|
|
|
|
|
|
by samuel
1825 days ago
|
|
|
As far I have been told by the national authorities of my country, that's the case. I haven't read the whole regulation but this paragraph I think it addresses it: This Regulation establishes the legal ground for the processing of personal data within the meaning of point (c) of Article 6(1) and point (g) of Article 9(2) of Regulation (EU) 2016/679, necessary for the issuance and verification of the interoperable certificates provided for in this Regulation. It does not regulate the processing of personal data related to the documentation of a vaccination, a test or a recovery event for other purposes, such as for the purposes of pharmacovigilance or for the maintenance of individual personal health records Member States may process personal data for other purposes, if the legal basis for the processing of such data for other purposes, including the related retention periods, is provided for in national law, which must comply with Union data protection law and the principles of effectiveness, necessity and proportionality, and should contain provisions clearly identifying the scope and extent of the processing, the specific purpose involved, the categories of entity that can verify the certificate as well as the relevant safeguards to prevent discrimination and abuse, taking into account the risks to the rights and freedoms of data subjects So, if my interpretation is right, a national law backing those "secondary" uses must be in place. |
|
|