Informacijski Pooblaščenec – Violation Found (Slovenia, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Slovenia's Information Commissioner gave guidance on how employers can handle employee data to prevent COVID-19 spread. Employers must justify any personal data processing as appropriate, necessary, and proportionate. This helps businesses understand how to balance health safety and privacy rights.
What happened
The Information Commissioner issued guidance on employers' handling of employee data related to COVID-19 measures.
Who was affected
Employees whose personal data might be processed by their employers for COVID-19 prevention measures.
What the authority found
The Information Commissioner stated that employers must ensure any data processing is appropriate, necessary, and proportionate, with a valid legal basis.
Why this matters
This guidance helps employers navigate privacy concerns while implementing health measures. It emphasizes the need for a balanced approach, considering both safety and privacy.
GDPR Articles Cited
Following the receipt of a series of questions about what an employer could require from its employees in the context of halting the spread of coronavirus, the Information Commissioner issued an opinion addressing the questions referred. Whether in order to prevent the spread of coronavirus, an employer may make it mandatory for employees to get tested upon their return from holidays, require that they disclose the results of their test and provide the employer with information on which countries they will travel to for annual leave. In reference to the question of whether an employer can make it obligatory for an employee to get tested, the Information Commissioner held that it was beyond their competence to provide direct instructions on this. However, the Information Commissioner went on to state that in the context of preventing the spread of coronavirus, an employer must take a holistic approach to defining measures to curb the spread of infection. In particular, an employer must establish whether and to what extent measures that do not require the processing of personal data are sufficient, and in which individual cases the processing of certain personal data may be necessary. In such individual instances where the processing of personal data may be necessary, an employer must provide an appropriate legal basis for the processing, after having justified: 1. the appropriateness of the processing 2. the need for processing 3. the proportionality of the processing With regards to the question of whether an employer is entitled to the test results of their employee, the Information Commissioner held that although an employer must take into account the principle of data minimization, they are entitled to receive test results if it is appropriate, necessary, and proportionate within the context of each specific case. In reference to the question of whether the employer had the right to ask their employees for the details of their annual leave, the Informatio
Outcome
Violation Found
The DPA found a violation but did not impose a fine.
Related Enforcement Actions (0)
No other enforcement actions found for Informacijski Pooblaščenec in SI
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. Informacijski Pooblaščenec - Slovenia (2020). Retrieved from cookiefines.eu
Last updated: