The EU COVID-19 certificate arrives to circulate in Europe, while the Italian Green pass runs aground in privacy

The European Parliament approved the Regulation proposal presented by the European Commission on the so-called digital green certificates, which will be called EU COVID-19 certificates (EU Digital Covid Certificate) and will have the function of facilitating the free and safe movement of citizens in the European Union during the COVID-19 pandemic.

EU COVID-19 certificates: release and duration requirements

The EU COVID-19 certificate can only be issued in certain cases:

1) after completing the vaccination course. Vaccination certificate, with a duration of 9 months starting from the second administration of the vaccine,

2) upon receipt of the first dose. Certificate of administration of the first dose of the vaccine, which will be valid from the fifteenth day following the first dose, until the date scheduled for the second administration. Therefore, part of the days elapsed between the first and second administration must be added to the 9 months of coverage guaranteed by the completion of the vaccination.

More precisely, those who get vaccinated with AstraZeneca will receive the second dose after 12 weeks, consequently the validity of the Covid pass is extended by the days between the first and second injection, for a total of 11 months and 10 days. Anyone who gets vaccinated with Pfizer or Moderna will have the booster 42 days after the first injection. The total duration of the greenpass in these two cases it will be 9 months and 28 days. While, those who will be vaccinated with the Johnson & Johnson single-dose will have a greenpass valid for 9 months, starting from the 15th day after administration.

3) for those who have recovered from the covid. Certificate of healing with a duration of six months from the date of healing,

4) for those who have undergone a rapid molecular or antigenic swab, done in the previous 48 hours and tested negative. Test certificate valid for only 48 hours following the test.

The Commission however, he recalled that the pass will have a limited duration as the pandemic continues. It will therefore be a temporary measure and will be suspended once the WHO Director-General declares, in accordance with the International Health Regulations, that the international public health emergency caused by SARS-Co-V-2 has ceased.

Characteristics of the EU COVID-19 certificate

The certificate will be:

- interoperable, i.e. the verification systems of one Member State will be able to use data encoded by another Member State,

- in digital or paper format, or in both formats,

- written in two languages, the official one of the issuing state and in English.

- free,

- it will be valid for no more than 12 months,

- it will also apply to EU citizens, who reside outside the EU and who have been vaccinated with vaccines recognized by the EMA. (European Medicines Agency, European Medicines Agency).

How to request it and how it works

The certificates they will be issued by hospitals, health facilities that carry out diagnostic tests or health authorities and may be both in digital form, to be displayed via your mobile device, and in paper form.

Each certificate it will contain all the essential information of the traveler (name, date of birth, date of issue and health information on the vaccine and tests) and will be signed with a specific digital signature.

To individual authorities, which the traveler will receive, it will be up to check the validity and authenticity of the certificate (vaccination, recovery or negative test) by scanning the QR code.

The European Commission will adopt a dedicated network device (Gateway), through which all the signatures of the certificates can be verified throughout the European Union and will assist member states to develop, in the short term, a with , which can be used by authorities to scan QR codes. Not just a vaccination passport therefore, but a certification that certifies that those who are traveling are not in danger or have not contracted the virus.

Member States however, they have the right to apply more restrictive measures. Although the EU COVID-19 certificate will have to be accepted in all EU Member States, the individual State will have the right to impose on the holders of the digital green certificate the obligation to quarantine or carry out a test, subject to a reasoned communication to the Commission and to all other Member States.

What vaccines are included

The certificate will be issued to citizens vaccinated with any Covid-19 vaccine. However, Member States are obliged to accept certificates only for vaccines that have obtained marketing authorization in the European Union. On the other hand, the choice of whether to consider also valid the vaccination certificates issued in other European countries for vaccines that the WHO defines as suitable for emergency use remains left to the discretion of the individual states.

Next steps

After the agreement obtained on May 20, it will be necessary to wait until June 7 for the vote in the European Parliament, while from July 1 the measure should be valid on the territory of all member states, with a gradual introduction period of 6 weeks, for member states who will not have been able to adjust for that date.

Green pass Italian

Italy with the Rilanci Decree, in force since April 26, it adopted the rules on the Covid-19 green certificate, which incorporates various aspects of greenpass/ EU COVID-19 certificates.

Il Green pass national will mainly be required to move to the orange and red regions and to visit the elderly in retirement homes (Rsa). In addition, from 15 June it will be used to participate in wedding parties. The use of the greenpass also to participate in concerts with a capacity greater than that currently allowed (up to a maximum of one thousand spectators in outdoor facilities and up to 500 indoors) and to enter the disco.

From 1 July, greenpass it should be available in digital format on "I", the application of the Public Administration.

Green pass e privacy

Like all measures concerning the sensitive data of citizens, including the greenpass Italian and European have been placed under the lens of the guarantors of the privacy.

At European level, no critical issues were found in the network system adopted (Gateway), as the personal data encoded in the certificate will not pass through the Gateway.

Otherwise, greenpass Italian was rejected by the guarantor of the privacy. The Authority  pointed out that i pass vaccines, regulated in this way, present critical issues such as to invalidate the validity and functioning of the system envisaged for the long-awaited "go-ahead" to travel.

The Italian Government, in the drafting of the decree-law which introduces the greenpass did not involve the Privacy Guarantor in violation of art. 36, par. 4 of EU Reg. 2016/679. Consequently, the decree lacks some of the essential requisites required by the Regulation (articles 6, par. 2 and 9) and by the code regarding the protection of personal data (Legislative Decree 30 June 2003, no. 196 articles 2-ter and 2-e).

Missing requirements

The shortcomings they are numerous.

- They have not been indicated the specific purposes for the processing of personal data, pursued through the introduction of the greenpass, an essential element in order to assess the proportionality of the rule, required by art. 6 of the regulation, also in light of what the Constitutional Court affirmed in Sentence no. 20 of 21 February 2019, according to which the legal basis that identifies an objective of public interest must provide for the processing of personal data that is proportionate to the legitimate purpose pursued.

- They have not been specified the motivations by virtue of which it is necessary to provisionally introduce the aforementioned green certifications, given the forthcoming adoption of the proposal for a regulation of the European Parliament and of the Council on the digital green certificate (2021/0068 (COD) of 17 March 2021).

- The principle of data minimization, according to which they must be adequate, relevant and limited to what is necessary, with respect to the purposes for which they are processed (Article 5, paragraph 1 letter c of the Reg.).
The prediction of three different models of greenpass, depending on the condition of the interested party and the indication on them of numerous personal data, also relating to health, are in contrast with the aforementioned principle of data minimization.

- It wasn't even respected the principle of data accuracy, according to which they must be accurate and, if necessary, updated or corrected promptly (Article 5, paragraph 1, letter d) of the regulation). The transitional provision according to which, pending the adoption of the implementing decree establishing the national platform of the Digital Green Certificate (DGC), the use of healing certifications issued before the entry into force of the decree-law is allowed, does not allow to verify the actuality of the conditions attested in the certification. In the absence of a suitable platform, it becomes difficult to ascertain any changes to the conditions relating to the interested party (for example, positive results) subsequent to the time of release of the same (Article 9, paragraph 4).

- The decree-law violates the principle of transparency, as it does not clearly indicate the specific purposes pursued, the characteristics of the processing and the subjects who can process the data collected, in relation to the issue and control of green certifications (articles 5, paragraph 1, letter e) and 6 , para. 3, letter b) of the regulation).

- Also principles of conservation limitation and integrity and confidentiality were not observed. The Decree violates the conservation limitation principle, according to which the data must be kept in a form that allows identification of the data subjects for a period of time not exceeding the achievement of the purposes for which they are processed (articles 5, par. 1 , letter e) and 6, par. 3, letter b) of the regulation) and fails to indicate the measures to be adopted to ensure adequate security and protection of personal data. (2)

- Last but not least, the lack of involvement of the Guarantor it eliminated for citizens a strong guarantee of a fundamental constitutional right.

It will certainly be desirable in an urgent and short-term intervention, which can fill gaps and anomalies, in order to avoid institutional conflicts and judicial cases, for issues related to privacy.

Data protection is an essential part of the relaunch of the country, starting with the Decree-law on greenpass.

According to Ginevra Cerrina Feroni, Vice President of the Guarantor for the protection of personal data 'Everything passes from the regulation of data, not just personal ones. Data is at the heart of the new world and the new civilization. For example - and we have reported it to the Government - the success or failure of public and private policies based on artificial intelligence will largely depend on the rules that will govern the design, development and use of algorithms and on the activity of regulation, supervision and promotion of the circulation of public and private, personal and non-personal data '. (3)

In order to return to move and move freely throughout the continent, it will be necessary to have a unified and secure system, counterfeit-proof and non-discriminatory, which guarantees interoperability between different countries and, last but not least, protects compliance with privacy.

Elena Bosani

Note

1) From 1 July the digital green pass arrives on the Io - Il Sole 24 ORE App https://www.ilsole24ore.com/art/dal-1-luglio-arriva-green-pass-digitale-sull-app-io-AEVxrdL?refresh_ce=1 
2) See the Official Gazette https://www.gazzettaufficiale.it/atto/serie_generale/caricaDettaglioAtto/originario?atto.dataPubblicazioneGazzetta=2021-05-03&atto.codiceRedazionale=21A02576&elenco30giorni=true&fbclid=IwAR2IYWcwP2vvUqtSP9K7BOu7CD4nb9c4I1ilMyzhPev6NhmdrWhPqezeyX0
3) v. https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9580828

Elena Bosani

More postsBio

Attorney at law in Milan and Frankfurt am Main. An expert in family, juvenile and criminal law, she is now enrolled in a university master's degree in food law

• Heat pumps, the largest in Europe derives energy from wastewater
• Minimum wages, EU directive approved
• Common rules in the EU for associations operating in multiple countries
• Public consultation on the EU strategic plan for global public health