5 June 2020 — The Register
‘Government is moving too fast, and breaking things as a result’
Open Rights Group has instructed lawyers to lodge a complaint with the UK’s data watchdog over the rollout of the Test and Trace system because it says the system breaches the General Data Protection Regulation (GDPR).
In addition to the Information Commissioner’s Office (ICO), the digital rights body’s lawyers have also written to the country’s health secretary Matt Hancock, the CEO of NHS digital agency NHSX, and the chief exec of Public Health England, asking for clarity around the system.
The complaint to the ICO relates to the failure by the NHS and Public Health England (PHE), which runs the Test and Trace programme, to conduct a Data Protection Impact Assessment (DPIA), which is required under the GDPR before processing of data in high-risk situations.
The Open Rights Group argues that because Test and Trace is experimental, and processes data of a sensitive nature on a large scale, a DPIA was required before data processing started. PHE and the NHS confirmed that a DPIA has not been conducted, in breach of those GDPR requirements.