Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
Because they are breaching the GDPR: Covid-19 and Green certificates

Because they are breaching the GDPR: Covid-19 and Green certificates

Why can personal data processing carried out in the field of the usage of green digital certificates, under the decree law of the 22nd of April 2021, n. 52, breach the GDPR? Before getting into these technical questions we have to mention some considerations that once again underline a poor attitude to face problems with a holistic approach, by neglecting fundamental aspects that at the end they only waste your credibility to applicants.

It was necessary the intervention of the Italian Data Protection Authority which has recalled the principles that should be already known…

The superficiality with which are faced those sensitive questions sometimes is amazing.

In particular it was not kept in mind the risks for rights and freedoms of data subject and were not implemented adequated technical and organizational measures in order to implement in a efficient way the principles of personal data protection and for protect right and freedoms of data subjects.

We invite you to study the provision taken by the Authority as a warn on processing carried out on the green certificate for Covid-19 required by the decree law of the 22nd of April 2021, n. 52 – 23rd April 2021 – Register of measures n. 156 of 23rd April 2021. 6 the criticalities detected by the Authority:

  1. Lack of consultation of the Authority
  2. Unfitness of the legal basis
  3. Principle of data minimization
  4. Principle of accuracy
  5. Principle of transparency
  6. Principles of retention limitation and integrity and confidentiality

At the end, the introduction of the green certification determines a systematical processing of personal data, also about health, on large scale, which presents an high risk for rights and freedoms of data subjects compared to consequences that can arise to people with reference to the personal freedoms limitation.

All prerequisites to make it appropriate to carry out a prior impact assessment pursuant to article 35, paragraph 10 of the Regulation.

In summary, the Authority notes that the green certification discipline is not proportionate to the objective of public interest, although legitimate, pursued, as it does not precisely identify the purposes for which green certification is intended to be used and, in accordance with the principles of privacy by design and by default, the appropriate measures to ensure the protection of data, including those belonging to particular categories, at every stage of processing, and a fair and transparent treatment towards data subjects.

SOURCE: FEDERPRIVACY

Recommended to you

Advanced Research