Hard hit by the global impact of Coronavirus, retailers are now starting to consider how and when they should re-open their stores.

Key concerns for those deciding to re-open stores, offices, warehouses, and production/distribution channels include:

1. Safely re-opening – retail businesses need to satisfy their duty of care obligations to provide a safe working and shopping environment for their staff and customers;
2. Staying open – balancing staffing and stock levels as different parts of the workforce and supply chain fall ill;
3. Encouraging customers back to stores – creating shopping environments where customers feel safe, and comfortable returning to stores;
4. Innovation and reaching customers online – linked to the above, retailers are considering new ways of leveraging their online and social presence, both to encourage customers to their stores, but also to reach those who would prefer to stay and shop at home for the time being;
5. Managing brand and reputation risk – ensuring stores are re-opened in a sensible way to avoid negative reactions from customers to how and when stores are re-opened to the public.

There are many lessons to be learnt from the models adopted by food stores and suppliers of other essentials. Measures can include, sanitisation, social distancing at entrances and in store and the provision of protective equipment and guidance to staff. These models are still adapting, and it seems no retailer, essential or otherwise, has yet perfected how to deliver a safe shopping environment in these difficult times.

Some retailers are now considering whether to implement temperature testing of staff and perhaps customers. In doing so, they would be replicating approaches adopted by airports, and some privately owned cafes, shops, and offices in several Asian markets.

When considering temperature testing of staff and/or customers, bear in mind the following:

1. GDPR

A higher than normal temperature can be an indicator that a person is carrying the Coronavirus. Retailers must ensure that any measures adopted are proportionate and minimise both the risk of spreading the virus and privacy non-compliance.

Whilst well intentioned, a retailer should not assume that it can readily put in place new processes to:

• ask questions about an employee’s or customer’s health;
• test temperatures in store or at entrances; or
• restrict access on the grounds of those answers or results.

In many markets, retailers will be subject to local privacy laws, many of which afford particular protections on the collection of health data – which temperature testing would certainly fall under.

In the UK and Europe such measures must be implemented in accordance with existing GDPR compliance regimes, which would involve the following considerations:

1. Identifying a GDPR lawful basis for the processing of health data – this can be challenging given the restrictions on processing sensitive health personal data and the likelihood that freely given GDPR consent will probably not be appropriate in these circumstances. There are certainly options here: exercising the legal rights and obligations as an employer, protecting the vital interests of staff and customers, processing for the substantial public interest (such as safeguarding persons who may be at risk), or processing on the grounds of public health (subject to limitations about tests conducted by a medical professional, or subject to an obligation of confidentiality) – however these will involve careful considerations and will depend on the measures you propose to rollout.
2. Maintaining an appropriate policy document – in order to be able to process sensitive data under the UK Data Protection Act 2018, this would need to detail how the testing meets GDPR principles, and satisfies record keeping, retention and erasure obligations. Retailers will be able to build on content in their DPIA here.
3. Mitigating privacy risks by completing a data protection impact assessment (“DPIA”)– processing large amounts of sensitive data, potentially in a public area, about vulnerable data subjects (such as those impacted by the virus, or in an unequal relationship with an employer), with consequences such as a denial of service or time off work could all trigger the legal requirement to complete a DPIA, to identify high risk processing and mitigate risks to individuals. Even if a DPIA is not required, it can be sensible to complete them to document your approach and the careful considerations and mitigations taken prior to collecting highly personal health information about a large number of individuals.
4. Transparency – retailers will need to consider how to inform individuals and provide adequate privacy information about the testing taking place before collecting any data. This will at the very least involve updating existing privacy notices and taking steps to ensure these are available to staff and customers.
5. Fairness, transparency and purpose limitation – An internal policy document should be established to carefully document how and when testing can take place, how results are captured, stored and shared and what the results of testing should be. For example refusal of entry to a customer, or asking a staff member not to come into work. Such decisions must be taken consistently, and so staff will need training on new procedures – which may in itself prove difficult prior to re-opening stores. Retailers must also monitor the testing to make sure the procedures established in the policy and mitigations from the DPIA are being adhered to.
6. Security and confidentiality – Will records be kept of customers and employees being turned away due to high temperatures, or will testing be purely verbal? If results are recorded, you will need to be sure these are kept securely and only shared and accessible in limited circumstances. Such records should be deleted once this crisis is over (or earlier if no longer relevant). Records should not be kept indefinitely and for any other reasons.

2. Human rights

The European Convention on Human Rights gives individuals in the EU a set of fundamental rights. These include the right to respect for their private life, and the right to avoid discrimination on any ground. Screening staff and/or customers may breach these fundamental human rights, particularly if

• the testing leads to false-positives; and/or
• the results of a test will be seen/inferred by others in the store queue.

3. Risk of tortious liability

Retailers owe a duty of care to their customers; the scope of that duty, and whether it has been breached, depends on the precise factual circumstances. If a retailer carries out testing, it is arguable that it is assuming a greater duty of care in relation to its customers. Because testing may not be effective at excluding those carrying Covid-19 from stores, it may therefore breach the duty. Therefore, counterintuitively, it may be better for a retailer to rely on Government guidance alone and not to implement its own more stringent policies.

4. Harassment

The testing would need to be run very sensitively and consistently (and with full consent from individual employees and customers) in order to avoid the risk that the insistence on testing amounts to a course of conduct that constitutes harassment within the meaning of the Protection From Harassment Act 1997.

5. Other practical considerations

A decision to temperature test may be the right risk based decision for both the internal and external facing aspects of a retail business, however a decision to implement these precautionary measures must be given careful consideration.

In addition to the above, retailers ought to consider:

1. Whether suppliers have equally stringent measures – if not, does testing become redundant?
2. If local laws are less stringent in certain areas – this will depend on which continent and in which countries you are trying to reopen;
3. The practicalities – social distancing, and testing people in queues, in areas of large footfall.  Do you only have one door open?  That may not be feasible and/or lead to long queues, which you would have to police. You could be putting both staff and employees at greater risk if regulations are not adhered to;The PR consequences – long queues and refusing customers entry could appear on social media and you may face a rapid backlash, despite your good intentions;
4. Appointments – it may be possible to limit customers to “by appointment” only. This could be feasible for smaller boutiques but not so practical for department stores.  Again, there could be negative PR consequences of trying to do the right thing.

In summary, whilst retailers may have good intentions by thinking about temperature testing staff and/or customers, it is fraught with a large number of wide ranging legal and practical implementation issues.  If you would like further guidance on re-opening your stores, please do get in touch with Rachael Barber or Matt Gregson.

Alternatively, if you would like further information on the potential impact about of Coronavirus on your business please see our Covid-19 content hub available here.

• Share this blog

• Twitter
• Facebook
• Linkedin