Kemp Little
  • Looking for someone?
  • Email us
  • Search
MENU MENU
Insights overview

Commercial technology · Data protection & privacy · Intellectual property · 14 April 2020 · Matthew Gregson · Rachael Barber

Re-opening stores during the Coronavirus: Can we temperature test employees and customers?

Hard hit by the global impact of Coronavirus, retailers are now starting to consider how and when they should re-open their stores.

Key concerns for those deciding to re-open stores, offices, warehouses, and production/distribution channels include:

  1. Safely re-opening – retail businesses need to satisfy their duty of care obligations to provide a safe working and shopping environment for their staff and customers;
  2. Staying open – balancing staffing and stock levels as different parts of the workforce and supply chain fall ill;
  3. Encouraging customers back to stores – creating shopping environments where customers feel safe, and comfortable returning to stores;
  4. Innovation and reaching customers online – linked to the above, retailers are considering new ways of leveraging their online and social presence, both to encourage customers to their stores, but also to reach those who would prefer to stay and shop at home for the time being;
  5. Managing brand and reputation risk – ensuring stores are re-opened in a sensible way to avoid negative reactions from customers to how and when stores are re-opened to the public.

There are many lessons to be learnt from the models adopted by food stores and suppliers of other essentials. Measures can include, sanitisation, social distancing at entrances and in store and the provision of protective equipment and guidance to staff. These models are still adapting, and it seems no retailer, essential or otherwise, has yet perfected how to deliver a safe shopping environment in these difficult times.

Some retailers are now considering whether to implement temperature testing of staff and perhaps customers. In doing so, they would be replicating approaches adopted by airports, and some privately owned cafes, shops, and offices in several Asian markets.

When considering temperature testing of staff and/or customers, bear in mind the following:

1. GDPR

A higher than normal temperature can be an indicator that a person is carrying the Coronavirus. Retailers must ensure that any measures adopted are proportionate and minimise both the risk of spreading the virus and privacy non-compliance.

Whilst well intentioned, a retailer should not assume that it can readily put in place new processes to:

  • ask questions about an employee’s or customer’s health;
  • test temperatures in store or at entrances; or
  • restrict access on the grounds of those answers or results.

In many markets, retailers will be subject to local privacy laws, many of which afford particular protections on the collection of health data – which temperature testing would certainly fall under.

In the UK and Europe such measures must be implemented in accordance with existing GDPR compliance regimes, which would involve the following considerations:

  1. Identifying a GDPR lawful basis for the processing of health data – this can be challenging given the restrictions on processing sensitive health personal data and the likelihood that freely given GDPR consent will probably not be appropriate in these circumstances. There are certainly options here: exercising the legal rights and obligations as an employer, protecting the vital interests of staff and customers, processing for the substantial public interest (such as safeguarding persons who may be at risk), or processing on the grounds of public health (subject to limitations about tests conducted by a medical professional, or subject to an obligation of confidentiality) – however these will involve careful considerations and will depend on the measures you propose to rollout.
  2. Maintaining an appropriate policy document – in order to be able to process sensitive data under the UK Data Protection Act 2018, this would need to detail how the testing meets GDPR principles, and satisfies record keeping, retention and erasure obligations. Retailers will be able to build on content in their DPIA here.
  3. Mitigating privacy risks by completing a data protection impact assessment (“DPIA”)– processing large amounts of sensitive data, potentially in a public area, about vulnerable data subjects (such as those impacted by the virus, or in an unequal relationship with an employer), with consequences such as a denial of service or time off work could all trigger the legal requirement to complete a DPIA, to identify high risk processing and mitigate risks to individuals. Even if a DPIA is not required, it can be sensible to complete them to document your approach and the careful considerations and mitigations taken prior to collecting highly personal health information about a large number of individuals.
  4. Transparency – retailers will need to consider how to inform individuals and provide adequate privacy information about the testing taking place before collecting any data. This will at the very least involve updating existing privacy notices and taking steps to ensure these are available to staff and customers.
  5. Fairness, transparency and purpose limitation – An internal policy document should be established to carefully document how and when testing can take place, how results are captured, stored and shared and what the results of testing should be. For example refusal of entry to a customer, or asking a staff member not to come into work. Such decisions must be taken consistently, and so staff will need training on new procedures – which may in itself prove difficult prior to re-opening stores. Retailers must also monitor the testing to make sure the procedures established in the policy and mitigations from the DPIA are being adhered to.
  6. Security and confidentiality – Will records be kept of customers and employees being turned away due to high temperatures, or will testing be purely verbal? If results are recorded, you will need to be sure these are kept securely and only shared and accessible in limited circumstances. Such records should be deleted once this crisis is over (or earlier if no longer relevant). Records should not be kept indefinitely and for any other reasons.

2. Human rights

The European Convention on Human Rights gives individuals in the EU a set of fundamental rights. These include the right to respect for their private life, and the right to avoid discrimination on any ground. Screening staff and/or customers may breach these fundamental human rights, particularly if

  • the testing leads to false-positives; and/or
  • the results of a test will be seen/inferred by others in the store queue.

3. Risk of tortious liability

Retailers owe a duty of care to their customers; the scope of that duty, and whether it has been breached, depends on the precise factual circumstances. If a retailer carries out testing, it is arguable that it is assuming a greater duty of care in relation to its customers. Because testing may not be effective at excluding those carrying Covid-19 from stores, it may therefore breach the duty. Therefore, counterintuitively, it may be better for a retailer to rely on Government guidance alone and not to implement its own more stringent policies.

4. Harassment

The testing would need to be run very sensitively and consistently (and with full consent from individual employees and customers) in order to avoid the risk that the insistence on testing amounts to a course of conduct that constitutes harassment within the meaning of the Protection From Harassment Act 1997.

5. Other practical considerations

A decision to temperature test may be the right risk based decision for both the internal and external facing aspects of a retail business, however a decision to implement these precautionary measures must be given careful consideration.

In addition to the above, retailers ought to consider:

  1. Whether suppliers have equally stringent measures – if not, does testing become redundant?
  2. If local laws are less stringent in certain areas – this will depend on which continent and in which countries you are trying to reopen;
  3. The practicalities – social distancing, and testing people in queues, in areas of large footfall.  Do you only have one door open?  That may not be feasible and/or lead to long queues, which you would have to police. You could be putting both staff and employees at greater risk if regulations are not adhered to;The PR consequences – long queues and refusing customers entry could appear on social media and you may face a rapid backlash, despite your good intentions;
  4. Appointments – it may be possible to limit customers to “by appointment” only. This could be feasible for smaller boutiques but not so practical for department stores.  Again, there could be negative PR consequences of trying to do the right thing.

In summary, whilst retailers may have good intentions by thinking about temperature testing staff and/or customers, it is fraught with a large number of wide ranging legal and practical implementation issues.  If you would like further guidance on re-opening your stores, please do get in touch with Rachael Barber or Matt Gregson.

Alternatively, if you would like further information on the potential impact about of Coronavirus on your business please see our Covid-19 content hub available here.

  • Share this blog

  • Twitter
  • Facebook
  • Linkedin

Need to talk about this?

Matthew GregsonMatthew Gregson

Rachael BarberRachael Barber

Get in touch

Sign up for our newsletters

  • Share this Blog

  • Twitter
  • Facebook
  • Linkedin

Other stuff you might like

  1. Are your offices ready for a post-lockdown return to work?
  2. Preparing for the New Normal | Webinar
  3. Retail reconsidered | KL Stores: a case study series exploring innovation in retail
The hottest topics in technology
  • Adtech & martech
  • Agile
  • Artificial intelligence
  • EBA outsourcing
  • Brexit
  • Cloud computing
  • Complex & sensitive investigations
  • Connectivity
  • Cryptocurrencies & blockchain
  • Cybersecurity
  • Data analytics & big data
  • Data breaches
  • Data rights
  • Digital commerce
  • Digital content risk
  • Digital health
  • Digital media
  • Digital infrastructure & telecoms
  • Emerging businesses
  • Financial services
  • Fintech
  • Gambling
  • GDPR
  • KLick DPO
  • KLick Trade Mark
  • Open banking
  • Retail
  • SMCR
  • Software & services
  • Sourcing
  • Travel
close
The hottest topics in technology
  • Adtech & martech
  • Agile
  • Artificial intelligence
  • EBA outsourcing
  • Brexit
  • Cloud computing
  • Complex & sensitive investigations
  • Connectivity
  • Cryptocurrencies & blockchain
  • Cybersecurity
  • Data analytics & big data
  • Data breaches
  • Data rights
  • Digital commerce
  • Digital content risk
  • Digital health
  • Digital media
  • Digital infrastructure & telecoms
  • Emerging businesses
  • Financial services
  • Fintech
  • Gambling
  • GDPR
  • KLick DPO
  • KLick Trade Mark
  • Open banking
  • Retail
  • SMCR
  • Software & services
  • Sourcing
  • Travel
Kemp Little

Lawyers
and thought leaders who are passionate about technology

Expand footer

Kemp Little

138 Cheapside
City of London
EC2V 6BJ

020 7600 8080

hello@kemplittle.com

Services

  • Commercial technology
  • Consulting
  • Disputes
  • Intellectual property
  • Employment
  • Immigration

 

  • Sourcing
  • Corporate
  • Data protection & privacy
  • Financial regulation
  • Private equity & venture capital
  • Tax

Sitemap

  • Our people
  • Insights
  • Events
  • About us
  • Contact us
  • Cookies
  • Privacy
  • Terms of use
  • Complaints
  • Debt recovery charges

Follow us

  • Twitter
  • LinkedIn
  • FlightDeck
  • Sign up for our newsletters

Kemp Little LLP is a limited liability partnership registered in England and Wales (registered number OC300242) and is authorised and regulated by the Solicitors Regulation Authority. Its registered office is 138 Cheapside, London EC2V 6BJ. The SRA Standards and Regulations can be accessed by clicking here.

  • Cyber Essentials logo
  • LORCA logo
  • ABTA Partner+ logo
  • Make Your Ask logo
  • FT Innovative Lawyers 2019 winners logo
  • Law Society Excellence Awards shortlisted
  • Legal Business Awards = highly commended
  • Home
  • Our people
  • Services
    • Business restructuring and reorganisation
    • Commercial technology
    • Consulting
    • Corporate
    • Data protection & privacy
    • Digital content & reputation risk
    • Disputes
    • Employment
    • Financial regulation
    • Immigration
    • Innovation
    • Intellectual property
    • Private equity & venture capital
    • Sourcing
    • Tax
    • Travel
  • Resources
  • Insights
  • Covid 19: Your Business Continuity
  • Events
  • About us
    • Who we are
    • Our social responsibilities
    • Our partnerships
    • Join us
  • Contact us
  • FlightDeck
  • LORCA
  • Sign up for our newsletters
  • Follow us
    • Twitter
    • LinkedIn
close
close
close

Send us a message

Fill in your details and we'll be in touch soon

    close

    Sign up for our newsletter

    I would like to receive updates and related news from Kemp Little *

    Please select below any publications that you would like to receive:

    Newsletters

    close

    Register for future event information

      close
      close
      Looking for someone?
      Generic filters
      Exact matches only

      Can't remember their name? View everyone

      • Home
      • Our people
      • Services
        • Business restructuring and reorganisation
        • Commercial technology
        • Consulting
        • Corporate
        • Data protection & privacy
        • Digital content & reputation risk
        • Disputes
        • Employment
        • Financial regulation
        • Immigration
        • Innovation
        • Intellectual property
        • Private equity & venture capital
        • Sourcing
        • Tax
        • Travel
      • Resources
      • Insights
      • Covid 19: Your Business Continuity
      • Events
      • About us
        • Who we are
        • Our social responsibilities
        • Our partnerships
        • Join us
      • Contact us
      • FlightDeck
      • LORCA
      • Sign up for our newsletters
      • Follow us
        • Twitter
        • LinkedIn