Privacy campaigners have accused the UK government of breaching data protection laws by creating a coronavirus testing and tracking app that is not yet available to the public

The Open Rights Group (ORG), a campaign group for free speech, has confirmed that it will file a complaint with the Information Commissioner's Office (ICO) about the national rollout of the app following the Covid-19 pandemic

The group also sent letters to UK Health Secretary Matt Hancock, NHSX (the body responsible for keeping the National Health Service up to date with the latest technology) CEO Matt Gould, and Public Health England (PHE) CEO Duncan Selby, requesting information about the app's data protection

In its complaint, ORG accuses the NHS and PHE of failing to complete a Data Protection Impact Assessment, which is required by law through the General Data Protection Regulation The ORG has accused the NHS and PHE of failing to complete the Data Protection Impact Assessment required by law through the General Data Protection Regulation

ORG stated that this is necessary "given the experimental system and the sensitive nature and scale of the data being processed," adding that both healthcare organizations that confirmed that no data protection impact assessment had been conducted were in violation of the GDPR

ORG campaigners also called the app's 20-year data retention period excessive, while also questioning its commercial and research purposes They also claimed to have discovered unspecified security issues that put people at risk and said the app's privacy notice is flawed

Jim Killock, executive director of the Open Rights Group, called on the ICO to take action and enforce the law, accusing the government of starting too soon with this development

He said: "If we continue in this manner, public trust will be undermined and people will refuse to participate in the Track and Trace program Public health objectives are being undermined by the lack of privacy and data protection basics in place"

He also said

The complaint is filed by Ravi Naik, legal director of the data rights agency AWO He also criticizes the app's approach to data protection, stating: "Rushing to start test-and-trace without following basic legal requirements is problematic These legal obligations are not just compliance points [They are designed to ensure that risks are identified and mitigated Failure to conduct these assessments raises concerns among clients that these risks are not being properly considered