When a case was identified, the app encouraged venues to contact at risk customers directly – breaching data protection laws.
Check-in data from hundreds of millions of people who visited pubs, restaurants and hairdressers before lockdown was barely used by Test and Trace, according to a confidential report obtained by Sky News.
The report admits that the failure of the £22bn service to use the data for alerts or contact tracing meant “thousands of people” were not warned they might be at risk of infection, “potentially leading to the spread of the virus.”
The report says that lack of guidance from Test and Trace for local public health teams on how to use the data left businesses “being asked to, or volunteering, to contact customers and visitors”.
It adds: “This is a breach of the General Data Protection Regulation (GDPR), and leaves businesses and venues open to potential legal challenge.”
Labour said the revelations exposed “a staggering level of dysfunctionality” inside Test and Trace – and hospitality groups reacted to the news with exasperation.
“It is incredibly frustrating,” said Kate Nicholls, CEO of Hospitality UK. “Our teams worked really hard to capture that data on the understanding that it was going to be used should there be problems.
“To hear that it wasn’t used, and in fact we had further restrictions without really any clear evidence that there was a problem with hospitality, is a major cause for concern.”
Asked about the data protection law breaches, Ms Nicholls urged regulators to remember that businesses were acting on “unclear” guidance from the government, which changed the law in September to make it mandatory for certain venues to collect customers’ information.
The report admitted the app was “not fully” utilised, despite a nationwide campaign to encourage its use, blaming “capacity issues at a local level” for the failures.
Local public health officials were tasked with contacting venues to obtain check-in data or flagging risky venues to Test and Trace to send out alerts via the app.
But the report said the system imposed a “significant administrative burden” on stretched local health protection teams, many of which were also unclear about how or when to tell Test and Trace about a risky venue.
Shadow health minister Justin Madders attacked what he called “a staggering level of dysfunctionality at the heart of the Test and Trace system”.
He told Sky News: “It seems thousands of people may have been infected unnecessarily because there wasn’t the capacity, joined up-thinking or direction to ensure the systems in place were being used properly.”
When the app alert system was introduced in October, ministers hailed it as a crucial step forward and passed a new law making it illegal for bars, restaurants and pubs not to display an official NHS QR code.
According to the most recent Test and Trace figures, more than 100 million people have checked in to venues with the app, but analysis by software developer Russ Garrett shows that only 284 alerts have been sent for 276 venues (a figure the Department of Health and Social Care (DHSC) put at 272).
The report said that a new system had been put in place for Test and Trace to “centralise” the process of contacting people who had visited a venue linked to an outbreak, leaving local health protection teams to investigate more concerning clusters.
This plan is meant to be in place “in time for the easing of national restrictions”, suggesting that app check-ins could play a prominent role in the government’s plan for loosening lockdown.
Asked about the failure to use check-in data to stop coronavirus spreading, a DHSC spokesperson said that alerts were sent to any user who had checked into a venue identified as “at risk”.
The spokesperson told Sky News: “The NHS COVID-19 App is an important tool in our pandemic response.
“It has instructed hundreds of thousands of people to self-isolate since it launched and it has been hugely effective at breaking chains of transmission, preventing an estimated 600,000 cases.”