Data protection is being given a drubbing by coronavirus. Whether GDPR regulations are being breached is tough to say but there’s no question they are being stretched to breaking point.
I’ve been volunteering at various vaccination stations close to where I live in London. I’m generally on front-of-house duty, welcoming people, taking their temperature, and logging their details into a small hand-held computer.
On some days we have drop-in sessions where people pitch up, queue for a while, and get their jab. They are almost without exception friendly and in many cases effusively grateful for getting their shot. Typically, I walk down the line harvesting their personal information, including names, phones numbers, NHS numbers, email addresses and date of birth.
On days when patients have booked their vaccination slots, I’m handed a spreadsheet which includes their name, email address and NHS number. When they arrive, I mark them as attending and log them on an iPad that’s linked to the NHS system.
As a volunteer I had no medical training which is fine as nothing medical is expected of me though we have a had several people fainting. When that happens, I’m quick to seek qualified assistance.
But I’ve also had no data privacy training and as you can see, I’ve been privy to a huge amount of sensitive personal information. I assume the same situation is true at thousands of other vaccination centres which means millions of sets of personal data are on view.
Pubs are data harvesting machines
All of which might make you feel you need to reach for a drink, which is fine as the pubs are once again open and desperate for your business.
Unfortunately, when it comes to ordering drinks at your local it’s no longer a case of edging your way to the bar brandishing the largest note in your pocket in a desperate attempt to get the barman’s attention. Now you sit down and wait for service, which is not like a pub at all particularly when you have to download an app as part of the ordering process.
All the big pub chains use apps but looking at their privacy settings might drive you to drink.
Almost all the apps say that when handing over your personal data you must consent for it to be used for marketing purposes. But don’t be lulled into a false sense of security.
OrderPay
The OrderPay app is used in more than a thousand pubs and restaurants across the UK, and they say they will use your data if there is a ‘Legitimate Interest’.
This Legitimate Interest (and this is taken directly from their website) includes use:
- for market research, insight, and intelligence in order to improve our understanding of our market and industry; and
- to analyse patterns of use, (and) determine where we should focus our efforts.
They also say that if they ‘pass your personal information to an organisation that independently decides why and how to use your personal information then it will be separately responsible to you for that processing and use your personal information in the ways described in its privacy policy (and not ours).’
So, once they pass your info on to others (did you consent to that?) they are basically saying ‘it’s not us guv’ you need to speak to this other lot that presumably you had no idea had got hold of your data. They may hold your data for as long as six years.
Young’s pubs
Young’s pubs have their On Tap app that collects name, email address (personal and/or work), postal address, encrypted password(s), telephone number(s), date of birth, gender, interests, preferences, and competition entry details and answers.
The first question that springs to mind is why on earth do they need your gender, what business is that of theirs?
When their app is open on your phone it gets busy and can collect geo-location data, operating system and browser type, domain names requested plus a whole lot more which can be seen here on their website: https://www.youngs.co.uk/privacy-policy
Like OrderPay, they sometimes share customer data with other organisations which may include: ‘service providers and suppliers assisting with our business activities, business associates, customers, payment services providers, hosting providers, providers of IT support, advertising platforms, providers of booking systems, providers of cloud-based software or services used by us, accounting firms and law firms’ to name but a few. They keep your data for a lean five years.
Now I’m sure the lawyers for both OrderPay and Youngs and all the other pub apps out there have been all over this and what they are doing is entirely legal. I’m also pretty sure that if you have downloaded and used one of these apps you might not have been aware as to the pliability of some of these firms’ data privacy policies.
If you have any of these app and you don’t use them you might want to hit the delete button and as Young’s say you have the right: ‘to erase, or restrict the processing of, the personal data we have collected about you.’ How easy it is to get that done remains to be seen.
There’s a lot of valuable data out there that the unscrupulous would love to get hold of and it’s not being protected as well as it should be. Let’s hope there are no ugly consequences.
Coinsmart. Beste Bitcoin-Börse in Europa
Source: http://hrnews.co.uk/covid-has-data-protection-on-the-run/
