Photo credit: Adobe Stock
A bipartisan group of MPs has written to the Information Commissioner’s office to warn the regulator it must begin holding a government accountable for “barely addressing privacy concerns and obligations” during the coronavirus crisis.
The gathering of 22 MPs has reached out to Commissioner Elizabeth Denham to express concern about what they see as the lack of privacy protection shown by the government in its pandemic response.
Problems identified in the letter include “private contractors with problematic reputations” being able to process sensitive data and the creation of a repository that MEPs claim is “of unproven use”.
“Most recently, the government has admitted that it has breached its privacy obligations by failing to conduct an impact assessment prior to launching its Test and Trace program,” the MPs wrote. “They only acknowledged this failure in the face of threats of legal action by the Open Rights Group. The government has highlighted your role at every turn, citing you as an advisor who goes into the details of their work and uses you to justify their actions. “
The letter, which was jointly signed by representatives of the Labor Party, the Scottish National Party, the Liberal Democrats and the Green Party, also accused Health Secretary Matt Hancock of “violating data protection regulations” and failing to understand the requirements for data protection impact assessments Reference to the Test and Trace scheme.
“On Monday July 20th [Hancock said to] The parliament declared, “I am not being held back by the bureaucracy,” and contested the stated position of the government’s own legal service that three DPIAs “covered” all necessary, the letter said.
MPs reminded Denham that her office still has the power to coerce information from the government, as well as dictate changes in practice – or even impose fines.
“Parliamentarians and the public must be able to rely on the regulator,” they said. “Not only does the government seem unwilling to understand its legal obligations, but it also seems to have no sense of needing your advice except as a shield against criticism. Regarding test and trace, it is imperative to take steps to increase public confidence. A trustworthy system is vital to protecting public health. “
Jim Killock, executive director of the Open Rights Group digital rights panel that released the letter, said the regulator’s accommodating approach over the past few months has shown that “something is fishy at the heart of the ICO.” He warned the data protection officer that unless he takes action soon, he could be disbanded in the same way as Public Health England.
“The ICO is a public body funded by taxpayers and accountable to parliament. You need to sit up, listen and act now, ”he said. “As a regulator, ICO must ensure that the government is complying with the law. You need to heed the lessons of what happened to Public Health England. The only way to avoid this fate is to enforce the law and properly discharge their legal responsibilities. ”
‘Fast and easy’
Liberal Democratic spokeswoman for digital, culture, media and sports, Daisy Cooper, said that during the coronavirus crisis, the government “played quick and easy with privacy measures that keep people safe”.
“The public needs a data controller with teeth,” she added. “The ICO needs to stop sitting on its hands and use its powers to assess what needs to be changed and enforce those changes to ensure that the government is using people’s data safely and legally.”
Another signatory, Labor MP Clive Lewis, said that in order to “avoid a major loss of confidence,” the regulator needs to launch an in-order investigation into the government’s approach to data protection.
Green MP Caroline Lucas also warned of the loss of public confidence in the Test and Trace program.
“There needs to be an assessment of the risk of data leakage and measures to prevent that data,” she added.
John Nicholson, SNP representative for DCMS affairs, said, “This government is currently planning further changes to the Test and Trace program. We urgently need the ICO to enforce the law. A weak regulator, failing to hold the government accountable, threatens the health and safety of people in Scotland and across the UK. Failure to address privacy concerns puts public health at risk. The government and the ICO must both take this very seriously. ”
“There is something rotten at the heart of the ICO that is making them tolerate the government’s illegal behavior … they need to sit up, listen and act now.”
Jim Killock, Open Rights Group
In response to the letter, an ICO spokesman said: “Our regulatory obligations include advising and monitoring the work of controllers. Our approach during the pandemic has been to provide advice on the privacy impact of a number of initiatives by the UK Government, the NHS, local councils and private sector organizations to respond to the public health crisis.
“We understand and recognize that the government and other organizations needed to act quickly to address the national health emergency, and we have outlined their data protection obligations and provided them with guidance and expertise on a regular basis. We have published much of this work in order to ensure transparency and will examine and investigate, if necessary, arrangements to ensure that people’s rights to information are respected.
“We will continue to uphold people’s information rights and act where our advice is not followed and where we find serious, systemic or negligent behavior that endangers the protection of people.”