The Health Protection Regulations 2020 - What You Need To Know
The Health Protection (Coronavirus, Collection of Contact Details etc and Related Requirements) Regulations 2020 came into effect on 18th September and require a large number of businesses and other premises to display a QR code for customers to scan using the government contact tracing app (available since 24th September) on their mobile phones and to take the contact details of all visitors who do not use the app to scan the QR code. Where there is a group, the obligation is to take the contact details of everyone, not just one person which was the position prior to the regulations.
Previously, the taking of contact details was covered by guidance. Due to concerns about the spread of the virus, it is now a legal requirement.
Businesses in schedule 1 of the regulations include
bars (including bars in hotels or members’ clubs),
cafes (including workplace canteens) and
restaurants (including restaurants and dining rooms in hotels or members’ clubs).
Businesses and premises listed in schedule 2 include
museums and galleries,
indoor sports and leisure centres,
outdoor swimming pools and lidos,
nail bars and salons,
community centres and village halls.
The contact details which must be provided are the individual’s name and telephone number. If they do not have a telephone number, it is their email address. If they do not use email, it is their postal address. The date and time of entry must also be recorded.
The business must retain the details securely for 21 days and make them available to a public health officer or the Secretary of State upon request. After 21 days, the records can be destroyed.
If the individuals are not willing to scan the QR code or provide their contact details, then if the business or venue is listed in schedule 1 (food and drink businesses) it should “take all reasonable steps to refuse entry”. Unhelpfully, the regulations do not define “all reasonable steps”. If anyone in the group refuses to provide their details, they must be refused entry.
However, this obligation does not extend to premises listed in schedule 2.
Where customers do not scan the QR code, a business or venue which fails to obtain their contact details can be required to pay a fixed penalty of £1,000 (reduced to £500 if payment is made within 14 days). Subsequent breaches attract additional fixed penalties up to a maximum of £4,000. There is also the prospect of prosecution and punishment by a fine. No offence is committed by the customer in refusing to provide details.
For practical purposes, from 24th September, any person who wishes to avoid giving their personal details to a business or other venue will need to use the government contact tracing app on their mobile phone. It should be noted that the app does not store data of an individual’s movements centrally, but rather on their mobile phone which should help allay any concerns over privacy.
The regulations appear to have been introduced because the previous system of obtaining contact details was not working effectively, with some businesses not requiring the details (research suggests that only 43% of customers were being asked for contact details) and some individuals not being willing to provide them. The regulations are intended to make it easier to trace people who have visited premises where someone has tested positive for coronavirus. If a customer uses the App to scan the QR code, they will receive a notification that they may have come into contact with someone who has the virus. If they choose to leave their personal details, they will be contacted by the tracing service. The government hopes that the level of fines will impress on businesses the need to obtain contact details or refuse entry where customers do not use the QR code.
Jeff Swales, Solicitor at rradar