Covid-19 health status certificates: Policy recommendations on data privacy and human rights
Beduschi, A
Date: 31 August 2021
Report
Publisher
University of Exeter College of Social Sciences and International Studies
Abstract
Key findings and recommendations
This report uses Covid-19 health status certificates as an all-encompassing
term, referring to the digital and paper-based certificates that, combined with
identity verification, allow individuals to prove their health status (such as the
results of Covid-19 tests and vaccination records).
It follows ...
Key findings and recommendations
This report uses Covid-19 health status certificates as an all-encompassing
term, referring to the digital and paper-based certificates that, combined with
identity verification, allow individuals to prove their health status (such as the
results of Covid-19 tests and vaccination records).
It follows from the research that three main barriers to the successful
implementation of Covid-19 health status certificates can be identified:
1. Lack of trust
2. Lack of global standards
3. Lack of a holistic approach
The research findings suggest that three key sets of measures have the
potential to contribute to the responsible implementation of Covid-19
certificates:
1. Inclusion of sunset clauses in legislation
2. Appropriate governance of health data
3. Proactive protection of data privacy
Accordingly, it is recommended that:
1. Policymakers should ensure the availability and affordability of Covid-19 tests
and vaccines to the whole population to avoid creating a two-tiered society
in which only the wealthy have access to mobility and services.
2. Policymakers should ensure that Covid-19 health status certificates are
only used during the pandemic and that their use is discontinued once the
WHO declares that Covid-19 is no longer a public health emergency of
international concern.
3. Policymakers should ensure that Covid-19 health status certificate providers,
whether from the private or public sector, abide by the basic data protection
principles, including lawfulness, fairness and transparency, purpose limitation,
data minimisation, accuracy, storage limitation, integrity and confidentiality,
and accountability.
4. Policymakers should ensure that Covid-19 health status certificate providers
build data protection into the design of these certificates by default, thus
contributing towards mitigating known risks to data privacy.
5. Policymakers should ensure that Covid-19 health status certificate providers
maintain the confidentiality and security of the information collected and
processed. They should prevent any unauthorised access, accidental loss,
damage or destruction of the data.
6. Policymakers should request that Covid-19 health status certificate providers
undertake data protection impact assessments (DPIA) before implementing
specific solutions. That is important as these certificates are likely to result in
a high risk to natural persons’ rights and freedoms.
Law School
Faculty of Humanities, Arts and Social Sciences
Item views 0
Full item downloads 0