German data privacy regulator probes Apple Store temperature checks

AppleInsider

A regional German data protection office reportedly has concerns about the privacy risks posed by customer temperature checks at Apple Stores that recently reopened in the country.

The Apple Schildergasse location in Cologne, Germany.

Apple officially reopened its 15 brick-and-mortar retail locations in Germany on May 11 and in accordance with the company's coronavirus policies, it is checking the temperatures of customers before they enter the store.

The Hessian data protection agency has launched a probe to determine whether the temperature checks violate European Union privacy regulations, according to a report from Bloomberg Law.

Hesse is a state in Germany where retail locations such as Apple Grosse Bockenheimer Strasse, in Frankfurt, and Apple MTZ, in Sulzbach, are located.

There aren't any results from the probe, but the Hessian office is reportedly coordinating with other regional data protection agencies in Germany.

baconstang

Privacy concerns about temperature checks?

What are they doing?  Taking temperature rectally?

Beats

Mean bad Apple....

mknelson

baconstang said:

Privacy concerns about temperature checks?

What are they doing?  Taking temperature rectally?

Well, they do mention a probe…

It's likely concerns about if the temperatures are being recorded and linked to a person, also concerns on how customers will be treated/reacted to if they have a fever.

hammeroftruth

Last time I heard about Hessians was history class covering the revolutionary war.

They were pretty brutal. 

Now they want to make sure you’re not invading their privacy. 

So how do you balance in that area, a persons right to privacy vs. a persons right to safely conduct business?

apple ][

I'm all for privacy, which is why I've never been on FB etc., but this is just moronic.

I don't have an issue with any stores taking the temps of anybody who wishes to enter.

This is not mandatory. If anybody doesn't wish to have their temp taken, then don't fucking enter. Nobody is forcing anybody to visit any Apple store. Go find an Android store that doesn't take temps and visit that instead. Have fun.

What privacy concerns are we talking about here? 

The privacy of an infected person to not have their sickness revealed and for that sick person to be allowed to enter and to infect and potentially kill others with their nasty germs?

maltz

I can see how there might be HIPPA (or whatever the German version is) issues for taking temperatures of customers, but only if they store the information.  I assume it's just a screening for admittance, though.  Unless they're using some kind of cloud-connected, IoT thermometer.  lol

anantksundaram

Moronic.

Shop somewhere else.

macgizmo

Seriously? With all the problems in the world, THIS is what people are choosing to focus their frustration and paranoia on? How does this, in any way, violate someone's privacy?

artharg

It may sound strange to non-Europeans but yes, this does seem to violate the GDPR. People may be forced to go to an Apple Store, say for dropping off a device for repairs, for instruction or whatever. Those are not cases where one could say "Just don't go" or "Go somewhere else". And trivial as it sounds: reading someone's body temperature is a medical check. Medical data have extra protection under European law. Apple would need a very good reason to do this. "Checking to see if someone is infected with SARS-CoV-2" is not good enough. Not having an elevated temperature doesn't say you're not infected or infectious. And having an elevated temperature doesn't mean it stems from COVID-19.

In short: Apple are demanding customers submit to a medical procedure that is not fit for purpose and enforcing that by withholding service to people who don't. Which is forbidden under European law.

Fines are not small either. They may run up to 4% of the global turnover in the previous year. So Apple would do well to reconsider.

PetrolDave

artharg said:

So Apple would do well to reconsider.

... and risk their staff and other customers becoming infected with Covid-19?

I don’t think so!

svanstrom

hammeroftruth said:

Last time I heard about Hessians was history class covering the revolutionary war.

They were pretty brutal. 

Now they want to make sure you’re not invading their privacy. 

So how do you balance in that area, a persons right to privacy vs. a persons right to safely conduct business?

If you write that last part as "right to conduct business" you quickly realise that to have such rights you must basically qualify/earn them by playing nice with a set of applicable laws; so it isn't about the government restricting their "god given" rights to conduct business, but rather whether or not the way that they want to do business in this case violates any other entities rights, ie whether or not their way of doing business in fact does qualify them for the earned right to do business.

svanstrom

macgizmo said:

Seriously? With all the problems in the world, THIS is what people are choosing to focus their frustration and paranoia on? How does this, in any way, violate someone's privacy?

Besides the fact that technically speaking a global entity is now forcing you to undergo a medical procedure to be allowed to exercise your rights for support etc, which was part of the deal when you purchased your equipment?

You can twist and turn the words back and forth as much as you want, but the fact remains that here's a corporate giant that sets the precedent that they can force individuals to undergo medical procedures (in a way that's easily linked to your person) for you to gain access to what a lawyer easily could argue came as part of your purchase; or even to for you to gain access to what according to the law is more a public than a private space.

If this isn't checked early on you'll soon find yourself with your medical data linked to your id/person, as aggregated, de-anonymized, and monetised by the same people doing that today with your physical membership cards, and your online habits (as tracked by cookies/websites/advertising networks).

thrang

svanstrom said:

macgizmo said:

Seriously? With all the problems in the world, THIS is what people are choosing to focus their frustration and paranoia on? How does this, in any way, violate someone's privacy?

Besides the fact that technically speaking a global entity is now forcing you to undergo a medical procedure to be allowed to exercise your rights for support etc, which was part of the deal when you purchased your equipment?

You can twist and turn the words back and forth as much as you want, but the fact remains that here's a corporate giant that sets the precedent that they can force individuals to undergo medical procedures (in a way that's easily linked to your person) for you to gain access to what a lawyer easily could argue came as part of your purchase; or even to for you to gain access to what according to the law is more a public than a private space.

If this isn't checked early on you'll soon find yourself with your medical data linked to your id/person, as aggregated, de-anonymized, and monetised by the same people doing that today with your physical membership cards, and your online habits (as tracked by cookies/websites/advertising networks).

So what would your solution be? Honor system? Permit infections? Stay closed for another year or so?

The times are very different at the moment, and I strongly doubt Apple is collecting data to append to “you” as an individual, so the “probe” should amount to nothing.

By now, you should know how Apple makes a living, and it’s not on monetizing specific personal information. Go visit Facebook and Google for that...

spheric

We know that Apple doesn’t monetise customer information. That doesn’t mean they’re not violating data protection laws by collecting and presumably storing medical information. 

Remember: this isn’t a court order; it’s an investigation. It may turn out that Apple is handling this in a way that conforms with current laws; if not, they will either have to work procedures around those laws, drop the checks, or close their stores again for a while. 

mike1

mknelson said:

baconstang said:

Privacy concerns about temperature checks?

What are they doing?  Taking temperature rectally?

Well, they do mention a probe…

It's likely concerns about if the temperatures are being recorded and linked to a person, also concerns on how customers will be treated/reacted to if they have a fever.

They should be told they can't enter the store at that time. Simple as that.

fred1

artharg said:

It may sound strange to non-Europeans but yes, this does seem to violate the GDPR. People may be forced to go to an Apple Store, say for dropping off a device for repairs, for instruction or whatever. Those are not cases where one could say "Just don't go" or "Go somewhere else". And trivial as it sounds: reading someone's body temperature is a medical check. Medical data have extra protection under European law. Apple would need a very good reason to do this. "Checking to see if someone is infected with SARS-CoV-2" is not good enough. Not having an elevated temperature doesn't say you're not infected or infectious. And having an elevated temperature doesn't mean it stems from COVID-19.

In short: Apple are demanding customers submit to a medical procedure that is not fit for purpose and enforcing that by withholding service to people who don't. Which is forbidden under European law.

Fines are not small either. They may run up to 4% of the global turnover in the previous year. So Apple would do well to reconsider.

How can it be a violation of privacy if they don’t take any personal information (except your temperature)? No names, no birthdates, no tax numbers.   At any rate many times these privacy laws can be more dangerous than they’re worth. I’m thinking of the German Wings copilot four or five years ago that locked the pilot out of the cockpit and crashed the plane into the Alps. The airline wasn’t allowed to know that he had been under psychiatric care for years because of the German privacy laws. 135 people died so his “privacy” could be protected and safe. 

The other question is how effective temperature checks can be. What about “non-symptomatic carriers”?

svanstrom

thrang said:

svanstrom said:

macgizmo said:

Seriously? With all the problems in the world, THIS is what people are choosing to focus their frustration and paranoia on? How does this, in any way, violate someone's privacy?

Besides the fact that technically speaking a global entity is now forcing you to undergo a medical procedure to be allowed to exercise your rights for support etc, which was part of the deal when you purchased your equipment?

You can twist and turn the words back and forth as much as you want, but the fact remains that here's a corporate giant that sets the precedent that they can force individuals to undergo medical procedures (in a way that's easily linked to your person) for you to gain access to what a lawyer easily could argue came as part of your purchase; or even to for you to gain access to what according to the law is more a public than a private space.

If this isn't checked early on you'll soon find yourself with your medical data linked to your id/person, as aggregated, de-anonymized, and monetised by the same people doing that today with your physical membership cards, and your online habits (as tracked by cookies/websites/advertising networks).

So what would your solution be? Honor system? Permit infections? Stay closed for another year or so?

The times are very different at the moment, and I strongly doubt Apple is collecting data to append to “you” as an individual, so the “probe” should amount to nothing.

By now, you should know how Apple makes a living, and it’s not on monetizing specific personal information. Go visit Facebook and Google for that...

So because Apple is good and the times are different everyone should be able to do it? Or do you suggest that the laws should be different whether or not I "know" that one corporate giant is different from the store next door that want to do the same thing, but that "accidentally" uses networked equipment from a third party vendor that is by "mistake" selling the collected data in a way easy to de-anonymised?

avon b7

fred1 said:

artharg said:

It may sound strange to non-Europeans but yes, this does seem to violate the GDPR. People may be forced to go to an Apple Store, say for dropping off a device for repairs, for instruction or whatever. Those are not cases where one could say "Just don't go" or "Go somewhere else". And trivial as it sounds: reading someone's body temperature is a medical check. Medical data have extra protection under European law. Apple would need a very good reason to do this. "Checking to see if someone is infected with SARS-CoV-2" is not good enough. Not having an elevated temperature doesn't say you're not infected or infectious. And having an elevated temperature doesn't mean it stems from COVID-19.

In short: Apple are demanding customers submit to a medical procedure that is not fit for purpose and enforcing that by withholding service to people who don't. Which is forbidden under European law.

Fines are not small either. They may run up to 4% of the global turnover in the previous year. So Apple would do well to reconsider.

How can it be a violation of privacy if they don’t take any personal information (except your temperature)? No names, no birthdates, no tax numbers.   At any rate many times these privacy laws can be more dangerous than they’re worth. I’m thinking of the German Wings copilot four or five years ago that locked the pilot out of the cockpit and crashed the plane into the Alps. The airline wasn’t allowed to know that he had been under psychiatric care for years because of the German privacy laws. 135 people died so his “privacy” could be protected and safe. 

The other question is how effective temperature checks can be. What about “non-symptomatic carriers”?

Changes were made in protocols to try and prevent that from recurring but privacy was maintained. 

xyzzy-xxx

hammeroftruth said:

Last time I heard about Hessians was history class covering the revolutionary war.

They were pretty brutal. 

Now they want to make sure you’re not invading their privacy. 

So how do you balance in that area, a persons right to privacy vs. a persons right to safely conduct business?

This comparison is a joke - isn't it (Hessians [hired as British soldiers] in the revolutionary war...) ???
While I am not a Hessian, I am from Germany and privacy rights are pretty strong here.
The point is: Is a store allowed to test if a person has fever (does not mean an infection with Corona) and can this persons be treated differently?

fred1

xyzzy-xxx said:

hammeroftruth said:

Last time I heard about Hessians was history class covering the revolutionary war.

They were pretty brutal. 

Now they want to make sure you’re not invading their privacy. 

So how do you balance in that area, a persons right to privacy vs. a persons right to safely conduct business?

This comparison is a joke - isn't it (Hessians [hired as British soldiers] in the revolutionary war...) ???
While I am not a Hessian, I am from Germany and privacy rights are pretty strong here.
The point is: Is a store allowed to test if a person has fever (does not mean an infection with Corona) and can this persons be treated differently?

I wish that characterization of Germans were a joke, but this person obviously has no familiarity at all with the German people and is showing his or her ignorance in the worst way.  I have been to Germany many times, know many German people, and yes, there are "bad Germans", but what country does not have bad people?  This kind of gross stereotype serves only to continue ignorance and foment hostility.

But my questions remain:
1. Does everyone who has the corona virus have a fever?  If not, then testing like this only gives a false sense of security.  No, it's not better than nothing.  It's better to take precautions with everyone, such as requiring masks and that people maintain a distance.
2. How is it an invasion of privacy to check someone's temperature if his or her identity is not given?  If that's the case, then looking at someone is an invasion of privacy too since you're gaining information about him or her (appearance, height, weight, type of clothes, etc., etc.) without his or her consent.