Post sponsored by

Source: New Zealand Privacy Commissioner – Blog

As countries race to roll out their vaccination programs, the conversation has shifted: the question now is, when can we get back to normal?

In many countries, the re-opening of shops, bars, gyms, and national borders will require a system of verifying people’s vaccinations.

But this is where matters get difficult. How do we create a system of verification that is effective, minimises fraud risks, allows for wide public participation and is privacy friendly?

Vaccine passports

Vaccine passports are certificates establishing proof of vaccination and are linked to a holder’s identity. These passports are touted as the best means of reopening national economies. The idea is that people who have been vaccinated, being immune to Covid-19 can safely go out in public without risking public and personal health. These will allow people to go to shops, theatres, churches, and travel internationally basically unimpeded.

Vaccination passports appear to be popular with several governments, airlines, tech-developers, and think-tanks.

European Commission President Ursula von der Leyen has indicated the EU would propose a Digital Green Passport in late March. EU member states will then choose whether to proceed with the plan recognise vaccination proof of citizens from other EU states. This scheme aims to facilitate EU wide travel as well as greater participation in domestic economies by vaccinated citizens.

Israel rolled out its “green passport”, for which only people who have been vaccinated or who have recovered from the virus are eligible. This is more of an “immunity passport”, the idea being that people who contracted COVID19 and have recovered will be less likely to contract the virus again. Gyms, theatres, and hotels are now operating and can be used by passport holders. It also signed bilateral travel agreements with both Greece and Cyprus.

The World Health Organisation also announced plans to create an enhanced international vaccination certificate and entered the Smart Vaccination Certificate consortium with Estonia.

IBM developed a Digital Health Pass which companies and venues could use to customise what information they require such as vaccination records. These credentials are sent QR code form to a chosen mobile wallet. Apple and Google are likely to join the fray with their own apps.

Aside from IBM, there is a profusion of other initiatives including the IATA’s (International Air Transport Association) Travel Pass and CLEAR’s Health Pass. It has been reported IATA’s app may link to a copy of the user’s passport for verification.


As you might expect, there are some major questions to think about. Do governments intend to use these for international travel or merely for giving holders greater freedoms? If so, will governments opt for immunity passports (to also include those who have had the virus and recovered) or strictly vaccination passports? Furthermore, what use will an immunity passport be should the vaccines prove ineffective against one of the many new strains that seems to be cropping up every day?

From a human rights perspective, vaccination passports could be seen as problematic. Recently, the Royal Society voiced their unease in a report about the potential for discrimination against the pregnant, the young who will be vaccinated last and others who can’t be vaccinated for medical reasons. It added that it will be crucial for governments and developers to be clear about whether these passports will be used for greater domestic freedoms or international travel.

What about privacy? Is privacy being taken seriously in the development, deployment, regulation and running of these Covid-19 passports?

According to a recent report by the open internet advocacy website, TOP10VPN, 82 percent of the Covid-19 certificate apps in operation globally have inadequate privacy policies. Moreover, 41 percent can monitor users’ precise location. The report’s author, Samuel Woodhams, is concerned that these passports have been rushed and don’t have the protections you would expect considering the sensitivity of the information they collect. He says many of these apps have generic, boilerplate privacy policies that don’t specify what information is being collected and don’t tell you how long it’s going to be stored for.

International experts have voiced their concerns. The Ada Lovelace Institute convened an urgent expert deliberation to consider how governments should act in response to vaccination passports. In its 17 February report, the panel considered that there was a real future risk of normalising health status surveillance by creating long-term infrastructure created to respond to a temporary crisis. The panel also expressed the view that digital identity systems could be introduced as part of an emergency infrastructure, but used for a different or expanded purpose, or what is known as “scope creep”.

There is serious concern that people’s personal information might be used more broadly than intended. Information might flow to third parties, and personal data may be repurposed.

So what?

Ultimately, it is crucial that governments form policies to ensure that privacy risks in this area are considered at the outset, and not as an afterthought. Here are some key points to consider for the movers and shakers in this area.

Developers should embed what are known as ‘Privacy by Design’ principles into whatever systems they develop. This will involve a comprehensive assessment of the privacy impact on individuals. Privacy by Design is a design methodology that includes privacy as an essential priority of any product, service, system, or process. This way, privacy is embedded throughout the product or service lifecycle from design to disposal.

It is crucial too that users are informed of how their health information is being used and for what purpose, clearly and accessibly.

Organisations developing and rolling out these apps should collect the minimum health information from citizens that is necessary for the protection of public health.

Demonstrable measures should also be taken to address the risks of directly sharing information from health records for travel purposes – privacy preserving solutions can include federated identity systems and device level processing.

Re-use and further sharing of health data from travel systems must meet the principles of necessity and proportionality.

The cyber-security risk of any digital systems or apps must be fully assessed, taking full account of the risks that can emerge from different actors in a global threat context.

Organisations should consider carefully for how long data should be retained and design a retention schedule for the safe deletion of information once it is no longer required.

Sunset clauses should be built into the design of such schemes, recognising that the routine processing of Covid-19 health information at borders may become unnecessary once the pandemic ends. The schemes should also be reviewed periodically to ensure that the processing remains necessary whilst the pandemic is ongoing.


Vaccine or immunity passports may well play a major role in the world’s economic recovery. We need to ensure that as we develop these systems, privacy is not sacrificed at the altar of expediency.

This article was first published in the 31 March issue of NZ Doctor.

Image credit: Passport and Covid-19 vaccine certificate via Flickr.