Filenews 12 July 2021
Answers to questions on the implementation and monitoring of the measures of the Infectious Decree (No. 28) of 8/7/2021, given by the Commissioner for the Protection of Personal Data.
1. In relation to my personal data, how is the Decree of the Minister of Health 08.07.2021 different from the previous Decrees?
Under the previous Decrees, the employer had the right to check the certificates of his employees at random. Now, it has an obligation to check that all employees hold a certificate for a 72-hour Rapid Test or PCR or for recovery from Covid-19 or for vaccination.
In previous Decrees, the owners/directors/managers of certain premises, such as leisure centres, dining areas, gyms, etc., were not obliged to check their customers' certificates. Now, they have an obligation to check them and ask customers to show their ID card or passport. This obligation excludes outdoor premises serving less than 20 people.
2. The Decree of the Court of First Ins 08.07.2021, in relation to the previous ones, violates the legislation on the protection of personal data?
No. What is different is that this Decree creates additional obligations due to the current epidemiological situation.
3. What is the role of the Commissioner in relation to these Decrees?
The Commissioner's role is to advise the State when drafting legislation on privacy issues and to ensure that their provisions comply with the General Data Regulation. The Principle of Proportionality requires that the obligations created by an Order are proportionate to the objective it is currently pursuing. In the present case, the current epidemiological situation requires and can justify the additional obligations.
4. Are these measures legal and proportionate?
Yes, in relation to the current epidemiological situation. However, since they are more intrusive than the measures of previous Decrees, the Commissioner, in the context of the new consultation, has demanded and ensured that, in this Decree, there is a legal basis for the owner/manager/manager of the site to be entitled to check my certificate and identity card or passport.
5. In my workplace, how will my certificate be checked?
In any case, the employer is responsible for the audit (paragraph 2.82 of the Decree of Date 08.07.2021). In workplaces where there is a Safety and Health Officer under the relevant Legislation, certificates should be checked by that Officer.
If an undertaking is exempted from the obligation to appoint a Health and Safety Officer and there is no authorised private watchdog, the audit should be carried out by the employer.
Also, in workplaces, checks may be carried out by the Police and depending on the activity of the undertaking, by the authorised Officers referred to in paragraph 2.48(c) of decree dated 08.07.2021.
Where an official refuses to show the certificate he holds, the employer should take measures to comply, both for the employer and the official, with this Decree.
6. In café, restaurant, hotel, gym, etc., how will the check be done?
In any case, in accordance with paragraph 2.48(a) of the Decree, the responsibility for the inspection lies with the owner/manager/manager of the site.
7. How can I be sure that the person carrying out the audit is an authorised official, officer or police officer?
I can ask him to show me his police or service identity or his authority.
8. Can my employer record details of the certificate I hold?
As is apparent from the Decree, yes. This is because he must be able to know which of his employees have been vaccinated and/or sick and recovered and are therefore exempt from the obligation to show certificates for a Rapid test or 72-hour PCR. It is also necessary to know when certificates for a 72-hour Rapid test or PCR of officials holding such certificates expire. It is understood that in no case is the provision of a copy of the certificate justified.
9. Can the owner/manager/space manager covered by the Ordinance record details of my certificate or identity/passport?
No. The last Decree does not entitle him or compel him to keep my evidence.
10. In what other cases is it permissible to record details of my certificate?
This information may exceptionally be recorded only in specific cases, such as in hotels where it should be checked that a customer's stay does not exceed the period of validity of the certificate he holds. In any case, the person in charge of the site must be able to demonstrate that it is necessary to record certain data.
11. If I arrange a party or reception at a hotel or leisure centre or dining area, will I be responsible for controlling my guests?
No. According to paragraph 2.48(a) of the Decree, the responsibility always falls on the owner/manager/manager of the site.
12. Do the measures provided for in this Decree also apply to the EuropeanUnionDigitalGreenCertificate (EUDCC)?
No. EUDCC is only used for travel purposes. It may not be used for the purposes of this Decree.
13. If I don't have my certificate with me, could I use my EUDCC?
No, because under the Decree, the EUDCC is not evidence. The Commissioner is in consultation with the Ministries concerned so that, if the use of EUDCC is to be regulated within the Republic, it will comply with the conditions laid down in the European EUDCC Regulation.
14. If the epidemiological situation improves, can the Commissioner request the suspension of certain provisions of a Decree?
Yes. If the epidemiological situation improves and the Commissioner considers that the provisions of a Decree are no longer in accordance with the General Regulation on Personal Data, she may request their temporary suspension until the Order is amended or repealed.
