Communiqué from the Danish Data Protection Authority (Datatilsynet) on the protection of personal data and the coronavirus
According to the Danish legislation the limitations on the information that the employer can require from his employee are laid down in the labour and health laws.
Provided that the limits set out in the aforementioned legislation are respected, Datatilsynet states that as far as data protection regulations are concerned, an employer is entitled to disclose (and therefore process) information concerning himself,
– An employee has returned from the so-called “risk zones”.
– An employee is “quarantined” (no obligation to indicate the underlying reason)
Under certain circumstances, the authority says, it would also be lawful for the employer to treat and store information regarding the infection by one of its employees, in order to take appropriate measures to prevent the spread of the virus to other employees.
However, it is important to note that the recording or disclosure must be effective, and the information recorded and disclosed must be limited to what is necessary. Therefore, the employer should consider:
– Whether there is a good reason to record or disclose the information in question
– Whether it is necessary to specify the information, even if the purpose can be achieved “by counting less”.
– Whether it is necessary to name names, e.g. the name of the infected and/or quarantined person in the household.