Processing of Personal Data Concerning Vaccinations and the EU Digital COVID-19 Certificate
Recently, the Commission for Personal Data Protection (CPDP) published an opinion on the processing of personal data regarding the vaccination status in Bulgaria. It covers all the details regarding the EU digital COVID-19 certificates – their issuance, verification, and acceptance.
In accordance with EU rules, EU certificates are only to be used to access and verify the information included therein to facilitate and allow the right of free movement within the EU during the pandemic. EU certificates can only be used for any different than the above-mentioned motives if the legal basis for processing personal data is provided for the legislation of the respective Member State.
However, a challenging legal situation is created in Bulgaria due to the adopted anti-pandemic measures that are not specifically focused on personal data protection. Also, the country has been undergoing a parliamentary crisis.
An article by Nikolay Zisov – partner and head of the Tech group, and senior associate Deyan Terziev, discusses the opinions of CPDP on the usage of vaccination personal data relying on the non-application of the General Data Protection Regulation (Regulation (EU) 2016/679) and is available on the OneTrust DataGuidance platform.
Copyright picture: Shutterstock.com