Undisclosed companies are reportedly analysing facial data collected by the NHS app, which has gained popularity after becoming the easiest way to access Covid-19 vaccine certificates.
The NHS app, separate to the Covid-19 app and downloaded by some 16m, uses facial verification software for ID checks when signing up.
French call centre specialist Teleperformance, which helps check IDs on those signing up for the app, uses a string of undisclosed subcontractors under two contracts worth £35m, The Guardian first reported.
The contracts include a £7m deal covering April to June this year and a £28m contract for June 2021 to March 2022.
If facial verification software process fails, the app falls back on manual checks, where users must record a short video of themselves reading out a set of four numbers, as well as uploading an ID document.
The video is then handed to identity checkers, who compare the ID photo with the user’s face in the video.
Though Teleperformance is permitted to subcontract the ID process to other companies, which NHS Digital said involved “stringent” checks.
It raises issues regarding data transparency in the UK, with the companies in possession of this data currently unknown to the public.
However, City A.M. has learned that the second most recent contract for the ID checking is in the final stages of a ‘redaction process’, so the third-party companies with access to the data are expected to be revealed in the coming days.
The app also uses London-based iProov to perform automated ID checks on people signing up for the NHS app.
A spokesperson for NHS Digital said: “The NHS App is helping millions of people to quickly and easily access their NHS COVID Pass and frees up time for GP surgeries by allowing people to book appointments and order repeat prescriptions online.
“Our NHS login identity verification process is clearly explained to app users and means people using the NHS App can trust that their data will be safe and secure.”