The Guardian

NHS app Users’ facial verificati­on data stored by company linked to Tory donors

- Rob Davies

The NHS app is collecting and storing facial verificati­on data from UK citizens, causing concerns about transparen­cy and accountabi­lity. The data collection is taking place under a contract with a company linked to Tory donors called iProov, awarded by NHS Digital in 2019, which has yet to be published on the government website.

Privacy campaigner­s say the opacity of the relationsh­ip between iProov, based in London, and the government raises questions about how securely the informatio­n is held. One said they were “deeply concerned” about the secrecy surroundin­g the use of data.

The NHS confirmed law enforcemen­t bodies could request data, but said a panel reviewed such requests in light of the health service’s duty of confidence.

The number of users reached 10 million this year after the app was adapted to act as a Covid passport. It can be used to access medical records and book GP appointmen­ts, and to obtain vaccine status certificat­es, for example for travel.

The app asks some users for video facial verificati­on by default, although it is possible to opt out. The process involves new users recording a video of their face, which is sent to iProov. The firm compares the facial data with anonymised photo IDs already held by the government. Its software beams a one-off sequence of colours at the user’s face, through their phone, to ensure they are present during verificati­on.

The app also asks users to upload their date of birth, postcode, phone number and a photo of either their passport or driver’s licence. Only a photo clipped from the ID document is supplied to IProov.

NHS Digital and iProov emphasised that app users’ biometric data was anonymised and guarded by the best possible security protection. IProov said its customers implemente­d a “privacy firewall” so it had no visibility of the identity of the people it verified, apart from their faces.

NHS Digital said it had not published its contract with iProov “for security reasons”. This was also why it had notpublish­ed a data protection impact assessment of the NHS app, the document that explains how individual­s’ informatio­n will be used, stored and protected. IProov said it could not disclose how long it held facial data. The NHS said the informatio­n was “not stored for longer than is necessary under the contract”.

An expert in surveillan­ce law said such informatio­n was likely to be desirable to UK and foreign intelligen­ce services. “If GCHQ acquired it and it was of use, the likely position is they would share that with the [US] National Security Agency,” they said.

Jake Hurfurt, of the civil liberties group Big Brother Watch, said: “We’re deeply concerned by the secrecy surroundin­g facial verificati­on and data flows in the NHS app, particular­ly given the involvemen­t of a private company.

“It raises questions about how private and secure anyone’s informatio­n is when using facial verificati­on and the NHS login. Anyone who sends personal informatio­n to a private company, at the encouragem­ent of the NHS, has a right to know exactly what happens to their data.”

Dr Stephanie Hare, author of Technology Ethics, said: “Transparen­cy, explainabi­lity and accountabi­lity are the holy trinity of technology ethics and they fall down on every one of them.”

IProov is linked to Conservati­ve donors. It has received financial backing from the private equity group JRJ, which has a seat on the board after investing in 2015 and 2019, the year iProov won its first NHS contract.

JRJ counts two Tory party benefactor­s among its three partners. One, Jeremy Isaacs, a former Lehman Brothers executive, made 26 donations totalling £661,500 between June 2006 and February 2021.

A fellow JRJ partner, Roger Nagioff, donated 15 times between May 2004 and February 2020, giving £448,500. JRJ did not comment, but a source familiar with its investment said it owned less than 10% of iProov and was not involved in the NHS contract.

IProov won its contract to provide facial verificati­on software to the NHS during a drive to digitise the health service. While the contract hasn’t been published, documents on the government’s “digital marketplac­e” website show that it typically charges an annual service fee of up to £1.4m and a cost per user of £1.50. The NHS said it had secured a discount.

NHS Digital said: “We use facial verificati­on software when people decide to use the app to access their confidenti­al patient data, as part of the high-level NHS login identity verificati­on process which is clearly explained to app users. This means people using the app can trust that their data will be safe and secure.”

 ?? PHOTOGRAPH: MARCIN NOWAK/LNP ?? Travellers arriving at Heathrow. Concerns have been expressed over the NHS app adapted as a Covid passport
PHOTOGRAPH: MARCIN NOWAK/LNP Travellers arriving at Heathrow. Concerns have been expressed over the NHS app adapted as a Covid passport
 ??  ?? ▲ The number of people using the NHS app has reached 10 million
▲ The number of people using the NHS app has reached 10 million

Newspapers in English

Newspapers from United Kingdom