CORONAVIRUS AND DATA PROTECTION

Coronavirus and Data Protection

In the current health emergency situation, queries related to Coronavirus and Personal Data Protection Data Protection, are important.

Our headquarters in Valencia has analyzed the doubts raised by customers about the need to treat their employees’ data in case of testing positive for the COVID-19 coronavirus. in the event of testing positive for the COVID-19 coronavirus.

There are also doubts as to whether such processing complies with the guidelines imposed on us by data protection regulations. data protection regulations.

Preliminary data protection analysis 

There is no doubt that the European General Data Protection Regulation 2016/679 (hereinafter, GDPR), as well as the Organic Law on Personal Data Protection and Digital Rights Guarantees 3/2018 of December 5 (LOPD-GDD), lay the foundations for the lawfulness of processing.

Likewise, it is also determined which data are considered special category data, among which are those related to health.

Recital 46 of the GDPR establishes the lawfulness of processing in cases where such processing is intended to protect the essential interest for life of data subjects or other natural persons.

As an example, it would be valid when the processing is necessary for humanitarian purposes, including the control of epidemics and their spread. This principle of lawfulness based on the vital interest of the data subject is taken up in Article 6.1 d) of the GDPR.

Special data protection category data

What does it mean for personal data to be considered special category data?

First of all, the processing of this data is prohibited, in order to avoid situations of discrimination or that violate the dignity of the person.

However, there are exceptions to this general rule. Such prohibition may not apply in the following cases. For example:

— The data subject gives his explicit consent to the processing;

— The processing is necessary for the performance of the controller’s obligations in the field of employment, with appropriate safeguards and respect for the fundamental rights and interests of data subjects;

— When treatment is necessary for reasons of public interest in the field of public health, such as protection against serious cross-border threats to health.

— When necessary for purposes of preventive or occupational medicine, evaluation of the worker’s ability to work, medical diagnosis, provision of health or social assistance or treatment.

Don’t forget to comply with data protection

Any processing of health data must comply with the principle of purpose and proportionality, always respecting the protection of fundamental rights and freedoms of individuals.

To this end, the principle of data minimization will be applied, with the employer collecting data that is absolutely necessary to be able to adopt internal measures to safeguard the health of workers and reduce health risks in the workplace.

The principle of minimization of data retention will also apply, so that the data will not be kept longer than necessary.

The AEPD AEPD states in Report N/REF.0017/2020 in summary:

That in a health emergency situation, the application of personal data protection regulations would allow the controller to take those decisions that are necessary to safeguard the vital interests of individuals or the safeguarding of essential interests in the field of public health.

Recommendation

In these situations, the employer must adopt all the health measures determined by the competent authorities, without forgetting the data protection obligations , avoiding claims for inadequate treatment and possible sanctions.

If you have any doubts about how to handle your employees’ personal data in health emergency situations, please contact a reputable data protection consultancy or contact us at Business Adapter data protection in Valencia

Business Adapter’s Legal Department

Contact us, we will be pleased to help you.
error: Content is protected !!