Data Protection in Russia during Covid-19

Here are some news in a nutshell about Data Protecion in Russia during Covid-19.

• PROCESSING OF HEALTH DATA AND GEOLOCATION » 

• TELEWORKING » 
  

The Russian Ministry of Communications has developed a system for tracking one’s contacts with coronavirus infection. The system is based on the mobile phone geolocation data and informs one about the necessity to get isolated in case of a contact with a patient. Regional authorities have been instructed to include the phone numbers of citizens found ill with COVID-19 in this system, without providing other personal data.

An electronic pass regime was introduced in some regions to reduce the number of people outdoors and thus the probability of getting infected. According to the decrees issued by the heads of these regions, the personal data required to be included in such passes will be deleted upon termination of the pandemic.

Geolocation data are taken from street cameras and traffic monitoring systems as well as transport maps for public transports.

Measures required to monitor health data of employees allowed in each country include temperature measurements, swabs, serological tests, medical certificate, etc. as well as organisational and technical security measures.

Since May 12, additional measures have been introduced in some regions of Russia, including Moscow, to prevent spread of coronavirus in workplaces. First of all, beginning on 12 May 2020, the employer must deny access to workplace to employees with the following diagnoses: obesity, diabetes, mellitus, Degree 2 hypertensive disease, chronic obstructive pulmonary disease, Degree 2 bronchial asthma.

The employer is obliged to take temperature readings of employees once every 4 hours. Another new obligation of the employer after 12 May 2020 is to get their employees tested for the new coronavirus infection (2019-nCoV). The official document states that these tests should be performed on at least 10 per cent of the employees once in every 15 calendar days. The employer is also under an obligation to deliver blood samples of employees to be tested in a laboratory applying ELISA (enzyme-linked immunosorbent assay) method for the presence of the new coronavirus infection (2019-nCoV) and immunity thereto according to the procedure and within the term established by the Moscow Department of Health. According to the explanations provided by RosComNadzor, these responsibilities are in compliance with laws on personal data and the Labour Code of the Russian Federation.

Pursuant to Article 88 of the Russian Labour Code, the employer may not request information about the employee’s state of health, excepting the data indicating that the employee is able to perform their job functions. The employee’s consent to the examination and tests is not required because the measures to detect illness are relevant for determining whether the employee is able to perform their job functions.

Visitors who do not have an employment relationship with the entity are deemed to have expressed their consent to the gathering of information on their body temperature (without their identification by name) by means of their particular actions reflecting their intent to visit the entity. In this case the visitor will be referred to a medic for consultation in case of a high temperature reading.

Teleworking must be made possible by the employer on the basis of the regulations on handling of personal data in the company. It is also recommended to develop internal documents defining threats to safety of the personal data in order to limit use of personal computer services by employees. Constant changes and operations faster than usual should not lead to disregard of information-related obligations, PIA’s, risk assessments, updating ROPA, etc.