Confidentiality issues on the green pass at work. The Privacy Guarantor has reported some critical issues to Parliament and the Government, regarding the possibility that the worker delivers a copy of the green certification to the employer.
The possible flaws in the legislation regarding the confidentiality of personal data are contained in a communication signed by the president of the authority Pasquale Stanzione: “Reporting to Parliament and the Government on the Bill for the conversion of decree-law no. 127 of 2021 (AS 2394), in relation to the possibility of delivery by workers of the public and private sectors of a copy of the green certification to the employer, with the consequent exemption from controls for the entire duration of the validity of the certificate “.
The fact is that the amendment to Legislative Decree 127/21 is in contrast with the EU Regulation on the Green Pass, which provides for the non-retention of data, and is not compatible with the resolution 2361 of the European Council on possible discrimination for vaccination, and with the labor law.
The absence of checks during the period of validity of the Green Certification would not allow to detect any positivity of the holder, evading the purposes of public health and placing itself in contrast with the principle of accuracy of data processing. (Source: Data Protection Authority).
Therefore “a further study is desirable, also in view of the examination of the provision at second reading”, reads the communication. The green pass is “effective for epidemiological purposes to the extent that the certificate is subject to periodic checks on its persistent validity; this is made possible by the constant updating, through the national DGC platform, of the certificates based on any diagnostic results that may have occurred” . The absence of verifications during the period of validity of the certificate n “on the other hand, would allow the detection of any positive condition occurred in the holder of the certificate”.
Furthermore, “the envisaged legitimation of the conservation (of copies) of green certifications contrasts with Recital 48 of Regulation (EU) 2021/953 which, in establishing a framework of homogeneous guarantees, also from the point of view of data protection, for the use of green certifications in Europe, provides that ‘Where the certificate is used for non-medical purposes, the personal data accessed during the verification process must not be stored, according to the provisions of this regulation’ “.