The UK Government has announced that it will be easing the Coronavirus lockdown on July 4th.
Amongst other changes, restaurants, pubs, and cafes in England will be allowed to reopen provided that they follow guidelines to help prevent the spread of the Coronavirus.
According to the UK Government’s own advice, these include “keeping a temporary record of your customers and visitors for 21 days.”
The opening up of the economy following the COVID-19 outbreak is being supported by NHS Test and Trace. You should assist this service by keeping a temporary record of your customers and visitors for 21 days, in a way that is manageable for your business, and assist NHS Test and Trace with requests for that data if needed. This could help contain clusters or outbreaks. Many businesses that take bookings already have systems for recording their customers and visitors – including restaurants, hotels, and hair salons. If you do not already do this, you should do so to help fight the virus…
In other words, in just ten days thousands of restaurants, bars and pubs are expected to start collecting the details of their customers and visitors.
Wouldn’t it be nice to think that this information will be collected carefully, stored securely, and ultimately properly destroyed, in a way which doesn’t breach GDPR regulations?
And yet, for now at least, the UK Government isn’t telling businesses how on earth they should do this.
And cafes and restaurants have probably got enough on their plate already, trying to reconfigure their premises and working methods to follow social distancing guidelines, without also having to get their head around data protection and privacy challenges.
Restaurants, pubs, and cafes are also not being told what information they should be collecting from their customers.
Let me say again, just ten days.
The UK Government’s advice acknowledges that firms might need some help:
We will work with industry and relevant bodies to design this system in line with data protection legislation, and set out details shortly.
I understand that there’s a global pandemic going on, and not everything is going to be perfect.
But it’s not as though it’s a surprise to anybody that at some point the lockdown would begin to be lifted – and that restaurants, pubs, and cafes would begin to reopen slowly. Was there no plan already being worked on?
Giving so little notice to the hospitality industry puts them in a privacy pickle, even if the UK Government does serve up advice for how this data should be collected and secured before July 4th, I doubt that many companies will be doing it properly.
Of course, security and privacy are not going to be the only challenges…
I’ve been asked several times today about apps for use by pubs in tracking attendance. Yes, confidentiality is one problem but the other, much bigger issue, is authenticity – beautifully summed up by Matt via @lilianedwards pic.twitter.com/2C2Kg9R8jI
— Alan Woodward (@ProfWoodward) June 24, 2020