Vaccine Passport Plans Can’t Ignore Web Of Privacy Laws

As a case study, vaccine passports are an extreme example of the need to balance utility and privacy. It’s worth a few minutes of your time to read the linked article for a lawyer’s view of the issues…:

[…] New York appeared to have these issues in mind last month when it became the first state to formally launch “this potentially transformational technology” in the form of the Excelsior Pass, a free, voluntary platform developed in partnership with IBM that New Yorkers will have to opt in to use.

The digital health pass allows consumers to store proof of their vaccination or negative test results on their phones through a secure QR code that participating businesses and venues, including Madison Square Gardenand the Times Union Center, can scan using a companion app. Because the pass uses an encrypted digital wallet on a smartphone to store this information, organizations will be able to verify these credentials without having access to individuals’ underlying personal data, putting consumers in charge of what information they share, the state and IBM said.

Butler, EPIC’s president and executive director, said the New York system appeared to be on the right track, given officials’ statements that the Excelsior pass only communicates whether a person has satisfied the requirements of being vaccinated and doesn’t create a permanent log of individuals’ vaccine status or where they’ve gone.

However, “if you flip around each of those different contentions, you could imagine the sorts of privacy problems that could come up in a different type of app design” where an app is collecting “a lot of data” about a person and “creating a log of where people are going and what they’re doing,” Butler added.


Original article