2020 – the year in which hair clippers, thermometers and garden furniture were searched most on Google, behind, of course, the C word. COVID19 has flipped our whole world upside down, resulting in everything from stock piling to coining the word ‘Furlough’ to the mandatory Zoom pub quiz; but what has it meant in the world of Data Privacy?
In addition to the Data Privacy challenges that contact tracing has presented, the increased use of thermal cameras and electronic temperature checks, in a bid to return to a semblance of normality, has sparked conversations regarding whether or not this is compliant with GDPR. The German Data Protection Authority has published its own position on the matter and, despite voicing general criticisms, the DSK considers the use of thermal cameras in the workplace to be admissible, provided that the requirements laid down in Articles 25 and 32 are complied with:
· Article 25: “Data Protection by Design and Default”
· Article 32: “Security of Processing”
In order to ensure compliance with these requirements, the DSK recommends the following:
Capture only certain body parts, such as the forehead and inner angles, as capturing the whole body is not necessary.
High measuring accuracy
Define a threshold value to trigger capture by the camera (i.e., configure the camera in such a way that recordings are only taken if it detects an increased temperature).
Employ security personnel to oversee the thermal cameras.
German DPAs further note that body temperature checks cannot be based on consent under the GDPR because it usually difficult for consent to be freely given (in particular, in employment) and informed.
While German DPAs consider that electronic temperature checks followed by documentation or recording are subject to the GDPR, they indicate, however, that body temperature checks, which are operated manually and are not followed by registration, documentation or other processing of personal data might be not subject to the GDPR.
This is yet another example of how, in our increasingly data-driven world, Data Privacy is present in every aspect of our lives. Here’s hoping that the compliant tracking of health data will lead to a near future return to the normality which we all crave so badly.