At the very least, if you want this to gain any traction in the EU, please amend this specification to include a way to get a single users data back out by revocation or deletion.
Sidenote: What's with all the GraphQL? Do the data formats being exchanged here really warrant that?
Uploading diagnosis keys to health authorities backends of each realm you‘ve visited is unfortunately not a trivial requirement. To prevent fraud and pranksters health authorities would need define a trusted set of apps, which requires a complicated process or architecture. But a trusted set of apps in itself won’t prevent fraud. The critical transaction is the push of keys after a positive diagnosis which needs to be secured extra and the trust propagated to other health authorities. Our approach reduces the complexity by focusing on the securing the push by the proposed signed one time token.
The proposed solution tries to be compatible with the Contact tracing API. In terms of GDPR the sensitive data set could be the diagnosis keys and to some extend the geohashes. However both data sets are aggregated and anonymized so that a contact service backend provider can‘t match it with a specific user. Hence we don‘t see significant limitations for the proposed solution by GDPR in the EU.
The proposed solutions assumes that there won’t global standardized apps. Even the EU struggles to standardize it’s efforts and a frictioned set of tracking apps might be reality. We think that this will limit the effectiveness of tracking as soon as travel restrictions are reduced and shall be addressed in an early stage of development.
We use the SDL capabilities of graphQL to define the required mutations, queries and types as technical but platform agnostic documentation of the proposed interfaces.