By Ray Walsh
The British government has launched phase two of its Covid normalisation plan. As long as they don't mind providing their details at the door, punters will soon be able to get back to the pub for a pint.
While everybody is eager to get the economy going again – and a gin and tonic in a beer garden in this heatwave sounds like a dream – questions need to be asked about the government's proposed mitigations.
The rush to control Coronavirus is quickly becoming a data feeding frenzy, and while being able to contact citizens who contract the virus is important, citizens need to be wary about the data they are handing over to make things 'safer'.
The concept of handing over your contact information to enter a pub may not sound particularly problematic at first. However, the stark reality is that the way in which people's contact details are collected could cause security and privacy concerns – unless it is coordinated in a highly protected manner.
Having your name, address and phone number written in a book as you walk into a pub so that you may be contacted if there is a localized covid outbreak might sound like a reasonable exchange for both a pint and peace of mind.
But that changes if you're the woman who signs-in and ends up being hit on by the drunk bloke who was standing behind her in the queue. He now knows her full name, number, and potentially even address.
Then there is the storage of the data itself and who has access. People's contact details are a window into their life and with pubs all over the country suddenly told that they must collect that data, the potential for it to be mishandled, misappropriated, abused, hacked or leaked becomes significant.
In 2013 in America, NSA workers were discovered using their surveillance powers to spy on their love interests. Those were trusted agents with security clearance and they abused the data that was available to them. How much training will bar staff really have on this?
Unfortunately, we see this kind of thing all the time. In 2017, an Australian police officer was found guilty of hacking police systems to access the details of 50 women he met via a dating app.
It's a reminder of how even the most trusted members of society may behave when data is put in front of them. Access to data is power, and power makes people do stupid things.
These aren't just abstract hypothetical concerns, either. In New Zealand, where a similar data collection system was put in place, one woman found herself harassed by a Subway employee who used her contact information to track her down, send her social media friend requests, text messages, and even approach her in real life.
The government's proposals are hazy and incomplete at best. The ICO has stated that it will be "assessing the potential data protection implications of this proposed scheme and is monitoring developments".
At present, there are no real details about how contact details might be collected and stored by pubs. This leaves too many questions unanswered and appears to put publicans in the uncomfortable position of becoming data controllers overnight.
Generally speaking, we can agree that the data should be collected, processed, and stored in a manner that is compliant with GDPR. This would ensure that the data is only available for the purpose it is intended for, and that it is only stored for the period of time for which it is necessary.
However, for this pub data collection system to be ready for July 4th, the government is going to need to provide very clear guidelines for landlords, and quickly. The information must be collected in such a way that other punters are never privy to it and it would be preferable for members of staff working on-premises to have little or no access – particularly if they are directly customer-facing.
Ray Walsh is a digital privacy expert at ProPrivacy. You can follow the group on Twitter here.
The opinions in Politics.co.uk's Comment and Analysis section are those of the author and are no reflection of the views of the website or its owners.
