The Executive Committee of the Global Privacy Assembly, which reunite more of 130 bodies on personal data protection and privacy all over the world, has left a joined declaration on the use of health data for national and international trips. The Assembly has underlined the importance of the privacy concept by sharing health data during the COVID-19 pandemic for trips purposes.
Many countries all over the world are trying to adopt measures in order to stop the share of Covid-19, which are applied also the trips.
For passengers, those measures frequently mean share of medical data, as a negative result of the test, vaccination data, etc. and it has been ordered as a requirement for the trip.
The technology permits the exchange of those data on large scale and with the best rapidity, for this reason systems that permit the processing of health personal data shall be projected and developed in order to protect people’s privacy.
Innovation and privacy shall be in parallel.
Individuals shall trust on the way in which their data are processed for trips purposes, and this makes imperative that data are processed in a safe way; that information required are not excessive; that the individual has clear and accessible information on how are used its data, that data are processed for a specific purpose and that are not storage longer than necessary.
The Global Privacy Assembly has underlined that control measures of the epidemy based on the processing of data and on technology shall respect some fundamental principles of personal data protection.
Talking about the health data processing for international trips purposes, the Assembly has underlines in particular the need to observe the following principles and practice:
- Even if international trips can be submitted to the health personal data protection, risks for the private life shall be taken into account since the beginning;
- Any system, application or exchange agreement of data about the health personal data processing for international trips purposes shall respect the privacy principles. It shall be carried out a complete assessment of the privacy impact and it shall be consulted the national supervisory authority about personal data protection;
- The personal data processing can occur only for a specific purpose which is defined and specified, and personal data shall not be used for purposes not coherent with the original purpose for which they were recollected;
- The organizations which process personal data shall also be authorized to processed personal data in compliance with principles of need and proportionality;
- Vulnerable persons shall be taken into account which could not have the access to electronic devices and to elders who can not be vaccinated due to their circumstances;
- Persons shall be informed in a clear and accessible way on how their personal data are used, who will use them and for which purpose;
- The principle of minimization of data shall be respected and are necessary only personal data which are necessary to reach the public health security purpose;
- It is necessary to adopt measures in order to face with the privacy risks during the direct extraction of information by clinical records;
- The security informatic risks of all the systems and the digital applications shall be fully assessed;
- Pay attention to retention period of data and a program to the deletion of data after the expiring data;
- In systems shall be insert a limited clause in time, which prevent the permanent deletion of data or banks data when they are not required anymore. It shall be noted that the processing of health data in cross borders after a pandemic could not be necessary. Those programs and clauses shall be reexamined regularly in order to guarantee that the processing of personal data during a pandemic is necessary and proportionated.