13 July 2020

Should you use thermal scans to check your employees or customers for COVID-19?

Millions of workers are heading back to offices, factories, and shops as Britain slowly emerges from lockdown.

Now, companies and organisations are facing a dilemma: should they use body temperature cameras to attempt to screen staff and customers who might have COVID-19 symptoms?

If they do, could these organisations find themselves in hot water legally?

The short answer is, yes, they could. Here are the reasons why…

How could thermal scans come under the remit of the General Data Protection Regulation (GDPR)?

The French Council of State has just ruled on a case brought by a non-governmental organisation under the country’s code of administrative justice.

The NGO asked the courts to remove fixed and portable thermal cameras in municipal offices and schools in the city of Lisses which were being used to monitor the temperatures of staff, students, and citizens.

The French courts ruled that article four of GDPR applied (the taking of a temperature is processing) because people would be asked to leave if a high temperature was found, and their superiors or teachers would then have to be informed.

In other words, recorded high body temperatures did identify people, so they fell under the category of sensitive personal information.

The court ruled that processing individuals’ body temperatures was not legal and the city was ordered to remove the cameras.

So, how does that apply in the UK?

Article four of GDPR applies here in the same way that it does in France. So, organisations which use thermal cameras could face the same legal challenge.

Information which is held under GDPR also must have a legal basis for its collection, processing, and storage.

What would the legal basis for thermal cameras be? That’s a very grey area.

COVID-19 can be spread without symptoms such as a high temperature, so monitoring them isn’t necessarily an effective method of keeping employees safe.

In fact, the current system of calling in to self-certify when someone has symptoms or sending in a doctor’s note could be argued as being perfectly adequate for workplace safety, provided social distancing and other workplace measures are also in place.

Organisations could get consent for temperature scans from employees, visitors, and customers, but would all of them agree?

If someone didn’t, there would be no legal basis for collecting this data as it is classed as 'special category'.

As special category data, which includes medical details, political views, religion and ethnicity, there must also be stringent measures in place to ensure the data is secure and processed within the bounds of GDPR and the Data Protection Act 2018.

How could discrimination law apply?

There is also the possibility that monitoring temperatures when entering a building might be seen as discriminatory to certain employees.

For example, women undergoing the menopause often suffer from hot flushes which raise their temperatures.

They may well not wish to discuss their medical condition with their employer but might be singled out by temperature-measuring cameras as potentially suffering from coronavirus symptoms.

That could lead to some awkward, unwanted conversations with managers.

These women may feel that the use of the cameras is discriminatory, and an employee could file a claim against their employer even if they have not been at their workplace for two years as a case of discrimination exempts the employee from the qualifying period of employment needed to bring a claim.

So, before you decide to use thermal scans in your organisation, get professional advice about the legal basis for using them and how that is affected by data protection legislation.

If you need our expert advice, please call us on 029 2000 2339 or email contact@iolis-legal.com

Recent Posts

Will monitoring your home-working staff land your business in hot water?

Large scale working from home happened very quickly at the start of the COVID-19 pandemic, and many organisations didn’t have time to fully explore the impact this could have on working practices. Some businesses and organisations had already embraced the benefits of remote working for their employees. Others had been wary of it and had […]

Read more
The 7 easy ways you can avoid data protection in your business becoming a Halloween horror show...

I was working as a DPO, late one night,When my eyes beheld an eerie sight.For a monster problem began to riseAnd suddenly, to my surprise,There was a breach, a data breach.How far’d it reach, that data breach?Where did it reach? Don’t be left singing your own version of the Monster Mash this Halloween! There are […]

Read more
How could the right to be forgotten affect your amateur rugby or football club?

The General Data Protection Regulation was ground-breaking legislation in several ways. It brought data protection rules to filed paper documents, for example, and gave individuals a standard mechanism to request what data an organisation holds on them. Among the new rights it introduced was the right for individuals to ask to have their personal data […]

Read more
What are the 4 common data protection mistakes which could cost your business dearly?

Every business has a duty of care for the personal data of its customers, suppliers, and staff. The law enshrines it in the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the PECR, and any data breach must be reported to the relevant authorities, generally within 72 hours. In the UK, that’s […]

Read more
Five Reasons you should not use WhatsApp in your business

As a business, it is very convenient to use WhatsApp to communicate with your staff and to allow staff teams to communicate with each other. But could this easy and flexible communication tool land you in hot water? In short, the answer is yes, let’s look at some of the reasons why. Lawful basis for […]

Read more

Does your UK business need a mediator or support with data protection and GDPR? Tell us how we can help you.

Call us to start the conversation on 029 2000 2339 or email contact@iolis-legal.com

Contact us
25 October 2020
Will monitoring your home-working staff land your business in hot water?
Large scale working from home happened very quickly at the start of the COVID-19 pandemic, and many organisations didn’t have time to fully explore the impact this could have on working practices. Some businesses and organisations had already embraced the benefits…
Read More
25 October 2020
The 7 easy ways you can avoid data protection in your business becoming a Halloween horror show...
I was working as a DPO, late one night,When my eyes beheld an eerie sight.For a monster problem began to riseAnd suddenly, to my surprise,There was a breach, a data breach.How far’d it reach, that data breach?Where did it reach? Don’t be left singing your own version…
Read More
20 October 2020
How could the right to be forgotten affect your amateur rugby or football club?
The General Data Protection Regulation was ground-breaking legislation in several ways. It brought data protection rules to filed paper documents, for example, and gave individuals a standard mechanism to request what data an organisation holds on them. Among…
Read More
13 October 2020
What are the 4 common data protection mistakes which could cost your business dearly?
Every business has a duty of care for the personal data of its customers, suppliers, and staff. The law enshrines it in the General Data Protection Regulation (GDPR), the Data Protection Act 2018, and the PECR, and any data breach must be reported to the relevant authorities,…
Read More
25 September 2020
Five Reasons you should not use WhatsApp in your business
As a business, it is very convenient to use WhatsApp to communicate with your staff and to allow staff teams to communicate with each other. But could this easy and flexible communication tool land you in hot water? In short, the answer is yes, let’s look at some of the…
Read More
31 August 2020
What are the 5 things every employment solicitor needs to know about SARs?
Many employment law cases now begin with a Subject Access Request (SAR). The reason is that it’s a useful way for an employee or former employee to gain information for their case. Dealing with SARs is a specialised field of law for one excellent reason: it’s extremely…
Read More
© 2020 IOLIS Ltd. Reg. in England & Wales Num.11968202 For reg. address see contact details | Website designed, hosted, and maintained by Jötnar Systems