The marketing industry has balked at Government plans to give local authorities increased access to public data, urging ministers to ensure that data privacy measures are not sacrificed in the rush to combat regional Covid-19 outbreaks.
The DMA’s latest “Coronavirus – The Impact on Business Survey” series, published a fortnight ago, revealed fresh fears that Covid-19 is harming public trust in brands and marketing – up to nearly a third (29%) from 17% in May.
Sentiment about the impact of the UK Government’s roll-out of the “test, track and trace” programme on the data and marketing industry has also worsened. Over half (57%) of industry professionals now believe this will negatively impact consumer willingness to share personal data – up from 42% in May.
In March, almost two-thirds of respondents (64%) said they were confident in the Government’s handling of the crisis, this halved to just 32% in June.
In response to the release of more data for local councils, DMA managing director Rachel Aldighieri commented: “The pandemic has highlighted the role of data as a force for good when it provides invaluable information to public services. However, the public must have guarantees that data protection protocols enforced by the GDPR will not be sacrificed.
“The Government’s decision to allow local councils full data access to sensitive personal information could lead to increased public risk to data breaches and privacy neglect if staff do not have the training, support and infrastructure to put the necessary safeguards in place.
“If we are to recover from the impact of the pandemic on UK businesses and wider society, public trust and a willingness to share data are essential, so data breaches driven by negligence could have long-lasting damage.”
The move follows a Government admission that the Department of Health & Social Care has failed to complete a data protection impact assessment (DPIA) for “test and trace” programme in England.
The issue has been exposed by the Open Rights Group, which had threatened to go to court to force the Government to conduct a DPIA – a requirement under GDPR for projects that process personal data.
A letter from the Department of Health to the group confirmed that a DPIA was a legal requirement but had not been obtained. The Information Commissioner’s Office has not come off well either. Before launch, the regulator said it was keeping a close eye on the situation as “a critical friend”. However, it seems, it had both eyes shut as the shceme was rolled out without the impact assessment.
ORG executive director Jim Killock, who has branded the Government “reckless”, said: “A crucial element in the fight against the pandemic is mutual trust between the public and the Government, which is undermined by their operating the programme without basic privacy safeguards.
“The test and trace programme is central to easing the lockdown and getting the economy growing again. The ICO should have taken action but did not. We were forced to threaten Judicial Review to ensure that people’s privacy is protected.
“The ICO and Parliament must ensure that test and trace is operating safely and lawfully. As we have already seen individual contractors sharing patient data on social media platforms, emergency remedial steps will need to be taken.”
The Government claims there is no evidence of data being used unlawfully; the ICO has yet to comment.
Fears rise over backlash from ‘track and trace’ fiasco
Over half of brands have increased spend since outbreak
Industry fears ‘track and trace’ hit but green shoots rise
Digital to escape Covid ad wipeout but still shrink 5.5%
Marketing firms urged to continue to work from home
Nearly three-fifths of DMA firms have furloughed staff