The technological demands of fighting the COVID-19 pandemic have never been more complex than now, as governments race to unroll several versions of the coronavirus vaccine. The issue of vaccine “passports” presents several moral conundrums, especially as it relates to data privacy; previously, contact tracing data was a large privacy issue, exemplified by the Singaporean government breaching privacy by making contact tracing data available for police investigations.

India is confident that they will face no such issues. The government assured that their vaccine certificate app, CoWIN (COVID Vaccine Intelligence Network), will only track vaccine-related data and not individuals’ personal data. This means that the application will only hold relevant information, such as which vaccine was administered, the date of the first dose and when to get the next dose.

About 1.5 million people in India have received their first doses of the vaccine as of January 23, a slower rollout than anticipated.

“Yes, we are tracking who has had the medicines and that tracking is being done in order to ensure that somebody who has taken medicine X is not given medicine Y,” said Ram Sewak Sharma, the government’s Chairman of Empowered Group on Technology and Data Management to combat COVID-19. “Here, the government is facilitating vaccines for you and monitoring the progress and the adverse effects.”

Privacy and Authentication Challenges

Another key issue, along with safeguarding users’ privacy, is authenticating users’ identity. The CoWIN app requires users to register through Aadhaar, India’s biometric digital ID system. The biometric technology leverages technologies like electronic KYC and OTP to ensure there are no fraudulent users and that the correct people are getting the appropriate vaccine.

However, the government has faced data breaches in the past in which millions of Aadhaar ID numbers were leaked. 

“What’s important is that the vaccination should be recorded online, real-time with proper authentication of identity, so that we can make sure that the person gets the message that they have to come back in three weeks for the next round, and that everybody should be issued a vaccination certificate,” said Nandan Nilekani, a developer of Aadhaar.

ABOUT THE WRITER

Lydia You is a computer scientist from Princeton University living in New York City. She is a Tech Innovation Fellow at Identity Review covering the intersection of global tech policy, internet culture and the future of digital media.

Contact Lydia You at lydia@identityreview.com.

Do you have information to share with Identity Review? Email us at press@identityreview.com.