We’re now on day 3 of lockdown in the UK, after millions tuned in to Boris Johnson’s announcement on Monday evening. As individuals and businesses come to terms with what life will look like for the foreseeable future – working from home, social distancing, home-schooling kids and a distinct shortage of loo roll – you would not be alone if privacy rights and data protection obligations aren’t at the forefront of your mind.
Nevertheless, it is important for businesses to know what they can and cannot do in these times when it comes to the use of personal data. The Information Commissioner’s Office (ICO) recently posted some useful advice on frequently asked questions, making it clear that:
- Whilst statutory timescales are not removed or formally extended, including for responding to subject access requests (SARs) and other rights requests, the ICO understands that resources are stretched and that businesses may be prioritising other matters, indicating a more lenient approach to enforcement during this period.
- Data protection and e-privacy laws do not prevent healthcare organisations from sending public health messages or from using the latest technology to carry out consultations and diagnoses quickly and safely.
- Yes, you can tell staff that a colleague may have contracted COVID-19 (and share this information with public authorities where appropriate), but you probably do not need to name the individuals in question, and should limit the information shared.
This advice may alleviate concerns for some businesses, but campaigners have voiced fears over the impact on privacy rights where technology is being used to track individuals’ whereabouts and collect personal data (including sensitive data about health conditions) in connection with the COVID-19 pandemic.
On 11 March, Dominic Cummings brought together representatives from some of the world’s biggest technology organisations – including Google, Facebook, Amazon, Apple and Microsoft – to try to identify how technology can be used to ease the burden for the NHS and other vital resources. It is not yet clear what the outcomes of this meeting will be but, amidst stories of mobile phone tracking and widespread data sharing in other countries such as Taiwan and Singapore, UK health chiefs are being urged to ensure that people’s privacy is safeguarded.
Whatever approach the UK government takes, it is interesting to see the efforts of other organisations trying to tackle the coronavirus pandemic through technology – some of the stories that caught my eye this week include:
- Folding@Home – a project using crowd-sourced computing power, drawn from the PCs of gamers, creatives and other individuals across the world, to run complex simulations of proteins in an attempt to find new therapeutic opportunities. According to some sources, this distributed network now has more than twice the processing power of the world’s fastest supercomputer, ORNL Summit.
- Private Kit – an app launched by researchers at MIT, designed to help track the spread of the outbreak without compromising individuals’ privacy rights.
- BenevolentAI – a London-based start-up using AI to analyse data and identify new ways to treat disease and personalise drugs for patients.
If your business is working on (or considering) innovative projects to try to help tackle the coronavirus pandemic, or to make people’s lives easier throughout this period, we would love to hear about it. If you have any questions about the use of personal data or your obligations under privacy laws, our specialist data protection team will be able to help – drop me a line at firstname.lastname@example.org.
We won’t penalise organisations that we know need to prioritise other areas or adapt their usual approach during this extraordinary period.