After the arrival of anti-Covid-19 vaccines, it is argued about the idea to implement solutions, also digital ones (e.g. apps) in order to meet the demand of being vaccinated or not a conditions for the access to specific premises or in order to benefit of some services (like airports, hotel, stations, gyms, and so on).

For this reason, in case you intend to appeal to the predicted solutions, the Italian Data Protection Authority recalls the attention on public decision-makers and private operators on the duty to respect the personal data protection discipline.

Data relative to vaccine states are sensitive data and a not correct processing can determine serious consequences for life and fundamental rights of people: consequences that, in a specific case, can be translated in: illegal discriminations, breaches and misunderstandings of constitutional freedoms. 

The Italian Data Protection Authority believes that the personal data processing about the vaccine status for the access to specific premises and benefit of particular services, shall be object of a national legislation, in compliance with the personal data protection legislation (in particular, those one of proportionality, limitation of aims and data minimizations), in order to realize a fair balance between the public interest that is meant to be pursued and the individual interests. 

In absence of this legal basis – on which compliance with the principles established by the Eu Regulation and Italian Data Protection Authority reserves the right to decide on it – the use of any forms, by public subjects and private providers of services addressed to the public, of app and pass aimed to differentiate vaccinated citizens from those one no vaccinated is considered illegal. 

The question will be the subject of a next report to the Parliament.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELL’ITALIA – GPDP