So for the last few months we’ve been saying “we need travelers.” And now that we’re about to get travelers, people are getting worried.
The European Union’s system of digital COVID-19 travel certificates is due to come into force on Thursday, but airports group ACI and airlines representative bodies A4E, IATA and ERA warned in a letter to EU national leaders of a “worrying patchwork of approaches” across the continent.
Of course, we’ve known for some time that the EU Digital COVID Certificates are being implemented on a national basis. But now the airport and airline industries are warning that checking the certificates can be dizzying.
The letter said the only way to avoid huge queues and delays during the peak summer season was to implement a system whereby both the vaccination certificate and passenger locator forms are processed remotely before the passenger arrives at the airport.
Checks must only take place in the country of departure and not on arrival and national governments should manage the health data and provide equipment to check the QR codes, the letter said.
So there will be some confusion on Thursday. But will the confusion outweigh the benefits of increased travel?
If you didn’t already hear this on my recent podcast (microcast?) episode, Pavlina Navratilova of IDEMIA discussed three vaccination certificate standards that affect Europeans. One of these is the Digital Green Certificate, also known as the EU Green Pass.
In this post I’ll explain what the Digital Green Certificate is, why some people think this health measure is essential to the continuance of civilization, and why some people think it destroys civilization as we know it.
Or something like that.
What is the Digital Green Certificate?
First, a clarification. The word “green” in Digital Green Certificate does not refer to saving the whales. It refers to “green means go” in terms of COVID-19. Specifically, a Digital Green Certificate is a digital proof that a person has either
been vaccinated against COVID-19
received a negative test result or
recovered from COVID-19
The certificate will also be available in paper format for us old-school types, but the digital version is what interests me.
The certificate will not be issued by the EU itself, but by entities within each EU country such as health authorities or individual hospitals. The certificate will be in a person’s national language and in English (for those who have forgotten, English is no longer a national language within the European Union due to Brexit).
Each certificate will contain a QR code to ensure authenticity, and these QR codes will be tracked at the EU level.
Each issuing body (e.g. a hospital, a test centre, a health authority) has its own digital signature key. All of these are stored in a secure database in each country.
The European Commission will build a gateway. Through this gateway, all certificate signatures can be verified across the EU. The personal data encoded in the certificate does not pass through the gateway, as this is not necessary to verify the digital signature. The Commission will also help Member States to develop a software that authorities can use to check the QR codes.
The idea is that any EU citizen can provide national proof of vaccination, negative test, or recovery from COVID and that this national proof will be accepted in any other EU country, subject to the specific rules of that country.
On the other hand, the EU does not want to restrict freedom of movement within the EU.
The Digital Green Certificate should facilitate free movement inside the EU. It will not be a pre-condition to free movement, which is a fundamental right in the EU.
Like anything COVID-related, there are entities that support the Digital Green Certificate, and entities that oppose it.
One group of entities that supports the Digital Green Certificate is the European airline industry. Because of the adverse economic effects of COVID travel restrictions, the airline industry not only wants Digital Green Certificates, but it wants them in time for the summer travel season. Here’s an excerpt from a statement from Airlines for Europe (A4E):
A4E welcomed today’s decision by the European Parliament to fast-track the European Commission’s Digital Green Certificates proposal using an Urgent Procedure. A positive decision by the European Council later today would set in motion a vote on the certificates by the end of April, facilitating the European Commission’s plan to have the certificates operational by June….
“With vaccination programmes underway, I am even more confident travel will be possible this summer. Airlines are ready to re-connect Europe and support economic recovery. I look forward to working with A4E members and policy leaders on this critical work ahead”, (A4E Chairman John) Lundgren added.
The “get people on flights” message is loud and clear.
And (most importantly!) the general concept is supported by Vince, who though he is no longer in the EU (did I mention Brexit?), wrote this back in April:
And then there is the view of the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS). They support the idea, but with some qualifications:
Andrea Jelinek, Chair of the EDPB, said: “A Digital Green Certificate that is accepted in all Member States can be a major step forward in re-starting travel across the EU. Any measure adopted at national or EU level that involves processing of personal data must respect the general principles of effectiveness, necessity and proportionality. Therefore, the EDPB and the EDPS recommend that any further use of the Digital Green Certificate by the Member States must have an appropriate legal basis in the Member States and all the necessary safeguards must be in place.”
Wojciech Wiewiórowski, EDPS, said: It must be made clear that the Proposal does not allow for – and must not lead to – the creation of any sort of central database of personal data at EU level. In addition, it must be ensured that personal data is not processed any longer than what is strictly necessary and that access to and use of this data is not permitted once the pandemic has ended. I have always stressed that measures taken in the fight against COVID-19 are temporary and it is our duty to ensure that they are not here to stay after the crisis.”
This raises an interesting point that was also raised (after I left) in the ID4Africa webinar: what will happen to the Digital Green Certificate in the long term? The attendees were polled on this question.
Obviously the EDPB and EDPS prefer option 3, in which the Digital Green Certificate disappears once the pandemic is over.
Entities opposing the Digital Green Certificate
But not everyone believes that the Digital Green Certificate is a wonderful thing. Take the attitude of the the Dutch section of the International Commission of Jurists (NJCM), as expressed in a liberties.eu post.
As NJCM explains in a letter to the European Parliament, the EU has set up a system and infrastructure for Green Certificates, but only partially regulates the use of these Green Certificates. This leaves it up to member states to make their use mandatory, or to use Green Certificates in many more areas than just border control. Such mandatory use of Green Certificates may limit the freedom of movement, the right to not be discriminated against, the right to privacy, the right to data protection and, indirectly, the right to the integrity of the person (since the ability to travel is made conditional on undergoing testing or vaccination).
While the UK is (as I may have previously mentioned) outside of the EU, that country’s National Museum Directors’ Council has weighed in on the concept of vaccination certificates in general. Unlike airlines that believe that such certificates will encourage travel, the museum directors think these certificates will actually restrain it.
In the UK, where a government consultation on vaccine passports has proved controversial, a coalition of leading museum directors has spoken out against their potential use in museums. Such a scheme “sits at odds with the public mission and values of museums”, the National Museum Directors’ Council said, warning that it would constitute “an inappropriate form of exclusion and discrimination”.
And, to be truthful, the existence of any type of vaccine certificate allows a distinction between those who are (believed to be) COVID-free and those who are not. You can use the emotionally-charged word “discrimination” or the less-charged “distinction,” but either way you’re dividing people into two groups.
The only way to remove such a distinction is to automatically assume that everyone has COVID. That could close the museums…
…but at least everyone will be treated equally without discrimination. So that’s a good thing…I guess…
Since I’ve discussed vaccination certificates in the past (most recently here), I thought I should alert you of an event later this week that covers the topic.
Parts 1 & 2 of our trilogy on Vaccination Certificates & Identity Management have set the pace for discussions on policy deliberations and innovative solutions in the development of COVID verifiable credentials. Both events continue to be praised as being our best series yet and… there’s still more to come!
Join your host, Dr. Joseph Atick, for a series finale, tour de force coverage on CV19 credentials where he shifts gears with a league of domain experts in a live collaboration searching for a framework for harmonizing national, regional and international efforts in this domain.
The webinar will take place on Thursday, May 6, from 12:30-14:30 GMT (or 14:30-16:30 CEST). That translates to 5:30 am in my timezone, but it looks like there will be a replay if I oversleep.
I’ve gone on ad nauseum about the plethora of vaccine certificate options that are being developed by public and private entities.
Wouldn’t it be nice if all of these different options were able to talk to each other, so that my existing blue certificate would talk to health systems that require the orange certificate or the red certificate?
The Global Information for Public Health Transformation (GIPHT) initiative of the Learning Health Community has collaborated with CDISC to develop a minimum set of key data elements for documenting vaccinations. The goal of the collaboration is to achieve multinational agreement around one global core data standard that will enable the success of vaccine credentialing applications and secure sharing of essential information for uses such as safe travel.
The organizations have published a draft standard for public review. This draft attempts to define the minimum key data elements, and draws upon the work of several different organizations.
The set of common data elements proposed has been based upon recommendations made available by the European eHealth Network as referenced by the European Commission in announcing their plans for a Green Certificate to facilitate travel by Europeans among EU countries. This set of common data elements has also been informed through U.S. CDC. The elements have been aligned with standards from HL7, CDISC and ISO (standards development organizations), where applicable.
Of course, we have to ask the question: why listen to GIPHT and CDISC? Well, these two organizations claim a previous success, as noted in their press release.
“CDISC developed and published a COVID-19 data standard in less than a month by leveraging existing global clinical research standards, including those for vaccines, virology and Ebola,” stated Rhonda Facile, Vice President of Partnerships and Development, CDISC.
However, there is one significant difference between exchanging COVID-19 data and exchanging vaccine certificate data. The former is an exchange of medical data which is of primary interest to health professionals. The latter has much greater ramifications, since it can potentially affect border crossings, travel in general, and access to facilities such as casinos, sports stadiums, and concert venues.
Is it even possible to develop a vaccine certificate interoperability standard that satisfies the foreign affairs and transportation ministries of multiple countries, the major airlines and airports, the casino operators, the major sports leagues, AND Taylor Swift?
LOS ANGELES – MARCH 14: Guest arrives for the 2019 iHeartRadio Music Awards on March 14, 2019 in Los Angeles, California. (Photo by Glenn Francis/Pacific Pro Digital Photography). By Toglenn (Glenn Francis) – This file has been extracted from another file: Taylor Swift 2 – 2019 by Glenn Francis.jpg, CC BY-SA 4.0, https://commons.wikimedia.org/w/index.php?curid=81523364
(We know Ms. Swift’s views on facial recognition, but as far as I know she has not expressed her views on vaccine certificates.)
And if it is possible, will all of these parties agree that GIPHT and CDISC are the ones to develop the standard?
Bredemarket 