I. Context

When we approach the subject of data protection, it is important to bear in mind that it has been subject, in recent years, to an increasingly strong tutelage by the law.

Since its collection, for which it is necessary the express and informed consent of the holders, continuing during the term of the contracts, suppliers of goods and services, have adjusted their processes in order to ensure that the data processing is carried out in strict compliance with the stipulated in the European General Data Protection Regulation (GDPR), in force since 25 May 2018 - Regulation (EU) 2016/679 of the European Parliament and of the Council and its respective implementing law - Law No. 58/2019, of August 8 and opinions issued by the National Data Protection Commission (CNPD).

Less than two years later, during the state of emergency, due to public health imperatives, several rights were suspended, including that of the protection of personal data, as can be seen in the declaration of the European Committee for Data Protection (CEPD) delivered on March 19 of the current year. In the Portuguese legal system this same situation is expressly provided for in paragraph h) of Article 4 Decree of the President of the Republic no. 17-A / 2020, of April 2 available here.

It is important to reflect on the challenges that now arise in the context of discharge, with the subsequent need to manage the increased risk of contagion, on the one hand, and to adopt, on the other, measures that allow the gradual recovery of the economy.

II. Workplace

Specifically, regarding the return of workers to work in the employers' establishments, several measures will be implemented, namely of a sanitary nature, in accordance with the indications of the General Directorate of Health, however in this article I address one of the measures that most doubts have arisen and that it refers to the possibility of measuring workers' body temperature for access to the workplace.

This measure is legally provided for in Decree-Law no. 20/2020, of May 1, which approves exceptional and temporary measures in the context of COVID-19, introducing changes to Decree-Law no. 10-A / 2020, of March 13, specifically with regard to the implementation of the standard contained in the respective Article 13-C, which, for the purposes of controlling contagion / minimizing risks, makes it possible to measure the body temperature of workers.

The legislator considers this measure justified by the fact that there are still contagious situations, the impossibility of predicting the end of the pandemic, and, consequently, the need to avoid a situation of regression in terms of virus transmission.

Notwithstanding to the above, it is important to keep in mind the following:

• Measurement of temperature is permitted, but not recording it, which is only possible with the consent of the worker. I question: is this consent in the worker's availability? And to what extent?

• From the reading of the standard, we are left with the idea that we are facing two distinct moments: the temperature measurement and the subsequent registration, with only the latter being considered as processing of personal data, therefore requiring authorization . It happens, however, that the measurement of the worker's temperature already constitutes a processing of personal data that implies obtaining consent, if this is admissible as mentioned above.
• As a result of the temperature, the worker may be prevented from accessing the workplace, but then what? What happens next? What measures should the company take with regard to that worker?
• Furthermore, the high temperature is not, per se, an element from which it can be inferred, without a doubt, that the person has COVID-19, which may be due to many other situations. And more: if there are cases of asymptomatic infection, can we not create a situation of absence of parity among workers
• And what are, in this context, the guarantees of workers? Where does the full explanation of the conditions under which this measurement can take place appear?

In view of the above, it is reiterated that the subsequent steps to be taken by the employer are not even foreseen, nor what the worker should do who, in addition to being the target of an extremely invasive measure of his privacy, is prevented to carry out their professional activity, and, who knows, subject to situations of discrimination in the workplace.

CNPD was not consulted regarding this measure, and it should also be noted that, prior to the respective approval, it drew attention to the need to safeguard workers' right to privacy, even in this pandemic context.

This entity has already manifested its disagreement with the approved legislation, having advised workers not to give any personal information without being fully informed either as to the need, as to the type of use and the measures that the employer intends to take in view of the information that intends to obtain, and several complaints from workers on this issue are already being analysed.

In this respect it is important to bear in mind the indications of the European Committee for Data Protection (CEPD), available for consultation here, which addresses the issue of the impact of COVID-19 on data processing and stresses that there is no need to seek an answer effective to the crisis to the detriment of protecting our fundamental rights, but rather to create conditions for the respective coexistence and that, with regard to industrial relations, stresses that the principle of proportionality and minimization of the processing of personal data must be applied.

It is, therefore, about finding the best possible way to live this pandemic context, bearing in mind the need to continue to safeguard the fundamental respect for the dignity of the human person, for their rights, freedoms and guarantees, one of them being the right to privacy of personal data, as enshrined in Article 35 of our Constitution.

III. Apps designed to track people with COVID – 19

Finally, a brief reference to apps under development to allow “tracking” people with COVID-19, namely “Stay Away”.

The accessible information about this application is that it serves to track, supposedly, anonymously, through “Bluetooth” or “Wi-Fi”, people infected by COVID-19, allowing to know if the user is in contact with and the records are kept for a period of 14 (fourteen) days.

As of today, the application is still being tested and analyzed by CNPD and the National Cybersecurity Center, and the evaluation process is expected to end later this month.

We now have the possibility (necessity?) to build a different future, the possibility to change the molds in which our social life takes place, but the question that needs to be asked is whether we want to build walls, "stay away", or, on the contrary, building bridges, using our intelligence to overcome the challenges that arise, as, indeed, we have been doing, laying the foundations for a social coexistence more based on solidarity and inclusion than on exclusion.