Immunity Certificates: If We Must Have Them, We Must Do It Right

Our twelfth white paper is, “Immunity Certificates: If We Must Have Them, We Must Do It Right,” by Dakota Gruener.


While widespread social distancing orders have proven effective at containing the spread of the COVID-19 virus (Harris 2020), the economic, social, and psychological consequences are enormous and cannot be maintained indefinitely (Sullivan and Chalkidoi 2020) .

As testing capacity ramps up, public health officials and policy makers are increasingly calling for the development of a verifiable credential or “immunity certificate” that would allow individuals to prove their COVID-19 status. This is a complex proposal, one that raises concerns about privacy, exclusion, and inequality.

But preserving public health does not have to compromise personal rights. Identifying those who either have the antibodies to defeat the virus or have tested negative for the virus within a defined time period (and thus can safely return to work and school) can be done using identity technology that places control of private data in the hands of the individual.

Proactive adaptation of existing, purpose-built, privacy-preserving technology, grounded in respect for equity and human rights, offers a means to protect society from a resurgence of the disease, while safeguarding individual privacy and civil liberties. To protect individuals from surveillance, discrimination, fraud, or exclusion, we must ensure that systems developed to serve these purposes are private, secure, and accessible—and are developed using open-source technology and open standards for interoperability and universal access.

This paper outlines key technical and governance considerations necessary for a robust, privacy-protecting credentialing system, and discusses the risks of such programs. The paper also endeavors to sketch out the necessary rate of adoption and the likely ecosystem of partners required for successful implementation of immunity certificates. Finally, it offers a roadmap and call to action for policymakers (with a focus on North America and Europe) and to the technology community to align on standards to ensure we do not end up with fragmented implementations that fall short of meeting achievable, and essential, goals.