A bartender has allegedly messaged a woman on Facebook by using her coronavirus contact tracing details.
In the UK, customers at pubs and restaurants are being asked to share their personal information so that in the event of a Covid-19 outbreak people at risk can be identified.
The NHS Test and Trace scheme means that if someone who has visited a venue at the same time as you later tests positive for coronavirus, you will be alerted and told whether you will need to self-isolate for 14 days.
Download the new Independent Premium app
Sharing the full story, not just the headlines
However, some people have shared concerns that personal data could be misused, including one woman who says she was contacted by a member of staff after visiting a local pub.
On Saturday, Rose Lyddon, a medieval history grad student from Oxford, shared a screenshot of a message she was sent on Facebook from a male bartender, just days after visiting the place where he worked.
“I went to the pub the other day (it was empty and I sat outside) and got a free drink from the bartender and … he’s just messaged me on facebook,” she wrote.
In the message, the man denied using her track and trace information to contact her and instead said her profile came on Twitter.
“Hi there! I’m really sorry for messaging … I definitely didn’t use that track and trace thing to find you,” he wrote.
“Honestly I saw you on Tinder the day before and then the day after you came up as a suggested friend on Facebook. Have no clue how or why … but I’ve always wanted to try talk to you and see if you would like to have a drink sometime but have been so nervous when I get anywhere close to getting the courage, I don’t know if it’s because I’m so intimidated by how beautiful you are, and also the face you’re with a guy everytime you come in [sic].”
In a second tweet, Lyddon said she doesn’t believe the bartender’s story as she has not used the dating app in two years. She also admitted the incident has made her feel unsafe about handing over her personal details.
“The Tinder thing can’t be true because I haven’t used it for two years … Not super keen on handing over my name, email and phone number for contact tracing if men are going to use it for this,” she wrote.
Lyddon’s tweet has since received more than 3,500 likes and 1,500 comments, with many stating that the man’s actions go against General Data Protection Regulation (GDPR) rules.
“I think you could report the pub to the information commissioner. This is defo a databreach and they need to deal with it. Sorry. Very creepy,” one person wrote.
Another added: “This is SO gross, I’m so sorry. You need to report him to the pub bc that’s so inappropriate and also very illegal [sic].”
A third person shared a tweet they had posted just days before, predicting that an incident like this would happen.
“How long do you give it until people (let’s face it, mostly women) are posting examples of staff (let’s face it, mostly men) using this info to contact them for a date?” the initial tweet read, followed by an update of “FIVE DAYS”.
The Independent has contacted Rose Lyddon for comment.
While it is not a legal requirement for pubs and restaurants to take customer’s details, the government states that people’s names and phone numbers should be collected where possible in a bid to identify people who may have been exposed to the virus.
The guidance adds that if a customer or visitor says they do not want their details shared for the purposes of NHS Test and Trace, they can choose to opt out and that the information should not be used for any other purposes, including marketing, profiling and analysis.
“You must not misuse the data in a way that is misleading or could cause an unjustified negative impact on people e.g. to discriminate against groups of individuals,” the guidance states.
“Appropriate technical and security measures must be in place to protect customer contact information, and the ICO has produced guidance on this.”
The British Beer & Pub Association (BBPA), which represents brewers and pubs, recently said it had concerns over the collection and storage of customer data.
Last month, Grace Bradley, from campaign group Liberty, said: “We must know what’s going to happen to data collected by venues, how long it will be kept and who it will be shared with and under what circumstances it will be shared with government.”
She added there had been “no guarantees” that test and trace data would be firewalled from other agencies like the police and immigration services “leaving many people rightly afraid to engage with the system.”