Accordingly to the EU’s General Data Protection Regulation, your health data may only be used for the specific ends to which you provided it and none other. Compliant to those rules, each member state adapted their own internal rules and, therefore, cannot use your information freely. As such, your health data cannot be used by the authorities when applying for a residence permit under the Golden Visa Program in Portugal or any other country, as this is not the end to which such information was provided. Also, aside from the above mentioned, applying for a Golden Visa in Portugal does not require the applicant or their family members to provide any health information, as it not deemed necessary for such purpose.
Ask A Question | Learn more about Portugal
How do EU countries like Portugal use digital vaccine passport data of investors from non-EU countries?
I'm an American investor who is concerned about identity theft and privacy of my health data. How can I be sure that my digital vaccine passport data would remain secure when I visit or apply for investment immigration in countries like Portugal?
Answers
-
-
The personal data transferred pursuant to the legislation on the EU COVID digital certificate enjoys the protection conferred by regulation 2016/679 and, in particular, also by regulation 2021/953. Under EU law, this data is processed only for the purpose of accessing and verifying the information contained in the digital certificate, in order to facilitate the exercise of the right of free movement within the Union during the pandemic. The data will no longer be processed after the end of the period of application of the Regulation i.e. on 30.06.2022. Personal data are processed by the relevant authorities of the member state of destination or transit, or by operators of cross-border passenger transport services that are required by national law to implement certain public health measures during the pandemic, and only for the purpose of verifying and confirming the vaccination, the results of tests, or recovering the data subject. For this purpose, the data must be limited to what is strictly necessary. The entity issuing the certificates may not keep that data longer than is strictly necessary for its purpose, and in no case longer than the period during which the certificates may be used to exercise the right of free movement. In turn, personal data accessed by the competent authorities of the Member State of destination or transit or by operators of cross-border passenger transport services may not be retained. This is the protection regime for personal data contained in digital passports conferred by European legislation.