England’s test and trace app could face lawsuit for breaching GDPR

The Open Rights Group (ORG), a UK-based organisation that campaigns for digital rights, says it will take the UK government to court to force them to conduct a data protection impact assessment (DPIA) following the Department of Health’s clarification that the app was launched without prior assessment of the risks – a requirement of GDPR. 

Jim Killock, executive director of the ORG, said: “A crucial element in the fight against the pandemic is mutual trust between the public and the government, which is undermined by their operating the program without basic privacy safeguards.”

On 5 June 2020 the UK government released its NHS COVID-19 data contracts with Palantir, Microsoft, Amazon and Faculty, following an impending lawsuit instigated by OpenDemocracy and tech justice legal firm Foxglove. The documents revealed an “unprecedented transfer of personal health information of millions of NHS users”. The government failed to provide DPIAs before the contracts were agreed, causing privacy experts to question the regulation of procurement laws. 

The government has maintained that no evidence exists of data being used unlawfully. 

The Information Commissioner’s Office is working as a “critical friend” to the UK government to ensure GDPR compliance, as told to BBC.

The largest data protection, privacy and security event of 2020, now available on-demand!

Featuring four whole days of keynote sessions, panel debates, and an opportunity to network and chew over all things data-related through discussions in public boards and virtual booths, PrivSec Global is now available to watch on-demand.

You can access the content from all four days, by registering for access to our PrivSec Global platform below.

Learn More and Register

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.