Sophie Webster, Tech Times

A watchdog from the United Kingdom has discovered a major security flaw on the COVID Status app used by NHS Scotland. According to the watchdog, users of the app do not know how NHS uses their personal information.

After the discovery, both the Scottish government and the NHS Scotland were reprimanded by the Information Commissioner's Office.

The Information Commissioner's Office or ICO urged the Scottish Government and NHS Scotland to make the necessary changes to fix the issue. The ministers agreed with the ICO and added that the information needs to be clearer for users.

NHS Scotland COVID App's Poor Security

On Feb. 21, Scotland announced that COVID passports are no longer required to enter establishments. However, establishments and venues can still choose to keep the policy if they want to.

Steve Wood, the ICO deputy commissioner, said that people need to share their data without any worry about their privacy. The law enables data sharing to protect public health, but public trust is important to make it work, according to BBC.

Also Read: NHS COVID-19 App Sees 43% Decrease in the Number of Alerts Among UK Residents

When the government brought in COVID status policy across the United Kingdom in 2021, they needed to be upfront with people about how their personal information was being used.

Wood added that the Scottish Government and NHS Scotland were not clear about how the COVID app worked when it was launched. He said that the ICO requires both bodies to correct the issues. If nothing changes, the ICO will move forward with regulatory action.

Concerns Over Personal Data

The ICO published a guide in May 2021, setting out expectations around how organizations would create COVID-status certification schemes in line with data protection law, according to The Scotsman.

However, the NHS did not follow the guidelines set by ICO. The app was launched just days before the mandatory status checks were rolled out in Scotland.

The ICO had several concerns, as it plans to let the app share the pictures and passport details of its users with the software company providing the facial recognition technology behind it.

The officer admitted that the guide was created to help the company improve the COVID app and its facial recognition software but eventually changed its mind because doing so would have been unlawful.

The ICO advised that the COVID app should not be launched until the issues about non-compliance have been addressed.

Because of this, the Scottish government and NHS Scotland stopped their plans to share personal data with the software company, according to Independent.Co.

But the ICO stated that the app was launched as planned without addressing the concerns about compliance with data protection law.

The office investigated both NHS Scotland and the Scottish government, and a warning was issued because it failed to explain to the users of the COVID Status app how their personal information will be used. It is not clear yet if there were any changes made to the app.

The ICO stated that it made the ruling public because of the significant public interest in the issues raised. They believe that it was the effective way to make sure that the issues identified were addressed.

Related Article: NHS COVID-19 App Draws Highest Number Ever of Users Asked to Self-Isolate

This article is owned by Tech Times

Written by Sophie Webster

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Tags: NHS COVID app
Join the Discussion