IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Privacy group to challenge UK over test and trace data retention

Open Rights Group threatens legal action over decision to retain personal health data for up to two decades

Digital rights campaigners at the Open Rights Group (ORG) are preparing to legally challenge the UK government over its decision to retain personal health data for up to two decades.

According to The Guardian, ORG is “preparing a legal challenge” and have enlisted data rights lawyer Ravi Naik to draft an open letter addressed to home secretary Priti Patel and health secretary Matt Hancock over the privacy risks associated with the UK's track and trace programme. 

A spokesperson for the digital rights campaign group confirmed to IT Pro that it "will be writing to the government this week to ask for their justifications".

"If these are inadequate we will consider enforcement action or judicial review," they added.

The open letter from the organisation will ask the government to consider switching to a decentralised model, which was the plan until late April when the UK snubbed Apple and Google's jointly-developed contact-tracing API.

Instead, the UK has opted to develop its own centralised contact-tracing system which will retain the personal data of those who had tested positive for the coronavirus for up to two decades.

According to ORG, the decentralised model “has been found to be more likely to comply with both human rights and data protection laws and to enhance trust”.

The digital rights organisation is also asking the government to “publish its assessment of risks and mitigations for vulnerable and marginalised groups”, to clarify who or which political body will be retaining the personal data, and “provide guarantees that data shared through the contact tracing app will not be used to deny access to public services or for the purposes of immigration enforcement”.

Further, ORG wants the government to roll out  “clear communication campaign” in order to “create much-needed trust and confidence in the NHSX app”, which some argue has been breached by the decision to retain the data for a long period of time.

Related Resource

Enhance the safety and security of your people, assets, and operations

Enable a true vision of security with an engineered solution based on hyperconverged and storage platforms

Download now

A spokesperson for the organisation told IT Pro: "We hope the government will adjust its policies to better reflect people’s privacy concerns. If the government increases trust, it will increase participation."

Speaking to The Guardian, ORG executive director Jim Killock added that “the government needs to better explain its reasoning”. 

“What they have done so far has been rushed. Our concern is people will feel reluctant to participate if they feel their personal data is leaving their control,” he said.

Last month, independent security and privacy consultant Dr Chris Culnane and Thinking Cybersecurity CEO Vanessa Teague found that the NHSX contact-tracing app was rife with "varied" security problems that pose a threat to user privacy. Culnane and Teague are also in favour of the decentralised API model.

Featured Resources

2023 Strategic roadmap for data security platform convergence

Capitalise on your data and share it securely using consolidated platforms

Free Download

The 3D trends report

Presenting one of the most exciting frontiers in visual culture

Free Download

The Total Economic Impact™ of IBM Cloud Pak® for Watson AIOps with Instana

Cost savings and business benefits

Free Download

Leverage automated APM to accelerate CI/CD and boost application performance

Constant change to meet fast-evolving application functionality

Free Download

Most Popular

What's powering Britain’s fibre broadband boom?
Network & Internet

What's powering Britain’s fibre broadband boom?

3 Feb 2023
Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
Yandex data breach reveals source code littered with racist language
data breaches

Yandex data breach reveals source code littered with racist language

30 Jan 2023