The CNIL issues it’s opinion on vaccine passes for mass gatherings

The CNIL issues it’s opinion

The CNIL issues it’s opinion on the implementation and use of vaccine passes for admittance to mass crowd events in France. 

 

 As the world aims to resume somewhat normal activity during the global COVID-19 pandemic, France is considering the use of the vaccine passes or  green passes for admission to mass gatherings of at least 1000 persons. This suggestion comes in an effort to re-open certain establishments and resume certain activities, while minimizing the risk of contamination from the virus. These green passes, as with the ones for travel, will include information related to the COVID-19 vaccine, a negative COVID-19 test, or proof of recovery from the virus. While they were originally developed to facilitate travel with more ease during the pandemic, the Government of France seeks to take the opportunity to use them for access to mass crowd events, in an effort to resume those activities much sooner. 

 

The CNIL makes it clear that these passes are not to be used beyond the health crisis. 

 

The CNIL wishes that it be made clear that these passes are intended only for use during the pandemic and it will definitely be of a temporary nature. In acknowledging the unprecedented nature of an initiative like this and the implications that it may have for the lives of individuals, the Authority wants it to be made clear that this measure is meant for the specific purpose of dealing with the current health crisis and should only be used for as long as its purpose is applicable to the COVID-19 pandemic. In addition, the CNIL requests that the impact of this system on the health situation be monitored, studied and documented at regular intervals and on the basis of objective data, in order to determine whether public authorities should continue its use. 

 

The CNIL would like guarantees that the use of these passes is limited to mass crowd events. 

 

While the authority acknowledges the functionality of these passes for admittance into mass crowd events, CNIL would like to make it clear that in the interest of respect for the fundamental rights and freedoms of persons, these passes should be limited to those mass crowd events for which they are intended. The Authority wants to ensure that the use of these passes excludes places that relate to the daily activities of the population like restaurants, workplaces, shops, etc. In addition these passes should not be used for admission to any venue linked to certain usual manifestations of fundamental freedoms (in particular the freedom to demonstrate, to organize political or trade unionists and to freedom of religion). The CNIL notes that the particular exclusion of these passes and the prohibition of their use in these spheres is likely to minimize any implications of the use of this system on the rights and freedoms of individuals. CNIL also believes that there should be further clarification and transparency on the qualification of the events where the use of these passes would be considered appropriate, and measures ensuring that the passes are not used in places and events which do not meet those qualifications. 

 

The CNIL would like to ensure that the use of these passes does not result in discrimination, and protects the personal data of individuals. 

 

In order to avoid discrimination, the CNIL is stressing the need that these passes be accessible to all. This includes ensuring that passes are available on paper as well as in digital format. It is also important to ensure that there is no discrimination based on the type of evidence presented in these passes, whether it be evidence of vaccination, a negative COVID-19 test, or recovery from the virus. Due to the sensitive nature of the information used for these passes, it is very important to make special considerations for limiting the disclosure of health information of individuals. The CNIL therefore suggests the implementation of a solution which would make it possible to limit access to persons authorized to verify the certificates. In addition, the Authority believes that these verifications should result in a color code (green or red color), along with the identity of their holder, so as not to reveal whether the individual has been vaccinated, tested, or recovered from a previous infection with COVID-19.

 

Does your company have all of the mandated safeguards in place to ensure compliance with the ePrivacy, GDPR and Data Protection Act 2018 in handling customer data? Aphaia provides ePrivacy, GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, EU AI Ethics Assessments and Data Protection Officer outsourcing. We can help your company get on track towards full compliance.

Leave a Comment

(0 Comments)

Your email address will not be published. Required fields are marked *