EDPS guidance on temperature checks during the COVID-19 pandemic
Temperature checks during COVID-19, the global health crisis, have become a necessary part of the continuity of general affairs. The EDPS has released guidance to help institutions in navigating this sphere keeping the privacy of the individual at the forefront.
Due to the COVID-19 situation many of the European Union members have implemented several safeguards and protocols to protect and prevent outbreaks during the COVID-19 pandemic. So many of the EU organisations actually have found it necessary to implement into workplaces and other important bureaucratic centres many key safety measures, one of which are mandatory temperature checks . However in the world of data protection and privacy and the rights of Citizens under the EU charter it is very possible that these safety mechanisms could infringe on the rights of many individuals who have the right to private life without interruption.
The EDPS has indicated mandatory guidelines to ensure safety and privacy of EU individuals.
There are a few guidelines that the EDPS has made mandatory for these European institutions which promise to ensure that both safety and privacy protection are paramount in the pandemic ecosystem. One of the key measures implemented is that no recording or processing of personal data is allowed when temperature information is being measured. In other words either manual testing must be done using a hand thermometer and there is a personnel operating this manual thermometer and they must not record these results or add them to any filing system. However, if there is an automated system such as a thermal camera, it is paramount that these cameras are not setup or integrated into a cloud or filing system that will add the temperature information of the individuals, be it visitors or otherwise, to these sites’ database under any specific criteria as outlined by the EDPS guidelines .
On site personnel must be trained to not only monitor the machine, but verify the validity of the initial reading, and recalibrate temperature measuring devices when necessary.
In addition, there must be a trained personnel who can not only monitor the machine in live time as it is not allowed to record information, but there must also be the ability to explain to individuals the reason for the thermal testing. The repeatability of the testing must be reliable due to persons having the right for multiple tests or readings of their temperature to be taken to verify the validity of the initial reading. The personnel present must also be able to explain and discern how the machine works and also training on how to calibrate the sensor must also be implemented on to the personnel trusted with this task . Again it is a complete violation to take this temperature information added to any form of filing system or personnel file as this could lead to a direct violation of the EU charter of rights for its citizens and EDPS guidelines.
Institutions must meet additional requirements to meet the minimum standard requirement for institutions navigating the pandemic.
However , one of the key factors in the charter are also workplaces and public spaces must have the minimum standard requirement to meet work health protocols and during the COVID-19 outbreak, masks, disinfecting gels/sanitizers and temperature checks all fall under the jurisdiction of minimum health protocols. Therefore this is mainly about achieving a key balancing act with the protocols of safety and privacy at these EUI sites. The key concern for the EDPS is maintaining the balance of legality and safety for its citizens so there are many clauses and subsections that can be related to the COVID situation as far as lawfulness goes.
Individuals entering these sites must be kept informed and given full disclosure.
In addition to this, it is also very important that the persons who are entering the sites are aware of the reason for the screenings and that they are given full disclosure. This information should be readily available at any point in time. In the event that a person has taken multiple readings and has surpassed the temperature threshold for entering one of these sites, they should also be given assistance in the form of directions to find a doctor or a nurse or a COVID testing centre nearby. They should be provided with some form of written receipt of denial of entry to validate any bureaucratic or official need to verify the reason for the inability to enter the site.
Employees should all be given alternatives for continuing to work amid the health crisis.
In the case of employees, it is paramount that alternative working methods be considered such as remote work due to the disruption of one’s personal and private life due to this test that may be automated or carried out by machine or on-site personnel. These protocols allow persons to have minimal disruption in their life, while taking full advantage of health screenings and temperature checks without any privacy issues.
It is imperative that devices used for temperature checks be maintained and recalibrated on a regular basis.
It is also important to note that due to the fact that the threshold for the COVID-19 temperature is within a 1 degree C margin of error, recalibration and maintenance on these automated or more complex temperature reading devices must be carried out regularly, and by qualified personnel. Again, these technologies must not be connected to any cloud storage or filing system and all of the readings must be done in live time with the aid of a person who is not simply viewing the data, but is qualified to understand, and to scrutinise any error that the machine may make, as it is unconstitutional by the charter freedoms of the European Union to let an automated machine make those level of decisions without human input. Therefore, it is paramount that someone is there to verify and clarify the results gathered by these machines.
Does your company have all of the mandated safeguards in place to ensure compliance with the GDPR and Data Protection Act 2018 during the COVID-19 pandemic? Aphaia provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.
- TikTok fined by Dutch DPA - July 29, 2021
- Case between Schrems and Facebook intensifies as further questions are raised - July 27, 2021
- Facebook and WhatsApp data sharing requires further investigation, says EDPB - July 22, 2021