Vaccine passports are looking more likely by the day. Initial hesitation has turned into a recognition that, with the right precautions, vaccine passports may play a very useful role in the return to economic normality. While governments and institutions around the world are figuring out the most appropriate design and functionality for vaccine passports, businesses across many sectors are wondering how they will be able to benefit from this yet-to-be-created tool. Being able to travel, to attend mass events and perhaps even to do certain jobs may require being able to demonstrate that one has been vaccinated. Therefore, it will be essential for any business seeking to have access to this information to understand the responsibilities that come with it.
Fortunately, data protection law offers a practical route to make vaccine passports achieve their purpose in a privacy-conscious and safe manner. The GDPR in particular provides a key mechanism enabling businesses of all sizes and types to get vaccine passports right: Data Protection Impact Assessments (DPIAs). Doing a DPIA need not be a complex and legalistic exercise. Here are the key issues that businesses relying on vaccine passports will need to consider as part of a simple DPIA:
There is still much to be learnt and debated about the future of vaccine passports, but it is clear that data protection will make a significant contribution to their lawful and responsible use.
This article first appeared on the Global Data Review website on April 1, 2021 (available here).
Authored by Eduardo Ustaran.
Are you sure want to delete comment ?
Scan this QR Code to share this content