Summary of Judgment - In re Darren Williams; In re Risteard O'Murchu (Covid Vaccine Passports)
| Jurisdiction | Northern Ireland |
| Neutral Citation | Summary of Judgment - In re Darren Williams; In re Risteard O'Murchu (Covid Vaccine Passports) |
| Court | Court of Judicature (NI) |
| Date | 16 February 2022 |
Judicial Communications Office
1
16 February 2022
COURT DISMISSES CHALLENGES TO COVID VACCINE PASSPORT
Summary of Judgment
Mr Justice Colton, sitting today in the High Court, dismissed two separate applications for judicial
review challenging the legality of the Covid Vaccine Passport system.
DARREN WILLIAMS
Darren Williams (“Applicant One”) sought to challenge the Health Protection (Coronavirus,
Restrictions) Regulations (Northern Ireland) 2021 (Amendment No. 19) Regulations (Northern
Ireland) 2021 (“the Regulations”) that introduced the Covid-Status Certification scheme (also
referred to as the scheme which required proof of covid vaccination or evidence of negative covid
tests for entry to certain hospitality services which were deemed high risk). Applicant One’s
affidavit indicated that he had not availed of any covid vaccinations. His focus was on the use of the
Cert NI App which was developed to help businesses check customers’ vaccination status. The
applicant claimed that the use of the App was unlawful on the following grounds:
The Minister of Health/the Department of Health (“the proposed respondents”) had failed to
comply with Article 5(1) of the General Data Protection Regulations (“GDPR”) and section 68
of the Data Protection Act 2018 (“DPA”) and Article 6 GDPR/section 8 and Schedule 9 to the
DPA 2018 in allowing the unlawful processing of sensitive special category personal data in
relation to data subjects in circumstances where it was not necessary to process personal data
at all to achieve their legitimate aims;
The proposed respondents failed to comply with Article 35 GDPR and section 64(3)(d) DPA
in that they did not carry out an adequate data protection impact assessment (“DPIA”) prior
to the regulations being brought into operation;
The proposed respondents failed to consult pursuant to the implied statutory duty under
section 64 DPA and/or at common law.
First Ground
The court commented that the scanning of the QR Code on the digital certificate constitutes the
processing of “sensitive special category personal data” (the individual’s medical data) irrespective
of whether the hospitality premises owner keeps a record of it. This makes the premises owner a
“data controller.” Article 5(1)(a) of the GDPR provides that personal data shall be “processed
lawfully, fairly and in a transparent manner in relation to the data subject.”
Applicant One’s focus was on the lawfulness requirement. Article 6 GDPR provides that processing
is lawful only if one or more specific conditions are satisfied. Article 9 GDPR sets out special
categories of personal data which attract a higher level of protection and impose s a complete
prohibition on processing data in those categories, subject to specified exceptions. The prohibition
applies to, inter alia, data concerning health. Applicant One’s case was that the processing of data
via the Covid-19 NI Cert App was not “necessary” as persons seeking to enter premises could
present proof of vaccination by way of digital proof of vaccination or a vaccination card (although
the latter is not included in the regulations). It was contended that these methods would have
To continue reading
Request your trial