England’s test and trace app could face lawsuit for breaching GDPR

The Open Rights Group (ORG), a UK-based organisation that campaigns for digital rights, says it will take the UK government to court to force them to conduct a data protection impact assessment (DPIA) following the Department of Health’s clarification that the app was launched without prior assessment of the risks – a requirement of GDPR. 

Jim Killock, executive director of the ORG, said: “A crucial element in the fight against the pandemic is mutual trust between the public and the government, which is undermined by their operating the program without basic privacy safeguards.”

On 5 June 2020 the UK government released its NHS COVID-19 data contracts with Palantir, Microsoft, Amazon and Faculty, following an impending lawsuit instigated by OpenDemocracy and tech justice legal firm Foxglove. The documents revealed an “unprecedented transfer of personal health information of millions of NHS users”. The government failed to provide DPIAs before the contracts were agreed, causing privacy experts to question the regulation of procurement laws. 

The government has maintained that no evidence exists of data being used unlawfully. 

The Information Commissioner’s Office is working as a “critical friend” to the UK government to ensure GDPR compliance, as told to BBC.


Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit https://digital.privsec.info/.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.