In a matter of three days, Parliament passed a bill granting emergency powers to the government to deal with the COVID-19 outbreak. The Queen granted Royal Assent on 25 March 2020, bringing into force the Coronavirus Act 2020 (the Act) (the Act).
The Act, amongst other things, gives the government wide-ranging powers to restrict events and social gatherings, shut down premises and isolate or detain ‘potentially infectious persons’. The Act also provides means for extending time limits for retention of fingerprints and DNA profiles (which would have been taken under various police and terrorism legislation) for up to 12 months if necessary and in the interests of national security. Whilst these measures have been implemented to help curb the spread of COVID-19, the enforcement of such measures could impact individuals’ rights to privacy and data protection.
Furthermore, the Act grants government authorities powers to require a person who is in or closely connected with a food supply chain to provide information about matters which relate to their activities connected with the chain. Such information must be necessary to establish whether the food supply chain is, or is at risk of, being disrupted (and, if so, the nature of the disruption) and the information can only be used to mitigate or eliminate the effects/risks of disruption or future disruption. The receiving authority can disclose the information to another person for the same purposes, and it only has to be anonymised if the recipient is not a government authority. Although the Act states that personal data cannot be used or disclosed if the use or disclosure would contravene data protection legislation, there is a caveat that in determining whether data protection legislation would be breached, the powers granted by the Act relating to use and disclosure can be taken into account. Again, depending on how this is interpreted in practice, such powers may impact individuals’ rights to privacy and data protection.