Data Protection

Fenech & Fenech Advocates at ‘GDPR – 3 years on’ Conference

Sarah Cannataci, Associate at Fenech & Fenech Advocates, was invited as a guest speaker at the ‘GDPR – 3 years on’ Conference organised by 21 Law, Advisory 21 and 21 Academy on the 25th May 2021. Accompanied by Dr Roselyn Borg (21 law), Dr Cannataci presented an overview of local and international case-law since the coming into force of Regulation [EU] 2016/679 (‘GDPR’) on the 25th May 2018, delving into the key issues and principles that have shaped and continue to shape the implementation of the GDPR. Dr Cannataci was also joined by guest speakers Dr David Ciliberti, Legal and Policy Officer at DG JUST, European Commission; and Mr Ian Deguara, the Information and Data Protection Commissioner.

Digital Green Certificate – EDPB-EDPS Joint Opinion

Author: Sarah Cannataci, Associate

Further to the European Commission’s unveiling of its proposal to facilitate safe free movement of people during the pandemic (read more here), the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) issued a joint opinion  on the aspects relating to protection of personal data tied to the creation of a Digital Green Certificate (‘DGC’).

Whilst acknowledging the legitimate objective of the proposal, the two authorities stressed on the importance of observance of the principles of effectiveness, necessity, proportionality and non-discrimination, whilst highlighting that since at present, there is little scientific evidence to show the possibility of having Covid-19 immunity, and if so, how long such immunity lasts, the DCG should not be deemed to be an ‘immunity certificate’, but rather, a “verifiable proof of a timestamped factual medical application or history”. The EDPB and the EDPS further enunciated the need for the proposal to have  clear and precise rules governing the scope and application of the DCG, particularly on the issue of prohibited access and use of any of the personal data processed under the DCG by EU Member States once the state of pandemic ceases.

The Joint Opinion also includes guidance on points tied to data transfers, data storage, transparency obligations and identification of controllers and processors for the processing of any personal data under the DGC. Interestingly, the authorities also stressed that the proposal should apply solely to the Covid-19 pandemic and should not apply to other future emergencies. With this Joint Opinion, the EDPB and the EDPS invite the co-legislators to ensure that the DGC is fully compliant with data privacy law.

Deo Falzon lectures at the ICTSA University Workshops

Associate Deo Falzon lectured ICT University students in a workshop held by ICTSA on Cyber Ethics in Data Collection – ICT in Health. The lecture considered constraints in cyberspace i.e norms, laws, market and architecture as well as the role of ethics and data protection laws concerning health. The workshop was part of a series organised by ICTSA .

Digital Green Certificate – the future for free movement in Covid-19

Author: Sarah Cannataci, Associate

The European Commission has recently unveiled its proposal to facilitate safe free movement of people during the pandemic. The proposed regulation establishes a framework for the creation of a Digital Green Certificate (‘DGC’). Pursuant to Article 21 of the Treaty on the Functioning of the European Union (TFEU), every citizen of the EU has the right to move and reside freely within the territory of the Member States of the EU, which right has undoubtedly been somewhat limited further to the measures put into place in order to curb the spread of the Covid-19 pandemic.

In order to allow interoperability between the different measures and solutions implemented by Member States, the proposed regulation sets out a common framework for the issuance, verification and acceptance of certificates on Covid-19 vaccination, testing and recovery. Because the DGC would contain personal data, as well as data relating to health as a special category of personal data, the proposed regulation also sets out limits on the processing of the personal data in line with the principle of data minimisation.

The proposed DGC, which will be free of charge, shall be in the English language and in the official language of the Member State, and will be contain an interoperable secure barcode that acts as a digital signature and ensures validity. The individual shall be able to receive a hard copy of the DGC or an electronic version.

The proposed regulation is expected to be ready by summer 2021 and is currently being considered by the European Parliament.

 

Course for Data Protection Officers/Leads

Dr Sarah Cannataci from Fenech & Fenech Advocates was recently invited by 21 Academy to deliver two sessions as part of the ‘Course for Data Protection Officers/Leads’. The sessions, organised over the span of 3 weeks, were aimed at training prospective Data Protection Officers (‘DPOs) and Data Privacy Leads on how to adequately inform and advise the company they work in, in accordance with Regulation [EU] 2016/679 (the ‘GDPR’). For more information, please visit: Course for Data Protection Officers/Leads – Advisory21

Data Protection Department delivers Online DPO Course

Dr Thomas Bugeja  and Dr Sarah Cannataci from Fenech & Fenech Advocates recently delivered two sessions as part of the ‘Course for Data Protection Officers/Leads’ organised by 21 Academy. The sessions, organised over the span of 5 weeks, were aimed at training prospective Data Protection Officers how to adequately inform and advice the company they work in, in accordance with Regulation [EU] 2016/679 (the ‘GDPR’). For more information, please visit: https://www.advisory21.com.mt/course-for-data-protection-officers-leads/