Parliament adopts Coronavirus Act
The Coronavirus Act, which received Royal Assent yesterday, amends existing legislative provisions and introduces new statutory powers which are designed to mitigate the impacts of the coronavirus pandemic in the UK.
The temporary measures erode privacy rights and civil liberties in a fundamental way, for example the powers relating to potentially infectious persons, powers restricting or prohibiting events and gatherings, and an extension of time limits for retention of fingerprints and DNA profiles. The Act does not address data protection but concentrates on national security.
The police will be able to detain a person for a limited period who is or may be infectious. With regard to DNA data, the retention periods are extended, as it is expected that the police will not be in a position to assess retained fingerprints and DNA profiles in the usual way, to determine whether it is necessary for these to be retained for a longer period.
The Parliamentary Joint Committee on Human Rights stressed that any measures taken by the government need to comply with the UK’s human rights obligations – both the UN international human rights obligations, as well as those flowing from the European Convention on Human Rights (ECHR).
The Act will expire at the end of a period of 2 years, with a review every six months. There is a power to alter the expiry date and not all of its provisions will enter into force immediately.
As part of the fight against the coronavirus, it has been reported that the government has had talks with mobile phone operators to see whether anonymous smartphone location data could be used to monitor if people are adhering to social distancing guidelines, and observe trends in the movements of people in London in particular.
This type of processing would have to be compliant with the GDPR, and no individuals could be identified – the monitoring would be to predict how and where the virus moves. But there is a danger how the capability might be used after the pandemic.