elizabeth Denham will appear in front of the DCMS Committee for a hearing, where she will be questioned about her office’s role in protecting personal data against targeted online advertising, and the use of personal data for tackling the coronavirus pandemic.
Read more

NHS App users get privacy; other visitors get nothing

Today the Government launched its England and Wales COVID App, and its new rules to ensure that bars and restaurants keep records of customers who visit.
Read more

Pubs vs. Privacy: what changes for contact tracing

The Prime Minister announced on Wednesday 9 September that “premises and venues where people meet socially will be legally required to request the contact details of a member of every party, record and retain these details for 21 days and provide them to the NHS Test and Trace without delay when required”.
Read more

Fighting and winning for privacy, where was the ICO

The Government admitted their Test and Trace programme is operating unlawfully, but we should never have had to threaten legal action.
Read more

Where everybody knows your name: pubs and data

The UK Government has announced that pubs can reopen on 4 July, and in the process asked them to start collecting the personal data of their customers to assist in test and trace.
Read more

NHSX App delayed, but data protection still MIA

It finally happened: NHSX came to realise the issues surrounding their contact tracing app, and decided to switch to a decentralised approach.
Read more

More Information

Press Releases