The ‘HygieneGap’ project provides a citizen-centred digital trusted health status solution

18/03/2020 - 17:50


Note: submitted to the emergency H2020 SME Call. If selected we can have it ready in time for this covid 19 crisis.

In a pandemic emergency tools are needed to coordinate health responses between different actors. People who were quarantined or recovered from the illness are the basis for managing the crisis and rebuilding civil society. Due to the COVID-19 shutdown China deploys a range of mobile tools for crisis management. Such digital approaches are helpful but must be adapted to a civil society context.  

Dealing with a pandemic cannot be at the expense of people’s privacy and autonomy. In creating emergency infrastructure, we lay the groundwork for a progressive society where people have control over how to selectively disclose their health status in daily life with their peers and how to relate and coordinate with existing authorities and institutional service providers.  

The ‘HygieneGap’ allows citizens to share their individual health status via easy-to-use smartphone app with a ‘QR code’ based certificate and to add trusted updates on health status. The ‘HygieneGap’ system uses ‘QR codes’ to allow citizens and authorities to exchange sensitive health status data without physically touching contaminated documents.  


The purpose of our “Disposable Health ID” initiative is to provide an “engine” for other apps, via a Mobile SDK, which builds in the self-sovereign identity / security / privacy of citizens, aid workers, governments and companies and the complexity hides this from app developers.**
Technically, we do this by starting from a cryptographic master key for each party from which cryptographically demonstrable main identities can be derived (via so-called Hierarchical Deterministic Wallets). So-called “Disposable IDs” can be generated from each main identity, which are (legally) pseudonymous IDs that are used once with each data transfer. In addition, the data is also encrypted via the keys that generate these IDs and additional keys are created for the receiving party to decrypt the data.
Strictly legal (in accordance with GDPR definition), the “Disposable IDs” are temporary pseudonymised personal data because, although only by the owner and limited in time, they can be linked to their main identity. The use of pseudonymisation not only guarantees confidentiality, but is also a means to pursue GDPR compliance (see art. 32.1.a GDPR). 
These disposable IDs, based on the W3C DID specification, are also used in a digital version of a GDPR consent and “travel” with each personal data packet and form the usage contract for that personal data. This GDPR consent is formatted in accordance with the W3C Verifiable Credential standard and contains all attributes required to identify a data subject, data controller and other attributes (at least in accordance with Art. 13 of GDPR, but more if necessary). 
In a coming phase, we plan to have a full GDPR analysis performed with the respective roles and obligations for all parties involved.
By using the “Disposable ID Mobile SDK” as the engine, the apps that install this engine can offer a cryptographically demonstrable privacy-by-design solution, the rights and data security of data subjects can be guaranteed and, last-but- not least, the data controllers / processors also provide cryptographic proof of GDPR compliance.

HygienGap mobile app in the form of a personal e-wallet: 

· Keeps informed on the latest adopted health measures, 

· Helps to recognise a potential infection risk based on past encounters and location history

· Assists officials to issue health status credentials and  

· Assists citizens to store credentials and prove ownership over them.  (once only principle)


Meet the HygieneGap Community: