Regulation of personal data in the Covid era

11 May 2020

Right now, as you read this, there is a debate going on in the information and data regulation world.
In the blue corner we have the rights of individuals to have their data protected. In the red corner is Covid 19 and the demands of governments to test and monitor the populations of their nation states.
So you can see, the problem is a simple one to define. It is less simple to answer.
At the heart of the storm is the Information Commissioner’s Office. On the one hand, Liberty and the campaign groups championing civil liberties. On the other hand are those seeking to use data monitoring as a means of getting UK PLC back on her feet.
Elizabeth Denham CBE is the current Information Commissioner and she is highly respected in the field. To her it falls to hold the ring between the blue and red corners. From the outset she has sought to strike a pragmatic and proportionate regulator. One of the means of defeating C19 is to use Apps and monitoring  of data.  
With this in mind, the ICO has set out some basic principles:
  • Continuing to recognise the rights of individuals.
  • Focussing on the most serious threats to the public
  • Providing ‘front line organisations’ advice on data regulations.
  • Cracking down on those seeking to take advantage of the current emergency 
One of the more important jobs for the ICO will be to give rapid guidance to public authorities on the suitability of Apps currently under development or being tested (in the Isle of Wight) and the safeguards in those Apps. At the risk of being frivolous, there are reported cases of Apps in other countries, leading to the discovery of extra marital affairs. All rather awkward, I think you will agree. More seriously are the problems we have so often seen in the past few years of data misuse and security.
More prosaically, the ICO has sent out a clear message on their day to day business: if data processors and controllers make innocent mistakes because of staff shortages or changes in working practice caused by C19 and make a clean breast of it, they will be treated reasonably and pragmatically. If they seek to cover up, they will be treated less reasonably. If they behaved cynically and tried to take advantage of the C19 emergency, will be treated harshly.

The ICO will have been consulted in respect of the geo spatial and geo location Apps currently being tested in the isle of Wight. The App, developed by NHSX (the IT arm of the NHS) uses Bluetooth. The Bluetooth pings continuously in the phone in which it is downloaded. It stores  anonymised identifiers from other phones in which the App is installed. So, if I am infected, the app will have a record of every phone it has come within range of. These phones (and their owners) can then be messaged.
Now, the NHSX team have opted for a ‘centralised system’. A centralised approach means that data and messages are uploaded to and from a central server within the NHS. This differs somewhat from the Apple and Google’s system. In their case, there is no uploading or downloading or messaging from a central server. The messages are sent direct between phones. The problem here though is simply this - leaving aside the need to identify clusters and allocate resources or implement measures/ warnings accordingly- do you trust Apple or Google anymore than you trust the NHS? Ticklish, isn’t it?
In this writer’s view, people are dying, the economy is crashing, the physical and mental health of the nation are under pressure. The NHS centralised system uses anonymised identifiers. The data will be erased when it is no longer needed. The data collected in the meantime will be used to mitigate risk and save lives, and to model future outbreaks. Data is a tool in this struggle and for the future. Safeguards are in place. Insofar as there are risks to civil liberties, these may have to take a back seat for a while.

Further reading

Mark Diamond joins DMH Stallard

New Partner specialising in M&A joins our expanding Corporate team, in Gatwick
Read more Read

DMH Stallard supports charities helping young people dress for success

Our London office has supported two charities supplying unemployed men and women with clothes for job interviews
Read more Read

Amazon announces they will no longer be accepting UK issued Visa credit card payments

Jonathan Compton comments on the potential issues this may cause in the competition market in the future
Read more Read

Clarification on damages for data breaches handed down by Supreme Court

On 10 November 2021, the Supreme Court handed down its judgment in Lloyd v Google LLC leading to a saving of £3billion in compensation claims
Read more Read
  • Brighton Office

    1 Jubilee Street


    East Sussex

    BN1 1GE

  • Gatwick Office

    Griffin House

    135 High Street


    West Sussex

    RH10 1DQ

  • Guildford Office

    Wonersh House

    The Guildway

    Old Portsmouth Road



    GU3 1LR

  • Horsham Office

    Ridgeland House

    15 Carfax


    West Sussex

    RH12 1DY

  • London Office

    6 New Street Square

    New Fetter Lane


    EC4A 3BF

  • Get in touch