Privacy implications of vaccine passports

Felix Marx, Trūata’s CEO recently featured in this article on Business Leader discussing potential privacy implications surrounding vaccine passports.

There is no law in the UK which requires mandatory vaccination. The Public Health (Control of Disease) Act 1984 devolves powers to Parliament to legislate in order to protect UK Citizens.

The law enables Parliament to intervene in an emergency situation, such as the pandemic, and impose lockdowns and restrictions to protect the public, but currently, it cannot impose mandatory vaccinations.

The other issue facing those pushing for the introduction is the issues that link to GDPR and data privacy laws.

Felix Marx, CEO, Trūata, said: “The introduction of vaccine passports is shining a spotlight on the core principles of data protection, those of purpose limitation, data minimisation and data retention. Data should only be used for its intended purpose; only necessary data should be collected; and, once it has served its purpose, it should no longer be retained.

“It is essential that these principles are adhered to by all types of organizations. The Italian Data Protection Authority recently issued guidance noting that vaccination data is particularly delicate, and the incorrect treatment can have very serious consequences for the fundamental rights of people.

“Businesses will need to consider the full implications of taking a stance on vaccinations, not only in terms of the infrastructure that is required but also the impact on trust and staff engagement.

“The findings of our global study highlight that there is a level of discomfort and division when it comes to offering up personal data for a vaccine passport. There is a demand for more transparency to build trust; the general public needs to understands how their data will be stored/used and how their privacy will be protected if governments intend to press ahead with COVID vaccination passports.