"NHS app storing facial verification data via contract with firm linked to Tory donors", 15 September 2021.

The NHS app is collecting and storing facial verification data... in a process which has fuelled concerns about transparency and accountability.

The data collection is taking place under a contract with a company linked to Tory donors called iProov...

Privacy campaigners say the opacity of the relationship between... iProov and the government raises questions about how securely the information is held...

An NHS spokesperson confirmed law enforcement bodies were able to request data, but that a special panel reviewed such requests...

Both iProov and NHS Digital stressed that app users’ biometric data is anonymised and guarded via the best possible security protection, audited by the NHS. IProov insists its customers implement a “privacy firewall” to ensure it has no visibility whatsoever of the identity of the people it verifies, apart from their faces...

However, NHS Digital said it had not published its contract with iProov “for security reasons”...

IProov also sells its software to [businesses and foreign agencies]. It does not sell data. It said all of its activities were regulated by GDPR and that UK law protects against it being compelled to release or hand over any user data...

NHS Digital said: “...We use facial verification software when people decide to use the app to access their confidential patient data, as part of the high-level NHS login identity verification process which is clearly explained to app users... people using the NHS app can trust that their data will be safe and secure.”