#Privacy: ICO announces that mobile tracking is legal during pandemic

The Information Commissioner’s Office (ICO) has announced that the UK government can use mobile phone tracking data to combat the spread of COVID-19.

In a statement, ICO’s Deputy Commissioner Steve Wood explained that location data would be used to help tackle the coronavirus crisis, and as the data will be anonymised, no individual will be identified and no privacy laws will be breached.

“Where this data is properly anonymised and aggregated, it does not fall under data protection law because no individual is identified,” Wood said. “In these circumstances, privacy laws are not breached as long as the appropriate safeguards are in place.”

Wood added that it would be working alongside the Government to provide advice about the application of data protection law “during these unprecedented times.”

The NHS also announced on the same day that it needs accurate real-time information in order to have a “robust operating picture of the virus, how it’s spreading, where it might spread next and how it will impact the NHS and social services.”

Thus to execute an effective response, the Government has commissioned NHS England and Improvement and NHSX to “develop a data platform that will provide those national organisations responsible for coordinating the response with secure, reliable and timely data – in a way that protects the privacy of our citizens – in order to make informed, effective decisions.”

A data store will be created in order to bring multiple data sources into a single, secure location. Data will include 111 online/call centre data from NHS Digital, and COVID-19 test result data from Public Health England.

“All the data in the data store is anonymous, subject to strict controls that meet the requirements of data protection legislation and ensure that individuals cannot be re-identified,” the department said.

“The controls include removing identifiers such as name and address and replacing these with a pseudonym. GDPR principles will be followed, for example, the data will only be used for Covid-19 and not for any other purpose and only relevant information will be collected.”


Registration now OPEN for PrivSec Global
Taking place across four days from 30 Nov to 3 Dec, PrivSec Global, will be the largest data protection, privacy and security event of 2020.

Reserve your place before 2nd October, and receive VIP access to PrivSec Global which includes priority access to limited space sessions, workshops, networking opportunities and exclusive content.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.