Lawmakers around the world should include “sunset clauses” in legislation to ensure Covid-19 health status certificates are only used during the pandemic, a new study says.
Safeguards should be in place to guarantee against the risks posed to people’s privacy and human rights by new measures such as vaccine passports, according to the study.
Governments should also ensure Covid-19 tests are affordable or free to avoid unlawful discrimination against those who cannot be vaccinated or will likely not be vaccinated soon.
The study urges policymakers to carefully consider when and how to adopt Covid-19 certificates. It proposes a framework to help them determine whether to implement them, and if so, how this should be done. The framework considers three essential elements: (1) the context of deployment of these certificates; (2) the impact on rights and freedoms; and (3) the necessary safeguards in place.
Dr Ana Beduschi, from the University of Exeter Law School, who authored the study, said: “There is no “one size fits all” solution for Covid-19 certificates that would be equally appropriate in all countries or even in all sectors of the economy.
“While we are seeing a consensus being formed about requiring Covid-19 health status certificates for international travel, the domestic uses of these certificates are not straightforward.
“On a spectrum, some situations may justify an obligation to display Covid-19 health status – for instance, to visit relatives in care homes and hospitals, where doing so may well be necessary to protect the health of vulnerable individuals.
“By contrast, there are increasing concerns about the equity of requiring Covid-19 health status certificates for access to restaurants, shops and other private venues.”
The study highlights that the degree, nature, and duration of the interference with people’s rights need to be considered.
The study, produced as part of research funded by the Economic & Social Research Council (ESRC), as part of UK Research & Innovation (UKRI)’s rapid response to Covid-19, highlights how Covid-19 health status certificates providers will still have to comply with the GDPR principles.
It says maintaining the confidentiality of health data should be paramount. Health data, such Covid-19 test results and vaccination records, must be processed in a manner that complies with the requirements of security and confidentiality, preventing any unauthorised access, accidental loss, damage or destruction of the data (Article 5-1 (f) GDPR).
Providers should carry out data protection impact assessments before any large-scale deployment of these certificates.
Dr Beduschi said: “The technological solutions adopted during the current pandemic will have a lasting impact on our societies. A variety of initiatives to develop and deploy Covid-19 health status certificates are currently underway.
However, it is not sufficient to develop technical solutions for the verification of people’s health status. Because technologies do not evolve in a legal vacuum, the existing laws and regulations must be respected.
The risks of implementing such technologies must be anticipated and mitigated as much as possible before any large-scale deployment.”