There is no legal requirement for the data controller to consult the Information Commissioner’s Office (ICO) under Article 36 of the General Data Protection regulation as the data collected is not identifiable and the processing is not therefore considered to be high risk.
However, the ICO has been working with NHSX for some time providing information governance assurance on the app development, including advising on the Data Protection Impact Assessment regarding risk mitigation. The ICO is represented on the Assurance Board and on the Ethics Advisory Board as an observer. Both boards report up to the app’s Oversight Board.
The ICO published a statement on 24 April confirming they will offer support during the life of the app as it is developed, rolled out, and when it is no longer needed.