After a full year into the COVID-19 pandemic governments around the world are allowing businesses to reopen within a new framework of health and safety regulations. In Georgia it is now mandatory for businesses to perform temperature screenings at all public venues, including entertainment and hospitality sector. In this sense, businesses are trying to adapt to new regulations and look for optimal solutions to identify potential cases of the virus and prevent contracted individuals from accessing public areas. As a result, the demand for thermal screening cameras has increased at a rapid rate. While the thermal cameras are indeed a convenient solution to comply with the health and safety regulations, this entails processing of a sensitive personal data and gives rise to concerns related to personal data protection (PDP).
The Law of Georgia on Personal Data Protection (the Law on Personal Data) is the main legislation regulating the collection, storage and processing of personal data in Georgia. As a general rule, companies processing the personal data are bound to observe the constitutional rights and carry out processing without impugning the dignity and privacy of a data subject. In this sense, the processing of personal data is only permitted under limited circumstances, such as data subject’s consent, statutory duties and significant public interest. Moreover, the processing of specific category of data is permitted with the written consent of a data subject or in exceptional circumstances as set out in the Law on Personal Data. Notably, the data processor is bound to comply with the principles of fairness, proportionality, accuracy and adequacy throughout the processing.
While there are no major red flags related to the compatibility of thermal screening with PDP regulations, the companies considering to install the thermal cameras may wish to consider some of the aspects discussed in detail below.
- Deactivate any additional feature of the thermal camera not related to the screening of body temperature;
- Limit number of staff members authorized to access personal data to the extend necessary;
- Block any external network access to the computers connected to the thermal camera;
- Implement password-protection for computers connected to the thermal camera;
- Assign individual username and other credential to authorized staff members;
- Keep records of logging related to any action performed on the personal data.
Since the thermal screening is a relatively new phenomenon, there are no exhaustive guidelines on the proper implementation of the thermal cameras and the companies may have to grapple with individual cases. Nevertheless, the businesses are required to thoroughly understand utilized technology and observe applicable PDP regulations, as the pandemic continues to loom over our lives in 2021.