The issue of mandatory vaccines in the workplace has provoked lots of discussion, debate and concern. Tech giants Google and Facebook have told their US employees that they must be vaccinated to return to offices. Vaccination will be compulsory for care home staff in England from November onwards. As businesses in Northern Ireland also now turn to recovery, and getting back to the workplace for certain sectors, the question of whether employers can require employees to be vaccinated, understandably, forms part of the conversation. So, can they?
It depends. Requiring existing employees to be vaccinated is an intrusion into their autonomy to choose and determine their own medical care. It may be justifiable but only if the health and safety benefit to the employee or others outweighs that intrusion.
Employers have to ensure, as far as possible, the health and safety of employees and others who might be affected by their business. Existing Covid-secure measures, such as testing, social distancing, and face-coverings, are deemed by the Executive to be reasonable measures to address workplace infection risks. Such measures do not currently include compulsory vaccination, however. Unless this changes, it is unlikely to be justified on health and safety grounds for most employers. As things stand now, many employers would be exposed to significant legal risks if they sought to mandate vaccination and if they disciplined or dismissed those who refused.
Employers who can justify mandating employee vaccination must avoid a blanket policy and should be flexible to ensure equality laws are not breached e.g. where employees who are protected from discrimination are unable to have the vaccine, such as those with certain health conditions.
Regardless of the preferred approach, another practical question is can an employer demand to know the vaccine status of their employees? An individual’s vaccination status is personal data concerning health, which is special category data under data protection law. An employer’s use of this data must be fair, necessary, and relevant for a specific purpose. Employee consent is not sufficient. According to ICO guidance, employers must have a compelling reason for recording employee vaccination status and whether such a reason exists will depend on the individual workplace risks.
Ordinarily, this will depend on whether it is necessary for the protection of public health or to satisfy the employer’s health and safety obligations. Any data processing justification will depend on the individual workplace or an employee’s role, for example, whether there are people at risk of serious illness from Covid-19 present in the workplace or perhaps where the employee is required to travel abroad to countries with higher rates of infection.
Employers should be reviewing and updating their health & safety risk and data privacy impact assessments regularly and, if appropriate, consider devising a draft vaccination strategy and policy. Of course, if this is considered a necessary approach, engagement with employees and any trade union or employee representatives to obtain feedback, build support and ensure an understanding in relation to the proposed approach is vital.
The vaccine will be crucial in reopening offices and returning to pre-pandemic levels of activity and productivity. However, employers should give sensitive consideration to how they will encourage uptake of the vaccine to protect workers and customers alike, especially if they intend on returning to regular workplaces.