Os passaportes com status Covid devem priorizar a privacidade dos dados, afirma o European Data Protection Boardpor CCHDC
O certificado verde digital é projetado para facilitar a livre circulação dentro da UE durante a pandemia de Covid-19 em andamento, “estabelecendo uma estrutura comum para a emissão, verificação e aceitação de certificados de vacinação, teste e recuperação Covid-19 interoperáveis”.
Há preocupações tanto na Europa quanto no Reino Unido de que as propostas possam discriminar aqueles que não podem ser vacinados, uma população que inclui mulheres grávidas e aqueles cuja condição médica torna a vacina um risco para a saúde.
Defensores da privacidade e outros também se preocupam com o aumento da missão – a possibilidade de que os dados de saúde coletados para o chamado passaporte Covid-19 possam ser usados para outros fins.
European privacy regulators lay down rules for Covid-status passports
European privacy regulators have accepted the need for the EU’s proposed ‘digital green certificate’ while warning that plans need to be compliant with data protection legislation.
The European Data Protection Board (EDPB) and European Data Protection Supervisor (EDPS) gave a cautious thumbs-up to the European Commission’s plan through a joint statement released on Tuesday (April 6).
The digital green certificate is designed to facilitate free movement within the EU during the ongoing Covid-19 pandemic by “establishing a common framework for the issuance, verification, and acceptance of interoperable Covid-19 vaccination, testing, and recovery certificates”.
In a joint statement, the EDPB and EDPS argue that any rollout should be based on the foundation of a solid legal framework before directly warning of the discriminatory potential of the proposed technology.
“The EDPB and the EDPS underline that the use of the Digital Green Certificate may not, in any way, result in direct or indirect discrimination of individuals, and must be fully in line with the fundamental principles of necessity, proportionality, and effectiveness,” they contend.
There are concerns both in Europe and the UK that the proposals could discriminate against those who are unable to get vaccinated, a population including pregnant women and those whose medical condition renders the vaccine a health risk.
Privacy advocates and others also worry about mission creep – the possibility that health data collected for the so-called Covid-19 passport could be used for other purposes.
Any measures introduced ought to be temporary and limited to the duration of the pandemic, according to the regulators.
Wojciech Wiewiórowski of the EDPS, said: “It must be made clear that the proposal does not allow for – and must not lead to – the creation of any sort of central database of personal data at EU level.
“In addition, it must be ensured that personal data is not processed any longer than what is strictly necessary and that access to and use of this data is not permitted once the pandemic has ended.”
Security experts reserved judgment on the EU’s proposals and similar plans to introduce a ‘Covid status passport’ in the UK.
“Much depends on how it is implemented, where data is held, how identifiable it is and who can access the data,” Professor Alan Woodward, a computer scientist at the University of Surrey, told The Daily Swig. “Personally would prefer a privacy preserving technique such as used for” the government’s Covid-19 contact tracing app.