According to information published by the European Commission, the Digital Green Certificate (DGC) of vaccination is a digital proof that will help to ensure that restrictions currently in place can be lifted in a coordinated manner, thereby facilitating the free movement of citizens of the EU. This certificate will only include necessary key information, such as name, date of birth, date of issuance, relevant information about vaccines/tests/recovery and a unique identifier. In principle, the Spanish Government plans to implement it in June of this year, so that it is fully operational for the summer months.

aeropuerto, gente, maletas

Since this is a project that has generated some controversy, Ruth Benito, Of Counsel of ELZABURU and a specialist in personal data protection and privacy law, has analysed the privacy requirements that are expected when the certificate is launched:

1.- Data protection and security by design and by default

This is the primary issue for two main reasons:

  1. Contrary to common belief, focusing on privacy and security from the very beginning of any project helps to achieve better results in terms of effectiveness and public confidence in the project, minimise the risks for the public and avert the need for subsequent modifications.
  2. We are concerned that in the Proposal for a Regulation on the Digital Green Certificate (DGC) it is stated that in view of the urgency, an impact assessment has not been carried out, when such assessments are a key element in building public trust.

2.- Full transparency

EU citizens have a right to know exactly what information this certificate will contain, how it will be used and who will be involved in handling the information.

The future publication of the Regulation on the DGC (currently only a proposal) will provide considerable information in this regard, but many specific details will still have to be confirmed for each Member State, particularly concerning the companies, technology and security measures involved in each case.

3.- Non-discrimination

One issue raised in several countries is that this DGC must not be allowed to give rise to any kind of discrimination.

This certificate is being created to facilitate the safe free movement of EU citizens between EU Member States. Therefore, there must be a guarantee that it will only be used for this purpose and not for other matters that could imply some kind of discrimination, even on the part of the holder of the certificate, such as, for example, to gain an advantage in job selection processes.

One might question whether the DGC already inherently entails some degree of discrimination, given that those who have not yet been able to get vaccinated and have not been infected with the virus will have to pay for tests to have the results reflected in the certificate or be able to furnish some other form of proof in order to be able to travel.

4.- Actual usefulness and effectiveness

The information reflected in the DGC must always be up to date, but it must also be appropriate for the intended purpose. It would seem that this is an issue that has yet to be fully resolved, given that there is as yet no scientific evidence that those who are immunised, either because they have had the virus or because they have been vaccinated, cannot transmit the virus, that is, that they cannot infect others.

Moreover, it is also still too early to know how long this immunity will last. Therefore, it seems that the information is not as reliable as would be desirable for its intended purpose, which could be considered to go against the principle of data accuracy. We believe that further progress needs to be made on this issue and that scientific opinion and evidence will be taken into account in order to make the necessary adjustments in the system to ensure its maximum effectiveness with appropriate use of our personal data.

5.- Minimise data

Both the information used in the DGC system and the data ultimately reflected in the application or on the paper document when travelling, must be the minimum information necessary for the intended purpose.

We do not yet know exactly what information will be displayed when the passport is used, but it is something that needs to be analysed in detail. For example, it might be sufficient to have a kind of “fit for travel/unfit for travel” indication, if it were not necessary to know the person’s situation (whether the person is vaccinated, has had the virus or has a negative test result), or it might be necessary to know the specific situation that makes the person eligible for travel but not necessary, for the purpose of granting access to the territory, to know which specific vaccine was administered or what type of test was conducted, etc.

6.- Make sure that project partners provide appropriate guarantees

The national authorities will have to assess whether the providers of technology, infrastructure, data storage, etc. offer sufficient guarantees to ensure that the handling of that personal data, which is sensitive information, is conducted in accordance with appropriate security measures and that there is no undue interference in the rights of EU citizens. In any case, we would assume that as far as Spain is concerned, the selected company or companies will have to comply with the measures necessary under the National Security Framework.

7.- Interoperability

As set out in the Proposal for the EU Regulation, uniform conditions for the issuance, verification and acceptance of certificates in all EU countries are needed. Otherwise, it would not really facilitate the free movement of EU citizens within the EU.

8.- Universal and free of charge

The Proposal for a Regulation also rightly provides that the DGC must be universal and free of charge, which doesn’t mean that it has to permit us to travel free of charge and throughout the world (if only!) but that all citizens of the EU should be able to access the certificate at no cost.

Making it free of charge is really a means of ensuring that the DGC is universally accessible. However, it is also important to ensure that certain vulnerable groups are able to effectively benefit from the DGC, such as, for example, minors (who are, moreover, not in the age groups for vaccination), people with disabilities (accessibility) or people who are disadvantaged by the digital divide.

9.- No one should be permitted to take advantage of the data

This is not an opportunity to take advantage. Therefore, the authorities and companies involved in the DGC, aside from the intended purposes, cannot share the health information of EU citizens or benefit from them in any way, and international passenger transport operators that have to access the certificates should not generate their own databases with that information.

10.- It should be a temporary measure

It only makes sense, and thus is only justified and warranted, to have the DGC while the pandemic and/or health crisis continues. Therefore, once we have overcome that situation (hopefully sooner rather than later), both the certificate and the supporting technology must be discontinued and the health information of EU citizens that has been stored in the DGC systems must be deleted.

Previously published [in Spanish] in Confilegal by Luis Javier Sánchez.

For more information, you can listen to the interview with Ruth Benito on Capital Radio’s “Ventaja Legal” [in Spanish].

Author: Ruth Benito

Visit our website