Consortium builds corona test app using privacy-by-design principles

Open source and not-for-profit • 14 Apr 2020

The uNLock consortium is tackling the challenge of developing an open source, non-profit app that makes it possible for users to share proof of the outcome of a coronavirus test or – potentially - a vaccination. This solution, which is not a contact tracing tool, protects the privacy of users. The test give confidence both that data is authentic and that personal data is never shared.

The open consortium, consisting of Rabobank, CMS, TNO, Ledger Leopard, Arbo Unie (Dutch regional occupational health, safety and environment institute), EY, IBM and experts from Leiden University (Faculty of Law), Delft University of Technology (Faculty of Technology, Policy & Management) and the Dutch Blockchain Coalition. Talks are also underway with other public and private parties. TNO brings significant experience in privacy enhancing technologies, particularly in Self-Sovereign Identity SSI, to the consortium. TNO has long been involved in the development of worldwide standards in SSI and chairs the use case workstream within the international COVID-19 Credentials Initiative.


The app has been developed using privacy-by-design principles, and information gathered via the app is only stored stored on the user’s device.  This is where Self Sovereign Identity comes in. This means that, for example, a voluntary caregiver for a family member can use the app to gather certificates showing when they were last tested and the results. They can scan a QR-code on entering a hospital or care facility which informs them about the current entry policy, including the requirements for entering. The caregiver can then choose to send a secure, anonymous certificate proving their compliance.

The verifying party will only see confirmation that the caregiver meets the requirements. If the caregiver does not meet them, he/she is informed what actions to take to gain entry. The verifying party (for example a hospital administrator) can be confident that it is safe to grant someone access to a location without needing to request or store any sensitive or personal data about that individual.


With the uNLock app, recently tested healthcare workers could be deployed in environments where knowing whether they have been tested recently is particularly important In a later phase, provided there was enough testing capacity, voluntary caregivers could be be able to help their relatives in nursing homes..

The focus is on health workers and possibly caregiving family or other critical occupations. We are aware of the potential for scope creep and believe health claims should not be used in environments where this is not strictly mandated. For that reason, we have created an ethics board of renowned experts to work closely with the tech and legal teams,  to ensure both privacy-by-design and values-sensitive design. In this way, the application gives new policy options to support a carefully managed reopening of Dutch society.


The uNLock consortium has taken this specific approach to the development of its solution: it focuses on restoring our trust in physical interactions in daily life, without undermining privacy. The ‘Corona crisis’ has been marked by discussion of how to balance individual privacy rights with the need to protect society. We feel those two are not opposites but can be combined. This need is obvious in healthcare services, but will also be critical to, for example, the aviation industry.

UNLock complements the tracking and symptom checking apps broadly discussed in and around the “appathon” organized by the Ministry for Health, Welfare and Sport (VWS).


 The consortium is looking for new partners; specifically for healthcare institutions and test laboratories with which pilots can be run. If your organization is interested, please make contact with the team via the unlock website, via the other partners or by sending an email to Sterre den Breeijen.


Media questions?