Experts warn of 'mass violation of rights' as contact-tracing data collected in pubs sold on

A QR code opens a digital restaurant menu to replace a hard copy on a table at the Hard Rock Cafe's European flagship restaurant in Piccadilly Circus, London, as it prepares to reopen to members of the public when the lifting of further lockdown restrictions in England comes into effect on Saturday. (Photo by Victoria Jones/PA Images via Getty Images)
A restaurant-goer scanning a QR code in London. (Getty)

Experts have warned of a “mass violation of rights” after customer data collected by pubs and restaurants has reportedly been sold on to third parties.

Contact-tracing data required by the NHS Test and Trace scheme has been harvested by tech companies on behalf of hospitality venues since they reopened in June, according to The Times.

Although the government states that the information can only be kept for 21 days and must not be used “for any purposes other than for NHS Test and Trace”, some firms are reportedly selling it on.

A number of the data collection firms have reportedly created privacy policies which allow them to store users’ data for up to 25 years and share it with third parties.

 Temporary outdoor bar and restaurant crowded with people in Soho. Sections of Soho have been blocked for traffic to allow temporary outdoor street seating for bars and restaurants during the Covid-19 pandemic. (Photo by Vuk Valcic / SOPA Images/Sipa USA)
Hospitality venues are currently required to collect contact information. (PA)

The practise was described as a “real scandal” by experts shortly after it was revealed as they called on the government to crack down on the companies.

University of Oxford professor Carissa Veliz tweeted: “In case public trust regarding #privacy wasn't low enough...

Read more: Missing 16,000 coronavirus tests glitch 'caused by large Excel spreadsheet file'

“Scandals like these are the product of decades of allowing an unethical business model that depends on the mass violation of rights to thrive unfettered. Haven't we had enough? #PrivacyIsPower”

Lawyer and TedX speaker Dana Denis-Smith tweeted: “Why isn’t this a surprise how many people read T&Cs on apps esp as they rush to eat out?”

Blogger Jennifer Howze said: “This is a real scandal and we should not be forced into sharing our personal data by govt!”

Harriet Sergeant, a researcher at the Centre For Policy Studies, tweeted: “Pubs and restaurants sell on our contact-tracing data under so called ‘privacy policies’. And that’s just what we know about.”

While Gaurav Malhotra, director of software development company Level 5, told The Times: “If you’re suddenly getting loads of texts, your data has probably been sold on from track-and-trace systems.”

So-called “quick response” QR barcodes have reportedly allowed companies to gain access to names, addresses, telephone numbers and email details.

QR codes have been widely adopted by the hospitality, leisure and beauty industries as an alternative to pen-and-paper visitor logs.

Currently the government requires these venues to collect the names and contact details of customers to help with the NHS Test and Trace programme.

Coronavirus: what happened today

Click here to sign up to the latest news, advice and information with our daily Catch-up newsletter