Legal Articles

Pubs, Pints and Privacy

Home / Knowledge base / Pubs, Pints and Privacy

Posted by Patrick McCallum on 03 July 2020

Patrick Mccallum - Commercial Contracts Law Solicitor
Patrick McCallum Solicitor

The 4th July is upon us, and with it, the country’s “end of hibernation” in the words of Boris Johnson. For many of us, this also means finally being able to return to our favourite pubs, bars and restaurants for a drink which, after the last three months, it is safe to say has been well and truly earned.

As we all know, whilst this is a momentous occasion, the coronavirus has not disappeared. The risk of local flare ups of cases will only increase now that people have more freedom to meet and socialise with each other in different venues.

To mitigate this risk, the government is instructing pubs and other non-essential businesses to keep a record of all their customers so that they can be contacted and recommended to take a test and/or self-isolate if someone else at the venue tests positive for the coronavirus.

So far, there is a distinct lack of clarity about exactly what information businesses should be collecting, how they should collect it and how they should use it going forward. One thing is for certain though: by being required to collect such personal information, businesses are going to have to be more mindful of their obligations under the GDPR and Data Protection Act 2018.

This new data protection legislation has not only increased the obligations businesses have in relation to the personal data they process but also the size of the fines that could be imposed for non-compliance. It is therefore important that businesses understand what they are required to do in order to remain compliant with the law.

For some businesses which already operate a booking/reservation system, this may not be too much of a change from the norm, albeit they will likely be collecting more data on more customers as of 4th July. However, for the humble pub landlord or landlady, the new rules may require a significant change in their approach to data privacy.

Data privacy is a major concern for many customers and businesses will need to undertake an assessment of the current measures they have in place to ensure the security of any personal data they collect and implement changes where appropriate. For example, the days of keeping bookings in an open book behind the bar may well be numbered, as more businesses move to more data-secure online booking systems such as OpenTable or ResDiary.

Some businesses will be tempted to use the extra data they collect on their customers to send them marketing information. After all, these businesses have been unable to properly trade for months and will be keen to attract as many people as possible to help increase their cashflow and make up for the lean months of lockdown. However, the laws around marketing consents (particularly when it comes to members of the public) are stringent and businesses should seek to understand their obligations before pursuing such initiatives.

The other concern that businesses may have is how long they will need to retain customer data for. The law states very clearly that data should not be stored for longer than is necessary. If no cases are reported from customers attending a certain venue for a period of one month, the question arises as to whether the personal data of customers whose data was collected at the start of that month should be deleted as one would have expected people to develop symptoms of the coronavirus by that time. However, that has to be balanced against the risk of someone who catches the virus at the venue but is asymptomatic.

More guidance is certainly needed from central government to assist businesses in complying with the government’s instructions and data protection law. The Information Commissioner’s Office (the UK body responsible for data protection) has said it is “assessing the potential data protection implications of this proposed scheme and is monitoring developments”.

However, in the meantime, it would appear businesses will be left to work it out for themselves whilst trying to deal with the clamour for long awaited pints and proseccos.

If you are a business that has recently reopened your doors and want to learn more about how to balance your data protection obligations against your duty to comply with the government’s coronavirus guidance, please feel free to speak to a member of our Data Protection and Privacy team.

About the author

Patrick is a solicitor in the commercial team who helps clients with their commercial contracts in both a business-to-business and business-to-consumer context.

Patrick McCallum

Patrick is a solicitor in the commercial team who helps clients with their commercial contracts in both a business-to-business and business-to-consumer context.

Recent articles

20 October 2020 Setting up an EMI scheme for your company

Over 12,000 companies across the UK use an EMI scheme (Enterprise Management Incentive) as a way of attracting, retaining and motivating their key employees. Our guide covers all the steps to set up your EMI scheme.

Read article
16 October 2020 Sales and leasebacks and the changes to the planning use classes order

We're covering just two topics very different to each other but both in their own way creatures of this pandemic which is truly dominating our lives. Those topics are sales and lease backs and the recent changes introduced to the planning use classes order

Read article
16 October 2020 Co-habiting couples - How much protection do you have?

It is becoming more and more common for couples to live together and start a family without getting married or entering into a civil partnership. Until the law catches up in this area, cohabiting couples need to be aware of their limited legal rights.

Read article
How can we help?
01926 732512