COVID Test and Trace Data Collection

A list of premises I've visited lately and the data collection practices they are operating under the guise of "Contact Tracing".
Venue W3W NHS QR Details? Extras? Notes Rating
The Houldsworth Arms zoom.asks.forced āœ… āœ… āœ… 5  
The Carousel epic.hats.will āœ… šŸ˜• šŸ˜• Greene King employ a practice of leading with their data collection service and place links, QR Codes and SMS numbers all over their premises, including at tables. You have to ask to see the NHS QR Code, and from analysing the venue, there is only one, not in plain sight and taped to the back of a promotion board, with their own data collection systems on the opposite side. 3  
Costa Coffee, Withington every.trace.bucked āœ… šŸ˜• šŸ˜• This particular venue is heavily pushing their own data collection service and place links & QR Codes all over their premises, including at tables. You have to ask to see the NHS QR Code, and from analysing the venue, there is only one, not in plain sight and taped to the back of the front-of-house staff Clipboard, with a plain piece of paper full of user details on the opposite side. 2  
Tzatziki's, Fallowfield parts.duck.melt āœ… āœ… āœ… 5  

Let me be clear...

Iā€™m not in any way opposed to contact tracing, I have the NHS Contact Tracing App open whenever I walk up to a premises I am about to visit. There are certain companies however that are operating a policy of both the NHS QR Code scanning and "contact tracing data collection".

This is not in line with Government Guidance or Regulations.


GOV.uk Guidance - Maintaining records of staff, customers and visitors to support NHS Test and Trace

"In England, you do not have to request details from people who check in with the official NHS QR code poster, and venues should not ask people to do both."

The Health Protection (Coronavirus, Collection of Contact Details etc and Related Requirements) Regulations 2020

Regulation 7 (Requirement to request certain details of individuals), Paragraph 3: "The requirement in paragraph (2) does not apply where A [an individual] has scanned the QR Code displayed and made available in accordance with regulation 6(2).".


This information gathering practice that companies are doing needs to stop.

If a business can't even be responsible when storing merchant receipts from a card transaction (as required under PCI DSS), they sure ain't going to handle my personal information properly either. The rating I give venues is out of 5 on their data collection practices, 0 being so terrible I didn't continue and left, and 5 being exactly what's mandated by the Government.