With Minister for the Cabinet Office Michael Gove expected to announce app-based “COVID status certificates”, the UK’s post-lockdown plan looks set to come under fierce attack.
Seventy-eight Members of Parliament and 11 lords – including former Conservative leader Iain Duncan Smith, former Labour leader Jeremy Corbyn, and Lib Dem leader Sir Ed Davey – are backing a campaign by Big Brother Watch, the civil liberties and privacy group.
They join other campaign groups, including Liberty, in backing the statement: “We oppose the divisive and discriminatory use of COVID status certification to deny individuals access to general services, businesses or jobs.”
The official line from a government spokesperson is that it is “considering a range of evidence around COVID-status certification” and whether the approach “may have a role in opening up higher risk settings safely. The review is ongoing and no decisions have been taken.”
A call for evidence opened in March.
It is expected that, if the app-based concept goes ahead, it will have no place in steps two and three of the UK’s reopening “roadmap”, which includes schools, non-essential retail, gyms, and nail salons.
Nonetheless, a Big Brother Watch report [PDF] on the prospect of COVID certificates said that any requirement to “use an app or, for individuals without a smartphone, a QR code, or possibly even to submit to a facial biometric check to convey sensitive medical information would engage Article 8 privacy rights, GDPR and the Data Protection Act 2018 (DPA).
“This privacy intrusion would be particularly serious and change not only long-held expectations of medical confidentiality but the way that society operates as a whole.”
The idea of COVID vaccination or immunity status certificates requires both data about an individual’s health and, linked to it, confirmation of their identity.
“Some technology options rely on strong binding to biometrics whereas others use technologies such as blockchain and verifiable credentials frameworks,” Big Brother Watch said in its report. “Every proposed system for verifying someone’s COVID status relies on the certificate being bound to an individual’s sensitive medical data and verified via a photograph, biometric data or a link to a physical form of ID.”
It pointed out that the UK government had been funding at least eight iterations of COVID passes since 2020 via the Department of Health and Social Care and Innovate UK, part of non-departmental public body UK Research and Innovation.
Potential systems include Mvine/iProov. It stores vaccination certificates and generates a random string of digits as an identifier, which is linked to biometric data – likely a face scan. There is no direct link between medical data and ID, the company says. iProov facial biometrics are used by the NHS COVID-19 app and the Home Offices Settled Status Scheme app.
Other proposals include using the NHS app directly with facial recognition as the biometric identifier.
Big Brother Watch said using the NHS app for COVID certificates “would be even more intrinsically linked to individuals’ identities than the Mvine/iProov approach, as NHS records contain a wealth of identifiable, sensitive information including NHS numbers. Using the NHS App for proof of a vaccine comes with a significant further privacy risk due to the wealth of other personal information available within it, from prescriptions to addresses, and these issues are yet to be addressed.”
Speaking to Sky News, transport minister Grant Shapps confirmed that the NHS app would be used to allow UK citizens to demonstrate whether they have had a COVID jab, or tested negative for the virus, before travelling abroad. ®