The green pass represents “an instrument not already for control, but for the promotion of freedoms, with admittedly temporary effectiveness and strictly commensurate with the pandemic emergency, based on a system that is as efficient as it is respectful of privacy and self-determination with regard to vaccination choices “. The president of the Guarantor for the protection of personal data Pasquale Stanzione talks about the green pass, during the hearing in the Constitutional Affairs Commission in the Senate where the decree law on the super green pass of 26 November 2021 n. 172. For Stanzione the Italian discipline “can be read as the attempt, made by successive approximations, to refine the balance between the needs of public health, freedom of economic initiative, privacy and self-determination in terms of health choices, modulating the technique according to of freedom “.
Abrogate the handover to the employer
The “faculty of handing over a copy of the green certification by the workers of the public and private sectors to the employer, allows the latter to also derive the prerequisite for issuing the same”, reported the President of the Guarantor for the protection of personal data, asking parliamentarians to make “a further reflection on this rule”, evaluating “the opportunity for its repeal”.
The norm alters the ratio of the system
Stanzione recalled that “a rule has been introduced (derogating from the prohibition of data retention related to the checks on the certificate) capable of profoundly altering the rationale of the system, aimed precisely at guaranteeing maximum confidentiality for the assumption of issuing the green pass. With the provision, in fact, of the right to deliver a copy of the green certification by the workers of the public and private sectors to the employer, the latter is also allowed to deduce the prerequisite for issuing the certification. “In fact, it can be easily deduced from the data relating to the expiry of the certification – explained Stanzione – since each prerequisite for release (tampon, recovery, vaccination) determines a different period of validity of the green pass”.
The employer must not know the worker’s clinical situation
«In this way, therefore, a choice such as that on vaccination – the guarantor underlined – risks being deprived of the necessary guarantees of confidentiality, with potentially prejudicial effects on individual self-determination. A potential injury aggravated by the work context in which it matures. The expected display (and delivery) of the green certificate to a subject, such as the employer, who should be precluded from knowing the specific subjective conditions of workers such as the clinical situation and personal beliefs, is in fact not very compatible with the guarantees established both by the data protection discipline, and by the labor law legislation “. Stanzione therefore suggests «first of all to the Commission, a further reflection on this rule, evaluating the advisability of its repeal. In fact, I do not believe that any simplification, real or presumed, is worth the price of renouncing confidentiality on choices so strongly connotative of the person as those in the vaccination field “.
Finding an appropriate IT solution
If in the control of green passes «the exclusion of the collection, by the verifiers, of the data of the holder of the certification is already generally provided for by art. 13, paragraph 5, of the Prime Ministerial Decree of 17 June 2021, what must be guaranteed here is that the “fully operational” system allows, through an appropriate IT solution, to match the “green” of the verification only the certifications of healing or vaccine and, in the “red” version, only those to be tested ». Only in this way, according to Stanzione, “can it be ensured that the application of the regulation on the differentiation of certifications takes place without legitimizing the access of the auditors to the data contained in the pass and, in particular, to the conditions for issue”. Therefore, specific IT solutions are required, integrating the current system, which will be the responsibility of the disciplinary dpcm.