{"id":1797,"date":"2020-08-24T12:22:47","date_gmt":"2020-08-24T16:22:47","guid":{"rendered":"https:\/\/www.identityblog.com\/?p=1797"},"modified":"2020-08-25T18:45:27","modified_gmt":"2020-08-25T22:45:27","slug":"technical-naivete-uks-matt-hancock-sticks-his-poison-finger-in-the-covid-dyke","status":"publish","type":"post","link":"https:\/\/www.identityblog.com\/?p=1797","title":{"rendered":"Technical na\u00efvet\u00e9: UK’s Matt Hancock sticks an ignorant finger in the COVID dike"},"content":{"rendered":"

The following letter from a group of UK parliamentarians rings alarm bells that should awaken all of us – I suspect similar things are happening in the shadows well beyond the borders of the United Kingdom…<\/p>\n

The letter recounts the sad story of one more politician with no need for science or expertise – for him, rigorous attention to what systems do to data protection and privacy can simply be dismissed as “bureaucracy”.\u00a0 Here we see a man in over his head – evidently unaware that failure to follow operational procedures protecting security and privacy introduces great risk and undermines both public trust<\/em> and national security<\/em>.\u00a0 I sincerely hope Mr. Hancock brings in some advisors who have paid their dues and know how this type of shortcut wastes precious time and introduces weakness into our technical infrastructure at a time when cyberattack by organized crime and nation states should get politicians to sober up and get on the case.<\/p>\n

\n

Elizabeth Denham CBE, UK Information Commissioner
\nInformation Commissioner’s Office
\nWycliffe House
\nWater Lane
\nWilmslow
\nCheshire SK9 5AF<\/p>\n

Dear Elizabeth Denham,<\/p>\n

We are writing to you about the Government\u2019s approach to data protection and privacy during the COVID-19 pandemic, and also the ICO\u2019s approach to ensuring the Government is held to account.
\nDuring the crisis, the Government has paid scant regard to both privacy concerns and data protection duties. It has engaged private contractors with problematic reputations to process personal data, as highlighted by Open Democracy and Foxglove<\/a>. It has built a data store of unproven benefit. It chose to build a contact tracing proximity App that centralised and stored more data than was necessary, without sufficient safeguards, as highlighted by the Human Rights Committee<\/a>. On releasing the App for trial, it failed to notify yourselves in advance of its Data Protection Impact Assessment \u2013 a fact you highlighted<\/a> to the Human Rights Committee<\/a>.<\/p>\n

Most recently, the Government has admitted breaching their data protection obligations by failing to conduct an impact assessment prior to the launch of their Test and Trace programme. They have only acknowledged this failing in the face of a threat of legal action by Open Rights Group<\/a>.The Government have highlighted your role at every turn, citing you as an advisor looking at the detail of their work, and using you to justify their actions.<\/p>\n

On Monday 20 July, Matt Hancock indicated his disregard for data protection safeguards, saying to Parliament that \u201cI will not be held back by bureaucracy<\/strong>\u201d and claiming, against the stated position of the Government\u2019s own legal service, that three DPIAs covered \u201call of the necessary\u201d.<\/p>\n

In this context, Parliamentarians and the public need to be able to rely on the Regulator. However, the Government not only appears unwilling to understand its legal duties, it also seems to lack any sense that it needs your advice, except as a shield against criticism.
\nRegarding Test and Trace, it is imperative that you take action to establish public confidence \u2013 a trusted system is critical to protecting public health. The ICO has powers to compel documents to understand data processing, contractual relations and the like (Information Notices<\/a>). The ICO has powers to assess what needs to change<\/a> (Assessment Notices). The ICO can demand particular changes are made (Enforcement notices).\u00a0 Ultimately the ICO has powers to fin<\/a>e Government, if it fails to adhere to the standards which the ICO is responsible for upholding.<\/p>\n

ICO action is urgently required for Parliament and the public to have confidence that their data is being treated safely and legally, in the current COVID-19 pandemic and beyond.<\/p>\n

Signed,
\nApsana Begum MP
\nSteven Bonnar MP
\nAlan Brown MP
\nDaisy Cooper MP
\nSir Edward Davey MP
\nMarion Fellows MP
\nPatricia Gibson MP
\nDrew Hendry MP
\nClive Lewis MP
\nCaroline Lucas MP
\nKenny MacAskill MP
\nJohn McDonnell MP
\nLayla Moran MP
\nGrahame Morris MP
\nJohn Nicholson MP
\nSarah Olney MP
\nBell Ribeiro-Addy MP
\nTommy Sheppard MP
\nChristopher Stephens MP
\nOwen Thompson MP
\nRichard Thomson MP Philippa Whitford MP<\/p>\n<\/blockquote>\n

 <\/p>\n

[Thanks to Patrick McKenna for keeping me in the loop]<\/p>\n","protected":false},"excerpt":{"rendered":"

The following letter from a group of UK parliamentarians rings alarm bells that should awaken all of us – I suspect similar things are happening in the shadows well beyond the borders of the United Kingdom… The letter recounts the sad story of one more politician with no need for science or expertise – for … Continue reading Technical na\u00efvet\u00e9: UK’s Matt Hancock sticks an ignorant finger in the COVID dike<\/span><\/a><\/p>\n","protected":false},"author":68,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[21,6,119,82],"tags":[],"_links":{"self":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1797"}],"collection":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/users\/68"}],"replies":[{"embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1797"}],"version-history":[{"count":9,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1797\/revisions"}],"predecessor-version":[{"id":1811,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=\/wp\/v2\/posts\/1797\/revisions\/1811"}],"wp:attachment":[{"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1797"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1797"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.identityblog.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}