Designing any technical system requires comprehensive thinking about the human or societal as well as technological elements of a system, and how humans and technology interact as part of that system. For example, a car is a piece of technology – a machine made of an engine, wheels, materials and electronic systems – but its operation also involves a driver, the rules of the road, traffic safety laws and planning decisions that allow roads to be built (and much more).
Thinking about a digital vaccine passport system requires doing the technical design ‘right’, and there are many factors that contribute to that empirical judgement. There is currently no single or dominant model for these technologies, and different attributes bring distinct design options and incorporated risks into focus. New infrastructure and databases may be required, depending on existing capacity in the national context.
With some models bringing together identity information, biometrics information, health records and contact tracing data, technical design must incorporate the highest security. Some risks can be minimised to some extent by following best-practice design principles, including data minimisation, openness, privacy by design, ethics by design, giving the user control over their data, and adopting the highest standards of governance, transparency, accountability and adherence with data protection law.
But successful design and delivery will involve thinking about much more than the technical design of an app – it should involve detailed consideration of how a technical solution would fit into a broader societal context, including the full range of public health interventions. For example, it might be theoretically possible to build an app that in itself protects the privacy of the user and helps them access particular rights and freedoms, but that nonetheless causes wider societal harms through increasing stigma or new opportunities for oversurveillance of minority groups.
Whatever we call the applications themselves, COVID vaccine passports are part of a wider sociotechnical system. That is, they are part of a wider COVID status certification system that goes beyond the data and software that form the technical application itself, including:1
- Data such as the vaccination records, identity proxies, health and location data of individuals.
- Software such as apps, verification systems, interoperability middleware, biometric systems, testing systems, databases, linkages across multiple databases and multiple jurisdictions, encryption systems.
- Hardware and infrastructure such as verification kiosks or scanners, servers and cloud storage, mobile phones, linkages to testing and vaccination procedures.
- People, skills and capabilities such as skilled operators, medical experts and their expertise, compliant individuals and populations, regulators, enforcement services such as border control and the police, IT professionals, standards bodies, infrastructure firms, services firms, marketing and public information, democratic engagement and deliberation, legal professionals.
- Organisations such governments, global governance organisations, firms, lobby groups, unions.
- Formal and informal institutions such as laws, regulations, standards and enforcement mechanisms, accountability structures.
At another level, these COVID vaccine passport systems are part of wider societal systems. For example, they are one part of a wider public health system, where consideration needs to be given to how they interact with other interventions and mitigation measures, for example
their behavioural impacts on mask wearing and social distancing, or diversion of attention and resources away from other parts of the vaccination programme or from test, trace and isolate schemes.
If introduced, vaccine passports would also be part of a wider emerging system of digital identification and the roll-out of biometrics into everyday life around the world. In this context, they need to be considered in relation to how their implementation might accelerate the
development and implementation of these schemes without sufficient public engagement or response to public concerns, and the risks that accompany embedding technologies that are hard to roll back into everyday life.
Finally, they will require practical and operational overheads to work – whether that’s scanners to read QR codes at venues, additional staff at the door to check passports, access to wifi at vaccination centres, or adequate testing capacity so that test results can be turned around
quickly enough to be of practical use.
In a multipurpose system and in the face of such complexity – that everything is connected to everything else, and that any intervention will have uncertain and unpredictable outcomes – it might be tempting to assume evaluation of any individual intervention will be almost impossible.2 Instead, those considering implementing or condoning these systems, and governments in particular, must investigate the nature and the strengths of these connections, gather empirical evidence, and then assess whether that evidence justifies policy action
while being transparent about the uncertainties involved.
We will look at technical and sociotechnical design in turn, and form recommendations and key concerns in response to both technical design and the context of the wider societal system.
Checkpoints for vaccine passports
This is one of six requirements for a socially beneficial vaccine passport system, as outlined in a report based on an extensive review of the key debates, evidence and common questions around digital vaccine passports
There are currently several options for the technical design and roll-out of vaccine passports, and this makes decision-making particularly difficult. Where the debate about contact tracing apps focused on two very different models – decentralised systems (where data stayed on
individuals’ phones) and centralised systems (involving central servers), there is no equivalent binary choice in the vaccine passport debate. What is emerging is a range of solutions being proposed and developed, and divergent approaches to delivery (see our international monitor for specific models under development around the world).3
Vaccine passport taxonomies
Any vaccine passport system will have the following common components:
- health information (recording and communication of vaccine status or test result through e.g. a certificate)
- identity information (which could be a biometric, a passport, or a health identity number)
- verification (connection of a user identity to health information)
- authorisation or permission (allowing or blocking actions through based on the health and identify information).
That brings into focus the number of distinct roles operating within the system, including:
- the issuer of the credential – for example, the authority that holds the health data and could confirm that a vaccine or test had been administered (the NHS in the UK)
- the holder of that information – for example, an individual with the credential on their phone
- the verifier of all the necessary information – for example, a venue checking that the correct credential applied to the individual in front of them
- technical providers – for example, the developer of a particular vaccine passport app.
Each component of the vaccine passport system could be digital or non-digital. For example, an entirely non-digital system would involve:
Digital and non-digital components of a vaccine passport system
Digital versus non-digital systems
Most of the discussion about COVID-19 vaccine passports, in the UK and elsewhere, has focused on apps delivered through smartphones. While digital passports are the focus of this report it is necessary to consider how digital and non-digital (analogue) systems compare.
An analogue (non-digital, or paper) system may have some advantages:
- It does not require an extensive technical infrastructure.
- It does not require the verifier (e.g. a venue) to store sensitive personal data.
- It can be implemented quickly.
- It is less permanent, and therefore less vulnerable to scope creep.
But it is also an imperfect system in many ways:
- An identity document or vaccine card contains more sensitive information than is needed for the purpose of access (e.g. a passport number or address).
- A sizeable minority of any population may not possess these documents.
- Paper-based identity documents, and in particular vaccine cards, can be
fraudulently copied, or ‘faked’.
Apps have some advantages over analogue mechanisms, and potentially
- a simple yes/no result without sharing extensive personal details (in contrast
with sharing all the information in a passport, driving license or medical record
- a clearer audit trail as to when and where an individual has had to verify their
COVID-19 statusSociotechnical design Checkpoints for vaccine passports 69
- the ability to update details, as more becomes known about the lasting
efficacy of vaccines
- greater security and protection against fraud.
Technical infrastructure can exacerbate the significant risks of surveillance and
scope creep (see chapters on ethics and future risks). Equitable access is a significant concern, and arguments have been made that there would be substantial disadvantages to a digital-only system, primarily around digital exclusion, even in countries with extensive access to technology infrastructure.
Internet and smartphone access and use varies between and within countries.4
A recent Ada Lovelace Institute report, which considered some of the digital
and data divides in the United Kingdom, showed that a fifth of respondents
didn’t have a smartphone, 14% did not have broadband, and the most clinically
vulnerable were less likely to have either.5 By comparison in India only 38% of people report having a smartphone or using the internet occasionally, with big differences between those of different ages, education levels and income.6
Health information and identity data
Schemes will be technically distinct across different countries, depending on a number of factors, including the extent to which health records are digital, whether health systems have existing central databases or are fragmented across providers, whether countries have
digital identity infrastructure or whether digital apps already exist in health systems. In Denmark, for example, the government has worked closely with private vendor Netcompany, and the app operates in the context of an existing digital identity system. Other countries like the UK have a centralised health system but no digital identity system so have to grapple with different routes to providing identity – none of which will be perfect.
Most systems relying on identity verification will be likely to require ‘anchor’ documents such as a passport or driving licence to be used somewhere in the process, but that won’t enable access for all individuals: in 2015, one in four people eligible to vote in England and Wales were estimated to lack either a passport or driving licence, with certain groups, such as young people, even more excluded.7 Ensuring complete registration and access are challenges that exist already in all health systems, and these are often linked to age and class inequalities in access, both in physical and digital health systems, and more pronounced in many low- and middle-income countries.1
Depending on design and country context, schemes will have different implications for data infrastructure. Some call back to existing databases (checking with existing medical records or checking acceptable QR codes, for example). Others create a digital credential or token that might be stored on your phone. Vaccine passport schemes might require the creation of new databases, which include biometrics records. Each of these pose different risks and benefits, depending on the wider systems they interface with.
In the UK, the preferred route to implementing vaccine passports seems to be building the functionality into the existing NHS app (not to be confused with the NHS contact tracing app or GP apps). This app is regulated by the Medicines and Healthcare products Regulatory
Agency (MHRA) to hold digital health records, and to act as an interface between patients and health services to book appointments and manage prescriptions. A strength of this approach is that it develops an existing infrastructure, rather than building a new one, which already operates to high-level data security standards (see data security section).
Building the tool under the auspices of the NHS brings built in-trust, however it also raises the stakes: if something did go wrong, or this was perceived as a tool that wasn’t in-keeping with the NHS values, it could have an impact on wider trust in the NHS. It is also will have to deal with
coverage issues: currently the NHS app is available only in England rather than across the UK and currently has only two million verified users.9
A critical element of a passport scheme is verification: how the relying or verifying party, e.g. the venue or the airline, can check that the credential that confirms an individual has been vaccinated or tested actually belongs to that individual.10
Many applications being developed rely on QR codes, which are issued as digital or printed cards when an individual is vaccinated, and can be scanned by a venue. Some of these systems would produce a binary (yes/no) response to indicate whether a person could or could not enter, without revealing what method (vaccination, test or exemption) allowed them to do so. Others might be more specific, such as the Danish Coronapas that shows how much time remains in the 24–72 hour window provided by a negative test result.11
Apps have different security protocols: some providers stress that, under their systems, the ‘digital ceremony’ of verification takes place only between the individual and the venue with no databases having to be called – the cryptography within the apps is enough. Others say there
would be a record of the code in the cloud or on a blockchain to verify it was genuine, but this would be separated from any personal data stored on-device.
Israel’s Green Pass app has a QR code that can be scanned, while also providing a physical alternative (Green Pass plus ID document to verify identity). Denmark’s Coronapas system – which includes an August 2021 sunset clause, except for tourism and travel12 – allows citizens to sign into the app with their existing national digital ID (and use the photo from their passport) and display a QR code based on tests, antibody tests or vaccination.
Others are using more complex technologies to verify identity. The Mvine/iProov project funded by the Innovate UK research agency to be trialled in the UK, for example, makes use of facial recognition technology: once an individual has been vaccinated, a medical professional takes a picture and issues the individual with a digital certificate (including a QR code). The certificate number and biometric face scan are stored online by iProov; although the facial biometric is not available to third-parties, this storage could still raise privacy risks. A venue would scan the QR code and the holder’s face, to verify that they were the person to whom the credential belonged. Anyone without a smartphone could have a card with a QR code and still have their face scanned as verification.13
Using facial recognition data in the passport could get around the issue of having no state digital identity system, provided a trusted medical professional was able to link the health credential to the facial biometrics, but it brings in other challenges. In the past facial recognition has been shown to be less accurate for certain demographics – in particular women, and people from minority ethnic backgrounds – which could amplify discrimination and reduce inclusivity.
Conflating COVID vaccine passports with another controversial technology could undermine public trust and confidence – many people are uncomfortable with biometric data about their faces being gathered by private companies or government, and are concerned about how
such data is governed. The Ada Lovelace Institute’s Citizen Biometrics Council recently called for better standards and stronger regulation of biometric data.14
Authorisation or permission
The point of verification by a venue of an individual’s identity may also create practical challenges. It might be a simple, non-digital process – a human examining a digital health record that displays a green tick and a photo, for example, and then waving the individual through. Or it might have a further technical component, by scanning a QR code or further
biometric verification, requiring infrastructure that brings in additional security risks that require further consideration. For example, would venues be required to keep an audit of everyone they have allowed to enter – with related privacy and practical implications of storing a great deal of personal data – or would the fact they have followed a (more minimal) process be sufficient?15
Regardless of how the scheme is delivered, any vaccine passport system should be compliant with data protection, adopt best-practice design principles, offer high data security, be clear how it links or expands existing state data systems, in particular digital identity, and offer a non-digital route. We go into each of these aspects in more detail below.
Data protection and health data
Any vaccine passport system will involve secure access to an individual’s health data, which in many regions will be subject to particular conditions under data protection laws.
In the UK, data protection is guaranteed by the Data Protection Act 2018, which enshrines the EU GDPR, and which in the short term is likely to remain aligned with the EU GDPR.16 (GDPR – the General Data Protection Regulation – was introduced across Europe in 2018 and aims to
standardise the approach to privacy and data protection across Europe. It has also provided a model for other countries, such as Brazil.)
Health data – such as the results of COVID-19 tests and vaccination records – constitutes sensitive data under Article 9 of the GDPR, meaning the collection and further use of that data needs to be justified with one of the exemptions in Article 9-2.17 One of these exemptions is the necessity ‘for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health’.
Any use of personal data for public health reasons should be necessary – that is, targeted and proportional to achieving the desired purpose – and be of benefit to the wider public and society, rather than just individual health. One evidence submission we received suggested this means that governments and developers will need to demonstrate that a vaccine passport will have a meaningful impact on public health.18 European authorities have also underlined that any arrangements justified by the current public health emergency should not continue afterwards.19
Even if such a justification can be established, Article 9-2(i) of the GDPR requires adequate and specific measures to safeguard the rights and freedoms of individuals to be put in place even when pursuing public health interests.17 Given that COVID vaccine passport systems will contain sensitive personal information, app providers will need to comply with the principles of lawfulness, fairness and transparency, purpose limitation, data minimisation, accuracy, storage limitation, integrity, confidentiality and accountability, as outlined in Article 5 of the GDPR.21
Even if explicit consent or public health interests allow for the collection, storage and processing of test results and vaccination records, providers would still need to build data protection into the design of these technologies by default under Article 25-1 of the GDPR. For
example, providers proactively need to take technical and organisational measures to address potential data privacy-invasive situations, including the transfer of data to parties not covered by GDPR, which might occur if services are offered by international private providers.22
Providers should also ensure individuals are informed as to how their data is being utilised, by whom and for what purpose, providing clear and accessible information, recognising the geographical, cultural and linguistic diversity of the societies they are providing this service to.23
Given this, the Data Protection Act will almost certainly require providers, public or private, to carry out a data protection impact assessment (DPIA). National data protection authorities, which in the UK context means the Information Commissioner’s Office (ICO), will have a duty to
monitor, investigate and enforce the application of these rules under Articles 57 and 58 of the GDPR.17
More broadly, the Global Privacy Assembly – an international body composed of information and privacy commissioners – has said that while the processing of health data to enable international travel may be justified on public health grounds, governments and other organisations should take heed of principles including:
- Embedding ‘privacy by design and default’ into the design of any system, including conducting a ‘formal and comprehensive assessment’ of the privacy impact on individuals (see design principles below).
- Ensuring personal data is used according to a clearly defined purpose, under relevant legal authority, and only where it is necessary and proportionate.
- Protecting the data protection rights of individuals unable to use or access electronic devices or access vaccines and consider alternatives to prevent them suffering discrimination.
- Informing individuals as to how their data is being used.
- Collecting only the minimum health information from individuals ‘necessary for their contribution to protection of public health’.
- Building sunset clauses into the design of such schemes, ‘foreseeing permanent deletion of such data or databases, recognising that the routine processing of COVID 19 health information at borders may become unnecessary once the pandemic ends’.25
Anyone developing a COVID certification scheme should consider a series of design principles at all stages of developing a system that will help to minimise harms and the risk of unintended consequences, and maximise the chances of a system working and commanding public
confidence. These principles may include, but are not limited to:
- Data minimisation, the principle that only the personal data needed to fulfil a specified purpose should be held.26 This would suggest that, for the purposes of letting someone into a venue, the only relevant information is whether a person is permitted to enter or not, rather than fuller details of why (have had a vaccination, a negative test or are exempt, for example) or unnecessary personal information.
- User control, the idea that the individual should have control of their data at all times and choose who to share it with.
- Not unrelated is the idea that the credential should ‘act like paper’, as with a paper credential, there is no need for the system to ‘call back home’ and refer back to other databases.
- Privacy-enhancing technology, operating to international privacy standards, should be used where possible to protect personal data, and developers should take a ‘data protection by design’ approach. All of this also points towards solutions that do not make use of other controversial technologies, such as facial recognition or verification
that don’t operate locally and securely on user-controlled devices.
- Openness, not just in explaining to the public exactly how systems are operating (including key details like who is responsible and accountable, the legal protections and ethical standards being applied, and what data is being used and how), but in taking an open-source approach to code that will help keep it up to date and open to scrutiny.
- Transparency about who is responsible and accountable, what legal protections are in place, what ethical standards are being applied, and what data is being used and how.
- High standards of governance, accountability, the application of other principles and adherence with data protection law (including the GDPR in Europe) will be essential to protecting the individual, but also ensuring public trust – as the UK Information Commissioner has written, a failure in one scheme could lead to a loss of trust across all attempts to use data and digital technology to combat COVID-19.27 The ICO is clearly conscious about the issue of ‘scope creep’ – that data collected for one purpose could be used for others.28
- Adherence to international standards, for the sake of interoperability and quality. Among those currently being utilised are W3C’s Verifiable Credentials (although the use of this standard has been critiqued on privacy grounds)29 and the HL7’s Fast Healthcare Interoperability Resources (FHIR) for sharing healthcare data.30
- Piloting proposed solutions at small scale, with full details of any such trials made public, and thorough evaluation and iterative improvements before rolling out any schemes on a larger scale.
- Undertake consequence scanning31 to explore what potential use cases are desirable or undesirable, and make design choices accordingly.
- Analyse plans from a security perspective. Key questions include how many potential security threats are being created by implementing these infrastructures, what new power the system gives to different actors (venue owners, etc.) and how that power could be misused, whether these new powers contravene existing norms,
whether they raise a risk of unequal treatment in society and how these risks can be mitigated.
- Engage members of the public – particularly those from marginalised communities – in the design and piloting of these systems. (See the Public legitimacy chapter for more detail).
Some COVID status certification services would require robust security – particularly if they are bringing together sensitive information. Higher technical security may pose a trade-off for accessibility which will need to be weighed carefully. For example, the NHS offers three levels of identity verification:32
- Low level, where a user has verified ownership of an email address and mobile phone number but has not proven who they are or provided any other details.
- Medium level (P5), where additional information (date of birth, NHS number, name, postcode) has been checked against patient records on the NHS Personal Demographics Service. This allows users to access services like contacting their GP but not to access health records (and so is unlikely to be sufficient for sharing vaccination or testing data).
- High level (P9), which requires a full identity verification process including comparison between the user and photo ID, either at a GP surgery or submitting a photo of their ID and a short recording of their face.
Any process requiring access to personal health data should use high-security level. But the verification of photo ID may exclude vulnerable people or add a burden to GP services, who would need additionally to resource verification of patient identity.33 Alternatives would need to be provided for non-digital access, given a mobile phone is required for an NHS login, and for groups without an NHS number including foreign tourists.
Where countries are building their own solutions tied to state infrastructure, the alternative is for third-party apps, run by private providers, to be given permission to access health records. In the UK there are already private companies who are regulated to store health records and act as an interface between the public and NHS services. Particular consideration needs to be given to exactly how this would work in relation to COVID vaccine passports, what standards providers would need to meet in accessing and using this extremely sensitive data and
how accountability might be assured. In addition, given the high levels of verification necessary, there must be due consideration of whether and how such a standard could be met by private providers. (Also see security and fraud section below).
Developing digital identity infrastructure
It is essential that it is clear whether digital vaccine passports will create or expand existing infrastructure, in particular as regards to digital identity.
In the UK there have been at least two decades of debate about digital identity (the UK currently does not have a single digital identity system), and reaching consensus about identity verification has been challenging. In March 2021, the UK Government confirmed the end of the Verify scheme (although it has been given a final short extension),34 long criticised for failing to meet expectations of users, or in terms of the number of government services using it.35, 3637 In September 2020, the Government published its response to a consultation on digital identity; in February 2021, it published a draft framework for digital identity. Any organisations currently developing vaccine passport systems in the UK will need to ensure that they fit within this framework.
In India, which has an existing identity system called Aadhaar, the roll-out of a contact tracing app has been used to populate other databases linked to Aadhaar, without further scrutiny and amid claims that it violates purpose limitation (the idea that data collected for one purpose
cannot be used for others without a user’s consent). Concerns have been raised from countries such as Argentina and Kenya, that existing digital identity systems lack transparency and oversight.10
Governments that do not currently use digital identity systems should ensure they do not rush into them because of vaccine certification without due thought, debate and deliberation to explore the potential benefits (greater interoperability of identity, joined-up services, etc.) as
well as the practical and privacy concerns. Creating new infrastructure that is primarily designed to meet the needs of the pandemic might restrict future choices.
To be inclusive any technical vaccine passport system will need to have an analogue or paper-based alternative to protect against exclusion. This will bring risks, in particular relating to fraud and exclusion (see below). A non-digital route might not need to be an entirely separate system, for example one of the pilot projects funded by the UK Government, involving app developers Mvine and iProov, reports that their combination of a printed QR code and facial verification allows people without smartphones to be part of the system.39
As discussed above, the technical design of a digital vaccine passport is part of the wider sociotechnical system. This means that even if the technical build is done in a way to (for example) minimise the sharing of personal data and enhance privacy, this will not eradicate all harms. The act of certification discriminates between different groups of people – that will be the case whatever the technical design.40 Therefore it is critical to consider the sociotechnical design as at least as important as technical design.
We now turn to questions of what the wider system around any technical implementation will need to look like, and what will need to be considered in the creation of such systems.
The role of government
The first question asked in relation to domestic vaccine certification systems is often who will provide them: government itself (as in Israel) or other actors, including private companies (many of whom are developing solutions) and non-profit foundations (such as Linux Foundation Public Health). However, the important question to start with is: what will
government’s role be?
Governments have the ability to consider the whole sociotechnical system, including any mitigations against harm that might be required, in ways that other actors cannot, and as such have an essential role to play. Some countries – such as Israel – are already rolling out their own
schemes where their Green Pass is issued by the state. But governments that decide not to roll out their own scheme while permitting others to build them are still taking a decision that carries responsibilities. In many nations governments will be the only legitimate standard setters, and in countries with national health systems they will be responsible for administering vaccinations and certifying that they took place.
Even if governments opted to prohibit the use of vaccine certification – something our expert deliberation felt would be difficult – informal uses are possible, so even here governments should play a role in public communication or guidance. If they do not, key public policy questions around discrimination and ethics will effectively be outsourced to private
companies. In most countries, private companies are likely to have some involvement even in state-run schemes. The question then is not whether government has responsibilities relating to vaccination certification, but what those responsibilities are.
There may be advantages to a system being the responsibility of government. They may already own key parts of the infrastructure that could be used. Many countries have existing ID systems, which can help with identity verification. In the UK, the NHS is responsible for
administering the vaccine and it has been suggested the existing NHS app (not the contact tracing app) could be modified to allow citizens to access their vaccination records. Adapting existing systems may negate the need to build entirely new ones, saving time, cost and reducing risks like scope creep and path dependency.
On the other hand, adapting existing systems to accommodate vaccine passports brings risks. If existing systems, especially identity ones, are flawed, existing problems may become further entrenched. In the UK, the NHS enjoys higher public trust than most institutions and higher
data trust than anyone else,41 but this could be damaged if expectations for vaccine passports were not met, for example through continued outbreaks of COVID-19 (as people falsely assume vaccination or testing will stop all transmission).
Existing apps for citizens may exclude certain groups. The NHS app, which is reliant on registration with the NHS in England, may not cover all eligible UK citizens and would also not work for many individuals visiting or resident in the UK. This could prevent those who have been vaccinated by, and are registered with foreign healthcare providers, from accessing domestic leisure venues during a holiday, or exclude undocumented migrants, asylum seekers and refugees who were not able to be vaccinated in their home country from access to systems in the UK. In Israel, many foreign students, diplomats, asylum seekers and
other non-citizens were excluded from the Green Pass system for weeks after the scheme launched, despite having been vaccinated in Israel.42
Allowing private companies to develop solutions could encourage competition and innovation and provide users with a choice, as no solution is likely to work perfectly in all settings.43 There are risks to relying on a single system (including security risks),44 and a competitive market could help push out untrustworthy players.
Our expert deliberation raised concerns about market-led approaches:
- That a market-led system could be dominated by big players who were not experts in the field, even leading to a monopoly or monopsony.
- That risk might be heightened by only certain technology companies being big enough to adapt any system to rapidly changing scientific evidence (for example, on transmission).
- That the rush to dominate the market quickly could lead to vital discussions of equality and ethics being missed, not leave enough time for user research and evaluation, and bring insufficient engagement with health authorities.
- That there is uncertainty and a lack of transparency about the business model for any private sector solution, and that data acquired through provision of the app (even if anonymised) may be monetised by private providers.
Other risks include that allowing different systems to be developed could fragment a public policy problem into a series of private problems that would be harder to govern; that private companies would have less of an incentive to think about the wider societal context and possible harms unless government had put standards and rules in place; and that multiple solutions may not be interoperable, which would lead to some being recognised in some settings (e.g. by some venues or restaurant chains) but not by others.
Whether apps are supported and developed by government or other, private providers, there are some facts that should be made public clearly, including who is responsible and accountable, what legal protections are in place, what ethical standards are being applied, and
what data is being used and how.
Duration of a COVID vaccine passport system
Another important consideration will be the duration any system is operational. If a system is intended to be a temporary response to avoid prolonging lockdowns and to ease other public health restrictions, its lifecycle would depend to a significant degree on the background rate
of COVID-19, the speed of vaccination within a jurisdiction, and the subsequent impact of health measures on the risk posed by COVID-19.
Some countries have moved quickly in vaccinating their population. As of 12 April 2021, Israel had provided more than 60% of its population with at least one dose of a vaccine, the UK nearly half its population and the US more than a third.45 The percentage of the population that is fully vaccinated in Israel is over 50%, the US over 20% and the UK over 25%.46
A vaccine passport scheme may have some utility when a sizeable minority of the population has had two doses, but before a nation has achieved herd immunity. It may have less utility when only a very small percentage of the population is vaccinated (existing lockdowns would
be likely to continue, there may not be enough economic incentive for businesses to reopen), or with a large percentage of the population having been vaccinated (herd immunity will have some effect).
The speed at which Israel, the US and the UK are vaccinating their populations, for example, suggest that there may only be a very limited window where vaccine passports could be of any use, and there would still be strong scientific reasons (listed above) and other societal reasons
(explored through the rest of this report) not to introduce them.
Mass vaccination would likely bring the risk to society of COVID-19 down to the level of other illnesses already circulating in society, such as seasonal flu. In the UK, the average number of annual deaths from the flu was around 15,000 from 2014/15 to 2018/19,47 but there is no expectation of a passport or testing regime for the flu. Our expert deliberation panel assumed a COVID-19 passport system might have some appeal in the transition from a pandemic to steadier conditions – when, as with the flu, the disease was endemic but vaccination, herd immunity and better treatment had made it less deadly – but then questioned how far it would be possible to switch off a temporary, transition measure once it was in place.
The UK prime minister has suggested that a third wave of COVID-19 could yet ‘wash up on our shores’.48 Would vaccine passports offer any support against such waves globally? Following mass vaccination, the hope is that any future waves would have a more tolerable impact on health, perhaps comparable impact to annual flu seasons unless the virus mutated into a variant against which existing vaccines are not effective. It is not clear how passports would offer significant public health benefit in a situation of low transmission and high population immunity.
The potential scenario of a vaccine-resistant mutation complicates the role of a passport. Those who had previously been considered lower risk would no longer be, and if people behaved as though they were protected because they had a passport, that could potentially accelerate the spread of the disease. On the other hand, if only one vaccine (Pfizer, for
example) was ineffective against a new variant, vaccine passports could be used to allow a subset of the population to continue movement, or government guidance could pivot to a system that was reliant on testing rather than vaccinations.
The end of the COVID vaccine passport lifecycle occurs when it is deemed no longer necessary – but what criteria would need to be met for it to be turned off, and under whose authority? Possible end points could include cases falling below a certain level (though consideration would need to be given as to whether some trigger – an increase in cases, or the
emergence of particular variants – would require them to be switched back on), or the WHO declaring an end to the pandemic. Some have argued that a benefit of passports would be encouraging boosters, which might indicate more long-term use.
Denmark’s plans for its Coronapas contain an August 2021 ’sunset clause’ (other than for tourism and travel), with decisions about any continued scope and use to be informed by the experiences of its domestic use.49 Our expert panel were sceptical about the ease of turning a system off once implemented, and worried about scope creep. Others have argued for disease surveillance systems remaining in place and becoming part of normal health infrastructure, to protect against future pandemics.50
Opportunity costs and overheads
The opportunity cost of focusing on COVID vaccine passports
There will be opportunity costs to focusing on COVID vaccine passports rather than other interventions. Certification schemes will involve political, financial and human capital costs that a government will need to weigh against their benefits. These costs and benefits should not be
considered in isolation. Given that governments have finite resources and attention, focusing on certification schemes should be reviewed in comparison to the costs and benefits of further investment in alternative public health measures intended to lift restrictions, such as investing in greater vaccine supply and roll-out or attempting to improve test, trace and isolate schemes.
As we have seen, there will be a discrete time period where there is scientific confidence about the impact of vaccines on transmission and a large enough vaccinated population to warrant segregating rights and freedoms, before population-level herd immunity, or endemic and low-risk COVID-19 makes vaccine passports unnecessary. In some countries, like the UK, this window might be very narrow.
This window will vary from country to country, and affect the relative balance of costs versus benefits, which will depend on the intended duration of any COVID status certification. High up-front infrastructure and business costs and significant opportunity costs would need to
be weighed in the decision to set up a temporary scheme. Schemes intended to have a long duration also need to be mindful of ongoing costs of maintenance and any costs borne continuously by users, for example in acquiring tests.
Any vaccine passport system will require maintenance, repair and updating in order to remain functional and continue to serve its intended purpose as conditions change around them. The question of who is responsible for maintaining these systems and the costs associated with
continued upkeep should be factored into any cost-benefit analysis of the viability of these systems.
If a vaccine passport system is intended to be temporary, then its obsolescence should be designed in from the start. Legislation and plans should contain sunset clauses, and the costs of closing the system down factored into budget planning. Care should also be taken not to develop other systems that are reliant on it.
Designing in obsolescence may be relatively novel in software development, but not in other fields: nuclear power stations are designed with maintenance, the end of their lifespan and decommissioning in mind. If governments and other providers have not thought about how to close a technical system down, it implies that either they believe it will not be a
temporary measure or have not given the issue sufficient consideration, both of which may be damaging to public confidence.
If a system is to be more than temporary, then maintenance and upgrade costs will need to be planned in. The prospect of ‘technical debt’ – the idea that limited systems built in haste will require future development spending – is also higher if governments and other providers rush to build systems in weeks or months rather than thinking longer term.
Financial burden on businesses
Businesses that require vaccinations for customers or employees will need systems and additional resource for reviewing vaccine passports, which could create a financial burden for businesses already struggling with depleted financial reserves as they try to reopen.
In certain contexts, like health and social care, there may be existing systems in place which have tracked and verified vaccinations, but many firms in other sectors are likely to be starting from the ground up and having to procure new systems, train staff, and employ ‘security’ staff to administer their use.
There are other possible costs businesses will need to consider. For example, it is unclear what liabilities a venue would face if customers became infected with COVID-19 despite using vaccine passports, if the scheme allowed the venue to (say) reduce the space between theatre seats or between restaurant tables.
There may be related risks for businesses in terms of reputational damage, should such a situation occur. For example, if there is an outbreak traced back to e.g. a cinema using the scheme to remove maskwearing and spacing requirements, those cinemas might be, fairly or
unfairly, seen as more risky venues.
Costs to users
While almost all countries have chosen to make vaccinations freely available to all as they become eligible, schemes that rely on testing could impose additional costs on users of the system. The more widespread a scheme is, the more burdensome any repeat costs could
become on those who must rely on testing that is not freely available.
In the UK, testing is widely and freely available for most people, and the Government has a service that allows citizens to request free lateral flow tests. But, even in the UK context, testing companies are charging customers for PCR tests required for international travel.51
Interaction with the wider public health system
Effect on vaccine uptake
One possible public health reason for introducing a COVID vaccine passport system would be to encourage uptake of COVID-19 vaccines, in order to reach herd immunity faster. This calculation will be specific to different countries, as rates of vaccine hesitancy vary greatly and the strength of incentivisation may also vary substantially. In England it is not clear there would be much additional benefit by further incentivising vaccination through a vaccine passport system, as more than 95% of people aged 60 and over have already been vaccinated with a first dose,52 and nearly 90% of unvaccinated adults say they would be taking a vaccine if available.53
Some preliminary studies show a mixed picture as to whether vaccine passports would incentivise people to get vaccinated;54 further evidence and investigation will be necessary for any given local context.55 There may be a downside risk that certification could reduce trust and increase vaccine hesitancy if the scheme is seen as introducing mandatory vaccination by the back door.56 This may be particularly acute in some minority ethnic communities that have been oversurveilled historically, leading to a further deterioration in trust.57 This is an area where further research is needed.
Placing an additional burden on the public health system
As well as raising opportunity costs in relation to the wider vaccination effort, these systems could place a direct administrative burden on vaccine programmes, and on healthcare staff administering vaccinations and handling medical records, who are already overstretched from
additional workloads imposed by the pandemic.58 While some digital systems may be able to reuse existing vaccination records with minimal additional work on the part of frontline health staff, non-digital solutions and obtaining proof of exemption (and authorising some digital schemes) could place additional strain on general practitioners and family doctors,
worsening other health outcomes, unless there are easy and clearly signposted alternative routes or additional resources are made available to general practitioners.
This may be particularly acute in countries still developing digital infrastructure. In their evidence, Access Now give the hypothetical example of a vaccination drive in a village in India. The administrator of the vaccine is required not only to vaccinate the people there, but to authenticate their identity, create their unique identity on the government’s platform and log their vaccination status. But the internet goes down – the vaccinations are halted until it is restored – a lack of technological infrastructure means people are left unvaccinated that
day despite people and vaccines being present. Similar cases, in the distribution of rations and other social benefits, have been recorded in India.10
Setting interoperable global standards
Standards are important for complex technological systems to function properly. In a globalised world, standards act as an important process for establishing shared rules, practices, languages, design principles and procedures. They allow a diversity of actors taking a multiplicity of approaches in a local context to nevertheless maintain coherence for individuals interacting with a technology, work together to avoid duplication of effort, and avoid as much as possible a lack of interoperability between different systems in different places.1 COVID vaccine passport schemes will require interoperable standards, particularly in the context of international travel and border control, and especially if governments allow private actors to develop a diversity of certification applications.
Who is responsible for setting standards
Designing and setting standards is not a neutral process.21 Given the impact they have, standards will often be contested by different countries and interest groups, as they can codify and project particular world views. Standard-setting is not a one-off process, as standards require maintenance and iteration to remain useful and consistent. The process of setting new standards can sometimes be remote from those on the receiving end of novel technologies. The development of COVID vaccine passport systems will need inclusive processes for the creation and maintenance of standards.21
What they should include
As discussed in the Science and public health chapter, there are a number of possible pieces of COVID-19 risk-relevant health information that could be included in a COVID vaccine passport scheme. Decisions will need to be made about:21
- the risk factors within the system that will be represented in models
- how to measure or approximate the values of these variables/factors
- where to define the boundaries of the system, and how to assign confidence to data and components inside and outside these boundaries.
Those responsible for standard setting in COVID vaccine passport systems will need to decide which tests, vaccinations and dosing regimens will be accepted within a specific, and often geographically contained, certification system.
In particular, many high-income countries have primarily relied on vaccines developed in the United States and Western Europe, and have not approved vaccines developed in Russia and China.64 Travellers from low- and medium-income countries, who have primarily relied on Russian and Chinese vaccines, could be denied access to countries recognising only European or North American vaccines or be required to undertake self-isolation or even (costly) hotel quarantining to access those countries. It could also lead to domestic discrimination against migrants from low- and medium-income countries, if access to venues and services is conditional on vaccines used in those high-income countries and migrants are vaccinated with ‘invalid’ vaccines.
Security and fraud
Any digital vaccine passport scheme that successfully restricts and permits access to certain rights and freedoms will inevitably prompt attempts to defraud it. The greater the differentials in access, the stronger the incentive will be. Steps will need to be taken to ensure any vaccine passport scheme is not vulnerable to fraud or accusations of fraud. The Global Privacy Assembly, a global forum for privacy and data protection authorities, emphasises that the cyber security risk of any digital COVID vaccine passport system or app must be fully assessed, taking full account of the risks that can emerge from different actors in a global threat context.65
Within the first week of Israel’s Green Pass scheme, it was reported that a black market for forged passes had emerged on the messaging app Telegram66 and subsequently that the police were looking for hundreds of individuals who had bought counterfeit certificates.[footnote]Senyor, E. (2021) ‘NIS 1,500 for Green Pass: Police arrest seller of illegal vaccine certificates’, ynetnews. 21 March 2021. Available at: https://www.ynetnews.com/article/Bk00wJ11B400 (Accessed: 6 April 2021). [/footnote] In February 2021, Europol issued an Early Warning Notification on illicit sales of false negative COVID-19 test certificates, citing multiple incidents across the continent and saying that, as long as travel restrictions remained in place, ‘it is highly likely that production and sales of fake test certificates will prevail. Given the widespread technological means available, in the form of high-quality printers and different software, fraudsters are able to produce high-quality counterfeit, forged or fake documents.’68
Counterfeit vaccine passports could undermine the public health rationale for certification by allowing those at a potentially high risk of transmission to engage illegitimately in riskier activities, creating a situation similar to if there were no certification at all. It could even be
worse: those unaware of counterfeit vaccine passports might make inaccurately low risk assessments of situations and not use other, more informal mitigations (such as social distancing). Widespread counterfeits could also undermine public confidence in vaccine passports if individuals no longer trust any other individual’s certification to be valid and become more suspicious of others’ claims to be vaccinated, recovered, or otherwise at a relatively lower risk to themselves and others.
Recommendations and key concerns
Anyone developing a COVID vaccine passport scheme should:
- consider a series of design principles at all stages of developing a system – that will help to minimise harms and the risk of unintended consequences, and maximise the chances of a system working and commanding public confidence – and conduct small-scale pilots before further deployment
- protect against digital discrimination by creating a non-digital (paper)
- be clear about how vaccine passports link or expand existing state data
systems (in particular health records and identity).
If a government does want to move ahead with a COVID vaccine passport scheme, it should:
Clarify its own role. Whether it is in building its own system, permitting others to do so, or attempting to prohibit such systems altogether, government will have a part to play. This may involve formulating design principles, such as those set out below, and ensuring they are met. It should also involve international discussions about operability across borders.
Be clear about the relationship between a COVID vaccine passport scheme and wider plans for digital identity. If governments want to make a case for wider digital identity schemes, then they should have those discussions with the public on their own terms. Conflating digital identity systems with emergency plans for COVID vaccine passport systems could damage public confidence in both technical applications. Governments should also be careful that consideration of any COVID vaccine passport schemes does not force them into longer-lasting decisions about digital identity systems.
Design systems that are as accessible as possible. This will include ensuring testing is free at the point of use, including ideally free testing or at the very minimum at-cost testing in private applications (although governments would do well to subsidise private testing if allowed to go ahead, as many do with workplace testing already).
In short, governments should provide clarity on:
- The role they will play in any system – whether taking ownership of a system themselves, or regulating others. Only governments can take a holistic view of
the opportunities and potential harms of a system to the society they govern
- How long a system should endure.
- What the opportunity costs are of focusing on vaccine passports at the expense of other interventions.
- The impact of vaccine passport schemes on other elements of the public
health system, including vaccine uptake and vaccine distribution.
- The practical expectations on others involved in making a system work, such
- Standard-setting: governments need to be clear about which, tests, vaccinations and dosing regimes will be accepted for domestic usage and
provide unambiguous criteria for inclusion and exclusion based on reliable consideration of the available scientific evidence and background context of
infection rates and variants present in their jurisdiction. The simplest solution
is to make the list of accepted vaccinations coterminous with those approved
for use by the jurisdiction’s relevant medicines regulators, e.g. the MHRA in
the UK, the EMA in the European Union or the FDA in the USA.
- The risk of vaccine nationalism in the contexts of border control and domestic access for migrants, especially in the medium to long-term. At a minimum, countries should aim to minimise these potential oversights by operating a mutual recognition scheme that allows vaccines approved by any ‘trusted’ medicines regulator and/or on the WHO’s Emergency Use Listing to be included within a vaccine passport scheme or at least not be excluded on the basis of lack of domestic approval. Not only would mutual recognition and permissive approval enhance individual fairness, it reduces the risk of entrenching existing international inequalities and the risk of geopolitical divides being worsened in the long-term by inconsistent requirements and the systemisation of ‘vaccine worlds’.
Finally, they should incorporate policy measures to mitigate ethical and societal risks or harms identified above.
Requirement five: Public legitimacy
Read about the fifth of six requirements that governments and developers will need to deliver to ensure any vaccine passport system deliver societal benefit
- UK Ethics Accelerator, Response to Ada Lovelace Institute call for evidence.
- UK Ethics Accelerator, Response to Ada Lovelace Institute call for evidence
- Ada Lovelace Institute (2021) International monitor: vaccine passports and COVID status apps. Available at: https://www.adalovelaceinstitute.org/project/international-monitor-vaccine-passports-covid-status-apps/ (Accessed: 5 April 2021).
- Pew Research Center (2020) 8 charts on internet use around the world as countries grapple with COVID-19. Available at: https://www.pewresearch.org/fact-tank/2020/04/02/8-charts-on-internet-use-around-the-world-as-countries-grapple-with-covid-19/(Accessed: 13 April 2021).
- Ada Lovelace Institute (2021) The data divide. Available at: https://www.adalovelaceinstitute.org/survey/data-divide/ (Accessed: 6 April 2021).
- Pew Research Center (2020).
- Electoral Commission (2015) Delivering and costing a proof of identity scheme for polling station voters in Great Britain. Available at: https://www.electoralcommission.org.uk/media/1825 (Accessed: 13 April 2021); Davies, C. (2021). ‘Number of young people with driving licence in Great Britain at lowest on record’, The Guardian. 5 April 2021. Available at: https://www.theguardian.com/money/2021/apr/05/number-of-young-people-with-driving-licence-in-great-britain-at-lowest-on-record (Accessed: 6 May 2021).
- UK Ethics Accelerator, Response to Ada Lovelace Institute call for evidence.
- NHS Digital. (2021) NHS e-Referral Service integrated into the NHS App to make managing referrals easier. Available at: https://digital.nhs.uk/news-and-events/latest-news/nhs-e-referral-service-integrated-into-the-nhs-app-to-make-managing-referrals-easier (Accessed: 28 April 2021).
- Access Now, Response to Ada Lovelace Institute call for evidence.
- For example, see: Mvine at Ada Lovelace Institute (2021) The history and uses of vaccine passports and COVID status apps. Available at: https://www.youtube.com/watch?v=BL0vZeoWVKQ&t=213s (Accessed: 7 April 2021); evidence submitted to the Ada Lovelace Institute from Certus, IOTA, ZAKA, Tony Blair Institute for Global Change, SICPA, Yoti, Good Health Pass.
- Danish Government (2021) Rammeaftale om plan for genåbning af Danmark. Available at: https://www.stm.dk/media/10258/rammeaftale-om-plan-for-genaabning-af-danmark.pdf (Accessed: 13 April 2021)
- Danish Government (2021) Rammeaftale om plan for genåbning af Danmark. Available at: https://www.stm.dk/media/10258/rammeaftale-om-plan-for-genaabning-af-danmark.pdf (Accessed: 13 April 2021)
- Ada Lovelace Institute (2021) The Citizens’ Biometrics Council. Available at: https://www.adalovelaceinstitute.org/project/citizens-biometrics-council/ (Accessed: 13 April 2021)
- Whitley, E. (2021) ‘What must we consider if proof of Covid status is to help reopen the economy?’ LSE Department of Management blog. Available at: https://blogs.lse.ac.uk/management/2021/02/24/what-must-we-consider-if-proof-of-covid-status-is-to-help-reopen-the-economy/ (Accessed: 6 May 2021).
- Information Commissioner’s Office (2021) About the DPA 2018. Available at: https://ico.org.uk/for-organisations/guide-to-data-protection/introduction-to-data-protection/about-the-dpa-2018/ (Accessed: 6 April 2021).
- Beduschi, A. (2020).
- Horizon Digital Economy Research Institute, Response to Ada Lovelace Institute call for evidence.
- European Data Protection Board and European Data Protection Supervisor (2021), Joint Opinion 04/2021 on the Proposal for a Regulation of the European Parliament and of the Council on a framework for the issuance, verification and acceptance of interoperable certificates on vaccination, testing and recovery to facilitate free movement during the COVID-19 pandemic (Digital Green Certificate). Available at: https://edps.europa.eu/system/files/2021-04/21-03-31_edpb_edps_joint_opinion_digital_green_certificate_en_0.pdf (Accessed: 29 April 2021)
- Beduschi, A. (2020).
- Information Commissioner’s Office (2021) International transfers after the UK exit from the EU Implementation Period. ICO. Available at: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/international-transfers-after-uk-exit/ (Accessed: 5 May 2021).
- Global Privacy Assembly Executive Committee (2021).
- Beduschi, A. (2020).
- Global Privacy Assembly (2021) GPA Executive Committee joint statement on the use of health data for domestic or international travel purposes. Available at: https://globalprivacyassembly.org/gpa-executive-committee-joint-statement-on-the-use-of-health-data-for-domestic-or-international-travel-purposes/ (Accessed: 13 April 2021).
- Information Commissioner’s Office (2021) Principle (c): Data minimisation. ICO. Available at: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/principles/data-minimisation/ (Accessed: 6 April 2021).
- Denham. E., (2021) ‘Blog: Data Protection law can help create public trust and confidence around COVID-status certification schemes’. ICO. Available at: https://ico.org.uk/about-the-ico/news-and-events/blog-data-protection-law-can-help-create-public-trust-and-confidence-around-COVID-status-certification-schemes/ (Accessed: 6 April 2021).
- Illmer, A. (2021) ‘Singapore reveals COVID privacy data available to police’, BBC News, 5 January 2021. Available at: https://www.bbc.com/news/world-asia-55541001 (Accessed: 6 April 2021). Gross, A. and Parker, G. (2020) Experts decry move to share COVID test and trace data with police, Financial Times. Available at: https://www.ft.com/content/d508d917-065c-448e-8232-416510592dd1 (Accessed: 6 April 2021).
- Halpin, H. (2020) ‘Vision: A Critique of Immunity Passports and W3C Decentralized Identifiers’, in van der Merwe, T., Mitchell, C., and Mehrnezhad, M. (eds) Security Standardisation Research. Cham: Springer International Publishing (Lecture Notes in Computer Science), pp. 148–168. doi: 10.1007/978-3-030-64357-7_7.
- FHIR (2019) 2019 HL7 FHIR Release 4. Available at: http://www.hl7.org/fhir/ (Accessed: 21 April 2021).
- Doteveryone (2019) Consequence scanning, an agile practice for responsible innovators. Available at: https://doteveryone.org.uk/project/consequence-scanning/ (Accessed: 21 April 2021)
- NHS Digital (2020) DCB3051 Identity Verification and Authentication Standard for Digital Health and Care Services. Available at: https://digital.nhs.uk/data-and-information/information-standards/information-standards-and-data-collections-including-extractions/publications-and-notifications/standards-and-collections/dcb3051-identity-verification-and-authentication-standard-for-digital-health-and-care-services (Accessed: 7 April 2021).
- Royal College of General Practitioners (2021) RCGP submission for the COVID-status Certification Review call for evidence. Available at: https://www.rcgp.org.uk/policy/rcgp-consultations/covid-status-certification-review.aspx (Accessed: 6 April 2021).
- Say, M. (2021) ‘Government gives Verify a stay of execution.’ UKAuthority. Available at: https://www.ukauthority.com/articles/government-gives-verify-a-stay-of-execution/ (Accessed: 5 May 2021).
- Cabinet Office and Lopez. J., (2021) ‘Julia Lopez speech to The Investing and Savings Alliance’. GOV.UK. Available at: https://www.gov.uk/government/speeches/julia-lopez-speech-to-the-investing-and-savings-alliance (Accessed: 6 April 2021).
- For more on digital identity during the pandemic see: Freeguard, G. and Shepheard, M. (2020) ‘Digital government during the coronavirus crisis’. Institute for Government. Available at: https://www.instituteforgovernment.org.uk/sites/default/files/publications/digital-government-coronavirus.pdf.
- Department for Digital, Culture, Media and Sport (2021) The UK digital identity and attributes trust framework, GOV.UK. Available at: https://www.gov.uk/government/publications/the-uk-digital-identity-and-attributes-trust-framework/the-uk-digital-identity-and-attributes-trust-framework (Accessed: 6 April 2021).
- Access Now, Response to Ada Lovelace Institute call for evidence.
- iProov (2021) Covid-19 Passport from iProov and Mvine Moves Into Trial Phase. Available at: https://www.iproov.com/press/uk-covid19-passport-moves-into-trial-phase (Accessed: 7 April 2021).
- Ada Lovelace Institute (2021) The socio-technical challenges of designing and building a vaccine passport system. Available at: https://www.youtube.com/watch?v=Md9CLWgdgO8&t=2s (Accessed: 7 April 2021).
- On general trust, polls include Ipsos MORI Veracity Index. On data trust, see RSS and ODI polling.
- Sommer, A. K. (2021) ‘Some foreigners in Israel are finally able to obtain COVID vaccine pass’. Haaretz.com. Available at: https://www.haaretz.com/israel-news/.premium-some-foreigners-in-israel-are-finally-able-to-obtain-COVID-19-green-passport-1.9683026 (Accessed: 8 April 2021).
- Cabinet Office (2020) ‘Ventilator Challenge hailed a success as UK production finishes’. GOV.UK. Available at: https://www.gov.uk/government/news/ventilator-challenge-hailed-a-success-as-uk-production-finishes (Accessed: 6 April 2021).
- For example, evidence received from techUK and World Health Pass.
- Our World in Data (2021) Coronavirus (COVID-19) Vaccinations. Available at: https://ourworldindata.org/covid-vaccinations (Accessed: 13 April 2021)
- FT Visual and Data Journalism team (2021) Covid-19 vaccine tracker: the global race to vaccinate. Financial Times. Available at: https://ig.ft.com/coronavirus-vaccine-tracker/ (Accessed: 13 April 2021)
- Full Fact. (2020) How does the new coronavirus compare to influenza? Available at: https://fullfact.org/health/coronavirus-compare-influenza/ (Accessed: 6 April 2021).
- BBC News (2021) ‘Coronavirus: Third wave will “wash up on our shores”, warns Johnson’. BBC News. 22 March 2021. Available at: https://www.bbc.com/news/uk-politics-56486067 (Accessed: 6 April 2021).
- Prime Minister’s Office. (2021) Rammeaftale om plan for genåbning af Danmark. Available at: https://www.stm.dk/media/10258/rammeaftale-om-plan-for-genaabning-af-danmark.pdf (Accessed: 6 April 2021).
- Tony Blair Institute for Global Change (2021) The New Necessary: How We Future-Proof for the Next Pandemic. Available at https://institute.global/policy/new-necessary-how-we-future-proof-next-pandemic (Accessed: 13 April 2021)
- Paton. G., (2021) ‘Cost of home Covid tests for travellers halved as companies accused of “profiteering”.’ The Times. 14 April 2021. Available at: https://www.thetimes.co.uk/article/cost-of-home-covid-tests-for-travellers-halved-as-companies-accused-of-profiteering-lh76wb585 (Accessed: 13 April 2021)
- Department of Health & Social Care (2021) ‘30 million people in UK receive first dose of coronavirus (COVID-19) vaccine’. GOV.UK. Available at: https://www.gov.uk/government/news/30-million-people-in-uk-receive-first-dose-of-coronavirus-COVID-19-vaccine (Accessed: 6 April 2021).
- Ipsos (2021) Global attitudes: COVID-19 vaccines. 9 February 2021. Available at: https://www.ipsos.com/en/global-attitudes-COVID-19-vaccine-january-2021 (Accessed: 6 April 2021).
- Reicher, S. and Drury, J. (2021) ‘How to lose friends and alienate people? On the problems of vaccine passports’, The BMJ, 1 April 2021. Available at: https://blogs.bmj.com/bmj/2021/04/01/how-to-lose-friends-and-alienate-people-on-the-problems-of-vaccine-passports/ (Accessed: 6 April 2021).
- Smith, M. (2021) ‘International study: How many people will take the COVID vaccine?’, YouGov, 15 January 2021. Available at: https://yougov.co.uk/topics/health/articles-reports/2021/01/15/international-study-how-many-people-will-take-covi (Accessed: 6 April 2021).
- Reicher, S. and Drury, J. (2021).
- Razai, M. S. et al. (2021) ‘COVID-19 vaccine hesitancy among ethnic minority groups’, The BMJ, 372, p. n513. doi: 10.1136/bmj.n513.
- Royal College of General Practitioners (2021) ‘RCGP submission for the COVID-status Certification Review call for evidence’., Royal College of General Practitioners. Available at: https://www.rcgp.org.uk/policy/rcgp-consultations/COVID-status-certification-review.aspx (Accessed: 6 April 2021).
- Access Now, Response to Ada Lovelace Institute call for evidence.
- UK Ethics Accelerator, Response to Ada Lovelace Institute call for evidence.
- Zimmer, C., Corum, J. and Wee, S.-L. (no date) ‘Coronavirus Vaccine Tracker’, The New York Times. Available at: https://www.nytimes.com/interactive/2020/science/coronavirus-vaccine-tracker.html (Accessed: 21 April 2021).
- Global Privacy Assembly Executive Committee (2021) Global Privacy Assembly Executive Committee joint statement on the importance of privacy by design in the sharing of health data for domestic or international travel requirements during the COVID-19 pandemic. 31 March 2021. Available at: https://globalprivacyassembly.org/gpa-executive-committee-joint-statement-on-the-use-of-health-data-for-domestic-or-international-travel-purposes/ (Accessed: 6 April 2021).
- Times of Israel Staff (2021) ‘Thousands reportedly attempt to obtain easily forged vaccinated certificate’. Times of Isreal. 18 February 2021. Available at: https://www.timesofisrael.com/thousands-reportedly-attempt-to-obtain-easily-forged-vaccinated-certificate/(Accessed: 6 April 2021).
- Senyor, E. (2021) ‘NIS 1,500 for Green Pass: Police arrest seller of illegal vaccine certificates’, ynetnews. 21 March 2021. Available at: https://www.ynetnews.com/article/Bk00wJ11B400 (Accessed: 6 April 2021).
- Europol (2021) ‘Early Warning Notification – The illicit sales of false negative COVID-19 test certificates’, Europol. 1 February 2021. Available at: https://www.europol.europa.eu/early-warning-notification-illicit-sales-of-false-negative-COVID-19-test-certificates (Accessed: 6 April 2021).
Public confidence will be crucial to the success of a COVID vaccine passport system, and will be highly locally contextual
Governments must also need to consider the longer-term effects of vaccine passport systems and how it might shape future decisions
Executive summary of a report outlining the requirements for a socially beneficial vaccine passport system
Prior to deploying a vaccine passport system, it is essential to have scientific confidence in its impact on public health