UK COVID-19 app collects facial verification data via government linked contractor

The mobile application of the United Kingdom’s public healthcare system, the National Health Service (NHS), has been found to collect and store facial recognition data via a contracting firm with links to the Tory party.

NHS Digital awarded the facial data collection contract to a company called iProov in 2019 and, given its strong government ties, the revelation made by the Guardian raises serious concerns about such sensitive personal data falling into the hands of state actors.

The app, which also functions as a COVID-19 vaccination passport and has over 10 million users, requests users to verify themselves through a facial recognition video.

In addition to the vulnerability of facial recognition data being accessible to the government, the contract between NHS Digital and iProov is shrouded in secrecy.

The NHS merely states that the information is “not stored for longer than is necessary under the contract” while iProov does not reveal the duration for which it holds onto the facial recognition data.

“We’re deeply concerned by the secrecy surrounding facial verification and data flows in the NHS app, particularly given the involvement of a private company,” Jake Hurfurt from Big Brother Watch stated.

“It raises questions about how private and secure anyone’s information is when using facial verification and the NHS login. Anyone who sends personal information to a private company, at the encouragement of the NHS, has a right to know exactly what happens to their data.”

Tory party members fund iProov

iProov has received donations from a private equity group called JRJ, where two out of its three partners are Tory party benefactors.

One of those partners is Jeremy Isaacs, who has made 26 donations totalling 661,500 British pounds (778,929 euros). The other partner in question, Roger Nagioff, has made 15 donations to the tune of 528,117 British pounds.

The Guardian also mentions that the iProov board includes Eddie Alleyn as a non-executive director, a veteran of Her Majesty’s Government Communications Centre (HMGCC), which has previously developed surveillance technology for the UK government, as well as having worked at the Ministry of Defence and Foreign Office.