Data ProtectionPrivacy

What privacy obligations with the mandatory Covid-19 green certificate in Italy?

A major change in Italy concerns the extension, from October 15, 2021, of the mandatory Covid-19 green certificate to access all public and private workplaces.

Employers will have to verify the possession of the Covid-19 green certificate in Italy, setting up organizational measures to verify it and dispute violations.

The Italian so-called green pass 2 decree recalls the verification methods provided by the current regime.  Therefore, the verification of the possession of the Covid-19 green certificate should not involve the collection of personal data.  This circumstance does not mean that there is no processing of personal data in the display of the Covid-19 green certificate, accompanied by the verification of the identity document in cases where the verifier is not certain of the individual’s identity.

In terms of measures to be taken under the privacy laws, a privacy information notice will have to be made available that will indicate as a legal basis of the data processing the fulfillment of a legal obligation.  At the same time, it will provide that data will not be stored.

As reported by the Italian data protection authority, the sole data that will be retained will concern the data strictly necessary for the application of the measures provided for in case of failure to comply with the obligations on the Covid-19 green certificate (such as unjustified absence, suspension of employment and salary payment). Moreover, for example, it will not be possible to create a register of employees who hold a Covid-19 green certificate with the relevant expiry date, in line with the Italian data protection authority’s position concerning access gyms.

It will be necessary to appoint the person in charge of the processing to carry out checks. If the person belongs to an external company, it will be necessary to appoint him as the company as a data processor.

Finally, we recommend having an internal procedure for audits to avoid errors and carry out audits, especially in the early days, regarding compliance.

On a similar topic, you can find interesting the article “Privacy guidelines on Covid-19 vaccinations in the workplace in Italy by the Garante“.

Photo by Markus Winkler on Unsplash

Don't miss our weekly insights

Show More

Giulio Coraggio

I am the location head of the Italian Intellectual Property & Technology department and the global co-head of the IoT and Gaming and Gambling groups at the world-leading law firm DLA Piper. IoT and artificial intelligence influencer and FinTech and blockchain expert, finding solutions to what's next for our client's success.

Related Articles

Back to top button