The ICO, the UK’s information rights body, has not taken action against the government on key data protection issues during the pandemic, a group of 20 MPs has said.
The cross-party group of MPs wrote to the head of the ICO (The Information Commissioner’s Office) Elizabeth Denham, urging better enforcement of the data protection rules under the Data Protection Act, which is based upon the GDPR.
In the letter, the group accused ministers of paying “scant regard” to privacy concerns and data protection duties during the Covid-19 pandemic.
It also accused the government of engaging with private contractors with “problematic reputations” to process personal data. The letter claims it had built a contact tracing proximity app that centralised and stored more data “than was necessary, without sufficient safeguards”.
On releasing the app for trial, the group said ministers failed to notify the Information Commissioner in advance of its data protection impact assessment.
The group also said the government admitted it had breached its data protection obligations by failing to conduct an impact assessment prior to the launch of their test and trace programme.
Calling for action to establish public confidence, the group said it is now “imperative” that action is taken.
The letter reads: “The government not only appears unwilling to understand its legal duties, it also seems to lack any sense that it needs your advice, except as a shield against criticism.
“Regarding test and trace, it is imperative that you take action to establish public confidence – a trusted system is critical to protecting public health.”
The letter added: “ICO action is urgently required for Parliament and the public to have confidence that their data is being treated safely and legally, in the current Covid-19 pandemic and beyond.”