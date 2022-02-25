THE UK information watchdog has reprimanded the Scottish Government for launching its Covid vaccine passport despite being warned the app broke data protection law.

Ministers also struck an “unlawful” deal with the firm behind the app to let it use people’s passport pictures to improve its algorithm despite this being of no benefit to the public.

The UK Information Commissioner (ICO) said it was publicising its reprimand of the Government and an NHS quango because of the significant issues involved.

The ICO said it now expected the Government and NHS National Services Scotland to fix problems with the Covid status app or face “further regulatory action”.

Launched last autumn, the app let people prove their vaccination status for mandatory Covid checks for large events and nightclubs.

The mandatory scheme is now due to end this Monday, but the app will remain operational if any venues still wish to check people.

The ICO asked both the Government and its quango to provide adequate privacy information within the app when it launched to explain how people’s information was being used.

It said there has also been an ongoing failure to provide concise privacy information so that the average person could realistically understand how the app used their information.

The ICO said it had been working with governments across the UK throughout the pandemic to ensure Covid checks struck the right balance on the sharing of sensitive data.

It received the full details of how the Scottish app would work only three days before the scheme was due to go live on September 30 and found “a number of concerns”.

The ICO said it was “particularly concerned” at plans to the app’s ID verification provider retain images supplied by the public for five days merely “to train their proprietary facial recognition algorithms”.

This would have been “unlawful” as it was not necessary for the app to function and served no benefit to the app user, and had not previously been flagged up to the ICO.

The ICO therefore asked the Government to delay launching the app.

On September 30, the Information Commissioner Elizabeth Denham met Deputy First Minister John Swinney and stressed the need for the app to meet data protection law.

However the app was launched that evening regardless.

Although the planned sharing of data, including passport images, with the software firm was suspended prior to launch, other aspects of the app remained “non-compliant” with the law.

That prompted Ms Denham to meet Mr Swinney again and tell him that the ICO had launched a “formal investigation” into the app’s compliance.

ICO deputy commissioner Steve Wood said: “People need to be able to share their data and go about their lives with confidence that their privacy rights will be respected.

“The law enables responsible data sharing to protect public health.

"But public trust is key to making that work. When governments brought in Covid status schemes across the UK last year, it was vital that they were upfront with people about how their information was being used.

“The Scottish Government and NHS National Services Scotland have failed to do this with the NHS Scotland Covid Status app.

“We require both bodies to act now to give people clear information about what is happening with their data. If they don’t, we will consider further regulatory action.”

The Scottish Government and NHS National Services Scotland are being asked for comment.