STA, 5 August 2021 - The government has adopted a decree setting down checking compliance with the recovered-vaccinated-tested rule. Under a decision taken at a correspondence session on Wednesday, the party scanning the Covid certificate QR code using a relevant app will have access only to the certificate holder's name and year of birth.
The decision comes after Milan Krek, the head of the National Institute of Public Health (NIJZ), said on Tuesday that a legal basis for the app was in the works.
NIJZ told the STA on Thursday a new app will be launched today or tomorrow based on the decree after two apps have already been taken down, one due to privacy concerns and the other due to a risk of abuse.
The app, to be managed by NIJZ, will be used when the validity of the Covid certificate is checked using a QR code, the Government Communication Office (UKOM) said.
If an individual produces another form to show compliance with the rule of being vaccinated, tested or reconvalescent under relevant laws, this certificate will be checked.
The decree says that checking compliance with the rule takes place if the person whose status will be checked consents to giving access to their personal data.
After the QR code is scanned, the app will not reveal which of the three conditions have been met to produce a valid Covid certificate.
The user of the app will only get access to the certificate holder's name and year of birth to prevent any abuse of the system.
The decree says that the app must not enable data storage or processing or be linked to any database, according to UKOM.
The decree has been published in the Official Gazette and is effective from today. It will be in place until other related decrees setting down Covid measures are revoked.
NIJZ released an app for checking the validity of Covid certificates on 23 July, when organisers of public events and gatherings became obligated to check visitors' certificates, only to delete it on the same day due to privacy concerns. Hospitality providers in Slovenia have been required to check guests' certificates since 26 July.
The second app was then launched on 30 July, revealing merely the fact the individual meets the Covid requirement, but experts have warned it paves the way for abuses.
Before the government adopted the latest decree, Information Commissioner Mojca Prelesnik warned that a relevant legal basis should be adopted to enable checking of Covid certificates in hospitality and event industries.
NIJZ replied to Prelesnik on Wednesday, presenting the latest method of checking compliance and highlighting that the new app was not linked with any database apart from the required central app server and a server storing rules to check validity of the certificates.
Today, Prelesnik said that she would suspend the app-related procedure to ask the Constitutional Court to review the decree.
She said in a press release any personal data processing interferes with human rights guaranteed by the constitution, so it cannot be regulated in a government decree.
"Adopting a government decree does not provide for the same level of democratic process as decision-making in parliament," she explained her decision.
Prelesnik said she understood the urgency of measures due to the epidemiological situation, but stressed that a law is needed to determine personal data processing.
