The GRA has today issued guidance on temperature checking in the context of an increase in the practice of checking the temperature of employees and visitors as a result of the Covid-19 pandemic.
The guidance note indicates that "A data protection impact assessment is likely to be necessary, particularly where large numbers of individuals are being checked. The Commissioner strongly recommends the publication of data protection impact assessments.'
In the event that businesses, already struggling under the weight of a collapsed demand and the very bleak prospects for a pickup in business for at least a few months after we emerge from this (and we've not yet come close to that), will businesses opt for the path of least resistance and not temperature check visitors at all?
Could this be, therefore, indirectly and potentially, 'death by data protection'?
The Commissioner empathises with businesses e.g. shops, that would like to check the temperature of visitors to their premises, but considers temperature checking visitors (e.g. customers) could be excessive and possibly in breach of data protection law. The Commissioner has concerns about the proportionality of temperature checking visitors, particularly if their use is widespread as this may lead to unfair restrictions, taking into account the limited reliability of temperature checks. When used, organisations should give careful consideration prior to the deployment of equipment which checks the temperature of individuals and should be able to demonstrate why temperature checking visitors is absolutely necessary.