Coronavirus: taking us to a new level of digital surveillance?

Toni Vitale, partner and head of data protection at JMW Solicitors discusses the digital surveillance concerns raised with the UK’s plans for a contact tracing app.

Matt Hancock, Secretary of State for Health in the UK recently publicly announced plans for a contact tracing app linked to the government’s ability to ease the lockdown restrictions. The app would inform you with an alert if you had recently come into close contact with a person infected with Covid-19.

Data regulators such as the UK’s Information Commissioners Office (ICO) are aware of the struggles organisations and their governments are facing in the current Covid-19 pandemic.  The ICO has issued a statement to say that provided the data is anonymous, the government may not be breaching data protection laws. However the ICO’s anonymity standard is very high – a person must never be able to be identified from the anonymous data.  It is doubtful the NHS App can meet this standard.

Take up of the NHS app will need to reach 60% of the population (and to be downloaded onto 80% of mobile phones) for it to be effective but if the public accept this intrusive use of personal data for health reasons in an emergency, are they more likely to accept the UK government using the data for crime prevention, monitoring large crowds at events, or to replace the national census (due in 2021) in the future?

The European Union is likely to take a cautious approach to such monitoring, but in other parts of the world tracking is already taking place. The European Data protection Board (which advises the EU Commission on data privacy) advocates a more cautious approach in Europe stating that governments “should first seek to process location data in an anonymous way… which could enable generating reports on the concentration of mobile devices at a certain location”.  The EDPB recommends the introduction of adequate scrutiny and safeguards including the right to a judicial remedy. In the UK plans are already in flight to curtail the right of judicial review. Blanket surveillance is unlikely to be compliant with EU laws even when it is for the public good.

These are extraordinary times, but human rights law still applies. Governments cannot simply disregard rights such as privacy and freedom of expression in the name of tackling a public health crisis.

Human Rights Watch (an international non-governmental organisation) has issued an eight-point declaration to balance individual rights and the need for governments to protect public health:

  1. Surveillance measures adopted to address the pandemic must be lawful, necessary and proportionate;
  2. New monitoring and surveillance powers must be time-bound, and continue only for as long as necessary;
  3. Data must only be used for the purposes of responding to the pandemic;
  4. Governments must protect people’s data, including ensuring sufficient security;
  5. Governments must address the risk that the tools will facilitate discrimination and other rights abuses against racial minorities, people living in poverty, and other marginalized populations;
  6. If Governments partner with private sector entities, the agreements must comply with the law, and sufficient information to allow public oversight must be publicly disclosed.  Such agreements should be in writing, with sunset clauses;
  7. Increased surveillance should not fall under the domain of security or intelligence agencies and must be subject to effective oversight by appropriate independent bodies;
  8. Data should be shared with relevant stakeholders, in particular experts in the public health sector and marginalized population groups.

The declaration has been signed by many international organisations to urge governments to show leadership in tackling the pandemic in a way that is strictly in line with human rights.


Toni Vitale

Toni, partner and head of data protection at JMW Solicitors, has assisted clients on a wide range of privacy and cyber security issues, including regulatory and compliance investigations, data monetisation and data breaches. He has advised on GDPR, e-privacy, PECR, net neutrality, RIPA, reputation management and cyber security.

Birmingham Unveils the UK’s Best Emerging HealthTech Advances

Kosta Mavroulakis • 03rd April 2025

The National HealthTech Series hosted its latest event in Birmingham this month, showcasing innovative startups driving advanced health technology, including AI-assisted diagnostics, wearable devices and revolutionary educational tools for healthcare professionals. Health stakeholders drawn from the NHS, universities, industry and front-line patient care met with new and emerging businesses to define the future trajectory of...

Why DEIB is Imperative to Tech’s Future

Hadas Almog from AppsFlyer • 17th March 2025

We’ve been seeing Diversity, Equity, Inclusion, and Belonging (DEIB) initiatives being cut time and time again throughout the tech industry. DEIB dedicated roles have been eliminated, employee resource groups have lost funding, and initiatives once considered crucial have been deprioritised in favour of “more immediate business needs.” The justification for these cuts is often the...

The need to eradicate platform dependence

Sue Azari • 10th March 2025

The advertising industry is undergoing a seismic shift. Connected TV (CTV), Retail Media Networks (RMNs), and omnichannel strategies are rapidly redefining how brands engage with consumers. As digital privacy regulations evolve and platform dynamics shift, advertisers must recognise a fundamental truth. You cannot build a sustainable business on borrowed ground. The recent uncertainty surrounding TikTok...

The need to clean data for effective insight

David Sheldrake • 05th March 2025

There is more data today than ever before. In fact, the total amount of data created, captured, copied, and consumed globally has now reached an incredible 149 zettabytes. The growth of the big mountain is not expected to slow down, either, with it expected to reach almost 400 zettabytes within the next three years. Whilst...

What can be done to democratize VDI?

Dennis Damen • 05th March 2025

Virtual Desktop Infrastructure (VDI) offers businesses enhanced security, scalability, and compliance, yet it remains a niche technology. One of the biggest barriers to widespread adoption is a severe talent gap. Many IT professionals lack hands-on VDI experience, as their careers begin with physical machines and increasingly shift toward cloud-based services. This shortage has created a...

Tech and Business Outlook: US Confident, European Sentiment Mixed

Viva Technology • 11th February 2025

The VivaTech Confidence Barometer, now in its second edition, reveals strong confidence among tech executives regarding the impact of emerging technologies on business competitiveness, particularly AI, which is expected to have the most significant impact in the near future. Surveying tech leaders from Europe and North America, 81% recognize their companies as competitive internationally, with...