Tue, Dec
55 New Articles

COVID-19, Employers and Employees – Between Health Protection and Personal Data Protection

COVID-19, Employers and Employees – Between Health Protection and Personal Data Protection

  • Smaller Small Medium Big Bigger
  • Default Helvetica Segoe Georgia Times

COVID-19 pandemic has undoubtedly brought significant changes not only to the everyday life of citizens but also to the operations of business entities, i.e. to the way of establishing and conducting the work process.

One of the current issues, i.e. a question which is lately often asked, is the permissibility and justification of so-called COVID passes, especially in the context of their introducing as a condition for employees to access their workplaces. Namely, on the one hand, the employer’s interest is to ensure the stable running of the work process, while also having the liability to organize it in a way that provides safety and protection of life and health at work, whereby, on the other hand, the employee’s interest is not only protection of its health at work, but also protection of its personal data, and especially the prevention of discrimination based on its health condition.

At a very first glance, it is clear how complex the topic of conditioning the accession of employees to the work by undertaking an inspection of the certificate on vaccination against COVID-19, recovery from illness or negative test result is, i.e. from how many different angles (both legal and those of ethical and practical nature) it is necessary to consider it in order to give a certain judgment thereof.

In this text, we will try to make a brief look at the aforesaid issue from the aspect of regulations of the Republic of Serbia governing personal data protection.

What Does the Act on Personal Data Protection say?

We believe that – even to a legal layman – it is apparent that data on immunization, recovery from illness, or test results on COVID-19 represent personal data in sense of the Act on Personal Data Protection (Official Gazette of RS, no. 87/2018) (the “APDP”). Also, making insight into this type of data represents the processing of personal data in terms of this regulation. In addition to the above, it is important to note that data on health status (physical or mental health and provision of health services) represent a special type of personal data, subject to very restrictive processing rules. In other words, it is necessary to meet, i.e. acquire multitude conditions in order for it to be lawful.

Thus, the APDP stipulates that personal data must be collected for purposes that are specifically determined, explicit, justified, and lawful and that it cannot be processed in a manner that is not in accordance with those purposes, as well as that processing is lawful (among other cases) only if it is necessary in order to pursue the legitimate interests of the controller (or a third party) unless those interests are overridden by the interests or fundamental rights and freedoms of the data subject requiring the protection of personal data (especially if the data subject is a minor). The APDP also sets out the so-called principle of minimization of personal data, meaning that data must be appropriate, relevant, and limited to what is necessary in relation to the purpose of processing. In addition to the above, the APDP explicitly provides for cases in which the processing of individuals’ health data is allowed.

What Can We Conclude from the Above?

It is clear, therefore, that the answer to the question of whether – from the APDP and other domestic regulations with regards to the personal data protection point of view – employers can condition employees to come to work by inspecting their certificate on vaccination against COVID-19, recovery from illness or negative test result, cannot be uniform, but depends on numerous circumstances of the specific case, such as the nature of the employer’s business activity, a number of active COVID-19 cases in the relevant area, measures prescribed by the competent authorities which are in force in a particular moment, etc.

Additionally, we emphasize that except for the position that processing of data on the health status of employees can be done only in accordance with the acts of competent authorities related to the pandemic and with full respect for the principles of data processing pursuant to the APDP, at the moment there is no relevant practice of domestic competent authorities thereof.

What Can We Do?

Having in mind all the above, it remains to be seen whether – given the frequency and importance of this issue – the appropriate guidelines of competent authorities will be enacted in the coming period, as well as what specific solutions will arise out of the practice of business entities in these unquestionably specific circumstances.

This article is to be considered as exclusively informative, with no intention to provide legal advice. If you should need additional information, please contact us directly.

By Lara Maksimovic, Senior Associate, PR Legal

Serbia Knowledge Partner

The oldest full service commercial law firm in Serbia, founded in 1991, JPM with three decades of experience in assisting local and international businesses presence and growth not only in Serbia but throughout the SEE region.

We have accumulated a wealth of knowledge in every industrial and corporate sector, from energy to banking, transport, manufacturing and telecommunications, while remaining true to a pioneering spirit that has always drawn us to follow the latest trends and developments in providing of our services to clients. Today we use the latest legal tech available in serving our clients and are expanding our services to clients from growing industries such as renewable energy, IT and life sciences, by offering innovative solutions and a pro-active approach to broaching new grounds.

Our expertise, experience, and commitment to professional excellence mean we are routinely involved in landmark cases and transactions, while our high standing among clients and peers sees us ranked among the leading law firms by independent guides such as Chambers & Partners, Legal 500, and IFLR1000.

We are known for working closely with clients and treating their problems as our own. Our lawyers pride themselves on being team players, fast and available, specialised in terms of practice area and industry, but versatile and creative in their thinking. We believe our advice should be tailor-made and that even the thorniest issue has a legal solution.

Our membership of Lex Mundi (the world’s premiere network of independent law firms) and the TLA (a regional alliance of leading firms from Slovenia, Croatia, Bosnia and Herzegovina, Montenegro, North Macedonia, and Serbia) means we have close working relationships with first-rate firms throughout the region and around the world, enabling us to operate as the perfect hub for SEE and other multi-jurisdictional transactions.

Firm's website: http://jpm.rs/

Our Latest Issue