The EU’s institutional data protection watchdog has called for caution in the continuing employment of body temperature checks across EU buildings, saying that some operations involved in this process “may constitute an interference into individuals’ rights to private life.”
The comments came just days after the European Commission added an entry into its data protection register, disclosing the fact that temperature controls have been out in place at Commission sites in Brussels and Luxembourg, in a bid to stifle the spread of the coronavirus within EU institutions.
The European Parliament, meanwhile, has had mandatory temperature checking formalities in place since June.
“Systematic body temperature checks of staff and other visitors to filter access to EUIs premises may constitute an interference into individuals’ rights to private life and/or personal data protection,” read a Monday (September 1) statement from the European Data Protection Supervisor, headed by Wojciech Wiewiórowski.
“The EDPS observes that body temperature checks can be implemented through a variety of devices and processes that should be subject to careful assessment.”
Moreover, in a series of guidelines published by the EDPS on Monday, the body notes that in general, body temperature checks not involving the registration, documentation or other processing of an individual’s personal data are not, in principle, subject to the scope of EU data protection rules.
However, other systems of temperature checks, “operated manually and followed by registration, documentation or other processing of an individual’s personal data, or systems operated automatically with advanced temperature measurement devices,” would fall under the scope of the EU’s general data protection regulation (GDPR).
And in a further warning against the potential employment of automated technologies in temperature checks, the EDPS stated that fully automated checks should only be ever used on a voluntary basis, with the individuals’ explicit prior consent.
Commission’s data protection register
In an August 28 entry into the European Commission’s data protection officer’s register, new formalities were filed on the use of temperature checking operations for entry into Commission sites.
The executive disclosed that the procedure is being carried out by trained but non-medical staff, for example, security guards, employing an automated zero-touch method which allows for the necessary social distancing rules to be abided by.
For readings which consecutively display temperatures above 37.7°C, the individual will be denied access to the building. The name of that person, their personal or medical data is not recorded, stored, or transferred to the Commission’s medical service.
In June, the European Parliament began rolling out mandatory temperature checks at its institutional sites in Belgium, France and Luxembourg, despite concerns emanating from certain national data protection authorities at the time, with the Dutch authority stating in May that body temperature checks should be considered a form of personal data.
[Edited by Zoran Radosavljevic]