Where it started: Vaccine passports are just a ridiculous conspiracy theory. Stop with the tin foil hat nonsense.
Where it’s going: We need a company to develop vaccine passport system, and an authority to manage it.
The Canada Border Services Agency (CBSA) has an urgent need to secure the services of a global organization (the “Contractor”) with knowledge of and expertise in biometrics. The Agency requires this organization to assist with the immediate establishment of an Office of Biometrics and Identity Management and to work with the Agency in researching, planning for and rapidly developing a strategy and roadmap related to the use of Digital solutions enabled by supporting technologies in biometrics, in response to the COVID 19 situation and other operational priorities. The Contractor will bring knowledge, capabilities, and experience to support CBSA’s urgent need to establish a biometric strategy, biometric foundation and ultimately a Biometrics Authority (Centre of Excellence). Specifically, the “contractor” will assist the CBSA with the development of a comprehensive approach and plan to manage, evolve and adapt in using biometrics to deliver the mission of the agency while considering our interrelationship and joint ventures with other federal government departments and agencies and our international partners.
Also, what is the “Office of Biometrics and Identity Management” that this refers to? Who will run it? Who will have access to this data? Will the information be used for commercial or research purposes. There are of course similar questions concerning this “Biometrics Authority”.
Come to think of it: the Privacy Commissioners’ joint statement doesn’t exactly discourage the creation of vaccine passports.
At its essence, a vaccine passport presumes that individuals will be required or requested to disclose personal health information – their vaccine/immunity status – in exchange for goods, services and/or access to certain premises or locations. While this may offer substantial public benefit, it is an encroachment on civil liberties that should be taken only after careful consideration. This statement focuses on the privacy considerations.
Vaccine passports must be developed and implemented in compliance with applicable privacy laws. They should also incorporate privacy best practices in order to achieve the highest level of privacy protection commensurate with the sensitivity of the personal health information that will be collected, used or disclosed.
For businesses and other entities that are subject to private sector privacy laws and are considering some form of vaccine passport, the clearest authority under which to proceed would be a newly enacted public health order or law requiring the presentation of a vaccine passport to enter a premises or receive a service. Absent such order or law, i.e. relying on existing privacy legislation, consent may provide sufficient authority if it meets all of the following conditions, which must be applied contextually given the specifics of the vaccine passport and its implementation:
Can we now expect some new order or law to give businesses the power to refuse people entry based on not sharing this information? And what guarantees do we have that this will not be abused or shared anyway? There are safeguards (on paper at least), but what are those actually worth?
The Vaccine Credential Initiative, which includes Microsoft, seems poised to push such a global version. This should surprise no one at this point. A cynic might wonder if the whole thing was planned.
(3) Vaccine Passport Notice Of Proposed Procurement