Policymakers in Europe and abroad have recently been considering the idea of digital “immunity passports” or “health certificates” as a way of progressively allowing people who may have acquired immunity to COVID-19 to return to work and to travel. Such digital health certificates could have significant implications for data privacy and human rights. They would not only divide the population into two categories based on sensitive health information, but they would also ultimately become a tool for determining what degree of freedom and rights individuals may enjoy.
Technological solutions developed in response to the COVID-19 pandemic will have lasting impacts worldwide. They will shape the responses to trade-offs between data privacy, human rights and public health interests for many years to come.The idea of digital “immunity passports” or “health certificates” has recently started gaining traction among policymakers in Europe and abroad. These are digital credentials that would allow individuals to prove their health status (i.e. COVID-19 test results, antibody test results, or eventually vaccination certificates) in a verifiable manner, using, for example, mobile phone applications, QR codes or even electronic bracelets. Several countries, including Chile, Estonia, Italy, UK and US, are reportedly considering some form of immunity certificate as part of their COVID-19 crisis management strategies. Similarly, the idea of an EU-wide “COVID-19 passport” was reportedly discussed at a meeting of EU member states’ tourism ministers in late April. The EU’s Joint European Roadmap towards lifting COVID-19 containment measures also considered the roll-out of serological testing to assess population immunity as part of its strategy.
Despite calls for caution from the WHO highlighting the scientific shortcomings of immunity passports, uncertainties about the effectiveness of antibody-mediated immunity and concerns about the false sense of security such certificates might foster, pharmaceutical companies and biotech start-ups continue to develop serological tests for antibodies to SARS-CoV-2, some successfully.
Also underway are multiple efforts to develop digital technologies for immunity and health status verification. Current initiatives include global collaborations such as the COVID-19 Credentials Initiative as well as industry-led and academic-facing efforts to create blockchain-based digital health certificates. Technologists believe that such digital certificates can build on digital identity technologies that already exist and can be quickly deployed. These technologies would have significant consequences for data privacy and human rights, as discussed below.
Verifiable ID and Health Status
Existing digital identity platforms use a variety of technologies, including blockchain and artificial intelligence, to verify identity based on a set of attributes related to a person or entity that are available in digital format. These attributes can include biometric data (e.g. a fingerprint, eye scan or 3D face map) and life factors (e.g. date and place of birth). They can also be combined with evidence of government-issued ID (e.g. a passport or drivers’ licence) and digital activities such as social media pictures and posts, online purchase and search history and geotagging data.
Building on these technologies, digital certificates would allow individuals to prove their identity and health status at the same time (using, for example, recent results of COVID-19 tests showing they are free from the virus, proof that they have recovered from and acquired antibodies to SARS-CoV-2 or, once a vaccine is available, a vaccination certificate). Digital proof of health status could be required for access to public transport, shops, restaurants or workplaces. Potential mediums include contactless mobile phone applications, QR codes or even wearable devices such as electronic bracelets.
Data Privacy Considerations
Within the European human rights system, Article 8 of the European Convention on Human Rights (ECHR) guarantees respect for one’s private life. That includes the protection of personal information concerning one’s health and attributes such as DNA samples and biometric data (see, in particular, the decisions of the European Court of Human Rights on S. and Marper v UK , L. L. v France, L.H. v Latvia and Gaughran v the UK).
In the EU context, Article 8 of the Charter of Fundamental Rights of the European Union (CFREU) expressly recognises the right to data protection. Article 3 of the General Data Protection Regulation (GDPR) provides that any processing or controlling of EU data subjects’ personal information must comply with the rules it sets forth, even if that processing takes place outside of the EU.
However, the right to respect for private life is a qualified right, meaning that state authorities may interfere with it under specific circumstances. Still, any restrictions imposed by public authorities must be taken in view of safeguarding a legitimate interest provided for by the ECHR and must satisfy the tests of legality, necessity and proportionality. Given the current situation, states could certainly invoke the interests of “the protection of health” or of their country’s “economic well-being” listed in Article 8 to justify the deployment of digital health certificates.
However, according to the principle of legality, domestic laws providing the legal basis for the adoption of such technologies must be adequately accessible and foreseeable and indicate with sufficient clarity the scope of discretion they confer to public authorities (S. and Marper v UK at para 95). Besides, health data, such as the results of COVID-19 immunity tests, enjoy a reinforced level of protection under Article 9 of the GDPR. Even if the processing of health data is necessary for public health purposes, domestic laws must provide adequate and specific measures to safeguard individuals’ rights and freedoms (Article 9-2(i) GDPR).
Moreover, the necessity test demands states to demonstrate that there is a pressing social need at stake. In other words, they must justify as necessary not only the use of technology to measure population immunity, but also the use of such technology to categorise individuals based on their health status. Even if we assume that the unprecedented nature of the current pandemic could allow states to clear this high hurdle, they would still need to show that the measures taken are proportionate to their aims and that they are the least restrictive viable solution. This hurdle may be more difficult to clear, as such measures would dramatically restrict the rights of a large segment of the population.
In addition, much would depend on the exact design and reach of the technologies, notably how data is collected, stored and accessed and what purposes it is used for. These technologies would thus need to comply with the seven principles laid down in Article 5 of the GDPR concerning lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity and confidentiality and accountability. National Data Protection Authorities have the competence to monitor, investigate and enforce the application of these rules (Articles 57 and 58 GDPR). Even if the roll-out of these technologies was voluntary and users provided meaningful consent (Article 4-11 GDPR), they would still need to have appropriate data protection measures built into their design (Article 25-1 GDPR). For example, their designers must anticipate potential privacy-invasive events and related risks and take proactive steps to prevent harm to users’ rights.
Human Rights Implications
The deployment of digital health certificates for COVID-19 would create a new distinction between individuals based on their health status, given that these certificates would be used to determine the degree of freedoms and rights one may enjoy. Such segmentation of the population could undermine the very essence of our shared values of human dignity and equality enshrined in Article 1 of the Universal Declaration of Human Rights. That could lead to discrimination and stigmatisation of those not immune or not yet free from the virus.
Let’s just pause for a moment and imagine what this would look like in reality. Those with the “wrong” digital credentials would see significant restrictions to their rights, in particular, the right to liberty, the right to work, the right to education, the right to respect for family life, the freedom to manifest one’s religion and the right to freedom of assembly and association. To a certain extent, this is already a reality in some countries. For instance, in South Korea, authorities have deployed technologies such as mobile phone applications to track individuals infected by the virus and imposed the use of electronic bracelets to monitor individuals who have broken quarantine rules. In China, individuals must show digital credentials (as QR codes) proving they don’t have the virus or have complied with strict quarantine rules to access public and private spaces, including taxis, restaurants, public transport and parks. In Estonia, individuals will use a temporary QR code on their mobile phones to display their coronavirus test results and gain access to workplaces, restaurants and other shared spaces.
The roll-out of digital health certificates would generate three interconnected socio-legal concerns. First, studies have shown that, so far, even in hard-hit countries, only a small fraction of the population has been infected and thus acquired some sort of antibody-mediated immunity. Until a vaccine is available, digital health certificates could thus exclude a large part of the population from exercising their rights. If and when a vaccine becomes available, the authorities will need to ensure populations around the world have equitable access. Otherwise, significant segments of the population may again see the exercise of their rights restricted.
Second, such measures have potential to be vastly more devastating for those in already vulnerable situations or in poverty, as they are more likely to have health issues and to work in precarious conditions. If they are also denied access to work because they cannot prove immunity to the virus, they may lose their only source of income and risk destitution. As highlighted by the former UN Special Rapporteur on extreme poverty, the current crisis disproportionately affects poor people, whose support networks are increasingly overwhelmed by these unprecedented levels of unemployment.
Third, individuals may respond to requirements for proof of immunity as incentives to seek to become infected and acquire immunity, thus gaining access to work and more freedom. Such practices, which are not without precedents in the past, could cause numerous deaths and new waves of the disease.
The rapid adoption of digital identity solutions for health certificates due to pressure to respond quickly to the pandemic could also intensify cybersecurity risks. Depending on how these digital certificates are built and deployed, they may leave users vulnerable to cybercrime, such as digital identity theft or other harmful cyber activity. For instance, existing digital identity initiatives, such as the Aadhaar in India and Estonian e-identity, had to overcome significant cybersecurity challenges. Specifically, security lapses have led to the leaks of Aadhaar unique numbers (similar to social security numbers) in the past. Vulnerabilities in the encryption used in Estonian e-identity cards were reportedly found and fixed before attackers could exploit them, but they had still posed a grave risk. In sum, companies aiming to supply governments and the private sector with digital health certificate technology will need to be extremely and continuously vigilant about cybersecurity vulnerabilities within their platforms. In particular, they must anticipate that individuals may be driven to forge health credentials if that allows them to return to work and to enjoy freedom of movement.
In Search of the Right Balance
As noted by the UN Secretary General, we are all in this together. While technological solutions such as digital health certificates may allow countries to reignite their economies and progressively emerge from the crisis, their design and implementation cannot be left to technologists and digital identity start-ups alone.
The opportunities presented and risks posed by these technologies should be discussed within a multi-stakeholder setting that includes representatives from civil society, academia, international organisations, industry and governments. In Europe, the EU should play an active role in this regard, notably by continuing to provide expertise and general guidance on data protection, privacy and fundamental rights. The European Commission and EU agencies such as the Fundamental Rights Agency should be fully engaged in these important debates. Similarly, the e-Health Network should provide guidance to member states, as it did with respect to contact tracing applications, before any decisions related to digital health certificates are made at domestic levels.
It is vital that an appropriate balance is found between, on the one hand, the protection of public health and economic interests and, on the other hand, respect for individuals’ rights. That will prevent future erosion of data privacy and keep alive the human rights standards and rules that protect us all, especially during challenging times.
About the Author
Ana Beduschi is an Associate Professor of Law at the University of Exeter, United Kingdom. Her research and teaching focus on international human rights law, technology, digital law, data protection and privacy, and international migration and refugee law. She is the Principal Investigator of the project "COVID-19: Human Rights Implications of Digital Certificates for Health Status Verification" funded by the UK Economic and Social Research Council. Follow her on Twitter: @ana_beduschi.