Litcius/Paper detail

The EU Digital COVID Certificate: A Preliminary Data Protection Impact Assessment

Oskar Josef Gstrein

2021European Journal of Risk Regulation26 citationsDOIOpen Access PDF

Abstract

On 20 May 2021, the European Commission, Council and Parliament announced a breakthrough in the trialogue negotiations to establish the European Union (EU) Digital COVID Certificate. Originally, this standardisation effort was labelled as “Digital Green Certificate” and – “[i]n view of the urgency” – presented without a data protection impact assessment. It should allow citizens and residents of Member States to prove that they are either vaccinated against COVID-19, have recently tested negative or are currently immune against the virus. This article considers the proposal from a privacy perspective, taking into account the opinion of EU data protection authorities, ongoing negotiations in the EU institutions and relevant developments on the national and international level. While the European Parliament and others tried to improve the original Commission proposal, questions around the appropriateness and effectiveness of the framework remain. The technological and organisational implementation is essentially left to Member States, who already have started to develop their own tracing and identification systems.

Topics & Concepts

CertificateParliamentEuropean unionNegotiationEuropean commissionPolitical scienceData Protection Act 1998Member statesCoronavirus disease 2019 (COVID-19)CommissionGeneral Data Protection RegulationPublic administrationBusinessInternational tradeLawComputer sciencePoliticsMedicineInfectious disease (medical specialty)PathologyDiseaseAlgorithmCOVID-19 Digital Contact TracingEuropean Criminal Justice and Data ProtectionPrivacy, Security, and Data Protection