The Gibraltar Regulatory Authority (the “GRA”), as the Information Commissioner (the “Commissioner”) has today published a Guidance Note which provides information and guidance on the use of temperature checks on individuals in the fight against COVID-19.
In this Guidance Note the Commissioner identifies that there may be legal grounds for employers to check the temperature of their employees and for the authorities to carry out temperature checks at Gibraltar’s entry and exit points.
Carrying out temperature checks is a privacy intrusion, which can only be justified in very limited circumstances. It is important to note that in the case of the COVID-19 pandemic temperature checks could significantly impact the freedom of individuals, and that temperature checks may not necessarily be reliable as there are a variety of reasons that may cause fever and COVID-19 infected individuals do not always have fever.
The Commissioner empathises with businesses e.g. shops, that would like to check the temperature of visitors to their premises, but considers temperature checking visitors (e.g. customers) could be excessive and possibly in breach of data protection law. The Commissioner has concerns about the proportionality of temperature checking visitors, particularly if their use is widespread as this may lead to unfair restrictions, taking into account the limited reliability of temperature checks. When used, organisations should give careful consideration prior to the deployment of equipment which checks the temperature of individuals and should be able to demonstrate why temperature checking visitors is absolutely necessary.
The Commissioner will monitor developments and review his guidance where necessary. Consideration will be given to any directions or advice given by national health authorities or other relevant bodies such as the World Health Organisation in relation to the use of temperature checks in the fight against COVID-19.
This guidance note is available on the data protection section of the GRA’s website – https://www.gra.gi/data-protection/general-data-protection-regulation.