Apple Store's Temperature Checks May Violate EU Privacy Rules, Says German Data Protection Office

[MacRumors]

Apple has started reopening its retail stores worldwide, and is taking multiple measures to make sure customers and staff continue to stay safe during the global health crisis. One of these measures includes temperature checks for customers before they're allowed to enter one of Apple's stores using a non-contact forehead thermometer.

A data protection agency in the German state of Hesse is concerned that Apple's temperature checks on customers violate European Union privacy rules and has launched a probe, according to Bloomberg Law.

The Hessian data protection agency is working with other German data protection authorities, according to a spokesperson for the Hessian Data Protection Commissioner. There are no results yet from the probe, which is aiming to determine if temperature checks infringe on data protection rules.

Apple began reopening its retail stores in Germany on May 11 with a focus on Genius Bar service and support. Apple is requiring temperature checks, and limiting the number of customers who can be in the store at once to ensure appropriate social distancing.

The 15 stores in Germany are also operating on reduced hours for the time being, with Apple implementing additional measures like ensuring employee/customer interactions take place across tables and adding a relay system to deliver products to prevent employees from moving about the store.

Article Link: Apple Store's Temperature Checks May Violate EU Privacy Rules, Says German Data Protection Office

 

[harrisondavies]

FFS. Really?

 

[meaning-matters]

Apple Store is private space.
Should be able to ask temperature, like clubs ask ID?
Thermometers don't store data.

 

[0924487]

Then change that rule. Some times Laws are not applicable, and we need to rapidly update them.

In Canada, people used to get arrested for having illuminated blinking rear bike lamps. Years later, the Ontario Highway Act was amended.

 

[daveedjackson]

Sorry to poo poo this. If you are asymptomatic you won’t have a bloody temperature! So how the hell does this become ok.?!

 

[GrumpyMom]

So...are they using rectal thermometers for this? ?

 

[justperry]

I am from Europe and I say...Stupidity.
There's no data collection here, the guy/girl reads your temp, result being allowed/disallowed, that's it.

 

[konqerror]

An Apple Store is a private space. Can't Apple ask people to consent?

The way it works in most countries is that a store is accessible to the public; anybody can walk in off the street. Therefore, Apple has given up many of its rights. For example, they are now required to have accommodations for handicapped individuals, and police can walk right in.

 

[itsmilo]

What’s even the point in doing this?

A you may not even get a fever
B you may already have it but show no symptoms yet

literally haven’t seen any other store doing this in Germany

 

[thejadedmonkey]

Wouldn't they need to know who the person is, before they could violate the persons' privacy?

 

[Plutonius]

Apple Store is private space.
Should be able to ask temperature, like clubs ask ID?
Thermometers don't store data.

This is Germany and the privacy laws may differ.

 

[justperry]

What’s even the point in doing this?

A you may not even get a fever
B you may already have it but show no symptoms yet

literally haven’t seen any other store doing this in Germany

C Who goes shopping with a fever

 

[casperes1996]

Sorry to poo poo this. If you are asymptomatic you won’t have a bloody temperature! So how the hell does this become ok.?!

What’s even the point in doing this?

A you may not even get a fever
B you may already have it but show no symptoms yet

Because even if it just catches 5% of cases that's 5% more than doing nothing - Would assume that's the logic.
And frankly, it's non-identifiable, presumably non-stored information, and information that isn't even persistent at that.
My temperature changes all the bloody time. If I sit in the sun it's different to if I sit in a freezer; the information isn't stored alongside a personal identification system, and it's not global monitoring of how your personal temperature changes throughout a day. It's not even an invasive check as it's a no-contact temperature measurement. What's the harm here? What privacy violation is being performed? Is it privacy violation to measure how fast your car is going when you're driving?

 

[konqerror]

Wouldn't they need to know who the person is, before they could violate the persons' privacy?

Under the GDPR, it is on Apple to prove that a "motivated intruder" cannot determine who the person is. IANAL, but for example, if somebody standing behind the temperature taker could secretly photograph the thermometer and person, then the data is not anonymous.

 

[Blackstick]

Your forehead temperature voluntarily read in touch-free manner is not the darkest, private reaches of your bum crack... if you're running a 101ºF, they have the right to tell you to get the hell out of a private store.

 

[casperes1996]

C Who goes shopping with a fever

Presumably not many, at least for things you'd find in an Apple Store that aren't life sustaining necessities. But fact is there is still a minority of people who do violate all guidelines and go about their day even with a fever and heavy coughing and the like.

 

[mannyvel]

Your temperature isn't really private information. And even if it was, that rule can be waived for public health reasons. And since Apple isn't asking for ID and has no idea who a given individual is, then there shouldn't be any privacy issue.

Of course it's Germany and the legal system there is based on different principles.

It sounds, though, like the law in Germany is conflicting with itself. How do you create a safe space for your customers without knowing if some potential customers are unsafe?

 

[petvas]

I live in Germany, I am German and I find these data privacy laws completely stupid. Apple is doing the right thing here and Germany shouldn't have a problem with that. Actually this should be happening in other buildings too, in other stores and government buildings. It's a quick way to identify if someone has symptoms that might be because of COVID-19. In Germany we have a tendency to go crazy with anything that might be violating our privacy. It's an extreme attitude and mentality that hopefully will go away.

 

[compwiz1202]

Apple Store is private space.
Should be able to ask temperature, like clubs ask ID?
Thermometers don't store data.

And if you don't like it, don't go to the stores that require it.

 

[casperes1996]

Under the GDPR, it is on Apple to prove that a "motivated intruder" cannot determine who the person is. IANAL, but for example, if somebody standing behind the temperature taker could secretly photograph the thermometer and person, then the data is not anonymous.

It is their responsibility to make sure that reasonable measures have been taken to prevent a motivated intruder from doing so, not to make it literally impossible for a motivated intruder to do so. In the digital space, which is my domain, if you follow all security best practices, but you get hacked regardless and costumer data publicised you've not violated GDPR even though a motivated intruder just got a bunch of private records publicised. You did everything reasonable to protect it and that's all that's expected of you. In the case of a physical store, I would imagine that not having the termometer display the result on a massive, easily visible display, but rather a tiny hard-to-see from afar display would be enough; But that's for the courts I suppose

 

[4jasontv]

I see Apple is returning to it's Homebrew Computer Club roots. Turn those hotties away. Geeks only!

 

[compwiz1202]

Because even if it just catches 5% of cases that's 5% more than doing nothing - Would assume that's the logic.
And frankly, it's non-identifiable, presumably non-stored information, and information that isn't even persistent at that.
My temperature changes all the bloody time. If I sit in the sun it's different to if I sit in a freezer; the information isn't stored alongside a personal identification system, and it's not global monitoring of how your personal temperature changes throughout a day. It's not even an invasive check as it's a no-contact temperature measurement. What's the harm here? What privacy violation is being performed? Is it privacy violation to measure how fast your car is going when you're driving?

The sun will actually be an issue, especially for the outdoor stores. Someone where I work got sent home because he was outside on a sunny day on break and of course his forehead temp was elevated by the sunlight. They will need to have you wait somewhere out of the heat to let it stabilize. And can people cheat it by running AC full blast or putting something cold on their forehead before trying to go in the store?

 

[iPhysicist]

They did not even tell me the temperature when they took it. And — they told you in advance. So everyone who was not ok with having their temperature taken could leave and buy online or elsewhere.

 

[CarlJ]

What’s even the point in doing this?

A you may not even get a fever
B you may already have it but show no symptoms yet

The point in this is it will catch some cases, for very little effort.

 

[Loki Coyote]

We've known for decades that body temperature is correlated with sex and ethnicity, meaning these check are possibly going to be unintentionally discriminatory. Woman and blacks have a higher mean body temperature:

The influence of gender and race on mean body temperature in a population of healthy older adults - PubMed

Body temperature is known to vary with environmental conditions, physical activity, and illness. There is also some suggestion that body temperature is higher in women than men, and higher in blacks than whites. This study was undertaken to determine if previously described differences in body...

pubmed.ncbi.nlm.nih.gov