AKI: Coronavirus certificate orders must be in accordance with legislation

Coronavirus vaccination certificate displayed on a smartphone..
Coronavirus vaccination certificate displayed on a smartphone.. Source: GuardTime.

The Data Protection Inspectorate (AKI) claimed that the government's approved orders on Friday regarding the use of coronavirus certificates for entry to public events were not in accordance with legislation, leading to amendments in the respective sections' wording.

"One possible legal basis for handling health data is the person's consent - this must however be voluntary and there can be no negative consequences for refusal. Therefore, checking coronavirus certificates on consent cannot take place from a data protection law perspective, because if people do not consent, they cannot enter the event - this is a negative consequence," AKI legal adviser Liisa Ojangu told daily Eesti Päevaleht (link in Estonian).

This led the Government Office to remove the concept of voluntary consent from the order. Ojangu told ERR that showing a certificate was noted as a voluntary activity in the order's explanatory memorandum before, but it cannot be considered as such if there are negative consequences.

The government's order states that from August 9, if more than 50 people take part in an indoor event or more than 100 people take part in an outdoor event, complete infection safety must be ensured for all participants. This means only people who have completed their vaccination processes, have recovered or recently tested negative for COVID-19, can join events and activities. The maximum number of participants or spectators for indoor events in this case is 6,000, the limit is set at 12,000 for outdoor events.

The post-amendment order now reads that all people who have been vaccinated, recovered or recently tested negative, must provide proof. Ojangu added that the order also did not regulate if event organizers had to maintain the health data they are provided.

"The order was supplemented to say [organizers] cannot keep data, except for in cases where the person consents to it in accordance with the general regulation of personal data protection," the legal adviser said.

The Data Protection Inspectorate looked into the government's new restrictions on Friday to see if they regulate the handling of specific types of personal data - such as health data - based on which the event organizer can ask for a coronavirus certificate or proof of a recent negative COVID-19 test.

Ojangu said the inspectorate assisted the Government Office in wording the government order in regards to matters of coronavirus certificates. The order also states that masks must be worn on public transportation from August 2.


Follow ERR News on Facebook and Twitter and never miss an update!

Editor: Kristjan Kallaste

Hea lugeja, näeme et kasutate vanemat brauseri versiooni või vähelevinud brauserit.

Parema ja terviklikuma kasutajakogemuse tagamiseks soovitame alla laadida uusim versioon mõnest meie toetatud brauserist: