10/03/2020. “The Norwegian Data Protection Agency receives many queries about coronavirus and privacy, especially in connection with working life.”
The privacy regulations have rules recognising that employers may process special categories of personal data when necessary to fulfil the duties or rights under the labour legislation. When it comes to the coronavirus, it is important to note the following:
– Information that an employee has returned from a so-called “risk area” should not be considered as information concerning the employee’s health.
– Information that someone has been quarantined (without giving further details of the cause) should not be considered information concerning the health of the employee.
To the extent deemed necessary to ensure a proper working environment, the employer may provide information, within the company, that an employee is infected or quarantined. He or she must in any case ensure that the “integrity and dignity of the employee is maintained. “Use common sense in collaboration with those affected (ibid).”
Datatilsynet Norway considers that the employer must not disseminate information about infected and/or quarantined employees to third parties. The message to third parties who wish to contact infected or quarantined employees should basically be that the employee in question is absent or unavailable.