European Commission’s Digital Green Pass: Details and Concerns

Further specifics regarding the European Commission’s proposed legislation for a pan-EU ‘digital green pass’ – designed to verify COVID-19 status – have been revealed today. The plan is generating debate due to potential human rights and civil liberties implications, specifically the risk of discrimination.

Data Protection and Decentralization

Privacy and security specialists are also voicing concerns about the technological framework that will support the system, which remains largely undefined. German Pirate MEP Patrick Breyer stated today that the current proposal doesn’t adequately address data protection and discrimination concerns.

EU’s Digital COVID-19 Certificate

The European Union intends for its COVID-19 vaccine passports – officially termed a “digital green pass” or “digital COVID-19 certificate” – to demonstrate whether an individual has been vaccinated against COVID-19, recently tested negative, or recovered from the disease and possesses antibodies. This was announced by Commission president Ursula von der Leyen during a press briefing.

She emphasized that the certificate will ensure mutual recognition of the displayed data – a minimum dataset – across all Member States. The goal is to enable Member States to safely and responsibly restore freedom of movement.

Implementation and Member State Flexibility

Justice commissioner Didier Reynders indicated that every EU citizen should receive the certificate without charge and have it accepted by other Member States. The Commission will primarily focus on establishing a framework, leaving specific requirements related to the pass to individual Member States.

Acceptance of Non-EU Approved Vaccines

Reynders provided an example: a European country could choose to accept vaccination status from individuals vaccinated with a vaccine not yet authorized for use within the EU. However, the Commission will mandate acceptance of pass holders vaccinated with an EMA-approved vaccine.

The Commission aims to have the system operational “before the summer”. This timeline appears ambitious, considering the project’s technical complexity and the sensitive personal data involved, alongside the inherent risk of discriminatory or unfair infringement on civil liberties.

Technical Challenges and Timeline

Successfully launching the digital certificates requires not only the Commission implementing and procuring central components, but also ensuring Member States implement the necessary technical elements nationally. Furthermore, the required legislation must be approved by the EU Council and Parliament – all potentially by June, according to Reynders.

When questioned about a contingency plan, Reynders stated that no alternative exists, as the sole objective is to prevent fragmentation by implementing a common instrument and avoiding unilateral decisions by Member States regarding COVID-19 at borders.

Potential for Discrimination and Data Retention

Despite the proposal, Breyer points out that it still allows for differing rules among European countries. He warns that linking freedom of travel solely to vaccination, if Member States don’t accept negative tests as an alternative, could lead to discrimination. He believes improvements are necessary.

However, Breyer welcomed the exclusion of long-term medical information retention after the certificate is presented.

Digital and Paper Formats

EU lawmakers confirmed the digital pass will be available in both digital and paper formats. Breyer expressed concern that some countries might not implement the paper form, potentially discriminating against those without smartphone access.

Reynders also confirmed the digital pass will include a QR code for verification of the certificate’s validity.

Blockchain Technology and Technical Solutions

The Commission’s scheme shares components with a system recently reported in Germany, involving QR codes and blockchain technology (with IBM and Ubirch winning the tender) – intended to be compatible with the EU’s digital pass requirements.

However, blockchain was not mentioned during today’s Commission press briefing. Internal market commissioner Thierry Breton stated that the technical solution “is also part of trust”.

GDPR Compliance and Data Sharing

He added that collaboration with Member States ensures alignment on technology, while upholding GDPR standards and avoiding data exchange. He emphasized that a QR code will verify certificate validity when crossing borders.

A Commission spokesman, when asked about blockchain integration, sidestepped the question, stating only that “the gateway will link the national public key directories for the signature keys”.

Trust Framework and Ongoing Development

The spokesman added that the technical implementation remains undefined. The “trust framework” will be developed by the Commission, based on an outline agreed upon by Member States within the eHealth Network – a voluntary network established in 2011 to facilitate cross-border data sharing for e-health purposes.

eHealth Network Outline

The Commission’s webpage states that the eHealth Network has published an outline of the trust framework for establishing the Digital Green Certificate infrastructure, and continues to develop mechanisms for mutual recognition of certificates.

Further work is being conducted in collaboration with EU agencies, the Health Security Committee, the World Health Organization, and other institutions.

The eHealth Network’s current outline for the “trust framework for the interoperability of health certificates” is available as a 16-page PDF (v.1.0, dated March 12, 2021).

The document discusses design choices and intended outcomes but lacks details on specific technical solutions, as decisions are still pending, despite the Commission’s goal of full implementation within two months.

Driving Forces and Concerns

Pressure from southern European nations, reliant on tourism, is a key driver for the Commission’s rapid rollout of a common approach to vaccination documentation. However, the fear of fragmentation of the Single Market is likely the more significant motivator. Concerns over linking travel rights to a pass have been previously expressed by other Member States, including France and Germany.

The trustworthiness of the digital pass’s technical underpinnings remains questionable, as many details are still to be confirmed.

Data Security and Privacy

The eHealth Network’s outline, in a section on “data security by design and default”, asserts that the framework “should by design and default ensure the security and the privacy of data”. However, it doesn’t specify how this will be achieved.

It emphasizes preventing the collection of identifiers that could be cross-referenced for tracking (“Unlinkability”), but notes that “further discussions are needed as to the technological aspects and timeline for the incorporation of these features”.

Decentralization and Centralized Elements

The outline describes the EU trust framework as “largely decentralised”, but acknowledges “some centralised elements”: namely “roots of trust” stored in a common directory/gateway (the “EU Public Key Directory/Gateway”), and the “Governance model”. This raises core questions of trust regarding these key elements.

The document envisions the gateway being provided by a public sector body, potentially the European Commission, but allows for alternative bodies to assume that role.

Verification Methods

Offline verification will involve 2D barcodes with digital signatures and dedicated verification software periodically fetching verified public keys. Online verification will rely on the UVCI (Unique Vaccination Certificate/assertion Identifier) and will be incorporated in a future specification version (V2).

The outline confirms the use of 2D barcodes and raises the possibility of utilizing W3C Verifiable Credentials, with a decision to be made later.

Criticism and Alternative Approaches

Harry Halpin, a CEO and research scientist, has criticized the lack of openness surrounding the Commission’s digital green pass design. He presented a paper last year critiquing immunity passport schemes involving standards like Decentralized Identifiers (DIDs) and Verifiable Credentials (VCs) from the W3C, and is concerned about the potential incorporation of blockchain technology.

He argues that using W3C Verifiable Credentials in immunity passports would be dangerous to privacy and security.

Attribute-Based Credentials

“Technologically there’s ways to prove test results digitally without involving any global identity at all,” he stated. “Attribute-based credentials just prove attributes without revealing identity.”

He added, “Maybe the metaphysical angle is that because of corona all my previously private health data should now be public but then just come out and say that — don’t hide it behind some blockchain nonsense.”

Function Creep and Future Expansion

Security and privacy researcher Dr Lukasz Olejnik raised questions about the source of trust and the potential for function creep related to the proposed design.

“This technical document confirms that the user’s ID will be bound to the certificate. This may mean that the passport would mediate a proof of ID,” he said. “Considering today’s proposal of a regulation it is pertinent to wonder whether a function-creep-like expansion couldn’t lead to these passports becoming actual proofs of identity in the future.”

He added that the source of trust in the system will be a key issue, and that more details are needed.

Temporary Instrument with Re-activation Potential

Reynders indicated that the digital pass would be a “temporary” instrument, with the legislation allowing for suspension at the end of the pandemic. However, it also includes the possibility of re-activation in the event of another pandemic, requiring a delegated act and European Parliament approval.

“We don’t want to prolong that,” he added. “When it will be possible for the World Health Organization to say that we are at the end of the pandemic we’ll stop with such an instrument.”

Potential for Broader Use and Compliance

Reynders conceded that European countries might seek to use the digital pass for other purposes, but emphasized that any such uses must comply with EU laws and fundamental rights.

“If there are other uses well it’s already the case you can perhaps use other things like masks that are also imposed… We need to make sure that any further use is proportional and non-discriminatory and obviously in line with the rules on free movement.”

Historical Context and Current Challenges

The EU’s digital COVID-19 pass initiative began in January, with a focus on establishing a trust framework by the end of the month. A legislative plan was announced earlier this month, aiming to facilitate safe cross-border travel this summer. However, the slow pace of the EU’s vaccine rollout in the first quarter casts doubt on these hopes.

The Commission president also warned today that some Member States are facing a third wave of COVID-19.

The Commission’s plan to rapidly implement a digital pass remains controversial, particularly given the limited vaccine access across the bloc, which underscores the risk of unfair application. Civil liberties concerns cannot be disregarded, nor can they be overshadowed by a rebranding to a ‘digital pass’. Additional questions are emerging regarding the Commission’s technology choices and whether the system’s architecture will uphold Von der Leyen’s commitment to data protection, security, and privacy.

Full transparency is essential to build trust among EU citizens.