A cross-party group of more than 20 MPs has accused the UK’s privacy watchdog of failing to hold the government to account for its failures in the NHS coronavirus test-and-trace programme.
The MPs have urged Elizabeth Denham, the information commissioner, to demand that the government change the programme after it admitted failing to conduct a legally required impact assessment of its privacy implications.
In a letter signed by 22 MPs from four parties, the group calls on the Information Commissioner’s Office (ICO) to consider fining the government “if it fails to adhere to the standards which the ICO is responsible for upholding”.
Daisy Cooper, the Liberal Democrat MP for St Albans, one of the letter’s signatories, said: “During the coronavirus pandemic the government has seemingly played fast and loose with data protection measures that keep people safe. The public needs a data regulator with teeth: the ICO must stop sitting on its hands and start using its powers – to assess what needs to change and enforce those changes – to ensure that the government is using people’s data safely and legally.”
Clive Lewis, the Labour MP for Norwich South, another signatory, said: “The Johnson government brought this programme forward more quickly than was practical, and we are all paying the consequences. Privacy is fundamental to trust.”
The letter, which was signed by MPs from the Liberal Democrats, Labour, Green party and Scottish National party, was arranged by the Open Rights Group, which successfully forced the government to admit its failure to perform a data protection impact assessment in July.
Jim Killock, the Open Rights Group executive director, said: “There is something rotten at the heart of the ICO that makes them tolerate government’s unlawful behaviour. The ICO is a public body, funded by the taxpayers, and accountable to parliament. They must now sit up, listen and act. As a regulator ICO must ensure that the government upholds the law.”
Denham has come under personal criticism this week after a freedom of information request revealed she had been working from home – in Canada. The civil servant, who is a Canadian citizen, went to British Columbia on 13 June after her octogenarian mother was injured in a road accident.
The ICO insisted that Denham’s location, in a time zone eight hours behind the UK, had not had an impact on its operation.