The way the coronavirus SafePass is in effect in Cyprus since July 9 could be legally contested, according to a law professor who specializes in European law and personal data rights.
Dr Constantinos Kouroupis who teaches at Frederick University also told Philenews that, to begin with, medical information is both sensitive and personal. And that national and European law prohibit its processing.
This view contradicts recent arguments presented by the island’s Personal Data Commissioner before the green light was granted to the current SafePass.
The professor also explained that the processing of personal data is permitted when certain conditions are met, such as serving the public interest in combating disease. This must be proportionate and necessary in a society.
In this case, he argued, the legality of SafePass control by business executives is questionable, explaining that a business owner cannot have competent state authority. He pointed out that, according to the legislation, once the heads of various establishments and companies become responsible for checking this certificate then they are called “personal data protection officers”.
And this means that a series of questions should be answered, he added.
Such as what the obligations of the person in charge are, where is this data stored and for how long. At the same time the rights of the subjects should be clarified.
He argued that even if it is accepted that there is a legal basis, the issue of proportionality is highly questionable. And that the framework of the decree is incomplete.