About half of Dutch healthcare workers intend to get the Covid-19 vaccine, according to a poll conducted by the Federation of Dutch Trade Unions. The attitude to vaccination varies greatly between sectors: Among those working in university medical centres, approximately two thirds are willing to get vaccinated, whereas only forty percent of those working in nursing homes are. It also seems older employees are more willing than younger ones; of those under thirty, only a quarter intends to get the vaccine. Commonly listed worries include the fast development as well as potential side-effects. In any case, it isn’t clear who is planning to get vaccinated and who is not. Potentially problematic, as privacy legislation also prohibits employers from asking.
Art. 9(1) of the GDPR prohibits any processing of data concerning health. This means , among other things, that your employer may not ask you what you are sick with nor may they ask about vaccinations. The Dutch Data Protection Authority (DPA) has made it clear that an employee cannot be asked whether he or she has corona and neither can they be asked to get tested for verification. However, if it turns out that only half of healthcare workers has gotten inoculated, possibly even less in particularly vulnerable sectors, this would result in quite the dangerous coin toss.
The vaccine was approved by the EMA on December 21st. It has proven to be safe as well as effective; 95% of vaccinees are protected against Covid-19. Precisely the healthcare workers who care for vulnerable population groups are set to receive the first vaccinations on January 8th. But it will not be clear which employees have actually gotten the vaccine administered. If an employee’s vaccination status cannot be taken into account, for example when making schedules, efficacy and the development of herd immunity would be negatively affected. It is difficult to prevent a chain reaction if we do not know where the weak links could be.
The new cariant of Covid-19, which is plagueing the UK as we speak, provides more reason to worry. Though it does not appear to be more dangerous (thusfar), it seems to be up to 70% more contagious. Our best ammunition against the virus is vaccination, specifically amongst essential workers. Luckily, the GDPR leaves some room for this type of situation. After all, surgeons and residents are also expected to get vaccinated against Hepatitis B, for example. The faculty of medicine at Free University of Amsterdam (VU) said the following on the matter:
“VU University Medical Center’s hepatitis B vaccination policy follows the national guidelines set down by the Health Care Inspectorate, which demands responsible care from hospitals and other healthcare facilities. Patients cannot be subjected to the risk of contamination with, for example, hepatitis B, through contact with healthcare workers. Employees in positions with risk of contamination, such as doctors, nurses and residents must therefore be vaccinated. For both their own and the patient’s safety.”
This is in accordance with the GDPR, which leaves room for such exceptions. One such exception is noted in paragraph 52, which states that the ban on processing personal data may be deviated from if Union or national law provides for it and it is in the public interest, particularly when preventing or combatting communicable diseases and other severe health threats. Indicating that such an exception could also be made for Covid-19. That would, however, require legal basis.
For that to happen, two ministers will have to formulate an exception to the GDPR, which will subsequently have to be accepted by both chambers of goverment. It would be ideal if that process would be set in motion now, as it can take a couple of weeks. As the first vaccinations are being adminstered the 8th of January, the sooner the better.