All the lashes of the Privacy Guarantor to the vaccination pass
Because the Authority for the protection of personal data continues to criticize the government project of Green Pass on the merits and in the method
The Privacy Guarantor does not like the Green Pass , or Green Certification if you prefer. The doubts about the pass designed by the government to allow a return to an almost normal life despite Covid concern the protection of personal data and sensitive data that the vaccine passport would put at risk.
In the meantime, news from Brussels: the management system of the new Covid EU digital certificates will be operational from June 1st after an experimentation phase that will begin on May 10th with a first group of over 15 countries, including Italy, according to Ansa . The next step before the entry into force of the new pass system will be the approval by the Member States, scheduled for the end of June, but when the signature of the EU Council arrives, the technical infrastructure will already be fully functional, assure from the Commission.
But let's see what happens in the Roman palaces on the Green Pass.
The doubts of the Privacy Guarantor
"As it stands, the law does not sufficiently circumscribe the scope of use of the passes, with the risk of interpretations, perhaps in good faith, which however have the effect of unduly extending the perimeter". This is said by Pasquale Stanzione , Guarantor for privacy, in an interview with the daily newspaper La Stamp a . The no is motivated by the fact that the data relating to the vaccination status are particularly delicate data and their incorrect treatment can have very serious consequences for the life and fundamental rights of citizens. " There is no clear definition of the protagonists of the treatment (owner and manager in particular), however, – continues Stanzione -, for the exercise, by the interested parties, of the rights recognized by the privacy regulations. Furthermore, the provision of two different pass models depending on whether they are negative or healing swab or, instead, vaccine should be replaced by the indication of only the time expiration of the certificate. Adequate guarantees must then be introduced to the nature of the data processed, which are sensitive ".
Slap of the Privacy Guarantor to the government on the vaccination pass. All the whys
Original Sin: Failed Dialogue
The original sin of this provision lies in the lack of dialogue between the government and the Authority for the protection of personal data although the latter had asked for a comparison in advance. “From the European regulation, we should receive the draft of the regulatory provision on which we are asked to provide an opinion, and then proceed with the implementation. At the moment, unless it is arriving as we speak, nothing has arrived yet ”, Guido Scorza , one of the members of the board of the authority for the protection of personal data, told Open . The government preferred to proceed with the decree Reopening without first asking the Guarantor about the introduction of the pass. “From the draft it would seem so, because it suggests that the privacy issue will be regulated at a later time – continued Scorza -. In an ideal model, you should give an opinion on the method , thus anticipating the assessments on the privacy profile before starting to use the certificate. It is difficult to discuss the proportionality of the data processed, security measures, or storage times with respect to a decree-law which, at the moment, lacks any exercise of discipline in relation to these aspects ".
Failure to comply with the rules
The Guarantor stresses that the government would not have respected the rules that require listening to the opinion of the Guarantor. "It is a question of observance of rules, such as those that require the mandatory, albeit non-binding, opinion of the Guarantor , to protect both a right of freedom, which is precisely privacy, and the effectiveness of the measures to combat the pandemic – President Stanzione explained to La Stampa -. Standards with an unspecified scope of application, lacking a clear indication of the responsible parties and the appropriate measures to prevent undue data processing, in fact risk complicating rather than facilitating the action to combat the pandemic ".
Slap of the Privacy Guarantor to the government on the vaccination pass. All the whys
No to pass for access to the premises
Already last March, when there were rumors about the introduction of a vaccination pass, he clearly stated his "no". "With the arrival of anti-Covid-19 vaccines, the opportunity is being discussed about the opportunity to start implementing solutions, including digital ones (eg. Apps), to respond to the need to make information on being vaccinated or not as a condition for access to certain premises or for the use of certain services (eg airports, hotels, stations, gyms, etc.) – we read on the website of the Guarantor for the protection of personal data -. In this regard, if it is intended to resort to the aforementioned solutions, the Privacy Guarantor draws the attention of public decision makers and Italian private operators to the obligation to comply with the regulations on the protection of personal data ".
Green Pass: the legal basis is missing
With the approval of the reopening decree, the Guarantor sent a formal warning to the President of the Council of Ministers and to all the Ministries involved . "The recently approved standard for the creation and management of" green certifications ", the so-called vaccination passes, presents critical issues that could affect, if not appropriately modified, the validity and functioning of the system envisaged for the reopening of travel during the pandemic. Urgent action is therefore needed to protect the rights and freedoms of people – reads the website of the Guarantor. The critical point is the absence, in the Reopening Decree, of " a suitable regulatory basis for the introduction and use of green certificates on a national scale, and it is seriously incomplete in terms of data protection, without an assessment of the possible large-scale risks to personal rights and freedoms ”. To this we must add that " the purposes for the processing of data on the health of Italians are not defined, leaving room for multiple and unpredictable future uses, in potential misalignment even with similar European initiatives".
How Europe moves on the vaccination passport
The management system of the new Covid EU digital certificates will be operational from 1 June after an experimentation phase that will begin on 10 May with a first group of over 15 countries, including Italy. "As we reported in the Senate, the draft regulation, albeit with some changes that the European Privacy Guarantor and the Board have requested, underlies a balanced balance between privacy, health needs and freedom of movement – continues the Guarantor on La Stampa – , as it provides adequate guarantees to avoid undue data processing and, through them, discrimination against those who do not want or cannot get vaccinated ", said the Guarantor in this regard". Member states are expected to approve the new procedure by the end of June.
Slap of the Privacy Guarantor to the government on the vaccination pass. All the whys
This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/tutte-le-staffilate-del-garante-della-privacy-al-pass-vaccinale/ on Fri, 30 Apr 2021 12:59:44 +0000.