Coronavirus checks are run by a large number of companies, but their privacy compliance has been rarely ascertained due to the urgency.<\/p>\n
Given the situation of emergency during the last days because of the spreading of the Coronavirus, I noticed the adoption by several companies of body temperature checks to be run and questionnaires to be filled in at the entrance of their building by any employee or visitor, with also surveys sent to suppliers to track their movements of the last days.<\/span><\/p>\n To help companies handling the current situation, below is a list of do\u2019s and don\u2019ts on privacy related matters connected to the management of Coronavirus checks:\u00a0<\/span><\/p>\n In the vast majority of cases, the collection of personal data is\u00a0not necessary<\/strong>, and the data collection might be unjustified under the data minimization principle. This approach has been recently\u00a0confirmed<\/a>\u00a0by the Garante, the Italian Data Protection Authority and\u00a0reiterated<\/a>\u00a0by the CNIL, the French privacy authority.<\/span><\/p>\n Even the mere display of the body temperature and the answer (even in case of negative answers) to a questionnaire\u00a0is a processing of personal data<\/strong><\/span>. Such data\u00a0are not anonymous since the collection occurs at the presence of the individuals, then identified or already known.<\/span><\/p>\n No<\/strong>, private companies are not in charge of investigating the movement of individuals; public authorities have to perform such activities.<\/span><\/p>\n Placing a notice at the entrance of the building and sending a communication to clients and suppliers indicating that if they either were at-risk areas or in contract with persons at risk or have flu symptoms or just fever or cough,\u00a0they<\/strong>\u00a0cannot<\/strong>\u00a0have<\/strong>\u00a0access<\/strong>\u00a0at the company\u2019s building<\/strong>, also encouraging smart working practices.<\/span><\/p>\n If the top management wants to protect the company against individuals that might not know that they are sick and might have access to the company\u2019s building,\u00a0make available some thermometers at the entrance of the building so that employees, suppliers, visitors can check their temperature themselves<\/strong>\u00a0without being seen by others and after having received the notice in point 1 above.<\/span><\/p>\n If the top management wants in any case to check the body temperature of employees, suppliers, or visitors at the entrance of the company\u2019s building, it is possible (but not recommended) to<\/span><\/p>\n have a medical practitioner at the entrance of the company\u2019s building. He\u00a0will provide his own privacy information notice and collect a privacy consent<\/strong>\u00a0to the processing of health data checking the temperature in an area of the building not visible by third parties and not recording the body temperature.\u00a0<\/span><\/p>\n I have read several comments from other privacy experts arguing that checks do not need consent from individuals since they might be based either on public interest or on the need to protect vital interests. However, public interest needs to be identified by a primary law that has to expressly authorize the data processing activities that \u2013 as far as I am aware of \u2013 has not happened. On the purpose to protect vital interests, I doubt that checks performed by private companies according to modalities that are determined at their discretion can meet the requirements provided by this legal basis.<\/p>\n","protected":false},"excerpt":{"rendered":" Coronavirus checks are run by a large number of companies, but their privacy compliance has been rarely ascertained due to the urgency.<\/p>\n","protected":false},"author":41,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_s2mail":"yes","site-sidebar-layout":"default","site-content-layout":"default","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"default","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"footnotes":""},"categories":[1],"tags":[14586,34,6],"class_list":["post-58632","post","type-post","status-publish","format-standard","hentry","category-general","tag-coronavirus","tag-data-protection","tag-privacy"],"_links":{"self":[{"href":"https:\/\/blogs.dlapiper.com\/iptitaly\/wp-json\/wp\/v2\/posts\/58632","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.dlapiper.com\/iptitaly\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.dlapiper.com\/iptitaly\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.dlapiper.com\/iptitaly\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.dlapiper.com\/iptitaly\/wp-json\/wp\/v2\/comments?post=58632"}],"version-history":[{"count":0,"href":"https:\/\/blogs.dlapiper.com\/iptitaly\/wp-json\/wp\/v2\/posts\/58632\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.dlapiper.com\/iptitaly\/wp-json\/wp\/v2\/media?parent=58632"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.dlapiper.com\/iptitaly\/wp-json\/wp\/v2\/categories?post=58632"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.dlapiper.com\/iptitaly\/wp-json\/wp\/v2\/tags?post=58632"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Top 3 don\u2019ts on privacy issues relating to Coronavirus checks<\/span><\/h2>\n
1. Is it possible to collect information on movements, pathologies, or temperature of employees, suppliers, or visitors?<\/span><\/h5>\n
2. Is the detection of temperature and the collection of answers to a questionnaire at the presence of employees, suppliers, or visitors processing of personal data? Are collected data anonymous?<\/span><\/h5>\n
3. Is it possible to investigate movements, contacts, and health conditions of employees, suppliers, or visitors?<\/span><\/h5>\n
Top 3 do\u2019s on privacy issues relating to Coronavirus checks<\/span><\/h2>\n
1. Informing individuals<\/span><\/h5>\n
2. Let individuals running checks themselves<\/span><\/h5>\n
3. Ensure privacy compliance of processing of personal data<\/span><\/h5>\n