Following my blog last week, the news around vaccine passports has continued to prompt debate and concern in equal measure.
The early results from our own surveys show strong support for the concept of vaccine passports both for international travel and interestingly for domestic use such as sporting events and eat out. Running at roughly two thirds in favour it looks like passports might have the general public’s backing.
But I don’t think we have yet to see the optimal solution. Two days ago, British Airways CEO Sean Doyle, announced their intention to enable people who have received both jabs to register this on the B.A. Smartphone App. This follows the earlier statements from Luis Gallego, the leader of IAG, BA’s owners, to use digital health passes “to reopen our skies safely”. Much of the feedback I have had on BA’s plans also include comments about the recent £20m fine BA received over data security failings which led to the loss of credit card data on more than 400,000 customers back in 2018.
I have to question the stand-alone approach of BA and other carriers to what is a much bigger issue than their own commercial interests.
On a more important note, news is breaking that the European Union will unveil a COVID-19 vaccination passport tomorrow. This comes despite the challenging vaccine rollout across Europe and more concerning the signs of new waves of infection across the continent.
It is understood the European Commission will propose creating a bloc-wide “green digital certificate”. The intention would appear to include not only data on vaccination but also testing and previous infection including recovery to allow people to travel and cross borders. If true, this goes absolutely to the heart of the issues of data privacy and ethics. I cannot help but think that the boundary of protecting medical information and the purpose for which it is held would be crossed.
The devil will as ever will be in the detail and I look forward to seeing a robust plan for public buy-in and a clear approach to consent for the use of data for a purpose different to that original sought. The one piece of good news is that as champions of GDPR the EU has a vested interest in getting this right. What could go wrong?