April 20, 2021

Volume XI, Number 110

Advertisement

April 20, 2021

Subscribe to Latest Legal News and Analysis

April 19, 2021

Subscribe to Latest Legal News and Analysis

Worldwide Plans for Apps and Cards to Prove Your Vaccination Status: Are There Privacy Concerns?

A new commercial has hit the airwaves in Israel. It begins with a door swinging open to reveal a beautiful seaside patio with a couple awaiting their dinners as a voiceover says, “How much have we missed going out with friends?” Well, with the Green Pass “a door simply opens in front of you” and we can “return[ ] to life.” This commercial is advertising Israel’s version of a digital vaccine passport.

Although there are still lots of unknowns, there are many countries and industries considering vaccine passport programs like Israel’s, including  Japan, the United Kingdom and the European Union, as well as airlines and some concert venues, to name a few.

Israel’s vaccine passport was released on February 21.  There, vaccinated people can download an app that displays their Green Pass when they are asked to show it. The app also can display proof that someone has recently recovered from COVID-19, which also allows passage. Other proposed ”passport systems” offer several ways to show you are not a threat, such as proof of a negative COVID-19 test. Israel hopes this technology will encourage more citizens to get vaccinated.

However, the Green Pass and other passport programs may also bring up some big privacy concerns. Orr Dunkelman, a computer science professor at Haifa University, says that the Green Pass displays more information than simply whether the individual has been vaccinated or has recently recovered from COVID-19. The pass also displays the date of the recovery and the date of the vaccine and uses outdated encryption technology that is potentially vulnerable to security breaches and hackers. Orr also says that because the app is not open source, no third parties can test whether these concerns are founded.

In the United States, PathCheck Foundation at MIT is working with Ideo on a low-tech solution that may address these privacy concerns before any kind of ”passport” is available here. The prototype uses a paper card similar to the one that individuals are currently receiving once they are vaccinated. However, to avoid fraudulent cards, the paper card being developed by PathCheck Foundation and Ideo would use multiple forms of verification such as QR codes for scanning (maybe at the gate of a concert or movie theater entrance) that only displays an individual’s vaccination status, while other entities (such as health care providers) would be able to scan the card and receive more detailed information (e.g., the type of vaccination received, the date, the location it was administered, etc.). Additionally, PathCheck Foundation points out that privacy is important to those who are undocumented or simply don’t have trust in the government, and we don’t want to create yet another repository that is hackable (and may potentially contain entire state populations).

At this point, it isn’t clear whether the United States will be able to implement a vaccine passport quickly because we don’t have a universal identity record or federal medical records system (which Israel does). However, whichever option eventually becomes widespread across the country, it will need to use a system that will be able to maintain certain individual privacy rights while also allowing businesses and venues to reopen safely.

 

Advertisement
Copyright © 2021 Robinson & Cole LLP. All rights reserved.National Law Review, Volume XI, Number 63
Advertisement
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Kathryn Rattigan Attorney Cybersecurity Data Privacy
Associate

Kathryn Rattigan is a member of the firm's Business Litigation Group and Data Privacy + Cybersecurity Team. She advises clients on data privacy and security, cybersecurity, and compliance with related state and federal laws. Kathryn also provides legal advice regarding the use of unmanned aerial systems (UAS, or drones) and Federal Aviation Administration (FAA) regulations. She represents clients across all industries, such as insurance, health care, education, energy, and construction.

Data Privacy and Cybersecurity Compliance

Kathryn helps clients comply...

401-709-3357
Advertisement
Advertisement