By Foo Yun Chee
BRUSSELS (Reuters) – Plans by European Union countries to issue certificates showing that citizens have been vaccinated against COVID-19 should have a legal basis to ensure that they are necessary and proportionate, the bloc’s privacy watchdogs said on Tuesday.
The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) also warned against using data in such travel documents to create a central EU database.
Tourism-reliant countries such as Greece, Spain and Portugal are hoping that vaccine certificates will revive international travel and save this summer’s holiday season. While some countries want an EU-wide approach to the issue, others are planning national schemes.
“Any measure adopted at national or EU level that involves processing of personal data must respect the general principles of effectiveness, necessity and proportionality,” EDPB head Andrea Jelinek said in a statement.
“Therefore, the EDPB and the EDPS recommend that any further use of the Digital Green Certificate by the member sates must have an appropriate legal basis in the member states and all the necessary safeguards must be in place.”
The head of the EDPS Wojciech Wiewiórowski said the use of the documents should be restricted and that they should be scrapped once the pandemic is over.
“It must be made clear that the proposal does not allow for – and must not lead to – the creation of any sort of central database of personal data at EU level,” he said.
The watchdogs say EU countries should allow for three types of vaccine certificates – for people who have been vaccinated, recovered or tested – to avoid discrimination based on health data and hence a breach of fundamental rights.
(Reporting by Foo Yun Chee; Editing by Kirsten Donovan)
