Hundreds of pubs across England have reopened their doors after months of lockdown – with a handful having to close again after punters reported testing positive for Covid-19.
A trip to your local now looks very different to how it did before the pandemic. To protect public health, landlords have limited the number of customers allowed inside to ensure social distancing; some have also put up plastic screens between tables, and others have introduced table service in place of ordering at the bar.
Visitors are also being asked by businesses to provide their name and phone number on arrival – raising privacy concerns.
This is because the government has asked pubs, along with other businesses in the hospitality industry, to keep records of customers for 21 days to support the NHS’ “Test and Trace” scheme.
Businesses have also been asked to record the date customers visited and their arrival and departure times. Groups of people are allowed to provide only one phone number – that of their “lead member”. All this data can be shared with the NHS if it is required.
There are fears over how pubs and restaurants across the country – some of whom do not typically record customer details – will be able to cope with this new burden, and the potential for personal data to be lost, hoarded or misused.
Landlord Martin Whelan has decided not to open the Tollington Arms, one of three pubs he owns in north London, amid concerns over data protection and public health.
“If you walk into a bar in central London and start asking people for their names and numbers … good luck with that. Nobody is going to give it to you,” he told EachOther.
Prior to the pandemic, his pub near Arsenal FC’s Emirates Stadium could have as many as 2,000 customers on a given night.
He spoke of how his inbox is filling up with emails from tech firms offering him different apps to help record customers data. “I don’t trust any of them,” he said.
He feels the government should have put in place an effective test and trace system five months ago and said that pubs are now being used as “cannon fodder,” referring to the possibility of a second wave of the virus.
Since lockdown restrictions were eased on “Super Saturday,” people in most parts of England have now been able to use their discretion to go to hairdressers, pubs, restaurants among other businesses.
Here we look at some of the key points punters and publicans should know regarding privacy rights.
Giving your details is voluntary
Businesses and customers are not required by law to collect or provide data as the scheme is voluntary.
Professor Paul Bernal, who specialises in information technology law, told EachOther: “From a privacy perspective we should be grateful that they haven’t made this enforceable.”
Advice issued by the government and the Information Commissioners’ Office instead provides a sort of “moral pressure” for punters to provide their details to help the fight against the virus, he said.
He reminded customers that they have the right to refuse to give their information, if they do not wish to do so.
This is an important factor to consider as we move on to the next point…
Only record the minimum data
There is a possibility that businesses new to recording customers’ data might collect more than is necessary amid fears of not doing enough to curb the virus.
Bernal advised pub landlords to “keep only the minimum data [required]”.
“Do not try to take detailed information. Do not take a photograph of drivers licenses. Do not record ID’s, just look at them,” Bernal said.
This is echoed by the ICO, which says that you should not ask people to prove their details with identity verification unless it is standard practice for your business.
Be clear about the purpose it is used for
It is important to be clear with customers that their data is being collected for contact tracing, and therefore cannot be used for any other purpose.
ICO guidelines make clear this data cannot later be used for other purposes such as direct marketing, profiling or data analytics.
Paper records are better than electronic ones
ICO guidelines say that business owners can record data using any method – be it on paper or electronically.
Bernal also advised pub owners, who may not have electronic record-keeping systems in place, that paper records can be much more secure.
“The real danger for pub owners is making some sort of mistake with the General Data Protection Regulations (GDPR) and getting into trouble for it,” he said.
“The best way to avoid that is paper records, rather than electronic records, to make sure they are secure.”
Data must be destroyed after 21 days.
Bernal also warned of the potential for pub owners to receive hoax calls from people claiming falsely that they have come down with Covid-19.
“Imagine businesses that might have potential rivalries. It’s a recipe for disaster,” he said.
“I would be careful about that and try to verify information about them.”
He said that this relies on businesses asking punters for proof that they have tested positive for Covid-19.
The ICO has also warned business owners to be vigilant when contacted by the contact tracing scheme – to ensure the caller is genuine and not a fraudster or scammer seeking to obtain information.
Data can only be shared with legitimate public health authorities.
Government guidelines specify what contact tracers will and won’t do.