Expand the existing schema to include personal identity fields

[svetamorag]

We have additional fields that we want to add to the schema. "Citizen ID" and the "Passport Number" fields don't exist in the schema (v 1.3.0) but are in use right now in our country.

We are trying to understand all the consequences of creating and support a new/extended version of the schema. Would you please describe the process of changing the schema by specific country in the network?

[dslmeinte]

@svetamorag I have a couple of questions:

1. Which country is your country? (I couldn't see that in GitHub info.)
2. What do you mean by “changing the schema for a specific country”? The schema is standardised across EU, but the DCC can contain more fields (because of additionalProperties: true), so you're free to add fields where you see fit. However, you have to consider two things: (1) Is this GDPR-compliant? (2) Other countries can't (and don't have to) do anything with those extra fields, as they may only assume the presence of fields in the specification.

[svetamorag]

The "our country" is Israel (IL):-) We can add additional fields, but do we need to publish this schema on GitHub repository? And the schema version could stay the original schema version (1.3.0) even if additional fields will be added? We don't need to create and support a new version of schema? Thank you.

[dslmeinte]

I think it'd be wise to publish your adapted schema in a GitHub repo, as a separate, “forked” schema. Ideally, that schema should be properly versioned (and documented) as well, for the benefit of your users.

Note that there's very little chance of anything like a citizen ID or passport number making it into an EU DCC standard (and therefore: this DCC schema), at least because of GDPR/privacy concerns.

[jschlyter]

@svetamorag I strongly recommend that you request your own "Health Certificate Claim Key" (i.e., != eu_dcc_v1) for Israelic health certificates (e.g., il_dcc_v1). You can then define your own payload schema based on the EU DCC schema and make whatever changes you like.

Please file a request to https://github.com/ehn-dcc-development/hcert-spec/issues if you want to request a claim key and I'll discuss it swiftly with my hcert colleagues (@martin-lindstrom @fredriklj @dirkx).

[dslmeinte]

Good suggestion! Thanks, @jschlyter

For now, I think the original question has been answered to the extent it can be in the context of the EU DCC.

[svetamorag]

Thank you, guys, We will check the "Health Certificate Claim Key" option.

[dirkx-gavirate-2021]

@svetamorag and beware that within the EU, after significant discussion, use-cases, proportionality and privacy impact when set against the GDPR did not allow for the inclusion of fields such as the "Citizen ID" and the "Passport Number". The simplified reasoning is that "As the citizen is using this for cross border travel; thus such is not required; thus including it is not proportional". There is an extensive analysis at https://edpb.europa.eu/edpb_en/Covid-19/