The CNPD has not observed an increase in data breaches during the pandemic, despite an increase in virtual activity. However, the main topic of interest at Tuesday’s press conference was the deployment of the new Covid-19 law, and whether the CovidCheck conforms to data protection laws.
The main question is: How can a company implement the CovidCheck system while still complying with data protection? The CNPD criticises that the new law does not explicitly state how an employer should handle data processing. This means that it is up to the employer to decide how long the data will be stored.
According to Thierry Lallemang from the CNPD, this could potentially lead to data being stored “until the end of the pandemic”, since the law does not explicitly stipulate anything else. Due to the sensitive nature of the date, there should also be restrictions on who can access it, Lallemang adds.
The responsibility to set these rules is now being pushed onto the businesses, the CNPD criticises. In addition, it is not easy to implement a system that also complies with data protection, which is why Tine Larsen, the president of the CNPD, recommends that employers think ahead on how they want to implement the CovidCheck system. Larsen also points out that the CNPD offers consultations on this matter.
The CovidCheck app does not violate data protection per se, Larsen explains. In fact, a recent update has fixed this issue.
Larsen explains that while previously, the app showed the person who checked a certificate the holder’s date of birth, type of vaccine, and the number of doses administered, it now only displays the holder’s name in addition to turning green or red when a certificate is scanned.
