Court case 25 NE 21.2634 – Court Ruling (Germany, 2021)

A student applied to the Higher Administrative Court of Bavaria (Bayerischer Verwaltungsgerichtshof - BayVGH) seeking a suspension of the laws mandating verification of the Covid-19 vaccine and testing certificates in schools. The student claimed that she did not consent to the processing of her personal health data, and as only unvaccinated persons are tested, her vaccination status gets known to students as well as teachers. She claimed that considerable social pressure is being put on unvaccinated persons and in such circumstances, voluntary consent as per Article 9(2)(a) and 7 GDPR, does not remain meaningful. On the basis of low incidence and hospitalization risks, the student claimed that there was no cross-border health risk, and Article 9(2)(i) GDPR could not be applied in the present case. Rejecting the application, the Higher Administrative Court of Bavaria held that Art. 9(2)(i) GDPR applies. For the definition of “serious cross border threats” the court referred to Art. 168 TFEU and Decision No 1082/2013/EU of the European Parliament and of the Council. Art. 3(g) Decision No 1082/2013/EU defines “serious cross-border threat to health” as a life-threatening or otherwise serious hazard to health of biological, chemical, environmental or unknown origin which spreads or entails a significant risk of spreading across the national borders of Member States, and which may necessitate coordination at Union level in order to ensure a high level of human health protection. Due to the latest developments of the pandemic the requirements of this definition are fulfilled. With regard to the argument of social pressure on unvaccinated students the court was of the opinion that the burdens imposed by the processing of personal data are not disproportionate to the benefits accruing to the general public. The risk of stigmatisation may be countered with educational measures.