A template for the US: German Employee Privacy and COVID-19

Posted by

Germany is far ahead of the U.S. in terms of data privacy and security, particularly in the workplace. While the COVID-19 pandemic offers new challenges around the use, protection and deletion of personal health data, the German Data Protection Authorities (DPAs), have offered guidance for a company’s use of their employees’ health data as they attempt to go back into the office. While Germans have a set of guidelines, the American’s have yet to understand or have a plan for where their data goes and how long it will be there. 

The recommendations are detailed, but in short, in Germany, employers can collect personal data of employees in order to prevent the spread of the virus in their workforce. Employers also may process personal data of workplace visitors for COVID-19 related purposes. However, all measures must be proportionate. 

Furthermore, employees’ personal data must be deleted when the original purpose for processing no longer applies. For example, the name, contact information and body temperature should be deleted after 1 – 3 months if no cases of infection have become known to the employer.

As Americans attempt to go back to the office, or school or the lab, personal health data will need to be collected and stored as the COVID-19 pandemic continues. But where does that information go? How long does it stay there? Who sees it and for what purpose? If only there was a platform in the U.S. that could answer all those questions. There is and it’s called Rownd.