Belgian airports fined €300,000 for checking passengers’ temperature during pandemic
Two Belgian airports face substantial fines for violating privacy law when they imposed temperature checks on passengers at the start of the coronavirus pandemic in 2020.
The Disputes Chamber of the Data Protection Authority fined Brussels Airport Zaventem €200,000 and Brussels South Charleroi Airport €100,000 for violations of the General Data Protection Regulation (GDPR), De Standaard reports.
The airports were using camera lanes to check passengers’ body temperature in 2020 in order to detect potential Covid-19 infections.
These checks took place in Zaventem between 15 June 2020 and January 2021, and for a further two-month period in Charleroi.
Passengers with a temperature of 38°C or more had to undergo a second check with a manual measurement and a medical questionnaire about Covid-19-symptoms. Those who showed symptoms were not allowed to enter the terminal.
Some 840,000 passengers were screened in Zaventem using this procedure.
The Data Protection Authority (GBA) sent inspectors to the airports where they were able to establish, among other things, that not only did the cameras briefly store photographs but also medical data was processed and stored during the second line check.
Brussels Airport says checks were necessary, but knew policy was contentious
Brussels Airport argued that the temperature screening was necessary because at that time there were no rapid tests to check whether passengers had Covid-19.
It pointed to an exception in the GDPR that says personal data can be processed for humanitarian reasons, such as monitoring an epidemic.
The case ended up at the Dispute Resolution Chamber, which concluded that there was no legal basis justifying the temperature checks, and a 'protocol' between the sector and the FPS Mobility had no force of law and wasn’t sufficient. A cited ministerial decree on the coronavirus measures was also deemed insufficient justification.
“We understand that companies have been hit hard by the pandemic and that they have had to take unprecedented emergency measures,” said Hielke Hijmans, chairman of the Dispute Resolution Chamber.
“However, the privacy rules are an essential protection for the rights and freedoms of individuals, and must therefore be respected.”
Brussels Airport knew in advance that there were problems with the policy in relation to privacy laws. A mandatory privacy assessment included a “critical” warning that “there is no law requiring or permitting airports to check the temperature of passengers”.
The GBA had also distributed a memo in advance about temperature checks and data protection, but Brussels Airport said it was nevertheless disappointed by the “incredibly high fine” imposed.
“We have carried out what was imposed by the FPS Mobility and are now being fined by another government department,” they said. “We took measures in good faith and with extreme caution based on the information and guidelines available at the time.”
According to the airport, there was a valid legal basis for the screening: a binding protocol sent to airports by the FPS Mobility, which stated that temperature screening had to be done “where social distance could not be guaranteed”.
Brussels Airport says it handled the temperature check “extremely carefully,” with clear communication to passengers. The information was only on the screen for a few seconds and was then immediately removed, and images were only viewed by authorised personnel and the data was not linked to other data.
Brussels Airport says it has asked the GBA several times to meet, “but such cooperation was always refused”.
The airport is still considering whether to appeal against the fine. It has 30 days to lodge an appeal.
Employers who use temperature checks on employees could also violate the law
Hijmans said that when it comes to cameras that check temperatures, it’s important to know precisely how the images and data are stored.
If such cameras are only for people to see their own temperature and then decide for themselves how to proceed with entering, for example, their workplace, then no violation is occurring provided that data isn’t stored anywhere and cannot be used by anyone else.
But if decisions are made using those images, such as not allowing someone inside, then the law is being violated.
“A temperature check might be possible on the basis of permission, but it has to be free. In the context of the employee-employer relationship, that is difficult, if you can't go to work because of it,” Hijmans said.
He also added that the link between a Covid-19 infection and a temperature check is less obvious than ever: “Most infected people don't necessarily have an increase or a fever.”
Photo: Temperature control at Brussels Airport Zaventem (c) Belga/Bruno Fahy
Hm, I've had temperature checks in other European airports as well...