Could a QR code open up the world? That is the question in Estonia as it takes a lead in global efforts to develop digital vaccine passports.

The small, tech-savvy Baltic EU member state is working on a pilot project with the World Health Organization on how globally recognised electronic vaccine certificates might work.

Marten Kaevats, an adviser to the Estonian government on technology, said the primary issue for the project so far is to ensure that anyone checking the certificate can "trust the source".

"Both the architecture and the solution should work both in Eritrea and Singapore," Kaevats said.

While Estonia already has its own system of electronic health records with vaccine information, most countries in the world do not and there is no mutual recognition across borders.

There are now many digital vaccine passport initiatives cropping up globally that are raising urgent questions about privacy and human rights.

The WHO is also moving cautiously and for the moment does not recommend vaccination passports for travel as it does not see them as sufficient guarantee of protection from transmission.

Nevertheless, digital vaccine certificates are an attractive prospect, particularly for pandemic-hit businesses such as airlines.

Emirates and Etihad, two of the Middle East's biggest airlines, announced last month that they would be trying out an application that allows pre-travel verification of vaccinations.

The agreement between the WHO and Estonia is to explore the possibility of a "smart yellow card" -- a digital version of an existing paper system to prove yellow fever vaccination.

Kaevats, who also advises the WHO on digital health issues, said it would be "impossible" to create a global digital ID in the coming months and that a mix of paper and electronic certificates was more likely.

He said the main focus at the moment was on elaborating global standards to develop "a single common solution for checking the existence of healthcare providers".

Estonia already has its own system of electronic health records
Estonia already has its own system of electronic health records AFP / Christof STACHE

Estonia, a eurozone member of 1.3 million people, is known as a tech trailblazer and innovation testing ground, with Estonians helping pioneer the likes of Skype, e-voting and delivery robots.

Guardtime, an Estonian company, is now developing a system for cross-border recognition of electronic health records using blockchain.

The company is also working with Iceland, Hungary and Lithuania, as well as with AstraZeneca, the pharmaceutical giant producing one of the coronavirus vaccines.

Ain Aaviksoo, Guardtime's chief medical officer, said he expected the first countries to begin using digital vaccine certificates domestically "in the coming weeks".

Aaviksoo dismissed privacy concerns for the VaccineGuard system, pointing to the company's use of blockchain to ensure data protection.

Personal and health data remain in the original location and the system provides "cryptographic proof of the certificate and its issuance process and the authenticity of the vaccine," he said.

In response to similar concerns, the WHO-Estonia project is guided by the principles that people should be allowed to delete the data and tech companies should not be allowed to profit from the data that they handle.

But many are still worried about their implementation.

Ana Beduschi, an associate professor of law at the University of Exeter in Britain, said the introduction of vaccine passports "poses essential questions for the protection of data privacy and human rights".

"These passports build on sensitive personal health information to create a new distinction between individuals based on their health status," she said.

This differentiation "can then be used to determine the degree of freedoms and rights they may enjoy".

Before they are rolled out more widely, Beduschi said policymakers should ensure vaccines are universally available and explore alternatives for people who cannot be vaccinated such as pregnant women.

"It is not sufficient to develop technical solutions for the verification of people's health status," she said, adding that "the risks of deploying such technologies must be anticipated and mitigated as much as possible".