EU Digital COVID Certificate and Data Protection. The Case of Poland and Austria
Keywords:
EU Digital COVID Certificate, personal data, GDPR, Poland, AustriaAbstract
The EU Digital COVID Certificate was introduced as a technological promise of a smooth exit from the pandemic. At the same time, due to the scope of the data processed, it interacts with the European system of personal data protection law. The EU Digital COVID Certificate is designed to function for two different purposes: to facilitate border crossings during a pandemic and for domestic purposes as defined by the Member States. Given the degree of discretion left to Member States in the implementation of the EU COVID Digital Certificates, a comparative analysis is necessary. The key issue that is visible in both Polish and Austrian implementation of the EU Digital COVID Certificate is the question of determining the controller of the processed personal data. The difficulty of both countries’ authorities to determine the controller in decentralised infrastructures of personal data processing is clearly visible here. Specifically, it is problematic to identify the controller in relation to mobile applications that locally store a copy of the EU Digital COVID Certificate and display it on demand.
References
Bundesgesetz betreffend Datensicherheitsmaßnahmen bei der Verarbeitung elektronischer Gesundheitsdaten und genetischer Daten (Gesundheitstelematikgesetz 2012 – GTelG 2012) StF: BGBl. I Nr. 111/2012.
Commission, Report from the Commission to the European Parliament and the Council pursuant to Article 16(1) of Regulation (EU) 2021/953 of the European Parliament and of the Council on a framework for the issuance, verification and acceptance of interoperable COVID-19 vaccination, test and recovery certificates (EU Digital COVID Certificate) to facilitate free movement during the COVID-19 pandemic, 18.10.2021.
Datenschutz-Folgenabschätzung zum Grünen Pass und zum EPI-Service, https://www.gesundheit.gv.at/service/gruener-pass/datenschutz-folgenabschaetzung.
Directive 2011/24/EU of the European Parliament and of the Council of 9 March 2011 on the application of patients’ rights in cross-border healthcare, OJ L88/45, 2011.
Epidemiegesetz 1950 (EpiG). StF: BGBl. Nr. 186/1950.
European Data Protection Board-European Data Protection Supervisor, Joint Opinion 04/2021 on the Proposal for a Regulation of the European Parliament and of the Council on a framework for the issuance, verification and acceptance of interoperable certificates on vaccination, testing and recovery to facilitate free movement during the COVID-19 pandemic (Digital Green Certificate), 31.03.2021.
eHealth Network, Guidelines on Technical Specifications for Digital Green Certificates. Volume 5 Public Key Certificate Governance, V1.02, 5.12.2021.
eHealth Network, Interoperability of health certificates. Trust framework, V.1.0, 3.12.2021.
eHealth Network, Guidelines on Value Sets for EU Digital COVID Certificates, V1.4, 13.10.2021.
eHealth Network, DCC Anomaly Capture Process for COVID Certificate Data. Best current practice, V1.01, 15.09.2021.
eHealth Network, Guidelines on Technical Specifications for Digital Green Certificates. Volume 1, V1.0.5, 21.04.2021.
eHealth Network, Guidelines on Technical Specifications for Digital Green Certificates. Volume 2 European Digital Green Certificate Gateway, V1.3, 21.04.2021.
eHealth Network, Guidelines on Technical Specifications for Digital Green Certificates. Volume 3 Interoperable 2D Code, V1.3, 21.04.2021.
eHealth Network, Guidelines on Technical Specifications for Digital Green Certificates. Volume 4 European Digital Green Certificate Applications, V1.3, 21.04.2021.
Gstrein O.J., The EU Digital COVID Certificate: A preliminary data protection impact assessment. “European Journal of Risk Regulation” 2021, vol. 12, iss. 2.
Rozporządzenie Ministra Zdrowia z dnia 20 marca 2020 r. w sprawie ogłoszenia na obszarze Rzeczypospolitej Polskiej stanu epidemii, Dz.U. z 2020 r. poz. 491.
Rozporządzenie Parlamentu Europejskiego i Rady (UE) 2021/953 z dnia 14 czerwca 2021 r. w sprawie ram wydawania, weryfikowania i uznawania interoperacyjnych zaświadczeń o szczepieniu, o wyniku testu i o powrocie do zdrowia w związku z COVID-19 (unijne cyfrowe zaświadczenie COVID) w celu ułatwienia swobodnego przemieszczania się w czasie pandemii COVID-19 (Tekst mający znaczenie dla EOG), OJ L 211/1, 2021.
Rozporządzenie Parlamentu Europejskiego i Rady (UE) 2021/954 z dnia 14 czerwca 2021 r. w sprawie ram wydawania obywatelom państw trzecich legalnie przebywającym lub zamieszkującym na terytoriach państw członkowskich w czasie pandemii COVID-19 interoperacyjnych zaświadczeń o szczepieniu, o wyniku testu i o powrocie do zdrowia w związku z COVID-19 (unijne cyfrowe zaświadczenie COVID), oraz weryfikowania i uznawania takich zaświadczeń (Tekst mający znaczenie dla EOG), OJ L 211/24, 2021.
Rozporządzenie Rady Ministrów z dnia 6 maja 2021 r. w sprawie ustanowienia określonych ograniczeń, nakazów i zakazów w związku z wystąpieniem stanu epidemii, Dz.U. z 2021 r. poz. 861.
Streinz T., The Evolution of European Data Law, [in:] The Evolution of EU Law, eds. P. Craig, G. de Búrca, OUP 2021.
Published
How to Cite
Issue
Section
Copyright (c) 2023 Antoni Napieralski
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.