Kostis Dermizakis

Michalopoulou & Associates, Athens

kdermitzakis@lawgroup.gr

Evangelica Manika

Michalopoulou & Associates, Athens

emanika@lawgroup.gr

Echoes for keeping vaccination non-mandatory

It is still not clear if vaccination fully mitigates the transmission of Covid-19, as it is an ongoing procedure with no conclusive data for potential side effects. The whole vaccination campaign is therefore blamed for infringing fundamental human rights and violating several basic provisions (eg, Article 3) of the Charter of the Fundamental Rights of the European Union, which defines the right to the integrity of the person; Article 191 of the Treaty on the Functioning of the EU (TFEU); and Article 5 of the Oviedo Convention for the Protection of Human Rights and the Dignity of the Human Being with regard to the Application of Biology and Medicine.

Other concerns have been raised as well, including the principle of proportionality because not all European citizens have been fully granted access to vaccines due to the insufficient supply so far.

Prevailing view on the obligation and guidelines of the European Court of Human Rights

The answer to concerns regarding the legality of a mandatory vaccination partly derives from several provisions that justify it on the grounds of protecting public health. The most remarkable of these is the ‘right to life’ according to Article 2 and the ‘right to respect for private life’ according to Article 8 of the European Convention on Human Rights (ECHR).

In full harmonisation with these, the European Court of Human Rights (ECtHR) in its latest case of Vavřička and Others v the Czech Republic (applications No 47621/13 and five other applications), constitutes in fact the first landmark judgment on compulsory vaccination, ruled by a majority (16 votes against one), that there had been no violation of Article 8 (right to respect for private life) of the European Convention on Human Rights if the state intervened in the private life of individuals and penalised a person for refusing vaccination, as long as mandatory vaccination was absolutely 'necessary in a democratic society'. The court specifically pointed out with its fundamental verdict that there is 'a general consensus that vaccination has been one of the most successful and cost-effective health interventions and that each State should aim to achieve the highest possible level of vaccination among its population'.

Regarding the case facts and whether the administrative fine imposed by the State of the Czech Republic to the applicants for refusing to vaccinate their children and consequently, their children being refused admittance to pre-school violated their right to respect for private life, the ECHR indicated, in short, that the penalty measures were of a 'fair balance with the aims pursued by the Czech State, i.e. protection against diseases representing a serious risk for one’s health' and that the measures taken against the parents were in a reasonable relationship of proportionality to the legitimate aims pursued by the Czech State related to the vaccination duty. The court also clarified its ruling that the main goal of the EU shall be the protection of every child against serious diseases.

Compulsory vaccination and its compatibility with Article 8 of the ECHR

This is a development of high importance because, in the EU context, vaccination remains non-compulsory and the burden of the decision falls upon the individuals themselves. In fact, this ruling can be interpreted as applying not only to the children of the EU, but obviously extends to any person willing to receive any kind of preventive vaccination, as well as those persons who belong to vulnerable groups and who reasonably demand that their States to provide them with the minimum level of protection against serious health diseases.

As a result, granting the right to any Member State to adopt and apply a compulsory vaccination policy can be considered as fully compatible with the requirements of Article 8 of the ECHR towards the need to achieve an appropriate level of protection against serious diseases that may trigger a serious risk to public health.

Regardless of the aforementioned issues raising concerns and the prevailing view of whether general vaccination should be compulsory, it should be further noted that besides its full compatibility with the ECHR provisions, the proposed Digital Green Certificate should be examined from a data protection and privacy law perspective.

Digital Green Certification: types of certificates and basic provisions

The proposed Regulation on the Digital Green Certificate lays down accessible and secure certificates for all EU citizens and covers three types of certificates:

1. for people who have been vaccinated against Covid-19;
2. for those who received a negative test result and finally; and
3. for people who recovered from Covid-19.

Furthermore, the European Commission aims to build a software platform service to be used by the competent authorities of Member States to verify all the certificate signatures within the EU. No personal data of certificate holders will be retained by the verifying Member State. Moreover, the certificate will include only essential information, such as the name, date of birth, date of issue, relevant information about vaccine/test/recovery and a unique identifier for the certificate. This data can be cross-checked only to confirm and verify the authenticity and validity of certificate, and should not be used for any other reason. For instance, such personal data should not be processed any longer than is strictly necessary, and such access to and use of this data should be not permitted after the end of the Covid-19 pandemic.

Moreover, the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) – EU data protection authorities – adopted a joint opinion on the Proposals for a Digital Green Certificate. The aim of this opinion is to ensure that the Digital Green Certificate is totally in compliance with EU personal data protection legislation, especially the General Data Protection Regulation (EU) 2016/679 (‘GDPR’). The aforementioned authorities have pointed out that the Digital Green Certificate should be accompanied by a comprehensive legal framework, which must be strictly limited to the current pandemic crisis, and that there is a need to mitigate risks from the use of this certificate concerning the fundamental rights of EU citizens. It is noteworthy that any measure adopted at the national or European level that involves the processing of personal data must unequivocally respect the general principles of effectiveness, necessity and proportionality. Additionally, the joint opinion includes many recommendations for further clarification, including in relation to the role of the European Commission, the categories of the related data, the identification of data controllers and data processors, data storage periods and data transfer. For example, due to the sensitivity of the data involved, the EU data protection authorities recommend that the European Commission ensures that the transparency of the processes are clearly outlined in order for citizens themselves to be able to exercise their data protection rights.