The UK Government has announced the introduction of its "Emergency Alerts" service. This will be tested across the UK on Sunday, 23 April 2023, at 3 pm. However, this testing has sparked significant controversy regarding the privacy implications this might have.

What is it? 

Emergency alerts have been implemented to warn members of the public of a danger to life nearby. During an emergency, mobile phones and tablets within a radius of the risk will receive an alert with instructions on how to stay safe. The alert may cause devices to make a loud siren-like sound (even if it is set to silent), vibrate and read out the alert; this is likely to last for around 10 seconds.

In order to ensure that as many people are notified as possible, the emergency service will ensure the public is also warned in alternative ways (in case they do not have a compatible device), including live television, radio, and social media.

Does the emergency alert collect or use my personal data? 

Personal data is defined under UK data protection law as any information that relates to an identified or identifiable individual. What identifies an individual could be a name or phone number. Despite initial online confusion, Emergency Alerts do not collect or use personal data and do not target specific individuals. Mobile phone masts within a certain radius of an emergency will send an alert to every 4G/5G compatible mobile phone in the range of a mast. It does not use mobile phone numbers or location data to send this information. 

The gov.uk privacy notice also states, "No one will collect or share data about you, your phone or your location when you receive an emergency alert." The privacy notice also confirms that, as the emergency alerts do not use or are not processing personal data, the legal basis for sending emergency alerts is that they are in the public interest.

As well as UK GDPR and Data Protection Act 2018 considerations, the Privacy and Electronic Communications Regulations (PECR) 2003 must also be considered. PECR allows some public authorities to ask mobile network operators to send out an emergency alert if an emergency has happened, is happening or is about to happen. Alerts will only be received from the emergency services and government departments/ agencies that deal with emergencies and therefore such alerts will be permitted under PECR.

The emergency alert message will be displayed through push notification, not as a text message. There have been some misconceptions that this will prevent users from using their phones if they do not acknowledge the notification. This would only be the same process as any other push notification where you may click 'cancel' or 'read more' to continue, this should not disrupt phone use in any other way, and the alert will not need to be responded to. However, a link to a website or a phone number to receive further information may be provided. 

Why do I not have to opt-in?

The gov.uk website makes it clear there is no need to download an app or sign up to receive the emergency alerts; they will happen automatically as set out above. As no personal data is being used or collected, there is no requirement to opt into the messages. There is, however, the option to opt-out via the Emergency Alerts setting menu on all compatible phones.

What else needs to be considered? 

The US and Japan already have a similar system in place. ‘J- ALERT’, Japan's National Instant Warning System, allows the Japanese government to transmit emergency information to residents of the whole country instantly and is usually used to transmit information regarding earthquakes, tsunamis and volcanic eruptions. The US also uses a similar system to send alerts from the President, the National Centre for Missing and Exploited Children and the national weather service. Both of these systems also work in a similar way to the UK’s emergency alert system to broadcast the alerts.

The Information Commissioners Office has also commented on the introduction of the emergency alerts: "The Government has informed us the technology doesn't use people's data, and mobile phone users shouldn't worry that their data will be used or processed without their knowledge”.  This should provide additional reassurance to those who are concerns that their data is being used. 

At this stage, the alerts are only being tested, and while the government has not been clear about why this system is being rolled out now, given that there should be no data protection issues, there could be some positives to the introduction of the emergency alerts.  Oliver Dowden, the Minister in charge of the system, has said it is a "vital tool to keep the public safe in life-threatening emergencies".  

Given the way the emergency alert system works and the fact no personal data is being used, it is fair to say that these alerts do not lead to a “data protection emergency” (despite what some are suggesting) as no personal data will be collected or shared as part of the process by the network providers or otherwise. 

There are of course other potential concerns, for example, due to the conflict with the right to privacy under Article 8 of the Human Rights Act 1998 (which in this context is different to the data protection implications, instead referring to privacy more generally). Article 8 of the Human Rights Act states that everyone has the right to privacy, except when necessary in the interest of national security, public safety or the economic well-being of the country. There are valid concerns that these alerts may inadvertently disrupt these rights by revealing a phone that may be hidden. However, when these alerts are being used in practice, the justification for this is likely to be the need to ensure public safety. 

For further information on this, please visit https://www.gov.uk/alerts

For any help with Data Protection please contact us using the 'contact us' button and we will contact you at the earliest opportunity.