ARTICLE
9 April 2020

Privacy Aspects Of Covid-19 In Russia

N
Noerr

Contributor

Noerr logo
Firm in Russia. Since the Moscow office opened in 1994, Noerr has established a strong reputation for highly complex corporate and commercial work in Russia. A strong team of 25+ Russian and international experts (including 9 partners) provides a multitude of corporate clients with premium full service advice on all legal and tax matters of their Russian businesses. In 2019 Noerr celebrates its 25-years anniversary in Russia.
The Covid-19 pandemic has created new legal challenges for many businesses worldwide.
Russian Federation Privacy

The Covid-19 pandemic has created new legal challenges for many businesses worldwide. However, certain aspects of privacy law still have to be complied with, despite the difficult situation in the market. This poses additional challenges to businesses struggling in the new, rapidly changing environment. Recently, the Russian data protection authority (Roskomnadzor) clarified how employers could monitor the health status of their employees in compliance with Russian privacy law.

Due to the spread of Covid-19, employers are obliged to measure the body temperature of their employees in order to detect sick employees and therefore limit their access to work. From a privacy law angle, body temperature counts as health data, which in turn is considered a special category of personal data (sensitive data). Collection of such personal data can only be done subject to the handwritten consent of the relevant employee, or if otherwise allowed by employment legislation. The Russian Labour Code states that employers may not collect health data from their employees unless such data is necessary for deciding whether an employee can perform their job. In that case, no consent is required.

Furthermore, Roskomnadzor clarified the situation with respect to measuring the body temperature of company visitors who are not employed by the company they are visiting. In such cases, consent to the collection of health data is given by implied conduct (i.e. the intention to visit the company). No consent would be necessary in that case either. However, the company measuring visitors' body temperature would have to provide a proper notice to the visitors that their body temperature will be monitored if they visit the company.

Finally, Roskomnadzor emphasised that the body temperature data collected must be deleted within one day, since the purpose of processing has been achieved.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Find out more and explore further thought leadership around Privacy Law and Privacy Regulations

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More