To ask the Secretary of State for Health and Social Care, pursuant to the Answer of 7 May 2020 to Question 41449 on NHS: Computer Software, whether data that will remain under the control of the NHS will remain (a) on NHS infrastructure and (b) in the UK.
This answer is the replacement for a previous holding answer.
21 May 2020
If users choose to share their information with the Department and the National Health Service, it will remain under the control of the Department and the NHS throughout. Companies working with the NHS are bound by robust contract and data processing agreements that specify how and when the data must be stored, secured, used and destroyed.
The data that app users have chosen to share with the NHS may be retained for research in the public interest, or by the NHS for planning and delivering services, in line with the law and on the basis of the necessary approvals required by law.
Data will be stored securely and processed in the United Kingdom. Information that does not, and cannot, identify a user may be stored and processed outside of the UK (for example, information purely about the number of proximity alerts issued, or the number of outcomes from tests).
The Data Protection Impact Assessment and Privacy Notice for the app set out how the data voluntarily provided by a user is stored and used.