The Scottish authorities and NHS Scotland have been rebuked for breaching knowledge privateness legal guidelines on a Covid vaccine standing app downloaded by hundreds of thousands of individuals.
The Information Commissioner’s Office, which polices the UK’s privateness legal guidelines, mentioned it had warned the Scottish authorities and NHS final 12 months that there have been severe privateness issues with the app, however not all these issues have been fastened earlier than it was launched.
In an unusually important ruling issued on Friday, Steve Wooden, the ICO’s deputy commissioner, mentioned: “When governments introduced in Covid standing schemes throughout the UK final 12 months, it was important that they have been upfront with folks about how their info was getting used.
“The Scottish authorities and NHS Nationwide Companies Scotland have failed to do that with the NHS Scotland Covid standing app. We require each our bodies to behave now to present folks clear details about what is going on with their knowledge. In the event that they don’t, we are going to take into account additional regulatory motion.”
The app was wanted to get entry to nightclubs, sports activities arenas and another venues reminiscent of college buildings, and for journey abroad, after it grew to become obligatory for folks to offer proof of their vaccine standing; paper printouts or screenshots of vaccine standing have been additionally permitted.
Nicola Sturgeon, the primary minister, introduced on Tuesday that the vaccine passport scheme can be dropped on 28 February. Her replace got here three days earlier than the ICO issued its findings; all different Covid rules in Scotland will remain in force until 21 March.
The Conservatives and Liberal Democrats mentioned ministers had “arrogantly” put privateness in danger by ignoring warnings from the ICO and opposition events final 12 months. Murdo Fraser, for the Scottish Tories, requested whether or not Sturgeon knew the ICO rebuke was imminent when she made her announcement on Tuesday.
Wooden mentioned the ICO had warned the Scottish authorities final 12 months it will be illegal for the app’s builders to make use of folks’s portraits to enhance facial recognition expertise. That plan was dropped, as have been plans to share private knowledge with the corporate.
Even so, the app nonetheless didn’t warn customers correctly about how their knowledge was used when it went reside. There had additionally been “an ongoing failure to offer concise privateness info in order that the typical individual can realistically perceive how the NHS Scotland Covid standing app is utilizing their info”, the ICO mentioned.
The Scottish authorities admitted the app ought to have been far clearer about how personal knowledge was processed. “Along with NHS Nationwide Companies Scotland, we are going to proceed to work with the ICO to implement the enhancements they’ve requested for, and be sure that classes are realized for future work,” a spokesperson mentioned.