UK government in DPIA oversight

UK – The UK government is working with the Information Commissioner’s Office (ICO) after it failed to carry out the necessary privacy assessment before the launch of its Covid-19 test and trace programme.

Contact tracing covid tracking_crop

Open Rights Group (ORG), which campaigns for privacy and free speech online, had previously accused the government of failing to carry out a proper data protection impact assessment (DPIA) before the test and trace system to contain Covid-19 was put in place.

The government has accepted it did not carry out a DPIA for test and trace. DPIAs are necessary under the General Data Protection Regulation for projects deemed high risk to personal privacy and data security, and are intended to identify and minimise the data protection risks of a project.

The ICO said that it was working with the government on the DPIA for the test and trace programme as a “critical friend” to provide guidance and advice, and to ensure people’s data is protected.

“We recognise the urgency in rolling out the test and trace service during a health emergency, but for the public to have trust and confidence to hand over their data and that of their friends and families, there is also work needed to ensure the risks to that personal data are properly and transparently mitigated,” a spokesperson for the ICO said.

“People need to understand how their data will be safeguarded and how it will be used.”

Earlier this year, the government dropped plans to use an app based on a centralised database to complement the test and trace system. The use of a centralised database was criticised in some quarters over privacy concerns, and a decentralised version of the app is now being designed with Google and Apple.

A Department of Health and Social Care spokesperson said there was “no evidence” data was being used unlawfully by test and trace despite the issues over a DPIA.

“NHS Test and Trace is committed to the highest ethical and data governance standards – collecting, using, and retaining data to fight the virus and save lives, while taking full account of all relevant legal obligations,” the spokesperson said.

“We have rapidly created a large-scale test and trace system in response to this unprecedented pandemic. The programme is able to offer a test to anyone who needs one and trace the contacts of those who test positive, to stop the spread of the virus.”

We hope you enjoyed this article.
Research Live is published by MRS.

The Market Research Society (MRS) exists to promote and protect the research sector, showcasing how research delivers impact for businesses and government.

Members of MRS enjoy many benefits including tailoured policy guidance, discounts on training and conferences, and access to member-only content.

For example, there's an archive of winning case studies from over a decade of MRS Awards.

Find out more about the benefits of joining MRS here.

0 Comments

Display name

Email

Join the discussion

Newsletter
Stay connected with the latest insights and trends...
Sign Up
Latest From MRS

Our latest training courses

Our new 2025 training programme is now launched as part of the development offered within the MRS Global Insight Academy

See all training

Specialist conferences

Our one-day conferences cover topics including CX and UX, Semiotics, B2B, Finance, AI and Leaders' Forums.

See all conferences

MRS reports on AI

MRS has published a three-part series on how generative AI is impacting the research sector, including synthetic respondents and challenges to adoption.

See the reports

Progress faster...
with MRS 
membership

Mentoring

CPD/recognition

Webinars

Codeline

Discounts