Collecting and selling personal data of online users, without any discernible benefit to them, has for many years been one of the most, if not the most lucrative businesses in the digital realm. Just look at what unchecked and shameless data collecting and ad selling has done for the trillion-dollar businesses like Google and Facebook.
So why would anyone be surprised that much smaller but equally thirsty companies, who happen to have government contracts in the era of coronavirus in the UK to “contact-trace” data they harvest from, say, restaurants and pubs – and their patrons, no doubt desperate to reclaim some semblance of normalcy in their lives, and so sign away any rights without ever properly reading the TOS – would now be selling that goldmine of personal data to third parties?
Even so, this is still something that should give pause to everyone involved or observing this go down, namely, that the UK NHS’s Test and Trace service, set up to track coronavirus cases and their contacts – would eventually stumble into this most feared yet expected controversy. Namely, that the system through its many subcontractors might devolve into a shady to say the least, scheme to collect and retain personal data of users, for monetary purposes.
Test and Trace, even if obviously technically challenged from the start, always maintained that its purpose was simply to serve society in the purest and most altruistic form: for the sake of curbing the spread of a virus.
But reports now are beginning to straighten that “goody two-shoes” narrative for what it really represents.
Take this example: hospitality and beauty industry facilities, like bars, restaurants, spas, hair salons, etc, have been allowed in the UK to collect QR barcodes to retain their customers personal details like names, physical addresses, and phone numbers, CCTV images – with Pub Track and Trace (PUBTT) being one of the “subcontractors.”
The NHS apparently told local businesses collecting all this personal data they could only retain it for 21 days, and “not use it for any purposes other than for NHS Test and Trace.”
And yet PUBTT makes it clear this data can be used to “make suggestions and recommendations to you about goods or services that may be of interest to you’ and shared with third parties including ‘service providers or regulatory bodies providing fraud prevention services or credit/background checks’.”
Another company involved, Ordamo, in the business of tracking restaurant patrons, is reported to be retaining the data they scoop up for a whopping 25 years.
For now, the only official response from the UK Information Commissioner’s Office is that it is “assessing 15 companies that ‘provide services to venues to collect customer logs’.”