Data-driven contact tracing and immunity certification is being used for the first time in history. This Article assesses these apps’ risk and tradeoffs from a private and regulatory law perspective with special attention to privacy and inequality. The Article begins by developing a surveillance-based taxonomy of contact tracing apps and immunity passports. Next, it demonstrates how these apps magnify the problems and limits of consent and anonymization, two important privacy guarantees. It then explores how the interplay of trust and error can pose threats to efficacy, how they raise issues of liability, and how to address them. It then discusses the prospect that these apps cause discrimination and magnify existing inequalities. Underpinning the aforementioned considerations is a balancing assessment that aims to guide policymakers, judges, employers, and individuals in making difficult containment decisions.