Data watchdog raps Scottish Government over Covid Status app privacy concerns

The UK’s data watchdog has chastised the Scottish Government and NHS National Services Scotland for their failure to inform people about how their personal information is used by the NHS Scotland Covid Status app.

The app is a method people can use to demonstrate their vaccination status for mandatory Covid status checks which are still in place for major events and nightclubs, although the vaccine passport program ends on Monday.

The Information Commissioner’s Office (ICO) has issued a reprimand to the two bodies for their initial failure to provide adequate privacy information in the NHS Scotland Covid Status app when it launched to explain how people’s information is used .

He also said there was also a continued failure to provide concise privacy information so that the average person could realistically understand how the NHS Scotland Covid Status app uses their information.

The ICO said it now expects the Scottish Government and NHS National Services Scotland to act quickly on the findings and that if they do not take action they will consider whether further regulatory action is needed. .

ICO Deputy Commissioner Steve Wood said: “People need to be able to share their data and live their lives with confidence that their privacy rights will be respected.

“The law allows responsible sharing of data to protect public health. But public trust is essential for it to work. When governments introduced Covid status schemes across the UK last year, it was essential they were upfront with people about how their information was being used.

“The Scottish Government and NHS National Services Scotland have failed to do this with the NHS Scotland Covid Status app.

“We’re calling on both bodies to act now to give people clear information about what’s happening with their data. If they don’t, we will consider further regulatory action.

The watchdog said it received full details of how the NHS Scotland Covid Status app would use people’s information on September 27, 2021, just three days before mandatory checks were rolled out.

He said he had a number of concerns about how the app was going to use people’s information, in particular plans to let the NHS Scotland Covid Status app share people’s images and passport details. Scottish users with the software company providing the facial recognition technology behind the app.

The ICO said the proposal was there to help the company improve the facial recognition software behind the NHS Scotland Covid Status app, but would have been illegal under the circumstances as it was not needed for the app works and did not bring any benefit to the application user. , while the proposal had also not previously been communicated to the ICO.

The watchdog said the app should not be launched until its concerns about possible non-compliance have been resolved and the Scottish Government and NHS National Services Scotland have halted plans to share personal data. with the software company.

However, the ICO said the app launched on September 30, 2021 as planned without fully addressing its broader concerns about compliance with data protection law.

The Scottish Government and NHS National Services Scotland are invited to comment.

Lance B. Holton