The World Health Organization has released its technical and implementation guidelines for COVID-19 vaccine certificates. The guidance is based on WHO’s mandate to support health care, rather than economic activity. One of the assumptions that the organization starts with is that member states will make their own decisions on how to uniquely identify certificate holders.
The WHO’s “COVID-19 Certificate Digital Documentation: Immunization Status: Technical Specifications and Implementation Tips” is divided into sections on ethical considerations and data protection, continuity of care, and proof of emergency scenarios. immunization, baseline data set, national trust architecture, governance considerations and implementation considerations. It is intended as an interim guide and is part of a series that includes separate tips on documenting test results and recovering from COVID.
Key principles behind the basic dataset include data minimization, open standards, paper and digital implementations, and the idea that not all data elements should be found on the dataset certificate. Basic data itself is made up of a header, vaccination event details, and certificate metadata.
The proposal for digital documentation of COVID-19 certificates (DDCC) sharing vaccination status is based on a public key infrastructure (PKI) and barcodes or QR codes.
The guidelines reiterate that the project’s mandate is only to support certification that vaccination has taken place, rather than as an immunity passport or clearance.
Certificates can be printed on an analog document, such as a handwritten paper certificate or PDF print, or stored on a smartphone.
The guidelines state that the DDCC: VS is not an identity document, and although a unique identifier is recommended, a name and date of birth are sufficient biographical data to meet the proposed specification. Biometrics is mentioned among the optional personal data.
WHO guidelines on COVID certificates originally covered only a use case for continuity of care, and the extension of certificates to analog or digital ‘health cards’ introduces a new set of concerns ethical, which the directives examine. These include the likelihood of fraud, and although built-in ‘anti-fraud mechanisms’ are among the recommendations in the document, what these mechanisms should be is not mentioned, except that they should work without the use of ‘no digital technology.
While the guide notes that certificate identity binding can be extended to meet standards such as ICAO’s for international travel, the WHO approach contrasts with those focused on the use case. of the digital health pass, which requires advice specifically on how the digital identity aspect should work.
biometrics | credentials | data protection | data sharing | digital identification | digital identity | fraud prevention | health packages | identity verification | mobile application | standards