The Proposal for a Digital Green Certificate (Proposal) aims to facilitate the exercise of the right to free movement within the EU during the COVID-19 pandemic by establishing a common framework for the issuance, verification and acceptance of interoperable certificates on COVID-19 vaccination, testing and recovery.
Pending the approval of the European Parliament, the Proposal has been examined by the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) with a specific focus on the protection of personal data, which “represent a fundamental aspect”.
In their joint opinion, the EDPB and the EDPS recall that data protection does not constitute an obstacle for fighting the current pandemic and, therefore, recommend that the Digital Green Certificate is fully in line with EU personal data protection legislation: not only for the sake of legal certainty, but also “to avoid that the Proposal has the effect of directly or indirectly jeopardizing the fundamental right to the protection of personal data”.
The Proposal should achieve a fair balance between the objectives of general interest pursued by the Digital Green Certificate and the individual interest in self-determination, as well as the respect for her/his fundamental rights to privacy, data protection and non-discrimination, and other fundamental freedoms, such as freedom of movement and residence. Specific attention should be paid to ensure compliance with the fundamental principles of effectiveness, necessity and proportionality in the processing of personal data, and to mitigate risks to the fundamental rights of data subjects, including risks of unintended secondary use of the Digital Green Certificate as well as of direct and/or indirect discrimination.
The following summarizes the general recommendations of the EDPB and the EDPS to the legal framework for establishing the Digital Green Certificate:
The presentation by the EDPS of the joint opinion is available here.