When New York City announced on Tuesday that people will soon have to show evidence of at least one coronavirus vaccine to get into businesses, Mayor Bill de Blasio said the system was “simple – just show it and you’re in”.

The data protection debate, which rekindled the city, was less straightforward.

Vaccination records showing proof of vaccination, often in electronic form such as an app, are the foundation of Mr de Blasio’s plan. For months, these records – also known as health cards or digital health certificates – have been discussed around the world in order to provide a safe gathering for vaccinated people who are less at risk from the virus. New York will be the first U.S. city to include these passports in a vaccine mandate, and potentially trigger similar actions elsewhere.

But mainstreaming those credentials could also usher in an era of increasing digital surveillance, privacy researchers said. This is because vaccine passports can allow location tracking, although there are few rules about how people’s digital vaccine data can be stored and shared. While existing data protection laws restrict the exchange of information between medical providers, there is no such rule for uploading your own data to an app.

The moment is reminiscent of the months after the September 11, 2001 attacks, said privacy advocates. Back then, changes in the name of national security had lasting effects, including taking off shoes at airports and the data collection made possible by the Patriot Act.

Without security, presenting a digital vaccination record every time people enter a public place could result in a “global map of the people,” said Allie Bohm, a political advisor to the New York Civil Liberties Union. The information could be used for profit by third parties or disclosed to law enforcement or immigration authorities, she said.

“How do we make sure that in 20 years we won’t say, ‘Well, there was Covid, so now I have this passport on my cell phone, which is also my driver’s license and also all the health records I have ever had? and every time I go to a store, do I have to leaf through it? ‘”said Ms. Boehm.

She added that the passports could particularly disadvantage groups who are more concerned about privacy, including those without papers. The New York Civil Liberties Union and other advocacy groups have supported laws to prevent vaccination records from being shared with law enforcement and to ensure passports don’t become permanent health trackers.

Vaccination records were introduced in the United States largely without a national framework. President Biden has ruled out a national vaccination record so that states, cities and private companies can decide if and how to have their own electronic systems to keep track of people who have been vaccinated.

Some companies that have developed digital vaccination records have tried to forestall privacy concerns. Over 200 private and public organizations recently joined the Immunization Card Initiative, a coalition aimed at standardizing the collection and protection of vaccination data.

Many developers said they went out of their way to make sure the passports didn’t break the privacy boundaries. Clear Secure, a security company that has created a health passport that is used by over 60 organizations, including many sports venues, said that its users’ health information has been “treated with the utmost care” and protected by a variety of tools. Employers or venues can only see a red or green signal that indicates whether a user has been vaccinated, it said.

The Commons Project, a non-profit organization that developed a vaccine passport called CommonPass, stores vaccine and test data on users’ phones and only temporarily uploads the information to a server to verify that a traveler meets the requirements. Airlines that have introduced CommonPass, including JetBlue and Lufthansa, can only see if a passenger has been cleared for travel, it said.

JP Pollak, a co-founder of the Commons Project, said the group’s vaccination record is “trustworthy” as users’ data has not been stored in the cloud and the passport restricts the information companies can see.

But while vaccine passports are still in the making, Covid-19 contact tracing apps that were introduced earlier in the pandemic have already been used by more authoritarian countries in a way that raises privacy issues. That gives researchers little confidence about how those vaccine passports might be used later.

For example, in China, a program called “reportInfoAndLocationToPolice” within the Alipay Health Code, used by the Chinese government to assess people’s health, sends a person’s location, city name, and identification code number to a server once the user agrees software access to personal data.

In Singapore, officials said in January that data from the country’s coronavirus contact tracing system had been used in a criminal investigation, despite leaders originally saying it was only used for contact tracing. In February, Singapore passed law restricting such use to “serious” criminal investigations.

“One of the things we don’t want is that we normalize surveillance in an emergency and we can’t get rid of it,” said Jon Callas, the director of technology projects at the Electronic Frontier Foundation, a digital rights group.

Although such incidents do not occur in the United States, researchers already see potential for a handover. Several pointed to New York City, where proof of compulsory vaccination begins August 16 and will be enforced from September 13.

For evidence, people can use their paper vaccination cards, the NYC Covid Safe app, or another app called the Excelsior Pass. The Excelsior Pass was developed by IBM under an estimated $ 17 million contract with New York State.

To receive the pass, people upload their personal information. In the standard version of the pass, companies and third parties only see the validity of the pass and the name and date of birth of the person.

On Wednesday, the state announced the “Excelsior Pass Plus”, which not only shows whether a person has been vaccinated, but also provides additional information on when and where they were vaccinated. Companies that scan Pass Plus “may have the ability to save or retain the information it contains,” according to New York State.

The Excelsior Pass also has a “Phase 2” which could include expanding the use of the app and adding more information such as personal information and other health records that companies could review upon entry.

IBM said it used blockchain technology and encryption to protect user data, but didn’t say how. The company and New York State did not respond to requests for comment.

Mr de Blasio told WNYC in April that he understands the privacy concerns surrounding the Excelsior Pass but believes it will still “play an important role”.

Some federal states and cities are proceeding cautiously for the time being. More than a dozen states, including Arizona, Florida, and Texas, have announced bans on vaccination records in the past few months. The mayors of San Francisco, Los Angeles, and Seattle also said they would hold back on passport programs.

Some groups of companies and companies that have introduced vaccine passports said the privacy concerns were legitimate but addressable.

Airlines for America, an industrial trade group, said it supported vaccine passports and urged the federal government to put in place privacy standards. The San Francisco Chamber of Commerce, which helps its members work with Clear, said it was preferable to use the tools to ensure that only vaccinated people enter stores than to have companies close again when virus cases rise.

“People’s privacy is precious,” said Rodney Fong, President of the Chamber, but “when it comes to saving lives, privacy becomes a little less important.”