Data ProtectionPrivacy

Privacy guidelines on Covid-19 vaccinations in the workplace in Italy by the Garante

The privacy authority issued guidelines on how to process personal data as part of Covid-19 vaccinations in the workplace in Italy.

The Government will soon allow the ability to perform Covid-19 vaccinations in the workplace in Italy. Such a practice leads to issues in the collection of employees’ decisions to join the vaccination process. Consequently, the Garante issued specific privacy guidelines on vaccinations in Italy whose main contents can be summarized as follows:

  1. Employers cannot be aware of who is adhering to the vaccination ❌
  2. Occupational doctors are the data controllers and must manage adhesions and special precautions must be taken if adhesions are collected through the employer’s platform ✅
  3. Employees’ consent is not a solution to enable access to information by employers, considering the imbalance in the employer-employee relationship ❌
  4. The legal basis of the data processing is the necessity for the purposes of preventive or occupational medicine 🆘

So how should employees’ adhesions be managed? Innovative solutions are being developed, but we must remember the rigid position of the Italian data protection authority on the concept of anonymous data, and the need not to discriminate against employees who do not proceed to vaccination.

Indeed, Covid-19 vaccinations are still not compulsory, and only a primary law might introduce this change.  In absence of a specific law imposing vaccinations, employers have their hands tied.  But, again, occupational doctors might help in determining the unsuitability of the workplace to accept unvaccinated individuals. Even under such a scenario employers would not be aware of which employees were vaccinated but shall be informed by occupational doctors of which employees are unsuitable to access to the workplace.

It can look like walking on the eggs. But the potential discrimination that might arise from information on the vaccination status makes it even more paramount to limit access to that information.

The position of the Italian data protection authority is in any case consistent with the approach taken in the past on “FAQs on Covid-19 vaccination of employees“.

Don't miss our weekly insights

Show More

Giulio Coraggio

I am the location head of the Italian Intellectual Property & Technology department and the global co-head of the IoT and Gaming and Gambling groups at the world-leading law firm DLA Piper. IoT and artificial intelligence influencer and FinTech and blockchain expert, finding solutions to what's next for our client's success.

Related Articles

Back to top button