Data in the News
Here's our monthly round up of some of the top articles on personal data and data protection ...
Personal data from the NHS Test and Trace programme will be kept for 20 years and health secretary Matt Hancock has provided special exemption for the scheme to use sensitive information without citizens’ consent.
The privacy notice for the programme, which launched yesterday, not only cites the sections of the General Data Protection Regulation pertaining to use of data in the public interest or for delivery of public services, but also indicates that Hancock has provided Public Health England with “special permission… to use personally identifiable information without people’s consent, where this is in the public interest”.
Personal data – on those who have tested positive for Covid-19 – will initially be provided to the programme by Public Health England. Contact tracers will then get in touch with these people to obtain or confirm their full name, date of birth, sex, NHS number, full home address, telephone number, email address, and a history of their coronavirus symptoms. Tracers will also ask for contact details of anyone to have come into close contact with those who have tested positive.
Personal data on people that have suffered symptoms will be kept by PHE for 20 years. Information on those who have been in close contact with confirmed cases but have shown no symptoms themselves will be retained for five years.
With the government gradually easing lockdown restrictions and giving the green light for different types of businesses to return to work, employers have obligations to ensure the health and safety of employees while at work. To assist in this, employers may begin processing more health information about employees than was done pre COVID-19.
With the government proposing to ease the current lockdown restrictions to allow more people to get back to work, many organisations are conducting risk assessments (as recommended by the government) and putting together internal policies and procedures on how to keep individuals safe during the course of their work.
Smart cities aren’t just a distant vision for future-living – thanks to innovative IoT driven solutions such as public transport services and remote activated heating systems – they are fast becoming an imminent reality. As this form of technology continues to advance, the growth of smart services and products will influence all areas of our urban lives.
While projects to increase connected infrastructures in urban areas have risen in the past few years, fully smart cities are beginning to be built from the ground up. In October 2019, Sidewalk, a division of Google, received government approval to move forward with its plan for a £1.3 billion smart city infrastructure in Toronto.
The scheme aims to build one of the most advanced hyperconnected cities in the world, where everything in the urban area can not only connect, but also interact with its people. In this smart city, pavements will be heated via sensors and a network of underground tunnels will allow automated robots to deliver goods without clogging up roads. Thanks to rapid urban growth, 65 per cent of the world population will be dwelling in cities by 2040, making this technology even more important to best manage the scale of our new cities.
In an effort to keep citizens safe, state authorities have rapidly implemented various emergency plans to curb the spread of COVID-19. In South Korea, the movements of infected citizens are being broadcasted via public text message. In Israel, the government has approved a law to track smartphones belonging to those suspected of being infected. In the United States, the government is in talks with Google and Facebook to access location data, and in the United Kingdom, data giant Palantir is merging data for the National Health Service to inform the nation’s response. The extent to which governments can leverage technology to surveil and enforce restrictions is clearer than ever.
As these measures continue rolling out, citizens are starting to realize some of the consequences of previous privacy-related decisions and seeing the relative lack of control they have over their personal information. As we saw from the U.S. in 2005, the provisions of the Patriot Act passed in 2001 became permanent, and the emergency measures that are protecting us today in times of crisis can stay for good.
Whether unwittingly, intentionally, unintentionally, justified or not, we’ve seen authorities making tradeoffs time and again between public health and personal data protection. Is it really necessary?