WIn for @OpenRightsGroup:
Government admits to ORG that England& #39;s test and trace programme & #39;breaks GDPR data law& #39; https://www.bbc.co.uk/news/technology-53466471">https://www.bbc.co.uk/news/tech...
Government admits to ORG that England& #39;s test and trace programme & #39;breaks GDPR data law& #39; https://www.bbc.co.uk/news/technology-53466471">https://www.bbc.co.uk/news/tech...
What happened here:
ORG was already concerned because the App had a late and bad Data Protection Impact Assessment.
When the manual Track and Trace programme was launched at the end of May, Politico reported no DPIA had been done. https://www.politico.eu/article/uk-test-trace-privacy-data-impact-assessement/">https://www.politico.eu/article/u...
ORG was already concerned because the App had a late and bad Data Protection Impact Assessment.
When the manual Track and Trace programme was launched at the end of May, Politico reported no DPIA had been done. https://www.politico.eu/article/uk-test-trace-privacy-data-impact-assessement/">https://www.politico.eu/article/u...
We wrote to the Government, which said it had done a DPIA on CTAS. They obfuscated to us, trying to imply doing a DPIA on one part of the system was enough.
CTAS is the & #39;Contact Tracing and Advisory Service& #39; web portal, one of several pieces of software. https://www.wired.co.uk/article/nhs-coronavirus-contact-tracing-calls">https://www.wired.co.uk/article/n...
CTAS is the & #39;Contact Tracing and Advisory Service& #39; web portal, one of several pieces of software. https://www.wired.co.uk/article/nhs-coronavirus-contact-tracing-calls">https://www.wired.co.uk/article/n...
Faced with this obfuscation, we threatened the Government with a Judicial Review over their decision *not* to conduct a DPIA.
As this was simple matter, we asked for them to confirm in a week if they had done one, and if not, to conduct it. https://www.wired.co.uk/article/nhs-test-and-trace-data-protection">https://www.wired.co.uk/article/n...
As this was simple matter, we asked for them to confirm in a week if they had done one, and if not, to conduct it. https://www.wired.co.uk/article/nhs-test-and-trace-data-protection">https://www.wired.co.uk/article/n...
Meanwhile stories like this emerged, contact tracers using social media groups to solve issues with their software, and sharing patient data on them: https://www.thetimes.co.uk/edition/news/coronavirus-contact-tracers-sharing-patients-data-on-whatsapp-and-facebook-rg3zqn5l6">https://www.thetimes.co.uk/edition/n...
Two weeks since the threat of a court case, and after six weeks of correspondence, the Government admitted they had not done a DPIA, and said they were now doing one.
IMPORTANT:
Since Test and Trace is operating unlawflly and data breaches appear to be taking place, the @ICOnews needs to step in, demand documents, and identify changes to re-establish public trust.
Time to end the “critical friend” policy and Regulate #GDPR.
Since Test and Trace is operating unlawflly and data breaches appear to be taking place, the @ICOnews needs to step in, demand documents, and identify changes to re-establish public trust.
Time to end the “critical friend” policy and Regulate #GDPR.
GOVT SPIN:
The Govt is telling journalists that there is “no evidence” of “unlawful data processing”.
What their letter (linked here) says is that the *programme* was operating unlawfully. https://www.openrightsgroup.org/press-releases/government-admits-test-and-trace-unlawful/">https://www.openrightsgroup.org/press-rel...
The Govt is telling journalists that there is “no evidence” of “unlawful data processing”.
What their letter (linked here) says is that the *programme* was operating unlawfully. https://www.openrightsgroup.org/press-releases/government-admits-test-and-trace-unlawful/">https://www.openrightsgroup.org/press-rel...
Here is the Government’s admission that they needed to do a DPIA at para 22:
https://www.openrightsgroup.org/app/uploads/2020/07/200715-PAP-Response-Letter.pdf">https://www.openrightsgroup.org/app/uploa...
https://www.openrightsgroup.org/app/uploads/2020/07/200715-PAP-Response-Letter.pdf">https://www.openrightsgroup.org/app/uploa...
And let’s make this absolutely clear:
This admission was obtained only as the result of legal correspondence and the threat of Judicial Review.
For which @RaviNa1k and @A__W______O deserve the credit—thank you for making this happen!
This admission was obtained only as the result of legal correspondence and the threat of Judicial Review.
For which @RaviNa1k and @A__W______O deserve the credit—thank you for making this happen!