Privacy specialist Matthias Dobbelaere-Welvaert says the following:
“It is of course important that employers put the health of their employees first. We understand that in these difficult times companies often search for options to reconcile the common good with the individual privacy of each employee or freelancer. It is clear that an employer cannot demand that an employee be vaccinated, nor that it can keep track of who has or has not been vaccinated. Such data fall under Article 9 of the GDPR, namely the processing of ‘sensitive or particular data’.
There are numerous exceptions, especially when there is a legal obligation on governments or companies. The only way companies could trace vaccinations is if the government forces them to do so - but that seems highly unlikely given the sensitivities surrounding this. Legally speaking, there is therefore no obvious possibility, at least at the moment, to monitor the vaccinations of employees, or freelancers for that matter.
It is also important to pay attention with temperature scanners (only allowed when no identification is possible), the imposition of bluetooth bracelets that measure the distance between employees (especially when these centralized data are passed on to the employer) and other 'innovative' solutions to fight Covid-19. The general interest must always be weighed against individual privacy. Although ethical discussions can of course be held whether or not privacy is deemed too significant in this debate, it is nevertheless quite simple from a legal point of view: as a private company (unlike governments), one can do very little, except properly inform and count on the citizenship of the staff.”