Pubs ‘breached GDPR’ calling customers for contact tracing
PUBS and restaurants were asked to carry out contact tracing calls to customers in breach of data protection rules, leaked documents reveal.
Confusion within the test-and-trace system and failures of the £40million Covid app prompted desperate health officials to co-opt hospitality businesses into warning patrons about recent outbreaks, despite it being unlawful.
An internal report found that lack of guidance from NHS Test and Trace for local public health teams on how to handle the data left businesses “being asked, or volunteering, to contact customers and visitors”.
It added: “This is a breach of General Data Protection Regulation [GDPR], and leaves businesses and venues open to potential legal challenge.”
Despite millions of people who visited pubs, restaurants and hairdressers before lockdown leaving contact details, the information was barely used by test and trace, according to the report, seen by Sky News. Partly to blame was the failure of the QR code system app users scanned at venues.
The report admitted that the app was “not fully” utilised and instead, local public health teams were tasked with contacting venues to obtain check-in data for themselves, as well as manually flagging risky venues to the Test and Trace team so that alerts could then be sent out via the app.
A spokesman for the Department of Health said: “The NHS Covid-19 App is an important tool in our response, preventing an estimated 600,000 cases.”