To record or not to record? COVID-19, body temperature screenings and the GDPR’s material scope


  • István Böröcz


  • Sandra Dobler
  • Daniela Galatova
  • Shara Monteleone
  • Nerea Peris Brines
  • Ibolya Tóth

Organisation: CPDP

Room: Online 2

Timing: 10:30 - 11:45 on 27 January 2021

With the onset of the Covid-19 pandemic, body temperature screening, thermal imaging and symptom tracking were some of the first measures considered in the combat against Covid-19. For a long time, there have been debates at Member State level as to whether thermal imaging and body temperature checks fall under the GDPR scope and the respective national implementing laws. Nonetheless, diverse conclusions appear to have emerged by national supervisory authorities, which reflect national differences in the application of the data protection law with respect to the use of automated and non-automated processing means, the definition of processing and the registration/archiving or not of the processed data. With body temperature screening techniques as point of departure, in this panel we will deliberate how the Covid-19 pandemic
has re-heated the discussion around the GDPR material scope.

• Discuss national Covid-19 measures which may be purely analogue or combine analogue and digital components, enacted during the pandemic with emphasis on body temperature checks, and assess the importance of non-automation in EU data protection law.
• Explore national legislations and opinions issued by the national supervisory authorities in a form of a comparative analysis and in juxtaposition with the EU institutional response.
• Present and debate remarkable stances and views and explain the observed diversions and similarities.
• Study the GDPR material scope through the lenses of the pandemic.


István Böröcz

Vrije Universiteit Brussel LSTS

István Böröcz, LLM is a researcher at the research group on Law, Science, Technology & Society (LSTS). He is a member of the Brussels Laboratory for Data Protection & Privacy Impact Assessments (d.pia.lab). He obtained his LLM in Law and Technology at Tilburg University (2016) and his postgraduate specialist diploma in information and communication technology law at the University of Pécs (2015). He obtained his law degree (JD) at the University of Pécs (2013). His research focuses on the area of privacy and data protection. He is interested in the notion of risk to the rights and freedoms of the individual along with the legal, theoretical and practical issues of the Digital Single Market initiative. He is involved in several EU co-funded research projects, such as MaTHiSiS, FORENSOR, SUCCESS and PARENT. He is a member of the ethical advisory board of the H2020 project CUIDAR (Cultures of Disaster Resilience among children and young people).


Sandra Dobler

International Rail Transport Committee (CIT)(CH)

Sandra Dobler has completed a Bachelor of Law at the University of Neuchâtel, then a bilingual Master of Law with specialization in international and European law at the Universities of Neuchâtel and Lucerne, coupled with an Erasmus semester in Göttingen.
Lawyer by profession, she has practised for several years in a law firm and has been working for three years now as Senior Legal Adviser for the International Rail Transport Committee (CIT). She is the head of the passenger traffic and data protection departments for the CIT and supports work in multimodality and infrastructure.

Daniela Galatova

Pan-European University of Law in Bratislava (SK)

Daniela Galatova is a PhD researcher at the Faculty of Law of Pan-European university in Slovakia. She holds a Degree in European Law and a Degree in the English language. Her research examines the international legal and ethical aspects during the COVID-19 pandemics. The research focuses mainly on the proportionality of measures taken with regards to human rights, particularly within the sphere of privacy, personal data and health. In addition to her PhD research, she continues to work as a legal assistant for the European Commission, where she has held legal posts for several years.

Shara Monteleone

Garante (IT)

Shara Monteleone is currently working as a legal officer at the Italian Data Protection Authority (Garante per la protezione dei dati personali), which she joined in 2019. Previously, we worked as a policy analyst for the European Parliamentary Research Center (Brussels), as Assistant Professor at the University of Groningen (NL), as a researcher at INRIA (France) and as a policy analyst at the JRC of the European Commission (IPTS, Seville), focusing on policies and legislation in the field of privacy and data protection. She holds a PhD in Law and Technology, an LLM on Media and data protection law from the University of Florence (Italy) and an LLM from the European University Institute. She is an Italian qualified lawyer.

Nerea Peris Brines

European Data Protection Board (EU)

Nerea Peris Brines is a legal officer and deputy data protection officer of the European Data Protection Board, which she joined in 2018. She holds an LL.M in European Law and Fundamental Rights from the Utrecht University and an LL.M in Legal Practice from the Open University of Catalonia and is a qualified lawyer in Spain. Before joining the EDPB, she worked as research assistant for the Utrecht University and as junior lawyer at Sandra Casas Abogacía, a Spanish law firm specialised in fundamental rights. Nerea specialises in international transfers of personal data and compliance tools under the GDPR, including binding corporate rules, codes of conduct and certification schemes. She has also been involved in the EDPB work related to the COVID-19 pandemic.

Ibolya Tóth

National Authority for Data Protection and Freedom of Information (HU)

2003-2008: general legal studies
2012: bar exam
2016: data protection and privacy law expert (LLM) Work experience:
2005-2012: Law Offices, trainee then associate
2013-2019: legal counsel and DPO in the private sector
2020- present: head of unit and deputy DPO at the HUN DPA Language skills: advanced English and French