IATA endorses the EUDCC. But will it matter?

In a Bredemarket blog post in February 2021, I quoted something that I wrote in 2013 in one of my personal blogs, Empoprise-BI.

I’m sure that many people imagine that standards are developed by a group of reasonable people, sitting in a room, who are pursuing things for the good of the world.

You can stop laughing now.

As I noted back in 2013, and again in February, there are many instances in which standards do not evolve from a well-designed process. In reality, standards emerge via that process that I referred to in February as “brute force.”

By イーストプレス – 「ゴング格闘技」=1951年のブラジル地元新聞からの転載, Public Domain, https://commons.wikimedia.org/w/index.php?curid=13320163

For those who are not familiar with the “brute force” process, I’ll provide two illustrations.

  • If a lot of people like something, it’s a standard.
  • If a trillion dollar company likes something, and I like something different, then the thing that the trillion dollar company likes is a standard.

If two trillion dollar companies like two different things…it can get messy.

Back in February, I was just beginning to talk about something that I called “health passports” at the time. Later, I personally decided that “health passports” is a poor choice of words, and have instead gravitated to using the phrase “vaccine certificate.”

Regardless, my concern back in February was that there were all sorts of these things floating around. Even back then, Clear had its own solution, IATA had one, IBM had one, iProov had one, Daon had one, and there were many, many more.

So what happens if I have a Clear vaccine certificate but the airline or building that I’m approaching supports the iProov certificate? Can the iProov certificate read the Clear certificate? Or do I have to get multiple certificates?

This post looks at a new development in the vaccine certificate brouhaha. I’m not talking about what vaccines are honored by the vaccine certificate, but about acceptability of the vaccine certificates themselves. In particular, I’m talking about acceptance of one certificate, the EU Digital COVID Certificate (EUDCC).

Because one big player is getting behind it.

How do international air transport folks feel about the EUDCC?

While the EUDCC can conceivably be used for a number of use cases, such as entering a private business like a restaurant, one of the most popular use cases for the EUDCC is to board an airplane that is crossing an international border.

So if there was an organization that was dedicated to the business of flying airplanes across international borders, and if that organization thought that the EUDCC was pretty cool, then that endorsement would have as much pull as Google (and Facebook) endorsing a web image format.

Enter the (drumroll) International Air Transport Association, which issued a press release on 26 August.

The title?

“IATA Backs European Digital Covid Certificate as Global Standard.”

Now those who read my February post will recall that IATA was one of those groups that was already developing its own vaccination certificate. So how does the EUDCC compare with the the IATA Travel Pass?

The DCC…is fully supported by IATA Travel Pass.

But in addition to mere self-interest, there is another reason why IATA is endorsing the EUDCC: it’s supported by a lot of countries inside the EU, and other countries are looking at the EUDCC as a model.

The EU DCC is implemented in the 27 EU Member states and a number of reciprocal agreements have been agreed with other states’ own vaccination certificates, including Switzerland, Turkey, and Ukraine. In the absence of a single global standard for digital vaccination certificates, up to 60 other countries are looking to use the DCC specification for their own certification. 

Oh no, I’m just looking

However, it’s one thing to be “looking” at something, and another thing entirely to actually “do” something.

Before assuming that the EUDCC will become the de facto DCC, consider how two countries in particular will approach it.

This image or media was taken or created by Matt H. Wade. To see his entire portfolio, click here. @thatmattwade This image is protected by copyright! If you would like to use it, please read this first. – Own work, CC BY-SA 3.0, https://commons.wikimedia.org/w/index.php?curid=5004719

One of those countries is my own, the United States of America. While one can argue whether or not the U.S. enjoys the same level of power that it enjoyed immediately after the end of the Cold War, it is still a major player in world economic and travel affairs. And regardless of who the President of the United States is at any given time, the U.S. has often decided to go its own way. Couple this with the power of individual U.S. states in my country’s federal system, and it’s quite possible that even if the U.S. goes along with IATA, and some form of the EUDCC is adopted by our Transportation Security Administration, that does not necessarily mean that the same certificate can be used as it is in Europe to grant access to museums, sporting events, and concerts.

The other country that may have an issue with the EUDCC is China. If the United States is potentially a waning world power, China is potentially a gaining world power. The relationship between China and the rest of the world varies from time to time and from issue to issue. China may decide that it’s not in its best interest to adhere to an international standard for certifications of COVID vaccination, testing, or contraction. And if it’s not in China’s best interest, China won’t do it.

So before declaring that IATA endorsement of the EUDCC settles the issue…we’ll see.

Update on Covishield and the EUDCC, as long as you can prove you were born

It’s been a while since I looked at issues regarding the European Union Digital COVID Certificate (EUDCC).

And there are a ton of ramifications and unintended consequences.

Covishield and the EUDCC

When I last looked at the EUDCC, I examined its effect on travel from people outside of the European Union. The question at the time was what would happen to people who were vaccinated with something other than the European Medicines Agency-approved vaccines, thus rendering them ineligible for the EUDCC.

In particular, people who were vaccinated with the Covishield vaccine were not eligible for the EUDCC. Depending upon whom you asked, Covishield is either just the same as the EMA-approved AstraZeneca vaccine (now referred to as “Vaxzervria” in EU-speak), or it has a radically different manufacturing process that disqualifies it from automatic acceptance.

This non-recognition of Covishield has a great impact on African nations, because that vaccine is popular there. However, EUDCC disapproval has been offset by the actions of several individual countries to recognize Covishield as a vaccine. For example, Greece recognizes ten vaccines (including Covishield) as opposed to the EU’s four. Of course, you have to go through additional paperwork to get authorization to enter a specific country.

But Joseph Atick notes that there’s another issue that adversely impacts the ability of Africans to enter Europe.

Linking a vaccination to a person

Assume for the moment that you have received an EU-authorized vaccine. This is only part of the battle, because the act of vaccination has to be tied to you as a person.

Dr. Joseph Atick of ID4Africa. From https://id4africa.com/the-general-secretariat/

And Atick notes one complicating factor in making that link:

One of the biggest barriers to setting up these systems—and one that could greatly complicate digital health certificates – involves traceability, which for an official digital ID means documenting one’s birth event.

In Africa, not everyone has a birth certificate, and many struggle to trace their identity to the birth event.

If you cannot prove to the satisfaction of the European Union (or whoever) that you were the actual person who received a vaccine, then you may face barriers to entering Europe (or wherever).

And what are the ramifications of this?

A digital health certificate has appeal as an efficient and effective way to manage COVID-19 risks. But if we don’t pause now to consider the implications of getting it wrong and look for ways to get it right, these marvellous digital innovations could also be supremely effective at creating a binary world of those who can prove their COVID-19 risk status and those who cannot.

The requirement for a digital identity

Oh, and there’s another issue that Atick didn’t address, but which bears noting.

All of the solutions listed above assume as a given that people will be the owners of a unique, government-authorized digital identity.

As I’ve noted elsewhere, there are people who are fervently opposed to this.

In my country, both some people on the left and some people on the right believe that “governmental digital identity” naturally equates to “governmental digital surveillance,” and that governments shouldn’t be abusing the data that they can obtain from all the vaccinations you get, all the places you travel, all the things you buy, and all the other things that you do.

(Well, except for voting. Some on the right fervently believe that government identities are essential to voting, even if they’re not essential to any other activity.)

But are people truly banned from travel?

So where does this leave the people who cannot prove that they were vaccinated with an authorized vaccine, or perhaps were never vaccinated at all?

In many cases travel for the unvaccinated is not banned, but they have to go through additional hoops to travel. Using one example, unvaccinated U.S. citizens can travel to Austria if they “have recovered from COVID-19 in the past 180 days; or present a negative COVID-19 PCR or antigen test result procured within 72 or 48 hours of travel.” For more country-by-country specifics as of August 13, click here.

But how will the unvaccinated get to Europe, or anywhere else?

But on the other hand, a vaccination in and of itself is not a guarantee that you can travel. Norway has a long list of requirements that an incoming person must satisfy, vaccination or not. This isn’t the time for an American to go on a sightseeing tour to Oslo.

Or Pyongyang.

So a binary division into the “travels” and “travel nots” may not become a reality. Instead, it will be a gradation of travel allowances and non-allowances, based upon a variety of factors.

The EUDCC and Covishield

Well, that was unexpected, at least by me.

I figured that discussion of the European Union Digital COVID Certificate (EUDCC) would focus on use of the certificate by residents of the EU.

However, the big debate right now is about how citizens of countries outside of the EU are affected. While the EUDCC is primarily designed for EU citizens, the EU has an interest in getting people from outside of the EU to travel to Europe and spend lots of euros and make everyone happy.

By Avij (talk · contribs) – Own work, Public Domain, https://commons.wikimedia.org/w/index.php?curid=30112364

However, some of the regulations that govern the EUDCC and the EU’s COVID response are actually hampering travel from outsiders.

And when words like “equitable” are being bandied about, people are going to take notice.

Let’s start by examining the list of vaccines that are approved in the European Union.

Four vaccines are currently approved for use in the EU: Pfizer/BioNTech, Moderna, AstraZeneca and Johnson & Johnson. Another four are under “rolling review” for possible approval: Russia’s Sputnik, China’s Sinovac, Germany’s CureVac and Novavax of the United States.

So if you received one of the first four vaccines, this can be listed on your EUDCC and you can go about your merry way.

But African governmental entities believe that a fifth vaccine, one that happens to be available in Africa, should be added to the list.

[W]hile the goal is for EU Member States to issue vaccination certificates regardless of the COVID-19 vaccine type used, the granting of a “green pass” applies, only to vaccines that have received EU-wide marketing authorisation. Thus, while the AstraZeneca vaccine (ChAdOx1_nCoV-19) produced and authorized in Europe (Vaxzervria) is included, the same formation of the vaccine (Covishield) produced under license by the Serum Institute of India (SII), is excluded.

The TL;DR version: since Covishield is equivalent to Vaxzervria/AstraZeneca, people who received Covishield should get EU travel privileges.

Why does the same vaccine formulation have two different names? Because a special effort was mounted to provide vaccines to the Third World without endangering First World profits.

Covishield is the Indian counterpart of AstraZeneca-Oxford developed Vaxzervria and is identical to the one made in Europe. It has been widely distributed in many low and middle-income countries through the EU-supported COVAX programme. However the vaccine has not been included on the EUDCC because it is not approved by the European Medicines Agency (EMA). 

The European Medicines Agency counters that Covishield is NOT the same as the European version of AstraZeneca, despite an identical formulation:

“Even though it may use an analogous production technology to Vaxzevria (AstraZeneca’s vaccine), Covishield as such is not currently approved under EU rules,” the European Medicines Agency (EMA) said in a statement to AFP. “This is because vaccines are biological products. Even tiny differences in the manufacturing conditions can result in differences in the final product, and EU law therefore requires the manufacturing sites and production process to be assessed and approved as part of the authorisation process.”

So that’s where things stand as of now. And they may remain this way unless there’s pressure on the EMA to revise its decision.

Now I’m wondering how many Nigerians…and how many Indians…and how many Chinese and Russians (remember that Sputnik and Sinovac aren’t approved either)…are choosing to forgo a European holiday this summer.

How 6 CFR 37 (REAL IDs) exhibits…federalism

The United States, like some other countries, reserves some responsibilities to lower subdivisions of the country, in this case the states. This concept is enshrined in the 10th Amendment to the Constitution:

The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.

The 10th Amendment basically means that unless the Constitution explicitly speaks on a matter, the states can do whatever they want. However, the Federal government still has ways of making the states obey its will.

States are NOT mandated to issue REAL IDs

If you look at the Code of Federal Regulations, Title 6, Volume 1, Chapter I, Part 37 (one online source here), you will see the official laws that govern the issuance of REAL ID Driver’s Licenses and Identification Cards. Part 37 is divided into several subparts:

  • General.
  • Minimum Documentation, Verification, and Card Issuance Requirements.
  • Other Requirements.
  • Security at DMVs and Driver’s License and Identification Card Production Facilities.
  • Procedures for Determining State Compliance.
  • Driver’s Licenses and Identification Cards Issued Under section 202(d)(11) of the REAL ID Act.

A pretty comprehensive list here. But that very first section, “General,” begins with the following:

Subparts A through E of this part apply to States and U.S. territories that choose to issue driver’s licenses and identification cards that can be accepted by Federal agencies for official purposes.

Note the word “choose,” and the phrase “accepted by Federal agencies for official purposes.” In essence, it is incorrect to say that states are MANDATED by law to issue REAL IDs. States have the power to choose NOT to issue REAL IDs, and the Federal government has no Constitutional power to force them to do so.

So many states DIDN’T issue REAL IDs

And for many years, many states of various political persuasions adopted that view. Whether “red” or “blue,” many states held to the belief that REAL ID was an unconscionable imposition on state sovereignty, and that Bush or Obama or Trump didn’t have the power to tell states what to do with their state driver’s licenses.

I ran into this personally in my proposal work. There was a brief period of time in which MorphoTrak was bidding on driver’s license opportunities (thus competing with our sister company MorphoTrust), and I remember reviewing a Request for Proposal (RFP) issued by one of the states. I won’t reveal the state, but the opening section of its RFP made very clear that the state was NOT asking vendors to implement Federal REAL ID regulations, or asking vendors to help the state issue REAL IDs.

So some states declined to participate in REAL ID efforts for years…and years.

And the Federal government couldn’t dictate that states issue REAL IDs.

So the Federal government said that states don’t HAVE to issue REAL IDs, but…

But the Federal government COULD dictate which IDs could be “accepted by Federal agencies for official purposes.”

  • Accepted IDs included passports, Federal government-issued identification cards, various other national IDs…and REAL IDs issued by the states. Other IDs issued by the states were not acceptable.
  • Official purposes included visiting a military base (Federal control, not state control), visiting your Congressperson’s office (Federal control, not state control)…and the big one, entering the secure areas of an airport (again, Federal control, not state control).
Transportation Security Administration Checkpoint at John Glenn Columbus International Airport. By Michael Ball – Own work, CC0, https://commons.wikimedia.org/w/index.php?curid=77279000

So it’s pretty simple. If you want to get on a plane, even for a domestic flight, you have to pay $100 or so to get a passport. Well, unless your state happens to be one of the states that issues REAL IDs.

(Now large states with multiple major cities such as California and Texas could conceivably try to get around this by setting up a whole system of intrastate airports that only flew within the state, but that would be costly.)

Even with this, the REAL ID implementation date has been delayed several times (most recently due to COVID), but as of today, all 50 states and most U.S. territories are finally issuing REAL IDs, including the unnamed state (and others) that refused to even consider issuing REAL IDs a decade ago.

And that, my friends, is how the Federal government gets what it wants.

COVID is no longer profitable (for a few, anyway)

In the spring of 2000, the COVID-19 crisis brought vast changes to economies throughout the world. Some businesses completely ground to a halt, such as sporting events, while a number of new businesses sprang up.

Now that COVID is (hopefully) receding, some of those newer businesses are fading away.

Take Maskalike – please!

https://maskalike.com/ as of June 29, 2021.

Before COVID hit, you generally only saw people wearing masks in operating rooms, unless you visited Disneyland and saw Asian visitors walking around with masks. All of a sudden EVERYONE was wearing masks, and you had people getting creative in their design. Maskalike’s gimmick was to create masks that looked just like the portion of your face that was being covered by the mask.

But Maskalike is closing down in a few short days.

It’s been an amazing run bringing thousands of smiles to people, but this project was always supposed to be temporary and we’re getting busy with new ideas. If you have any questions, or want to acquire this company, get in touch. Otherwise, get your order in!

Let’s face it: people aren’t going to be buying a lot of masks any more. In fact, I’m sure that some people never want to see a face mask ever again.

Perhaps some novelty company will buy Maskalike and include it in its catalog, along with other gimmicky things.

If not, it was good while it lasted.

And I’m still keeping my Rodrigo’s mask that I won on Instagram, even though I have no idea where I’m going to wear it.

The air industry is worried about EU Digital COVID certificate activity on July 1

Charles De Gaulle Airport in Paris. By NASA – NASA/JSC, Public Domain, https://commons.wikimedia.org/w/index.php?curid=7156445

So for the last few months we’ve been saying “we need travelers.” And now that we’re about to get travelers, people are getting worried.

The European Union’s system of digital COVID-19 travel certificates is due to come into force on Thursday, but airports group ACI and airlines representative bodies A4E, IATA and ERA warned in a letter to EU national leaders of a “worrying patchwork of approaches” across the continent.

Of course, we’ve known for some time that the EU Digital COVID Certificates are being implemented on a national basis. But now the airport and airline industries are warning that checking the certificates can be dizzying.

The letter said the only way to avoid huge queues and delays during the peak summer season was to implement a system whereby both the vaccination certificate and passenger locator forms are processed remotely before the passenger arrives at the airport.

Checks must only take place in the country of departure and not on arrival and national governments should manage the health data and provide equipment to check the QR codes, the letter said.

So there will be some confusion on Thursday. But will the confusion outweigh the benefits of increased travel?

Additional countries issue the EU Digital COVID Certificate (a/k/a the Digital Green Certificate)

First, a correction.

When I first began writing about the Digital Green Certificate, I referred to it as…the Digital Green Certificate, noting the confusion that the name could cause with climate activists and the like.

Well, it turns out that climate activists have no cause for confusion, because the name of the certificate is NOT the “Digital Green Certificate.”

It’s the “EU Digital COVID Certificate,” as noted here.

With that out of the way, let’s revisit developments since the first seven countries began issuing the EUDCC on June 1.

By Tuesday, June 15, the list of issuing countries will expand to 14:

Italy is one of the first EU countries to begin issuing the EU Digital COVID Certificate, alongside Austria, BulgariaCroatiaCzechiaDenmark, Estonia, GermanyGreece, Latvia, Lithuania, Luxembourg, Poland, and Spain.

The remainder of the countries should be issuing the EUDCC by July 1.

What if you built a spaceship and nobody came?

Things were different a few years ago.

As I write this, one of the big news stories involves Jeff Bezos’ plans to go on a spaceship built by his company Blue Origin. Not many people can afford to go on a spaceship, but Bezos certainly can.

Back in 2017, when you referred to a tech CEO going to a spaceship, you thought of Apple CEO Tim Cook staying on this planet and going to Apple Park, Apple’s new building in Cupertino. One of Steve Jobs’ last great accomplishments, Apple Park was a $5 billion corporate headquarters that provided Apple employees with an insanely great place to work.

Of course, not everybody went to an office to work in 2017. In fact, Silicon Valley had discussed this in 2013 when Yahoo’s then-CEO Marissa Mayer saw all of the Yahoo employees working from home and deemed it, um, essential that Yahoo employees work in the office whenever possible to help build Yahoo’s culture.

In February 2019, remote culture advocate Sarah Dixon looked back at the Yahoo episode. Among other things, Dixon stated:

…there’s no doubt that Mayer’s announcement did some damage to the acceptance of remote working. If you’ve tried to persuade a reluctant boss to let you work from home, they may have even used Yahoo! as the reason they don’t think it’s a great idea.

Ah, way back in 2019. I remember those days.

A little over a year later, attitudes toward remote working changed in ways that even Sarah Dixon couldn’t have imagined. In March, Dixon’s coworker Gabriela Molina was providing a step-by-step guide to working remotely during COVID-19.

Due to COVID-19 restrictions, a lot of us were forced to work from home, whether our companies liked it or not. Security systems were updated. Videoconferencing systems installed on our computers were used much more frequently. Additional collaboration tools were adopted.

But now, at least in the United States, COVID-19 is receding. More and more people are theoretically able to go work. Yet many people continue to work from home today, including employees of some major tech companies.

Apple, however, would like its employees back in the spaceship three days a week (Monday, Tuesday, and Thursday). After all, Apple spent $5 billion on the thing; might as well get some use from it.

But some Apple employees aren’t so eager to return to the practices of old.

…we would like to take the opportunity to communicate a growing concern among our colleagues. That Apple’s remote/location-flexible work policy, and the communication around it, have already forced some of our colleagues to quit. Without the inclusivity that flexibility brings, many of us feel we have to choose between either a combination of our families, our well-being, and being empowered to do our best work, or being a part of Apple. This is a decision none of us take lightly, and a decision many would prefer not to have to make.

The letter from the Apple employees uses many terms such as “flexibility,” “empowered,” “unconstrained,” and “tearing down cross-functional communication barriers.” The employees claim that remote work allowed them to do their best work ever…and they don’t want to go back.

It’s hard to predict how all of this will play out for Apple and other companies. On the one hand, many companies are taking advantage of distributed working models. Ever since August, my consultancy Bredemarket has conducted ALL of its business without setting foot inside any of my clients’ offices. Actually, my clients themselves aren’t setting foot in their own offices; for one of my clients, I frequently deal with two employees who live several states away from their employer’s office.

On the other hand, out of sight, out of mind. Unless your corporate culture has a habit of firing up Zoom or Facetime at any moment to talk to someone, interactions with remote workers are going to be more limited than they were if you were down the hall from each other.

My perspective on this is admittedly unusual. From 2017 to 2020, my corporate supervisor was on the other end of the country from me. Over the nearly three years that I reported to him, I probably saw him in person less than a dozen times. So I sort of had an experience with remote work before COVID sent all of us home in March 2020, and things worked out well.

But how are you going to get a company with hundreds of billions of dollars in revenue, who paid more to build their corporate headquarters than many companies make in a year, to change its way of doing things and “think different”?

The Digital Green Certificate (EU Green Pass), for and against

So I attended the ID4Africa webcast that discussed vaccination certificates, including its discussion of harmonization of the myriad of certificates—a topic that clearly interests me.

If you didn’t already hear this on my recent podcast (microcast?) episode, Pavlina Navratilova of IDEMIA discussed three vaccination certificate standards that affect Europeans. One of these is the Digital Green Certificate, also known as the EU Green Pass.

In this post I’ll explain what the Digital Green Certificate is, why some people think it is essential to the continuance of civilization, and why some people think it destroys civilization as we know it.

Or something like that.

What is the Digital Green Certificate?

First, a clarification. The word “green” in Digital Green Certificate does not refer to saving the whales. It refers to “green means go” in terms of COVID-19. Specifically, a Digital Green Certificate is a digital proof that a person has either

tick iconbeen vaccinated against COVID-19
tick iconreceived a negative test result or 
tick iconrecovered from COVID-19

The certificate will also be available in paper format for us old-school types, but the digital version is what interests me.

The certificate will not be issued by the EU itself, but by entities within each EU country such as health authorities or individual hospitals. The certificate will be in a person’s national language and in English (for those who have forgotten, English is no longer a national language within the European Union due to Brexit).

Each certificate will contain a QR code to ensure authenticity, and these QR codes will be tracked at the EU level.

Each issuing body (e.g. a hospital, a test centre, a health authority) has its own digital signature key. All of these are stored in a secure database in each country.

The European Commission will build a gateway. Through this gateway, all certificate signatures can be verified across the EU. The personal data encoded in the certificate does not pass through the gateway, as this is not necessary to verify the digital signature. The  Commission will also help Member States to develop a software that authorities can use to check the QR codes.

The idea is that any EU citizen can provide national proof of vaccination, negative test, or recovery from COVID and that this national proof will be accepted in any other EU country, subject to the specific rules of that country.

On the other hand, the EU does not want to restrict freedom of movement within the EU.

The Digital Green Certificate should facilitate free movement inside the EU. It will not be a pre-condition to free movement, which is a fundamental right in the EU.

For more details on the plans for the Digital Green Certificate, see this European Commission page. Work continues to get the Digital Green Certificate up and running, including approval of technical specifications.

Entities supporting the Digital Green Certificate

Like anything COVID-related, there are entities that support the Digital Green Certificate, and entities that oppose it.

One group of entities that supports the Digital Green Certificate is the European airline industry. Because of the adverse economic effects of COVID travel restrictions, the airline industry not only wants Digital Green Certificates, but it wants them in time for the summer travel season. Here’s an excerpt from a statement from Airlines for Europe (A4E):

A4E welcomed today’s decision by the European Parliament to fast-track the European Commission’s Digital Green Certificates proposal using an Urgent Procedure. A positive decision by the European Council later today would set in motion a vote on the certificates by the end of April, facilitating the European Commission’s plan to have the certificates operational by June….

“With vaccination programmes underway, I am even more confident travel will be possible this summer. Airlines are ready to re-connect Europe and support economic recovery. I look forward to working with A4E members and policy leaders on this critical work ahead”, (A4E Chairman John) Lundgren added.

The “get people on flights” message is loud and clear.

And it’s not just the airlines; this initiative is also supported by the World Travel and Tourism Council and European Travel Commission. And the European Tourism Manifesto. And the European Exhibition Industry Alliance.

And (most importantly!) the general concept is supported by Vince, who though he is no longer in the EU (did I mention Brexit?), wrote this back in April:

#vaccinationcertificates The reason we need mandatory #vaccinationcards is because of the #superspreaders who demonstrated yesterday. Banning them from #pubs#football.#holidays#events etc will force #covididiots to adhere to the rules or stay at home. @LBC

And then there is the view of the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS). They support the idea, but with some qualifications:

Andrea Jelinek, Chair of the EDPB, said: “A Digital Green Certificate that is accepted in all Member States can be a major step forward in re-starting travel across the EU. Any measure adopted at national or EU level that involves processing of personal data must respect the general principles of effectiveness, necessity and proportionality. Therefore, the EDPB and the EDPS recommend that any further use of the Digital Green Certificate by the Member States must have an appropriate legal basis in the Member States and all the necessary safeguards must be in place.”

Wojciech Wiewiórowski, EDPS, said: It must be made clear that the Proposal does not allow for – and must not lead to – the creation of any sort of central database of personal data at EU level. In addition, it must be ensured that personal data is not processed any longer than what is strictly necessary and that access to and use of this data is not permitted once the pandemic has ended. I have always stressed that measures taken in the fight against COVID-19 are temporary and it is our duty to ensure that they are not here to stay after the crisis.”

This raises an interesting point that was also raised (after I left) in the ID4Africa webinar: what will happen to the Digital Green Certificate in the long term? The attendees were polled on this question.

Obviously the EDPB and EDPS prefer option 3, in which the Digital Green Certificate disappears once the pandemic is over.

Entities opposing the Digital Green Certificate

But not everyone believes that the Digital Green Certificate is a wonderful thing. Take the attitude of the the Dutch section of the International Commission of Jurists (NJCM), as expressed in a liberties.eu post.

As NJCM explains in a letter to the European Parliament, the EU has set up a system and infrastructure for Green Certificates, but only partially regulates the use of these Green Certificates. This leaves it up to member states to make their use mandatory, or to use Green Certificates in many more areas than just border control. Such mandatory use of Green Certificates may limit the freedom of movement, the right to not be discriminated against, the right to privacy, the right to data protection and, indirectly, the right to the integrity of the person (since the ability to travel is made conditional on undergoing testing or vaccination).

While the UK is (as I may have previously mentioned) outside of the EU, that country’s National Museum Directors’ Council has weighed in on the concept of vaccination certificates in general. Unlike airlines that believe that such certificates will encourage travel, the museum directors think these certificates will actually restrain it.

In the UK, where a government consultation on vaccine passports has proved controversial, a coalition of leading museum directors has spoken out against their potential use in museums. Such a scheme “sits at odds with the public mission and values of museums”, the National Museum Directors’ Council said, warning that it would constitute “an inappropriate form of exclusion and discrimination”. 

And, to be truthful, the existence of any type of vaccine certificate allows a distinction between those who are (believed to be) COVID-free and those who are not. You can use the emotionally-charged word “discrimination” or the less-charged “distinction,” but either way you’re dividing people into two groups.

The only way to remove such a distinction is to automatically assume that everyone has COVID. That could close the museums

…but at least everyone will be treated equally without discrimination. So that’s a good thing…I guess…

ID4Africa Livecast, “Vaccination Certificates and Identity Management”

Since I’ve discussed vaccination certificates in the past (most recently here), I thought I should alert you of an event later this week that covers the topic.

Parts 1 & 2 of our trilogy on Vaccination Certificates & Identity Management have set the pace for discussions on policy deliberations and innovative solutions in the development of COVID verifiable credentials. Both events continue to be praised as being our best series yet and… there’s still more to come!

Join your host, Dr. Joseph Atick, for a series finale, tour de force coverage on CV19 credentials where he shifts gears with a league of domain experts in a live collaboration searching for a framework for harmonizing national, regional and international efforts in this domain.

The webinar will take place on Thursday, May 6, from 12:30-14:30 GMT (or 14:30-16:30 CEST). That translates to 5:30 am in my timezone, but it looks like there will be a replay if I oversleep.

If you want to attend live, register here.