A good article from The Guardian this morning flagging the latest stage in the privacy mess around Covid-19 response in the UK. This time, it is pubs and restaurants needing to (as Silkie Carlo quoted in this article says) "become data controllers overnight" but with no guidance on how to do so. As everyone working in data protection knows, GDPR makes this a rather foreboding task. Is it really fair on such companies which are already under pressure? Is it really fair on the public?

New Zealand did have a similar approach for a very limited period of time but have quickly moved to QR scanning instead in May after privacy concerns including issues with data breaches. Other countries have different approaches including robust track and trace decentralised apps which make this unnecessary.

With just over a week until this goes into effect, let's hope some common sense emerges.