Open Rights Group

Home Campaigns Demand privacy protections for Test & Trace

Demand privacy protections for Test & Trace

The Government’s Test and Trace Programme risks the privacy rights of hundreds of thousands (if not millions) of individuals in the UK whose personal data has been or will be processed through the Programme.

Government has not made the effort to check our data is safe. They are making the same privacy missteps that damaged the NHSX tracker app.

Open Rights Group (ORG) was forced to take action, because the Information Commissioner is not doing its job. When the regulator fails, it is up to us to step in.

After we threatened legal action, the Government was forced to admit that the entire Test & Trace programme has been operating unlawfully since its launch on 28th May 2020.

The UK is flying blind

The public can’t trust the Programme because a vital (and legally required) safety step known as a Data Protection Impact Assessment (DPIA) was dangerously ignored.

DPIAs serve the same safety function as a health and safety or a fire assessment. Unless it is done and conducted properly, the Government will be unaware of the risks they are running. This means the Government, and the entire UK public along with them, are walking into this project blind.

The Test and Trace Programme has been rushed; private contractors have been employed to deliver it with large numbers of new employees. Many systems have been bolted together at short notice.

We are doing everything we can to ensure the Test and Trace Programme is made safer by undergoing a proper DPIA to evaluate the privacy risks.

The Story So Far

29 Mar 2021

First look at vaccine passports

Countries around the world are considering introducing vaccine passports, and the UK is among them.
Read more

25 Jan 2021

ICO enforcement: two years after the GDPR

On Tuesday, the Information Commissioner Elizabeth Denham will appear in front of the DCMS Committee for a hearing, where she will be questioned about her office’s role in protecting personal data against targeted online advertising, and the use of personal data for tackling the coronavirus pandemic.
Read more

24 Sep 2020

NHS App users get privacy; other visitors get nothing

Today the Government launched its England and Wales COVID App, and its new rules to ensure that bars and restaurants keep records of customers who visit.
Read more

14 Sep 2020

Pubs vs. Privacy: what changes for contact tracing

The Prime Minister announced on Wednesday 9 September that “premises and venues where people meet socially will be legally required to request the contact details of a member of every party, record and retain these details for 21 days and provide them to the NHS Test and Trace without delay when required”.
Read more

05 Aug 2020

Fighting and winning for privacy, where was the ICO

The Government admitted their Test and Trace programme is operating unlawfully, but we should never have had to threaten legal action.
Read more

26 Jun 2020

Where everybody knows your name: pubs and data

The UK Government has announced that pubs can reopen on 4 July, and in the process asked them to start collecting the personal data of their customers to assist in test and trace.
Read more

23 Jun 2020

NHSX App delayed, but data protection still MIA

It finally happened: NHSX came to realise the issues surrounding their contact tracing app, and decided to switch to a decentralised approach.
Read more

More Information

31 July, 2020

Test and Trace briefing for JCHR
Our take on Government failing to tun Test and Trace in compliance with the law.
Find Out More

01 June, 2020

Response to the JCHR draft Digital Contact Tracing (Data Protection) Bill
We wrote to the JCHR to support and strenghten legal safeguards for digital contact tracing.
Find Out More

30 June, 2020

Response to the “Science of Covid” consultation of the Lords’ Science and Technology Committee
We highlighted the role of data protection in ensuring an effective Government response to pandemics.
Find Out More

15 July, 2020

Response to the call for evidence on the “Impact of Covid-19 on DCMS sectors”
We asked the DCMS Committee to hold the ICO accountable for their failure to enforce the law during the Coronavirus crisis.
Find Out More

Press Releases

21 August, 2020

Cross-Party Group of MPs challenge Information Commissioner over Data Protection failure
Cross-Party Group of MPs challenge Information Commissioner over failure to enforce Data Protection in the Test and Trace Programme  In an unprecedented move, a cross-party group of more than 20 MPs have challenged the Information Commissioner over the regulator’s failure to enforce Data Protection standards and hold the Government to account.
Find Out More

20 July, 2020

Government admits Test and Trace unlawful
The UK Government has been forced to admit they deployed the COVID-19 Test and Trace programme unlawfully without a Data Protection Impact Assessment (DPIA), following a legal challenge from privacy campaigning organisation, Open Rights Group (ORG).
Find Out More

Related Campaigns

Digital Privacy

Hands Off Our Data
Your data will be used against you and you’ll have less ability to do anything about it.
Find Out More

Digital Privacy

End Pre-Crime
Data and content is being weaponised to criminalise people without cause.
Find Out More

Digital Privacy

Councils against data discrimination
Council’s should use technology to support justice, rights and freedoms.
Find Out More

Digital Privacy

Stop Data Discrimination
The government wants to make it easier for companies and authorities to use your data against you.
Find Out More

Digital Privacy

The Global Privacy Race to the Bottom
UK privacy rights are getting trampled in the Government’s rush to join the Comprehensive and Progressive Agreement for Trans-Pacific Partnership (CPTPP).
Find Out More

Digital Privacy

Ending illegal online advertising
Your personal data is being auctioned off to online advertisers through AdTech systems, putting profits over privacy.
Find Out More

Digital Privacy

Make data protection law work for everyone
Currently only citizens – who rarely have the expertise, ability or time – are able to initiate complaints when data law is broken.
Find Out More

Digital Privacy

NHSX scraps centralised model for Covid-19 app
In a huge win for digital privacy, in June 2020 the UK Government scrapped plans to use a centralised model for its Covid-19 tracker app, opting for the decentralised model long advocated by Open Rights Group (ORG).
Find Out More

Digital Privacy

The Government assault on privacy
From expanded Police data powers to undermining the UK’s privacy regulator, the Government is rolling out a multifaceted attack on our hard won rights to privacy.
Find Out More

Digital Privacy

“Immigration exemption” ruled unlawful under GDPR
When the “immigration exemption” became law as part of the 2018 Data Protection Act, it threatened the data rights of all UK residents, including British citizens.
Find Out More

Digital Privacy

Government drops risky age verification plan
Open Rights Group (ORG) has been warning about major privacy risks in plans for age checks on adult websites since they were proposed in the Digital Economy Act 2017.
Find Out More

Digital Privacy

Migrant Digital Justice
The Migrant Digital Justice programme empowers the migrants’ rights sector to challenge technologies used in immigration controls.
Find Out More

Digital Privacy

Changing the law on tracking
In 2008 BT, Virgin and TalkTalk signed up to a new technology called Phorm, tracking users’ online habits to target them with ads.
Find Out More