ORG report finds that ICO failed to hold the government to account over use of public health data during pandemic

ORG’s new report exposes failures by the Information Commissioner’s Office (ICO) in protecting the public privacy and data rights during the Covid-19 pandemic.

Data privacy and the Information Commissioner’s Office During a Crisis analyses the ICO’s role in relation to three key Covid-19 health programmes:

NHS Test and Trace NHS Contract Tracing App NHS Datastore.

Our report finds that the ICO repeatedly failed to take action over clear breaches of data protection law by the government. The ICO’s decision to act as a “critical friend” meant that it was left to civil society and the media to challenge the government over a lack of transparency and accountability, excessive retention of data, missing and late Data Protection Impact Assessments (DPIAs), and the involvement of private companies without proper safeguards.

As a result of these failings, there are concerns that the large datasets created during the pandemic could still be used in new and unexpected ways in the future. Data sharing agreements with private companies like Palantir have allowed private corporations to take advantage of the pandemic to siphon sensitive data from national public health databases. Last month, Open Democracy reported that hospitals are being forced to share patients’ data multinational corporations like Palantir.

The future of data protection in the UK

The report provides further evidence that the Data Protection and Digital Information (DPDI) Bill should be dropped because it would further undermine the independence of the ICO. The Bill also

Read more

Explore the site

More from the blog

Latest News