Mishcon de Reya page structure
Site header
Main menu
Main content section

Hospitality sector faces major data protection challenges as lockdown relaxes

Posted on 24 June 2020

The Government's announcement on 23 June of the easing of lockdown restrictions confirmed that, from 4 July, pubs, restaurants and hairdressers in England will be able to reopen, providing they adhere to COVID Secure guidelines.

However, Boris Johnson's speech the same day in the House of Commons suggested that new guidelines will require businesses, including those in the hospitality sector, "to help NHS Test and Trace respond to any local outbreaks by collecting contact details from customers".

The guidance issued on the same day says "We will work with industry and relevant bodies to design this system in line with data protection legislation, and set out details shortly". This, however, leaves very little time – little more than a week – for businesses to receive these details and make preparations.

This is potentially a tremendous challenge, both practically, and legally, for a sector which relies, in very large part, on "passing trade". Although Johnson's speech went on to say that the Government "will work with the sector to make this manageable", we anticipate that many business will be unused to, and unprepared for, collecting personal data (and this will potentially be very sensitive data) in this way. Although we also anticipate a degree of regulatory forbearance (as we have previously noted, the Information Commissioner has generally been taking a lenient approach to companies' data protection compliance during the pandemic) businesses emerging from drastic shutdown measures will keen to be exposed to as little legal, regulatory or reputational risk as possible. Already, some civil society groups are warning of a "privacy minefield", and it is quite likely that complaints and claims against non-compliant businesses could follow.

In order to encourage their customers to provide accurate information, businesses will need to make sure they do their best to build up a level of trust. Ensuring that customers are told clearly and in simple terms why their data is being collected, what the business plans to do with it, and then only doing that, is key to good data protection practice.

Related Content
News

Mishcon de Reya's Data Team ranked again in the GDR global top 100

News

Clarity of consent in fertility treatment

News

Flying in the face of exclusive jurisdiction clauses: aviation insurance claims to be heard by English court

abstract black architecture News

Data breach crisis in central government, time for ICO to act?

News

New keeling schedules published for Data Protection Bill

News

ICO orders employer to stop using facial recognition and fingerprint scanning to monitor its employees

News

Mishcon de Reya advises Hewlett Packard Enterprise on £225 million deal to build the UK's most powerful AI supercomputer

data-blue News

Anonymisation in the life sciences sector: challenges and legal considerations

News

The Princess of Wales and possible data protection offences and infringements

Blue data abstract News

AI in the Workplace: data protection issues

Abstract crypto data News

CJEU rules in relation to personal data and advertising

News

UK Home Office data protection law breach: Jon Baines comments

How can we help you?
Help

How can we help you?

Subscribe: I'd like to keep in touch

If your enquiry is urgent please call +44 20 3321 7000

Crisis Hotline

I'm a client

I'm looking for advice

Something else