IP - 07121-1/2020/1159

From GDPRhub
Revision as of 07:51, 7 September 2020 by MB (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=Slovenia |DPA-BG-Color= |DPAlogo=LogoSE.png |DPA_Abbrevation=IP |DPA_With_Country=IP (Slovenia) |Case_Number_Name=07121-1 / 2020/1159 |ECLI=...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
IP - 07121-1 / 2020/1159
LogoSE.png
Authority: IP (Slovenia)
Jurisdiction: Slovenia
Relevant Law: Article 6 GDPR
Type: Advisory Opinion
Outcome: n/a
Started:
Decided: 23.08.2020
Published:
Fine: None
Parties: n/a
National Case Number/Name: 07121-1 / 2020/1159
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Slovenian
Original Source: Information Commissioner's website (in SL)
Initial Contributor: n/a

In a non-binding opinion, the Slovenian data protection authority (Information Commissioner) held that employers are not permitted to process employees' personal data to monitor their compliance with imposed quarantine.

English Summary

Facts

The Information Commissioner had been asked, if employers are allowed to supervise the compliance with quarantine imposed on their employees (especially those from Serbia, Bosnia and Herzegovina and Kosovo).

Dispute

Holding

The Information Commissioner


Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Slovenian original. Please refer to the Slovenian original for more details. 

Date: 23.07.2020
Title: Supervision of quarantine by the employer
Number: 07121-1 / 2020/1159
Subject matter: Employment relations, Medical personal data
Legal act: Opinion

On 29 June 2020, we received your question from the Information Commissioner (IP) on whether the company-employer can supervise the implementation of quarantine imposed on their employees (especially those from Serbia, Bosnia and Herzegovina and Kosovo). The control would be carried out by security guards in the company.

On the basis of the information you have provided to us, in accordance with Article 58 of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data Directive 95/46 / EC (hereinafter: the General Regulation on Data Protection), point 7 of the first paragraph of Article 49 of the Personal Data Protection Act (Official Gazette of the Republic of Slovenia, No. 94/07-UPB1, hereinafter ZVOP-1) and Article 2 of the Information Commissioner Act (Official Gazette of the Republic of Slovenia, No. 113/05, hereinafter ZInfP) provides our non-binding opinion on your issue.


Quarantine control by the employer in terms of the processing of personal data (eg systematic personal control at home with recording of findings or control via mobile applications) is not permitted. However, it is permissible for the employer to become acquainted with the fact and proof that the employee has been ordered quarantined and with other information regarding the ordered quarantine, which is important for the exercise of rights and obligations arising from the employment relationship. and specific restrictions).



Explanations:

In the case of employer control in the sense of systematic monitoring of quarantine enforcement (eg visits by authorized workers at home or monitoring of movement via mobile applications), which involves the processing of personal data, such control is not permissible or no legal basis, e.g. in Article 48 of ZDR-1 or in point (b) or (f) of the first paragraph of Article 6 of the General Regulation on Data Protection. The reasons for this are in particular:
• Supervision over the observance of the ordered quarantine or data related to the observance of quarantine are in principle not necessary for the exercise of rights and obligations arising from the employment relationship. In other words, non-compliance with the ordered quarantine is not in itself a violation of the employment relationship or the employee's obligations in this area, and therefore in principle has no direct consequences for the employment relationship;
• In relation to quarantine, the employer only needs proof that the quarantine has been ordered and the related necessary information (eg start or duration, conditionally location of execution and order, reasons for the order and special restrictions) necessary for the assessment of rights and obligations (eg to assess whether force majeure is given and whether there are reasons for termination of employment in exceptional cases, for planning or organizing work, for calculating the salary);
• Violation of quarantine can be sanctioned in the field of administrative law and supervision can only be carried out by a competent state body, as it is an administrative measure;
• In the case of quarantine, this is not the same situation as in the case of sick leave due to illness or isolation, and therefore there are no obvious reasons for allowing supervision by analogy with sick leave of up to 30 days. Quarantine is not the exercise of a worker's right (eg in the field of health insurance), but a coercive measure in the public interest that does not depend on the will of the worker and by not respecting quarantine the worker does not "cheat" or play justified absences from work. as is possible in certain cases in sick leave.

From the point of view of personal data protection, only informal contacts with a quarantined worker are allowed, which are not carried out in the manner of systematic and documented supervision.

Best regards,


Prepared:
mag. Urban Brulc, Univ. dipl. right.
independent IP consultant

Mojca Prelesnik, B.Sc. dipl. right.
Information Commissioner
Retrieved from "https://gdprhub.eu/index.php?title=IP_-_07121-1/2020/1159&oldid=11248"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki