The Government of Scotland and NHS Scotland have been criticized for breaching the data privacy laws on a Covid vaccine app. The app was downloaded by millions of individuals.
The Information Commissioner’s Office (ICO), which oversees the UK’s privacy rules, said it had informed the Scottish Government and the NHS last year that the app had stringent privacy flaws, but that was not fixed before it was launched.
According to the ICO, the error affected between 555,000 and 615,000 persons.
On Friday, in an unusually critical ruling, Steve Wood, the ICO’s deputy commissioner, said: “When administrations brought in Covid status schemes throughout the UK last year, it was vital that they were upfront with individuals about how their details were being used.
Moreover, “The Scottish Government and National Health Services (NHS) have failed to do this with the NHS Covid-19 vaccine app. We need both bodies to work now to give individuals clear details about what is happening with their data. If they will not, we will think of other regulatory action.”
The Covid vaccine status app was required to access sports grounds, nightclubs, and other public venues such as academic facilities and overseas travel.
Furthermore, Nicola Sturgeon, the first minister, announced that the vaccine passport scheme would be lifted on February 28. After several hours she spoke, the ICO notified her officials that they would issue the reprimand on Friday, and until March 21, all other Covid regulations in Scotland will remain in force.
In addition, last year, the ICO warned the Government that the app’s makers would be breaking the law if they used people’s portraits to improve face recognition technology.
Nevertheless, the app still failed to alert users adequately about how their data was used when the app went live. The ICO also stated that there was “an ongoing failure to provide brief privacy information so that the average person can really comprehend how the NHS Scotland Covid status app is using their details.”