On the Way

It was "on the way," with persistence, determination and never giving up, that this office emerged and developed, creating connections with people who believed in us and the strength of our work.

Let's continue on the way!

COVID-19: Impact on the protection of personal data in the workplace

Andreia Alexandre - 16 June 2020

I. Context

When we approach the subject of data protection, it is important to bear in mind that it has been subject, in recent years, to an increasingly strong tutelage by the law.

Since its collection, for which it is necessary the express and informed consent of the holders, continuing during the term of the contracts, suppliers of goods and services, have adjusted their processes in order to ensure that the data processing is carried out in strict compliance with the stipulated in the European General Data Protection Regulation (GDPR), in force since 25 May 2018 - Regulation (EU) 2016/679 of the European Parliament and of the Council and its respective implementing law - Law No. 58/2019, of August 8 and opinions issued by the National Data Protection Commission (CNPD).

Less than two years later, during the state of emergency, due to public health imperatives, several rights were suspended, including that of the protection of personal data, as can be seen in the declaration of the European Committee for Data Protection (CEPD) delivered on March 19 of the current year. In the Portuguese legal system this same situation is expressly provided for in paragraph h) of Article 4 Decree of the President of the Republic no. 17-A / 2020, of April 2 available here.

It is important to reflect on the challenges that now arise in the context of discharge, with the subsequent need to manage the increased risk of contagion, on the one hand, and to adopt, on the other, measures that allow the gradual recovery of the economy.

II. Workplace

Specifically, regarding the return of workers to work in the employers' establishments, several measures will be implemented, namely of a sanitary nature, in accordance with the indications of the General Directorate of Health, however in this article I address one of the measures that most doubts have arisen and that it refers to the possibility of measuring workers' body temperature for access to the workplace.

This measure is legally provided for in Decree-Law no. 20/2020, of May 1, which approves exceptional and temporary measures in the context of COVID-19, introducing changes to Decree-Law no. 10-A / 2020, of March 13, specifically with regard to the implementation of the standard contained in the respective Article 13-C, which, for the purposes of controlling contagion / minimizing risks, makes it possible to measure the body temperature of workers.

The legislator considers this measure justified by the fact that there are still contagious situations, the impossibility of predicting the end of the pandemic, and, consequently, the need to avoid a situation of regression in terms of virus transmission.

Notwithstanding to the above, it is important to keep in mind the following:

  • Measurement of temperature is permitted, but not recording it, which is only possible with the consent of the worker. I question: is this consent in the worker's availability? And to what extent?
  • From the reading of the standard, we are left with the idea that we are facing two distinct moments: the temperature measurement and the subsequent registration, with only the latter being considered as processing of personal data, therefore requiring authorization . It happens, however, that the measurement of the worker's temperature already constitutes a processing of personal data that implies obtaining consent, if this is admissible as mentioned above.
  • As a result of the temperature, the worker may be prevented from accessing the workplace, but then what? What happens next? What measures should the company take with regard to that worker?
  • Furthermore, the high temperature is not, per se, an element from which it can be inferred, without a doubt, that the person has COVID-19, which may be due to many other situations. And more: if there are cases of asymptomatic infection, can we not create a situation of absence of parity among workers
  • And what are, in this context, the guarantees of workers? Where does the full explanation of the conditions under which this measurement can take place appear?

 

In view of the above, it is reiterated that the subsequent steps to be taken by the employer are not even foreseen, nor what the worker should do who, in addition to being the target of an extremely invasive measure of his privacy, is prevented to carry out their professional activity, and, who knows, subject to situations of discrimination in the workplace.

CNPD was not consulted regarding this measure, and it should also be noted that, prior to the respective approval, it drew attention to the need to safeguard workers' right to privacy, even in this pandemic context.

This entity has already manifested its disagreement with the approved legislation, having advised workers not to give any personal information without being fully informed either as to the need, as to the type of use and the measures that the employer intends to take in view of the information that intends to obtain, and several complaints from workers on this issue are already being analysed.

In this respect it is important to bear in mind the indications of the European Committee for Data Protection (CEPD), available for consultation here, which addresses the issue of the impact of COVID-19 on data processing and stresses that there is no need to seek an answer effective to the crisis to the detriment of protecting our fundamental rights, but rather to create conditions for the respective coexistence and that, with regard to industrial relations, stresses that the principle of proportionality and minimization of the processing of personal data must be applied.

It is, therefore, about finding the best possible way to live this pandemic context, bearing in mind the need to continue to safeguard the fundamental respect for the dignity of the human person, for their rights, freedoms and guarantees, one of them being the right to privacy of personal data, as enshrined in Article 35 of our Constitution.

III. Apps designed to track people with COVID – 19

Finally, a brief reference to apps under development to allow “tracking” people with COVID-19, namely “Stay Away”.

The accessible information about this application is that it serves to track, supposedly, anonymously, through “Bluetooth” or “Wi-Fi”, people infected by COVID-19, allowing to know if the user is in contact with and the records are kept for a period of 14 (fourteen) days.

As of today, the application is still being tested and analyzed by CNPD and the National Cybersecurity Center, and the evaluation process is expected to end later this month.

We now have the possibility (necessity?) to build a different future, the possibility to change the molds in which our social life takes place, but the question that needs to be asked is whether we want to build walls, "stay away", or, on the contrary, building bridges, using our intelligence to overcome the challenges that arise, as, indeed, we have been doing, laying the foundations for a social coexistence more based on solidarity and inclusion than on exclusion.

COVID-19: Estado de emergência - principais medidas e exceções

9 November 2020

COVID-19: Impact on Leases

29 June 2020

COVID-19: Seguros de Crédito e Caução

24 June 2020

Bank Guarantee: Should the Bank refuse payment?

8 June 2020

COVID 19: Revocation of Judicial Deadlines Suspension

1 June 2020

Covid-19: We will continue on the way

29 May 2020

Offical Statement | Covid 19 Contingency Plan

13 March 2020

28 Years of Practice

29 January 2020

Christmas Lunch 2019

16 December 2019

National Minimum Wage 2020

21 November 2019

Artificial Intelligence and the Future of Work

8 November 2019

Open day

25 September 2019

Networking Conference

24 September 2019

Inventory Processes return to the courts

13 September 2019

The Right to Durable Housing

5 September 2019

New extended deadline for mandatory electronic registration for legal persons

28 June 2019

Segurança de informação

28/05/2019

Mandatory electronic registration for legal entities up to 30/06/2019 (extended period)

6 May 2019

Appointment of Data Protection Officer

3 April 2019

GDPR Continuity Plan

15 March 2019

Iberian Conference on Fintech: new business models and legal challenges

13 February 2019

Website Launch

1 February 2019

Christmas Lunch

21 December 2018

Events and News

Implementation of GDPR

12 September 2018
Please note, your browser is out of date.
For a good browsing experience we recommend using the latest version of Chrome, Firefox, Safari, Opera or Internet Explorer.