This is a summary, written by members of the CITF Secretariat, of:

Thomas B, Flood CM, Krishnamurthy V, Tanner R, Wilson K. Four privacy choices for vaccine passports. C.D. Howe Institute Working Paper. 2021 July 12; url:

The results and/or conclusions contained in the research do not necessarily reflect the views of all CITF members.

A commentary by a CITF-funded researcher, published by C.D. Howe Institute, highlights four fundamental choices for the design of vaccine passport systems that bear upon potential privacy considerations for Canadians. These four choices relate to the information encoded in the passport, the information collected by the organization issuing the passport, the organization(s) permitted to issue the passport, and the technological implementation of the passports (digital versus analog). The research was led by Dr. Kumanan Wilson (University of Ottawa).

Key considerations for the first choice:

  • What information may it be necessary to record other than vaccination status and date of vaccination? Does this include the types of identifying information such as name and date of birth?
  • What would be an acceptable trade-off between the public health benefits of incorporating identity information within vaccine passports to prevent fraud versus omitting it and making fraud potentially more likely?

For the second choice:

  • Should the issuing authority be limited to only collecting and retaining information that would be encoded into the passport? Could additional information be collected for databanks/databases that have the potential to be breached or be used for other purposes?

For the third choice:

  • Who may be permitted to issue the passports under current consent-based privacy laws? Could private-sector entities be allowed to develop their own passport systems?
  • Canada’s federal, provincial, and territorial privacy commissioners have issued a joint statement against private-sector entities implementing their own vaccine passports.

For the fourth choice:

  • Should the focus be on creating secure digital systems or paper products with security features (e.g., watermarks)?
  • Who might have legitimate reasons to request to see the passport and what might be considered a “legitimate” reason?

These four fundamental choices regarding the design of vaccine passport systems and privacy considerations are discussed in a forthcoming Working Paper.