How UK ‘Track and Trace’ Data from Restaurants is Being Harvested and Sold On

This latest revelation will no doubt be an embarrassment to what is already looking like a haphazard bio-surveillance operation being run by the UK government.
It’s now been revealed that private firms are collecting UK government NHS ‘track-and-trace’ data taken unknowingly from visitors to pubs and restaurants, harvested and then sold on to marketing firms for profit.
New reports this week reveal how mobile apps using quick QR codes operating under the auspices of the government’s COVID surveillance operation – are trafficking customer data through opt-in clauses baked into the terms and conditions of data storage services. Some firms state how they will use details scanned in by customers for marketing purposes and even keep your personal data for up to 25 years.
Through this corporate backdoor, aloof customers would have their personal data passed on to corporate clients such as advertisers, big data brokers and insurance companies, to name only a few.

IMAGE: Minister for Health, Matt Hancock, working hard to sell the benefits of bio surveillance (2020)
The Times reports…
Legal experts have warned of a “privacy crisis” caused by a rise in companies exploiting QR barcodes to take names, addresses, telephone numbers and email details, before passing them on to marketers, credit companies and insurance brokers.
The “quick response” mobile codes have been widely adopted by the hospitality, leisure and beauty industries as an alternative to pen-and-paper visitor logs since the government ordered businesses to collect contact details to give to NHS Test and Trace if required.
Any data collected should be kept by the business for 21 days and must not be used “for any purposes other than for NHS Test and Trace”, according to government guidelines.
But some firms used by businesses to meet the new requirements have clauses in their terms and conditions stating they can use the information for reasons other than contact tracing, including sharing it with third parties. The privacy policy of one company used by a restaurant chain in London says it stores users’ data for 25 years.
Gaurav Malhotra, director of Level 5, a software development company that supplies the government, said data could end up in the hands of scammers. “If you’re suddenly getting loads of texts, your data has probably been sold on from track-and-trace systems,” he said.
Since September 24 certain businesses have been required to display an NHS poster with a QR code that allows users to check in through the official Covid-19 app, which can alert them if they have visited a venue where they may have been exposed. Pubs, restaurants and other venues such as gyms, museums and salons must still keep their own logs.
One of the firms claiming to offer a privacy-compliant QR code service is Pub Track and Trace (PUBTT), an organisation based in Huddersfield charging pubs £20 a month to keep track of visitors, who are asked to provide their name, phone number and email address.
Despite its claim to be a “simple” service, its privacy policy, which users must accept, explains how personal data of people accessing its website can be used to “make suggestions and recommendations to you about goods or services that may be of interest to you” and shared with third parties including “service providers or regulatory bodies providing fraud prevention services or credit/background checks.”
It may also “collect, use, store and transfer” records of access to certain premises including “time, ID number and CCTV images”.
PUBTT, which works with pubs in England and Wales, said users agreed to its privacy policy before using the service and claimed it had not passed data to third parties. A spokesman, identified only as Adam H, said: “The data we collect is only for use of the Test and Trace service or where a user has agreed for the venue to use their information for marketing purposes.”
Ordamo, which provides track and trace services for restaurants, states that data from website visitors is “retained for 25 years”, a duration Hazel Grant, head of privacy at Fieldfisher, a law firm, said would be “very difficult to justify”. Ordamo did not respond to requests for comment…
Continue this story at The Times
READ MORE COVID-19 NEWS AT: 21st Century Wire COVID Files
SUPPORT OUR WORK BY SUBSCRIBING & BECOMING A MEMBER @21WIRE.TV