Some of this seems to overcomplicate matters. DP-3T for example (in the centralized setup) suggest in the whitepaper you linked to simply upload data to the health authority backend of the countries you visit. Having a single health authority registry sounds impractical.<p>At the very least, if you want this to gain any traction in the EU, please amend this specification to include a way to get a single users data back out by revocation or deletion.<p>Sidenote: What's with all the GraphQL? Do the data formats being exchanged here really warrant that?