Contact Tracing Data Sold to Third Parties

Data collected for tracking the China virus is mandated by the government to be held by businesses for only 21 days and not be used “for any purposes other than for NHS Test and Trace”. However, some contractors are using QR codes to pilfer names, addresses, email information, and phone numbers — which they, in turn, sell to advertising and credit card companies, as well as insurance brokers.

One company supplying the hospitality industry with a QR code-based tracking system is Pub Track and Trace (PUBTT), which states in its privacy policy that by using the system users agree for the company to “make suggestions and recommendations to you about goods or services that may be of interest to you” as well as sharing data with “service providers or regulatory bodies providing fraud prevention services or credit/background checks.”

PUBTT, which works with pubs in England and Wales, also said in its user agreement that it is allowed to “collect, use, store and transfer” data pertaining to people entering certain areas through the use of “time, ID number, and CCTV images”.

A spokesman for the company said: “The data we collect is only for use of the Test and Trace service or where a user has agreed for the venue to use their information for marketing purposes.”

A company that provides track and trace services for restaurants, Ordamo, said that the data it collects is “retained for 25 years”.

The head of privacy at the Fieldfisher law firm, Hazel Grant, said that keeping users data for such a long time period would be “very difficult to justify”.