Why has gone wrong for NHS’ Scotland COVID App

In September last year, people across Scotland were urged to download the new Protect Scotland app to help suppress the spread of coronavirus.

The free app, available on Apple and Google stores, was tipped to enhance existing Test and Protect contact tracing measures, offering an additional layer of protection to break the chains of transmission faster, just the securities on legitimate online casino sites.

Once downloaded, the app works in the background, using Bluetooth technology to anonymously alert people if they have been within two metres for at least 15 minutes with another app user who has tested positive for coronavirus.

It also quickly alerts those you have been in close contact with if you test positive, even if those contacts are unknown to you.

It was said that privacy will be protected, as the app uses encrypted anonymised codes to determine close contacts, which are deleted after 14 days. It doesn’t store details on an individual, or their location.

Designed to complement the Test and Protect person-to-person contact tracing system, the app allows people to self-isolate far quicker if they are exposed to the virus, reducing the risk of them infecting others – and the more people who use the app, the better it will work.

However, the Scottish government and developers have been rebuked for breaching data privacy laws on a Covid vaccine status app downloaded by millions of people. The Information Commissioner’s Office (ICO), which polices the UK’s privacy laws, said it had warned the Scottish government and NHS last year that there were serious privacy problems with the app, but that not all those problems were fixed before it was launched.

The ICO said between 555,000 and 615,000 people were affected by the error. In an unusually critical ruling, Steve Wood, the ICO’s deputy commissioner, said: “When governments brought in Covid status schemes across the UK last year, it was vital that they were upfront with people about how their information was being used.

“The Scottish government and NHS National Services Scotland have failed to do this with the NHS Scotland Covid status app. We require both bodies to act now to give people clear information about what is happening with their data. If they don’t, we will consider further regulatory action.”

The app was needed to get access to nightclubs, sports arenas and other venues such as university buildings, and for travel overseas, after it became mandatory for people to provide proof of their vaccine status; paper printouts or screenshots of vaccine status were also permitted, which works like creating an account with jeux de casino en ligne before games can be played for real money

Nicola Sturgeon, the first minister, announced on Tuesday the vaccine passport scheme would be dropped on 28 February. Several hours after she spoke, the ICO notified her officials they would issue the reprimand on Friday. All other Covid regulations in Scotland will remain in force until 21 March.

The Conservatives and Liberal Democrats said ministers had “arrogantly” put privacy at risk by ignoring warnings from the ICO and opposition parties last year. Murdo Fraser, for the Scottish Tories, asked whether Sturgeon knew the ICO rebuke was imminent when she made her announcement on Tuesday.

Wood said the ICO had warned the government last year it would be unlawful for the app’s developers to use people’s portraits to improve facial recognition technology. That plan was dropped, as were plans to share personal data with the company.

Even so, the app still failed to warn users properly about how their data was used when it went live. There was also “an ongoing failure to provide concise privacy information so that the average person can realistically understand how the NHS Scotland Covid status app is using their information”, the ICO said.

The Scottish government admitted the app should have been far clearer about how private data was processed. “Together with NHS National Services Scotland, we will continue to work with the ICO to implement the improvements they have asked for, and ensure that lessons are learned for future work,” a spokesperson said.