Will the Implementation of COVID-19 Vaccine Passports Reestablish Global Employee Mobility?
Client Alert | 7 min read | 03.19.21
As COVID-19 vaccination rates increase globally, governments across the world are developing and discussing COVID-19 vaccine passports or health certificates as a way to enable people to travel safely, for work or tourism, in the coming months. As multinational companies are navigating how to resume some sense of normalcy for employees to travel across borders, governments are beginning to provide a framework in which to facilitate travel. Several legal considerations arise, including around data sharing and privacy (especially cross-border), and employment and anti-discrimination protections. Because both public and private stakeholders have to date adopted largely individualized approaches, an increasingly fragmented global ecosystem for such programs is likely to further complicate data sharing and privacy concerns in particular. How these efforts evolve alongside the arc of the COVID-19 pandemic, which has recently been complicated by the emergence of COVID-19 variants, creates the need for stakeholders to proactively address such challenges in the near-term.
The European Commission is currently working on a legislative framework for a digital vaccine passport, the so-called “digital green pass”. This passport will include proof that the holder has been vaccinated, or for people who are not yet vaccinated, proof of a recent negative COVID-19 test results. The passport would also provide information, if any, on recovery from COVID-19 infections. Once implemented, EU citizens would gradually be able to travel safely in the EU and abroad regardless of the purpose of the travel (work, family visits, tourism, etc.). The rollout is scheduled for June; current projections suggest that around 70% of the EU population should be vaccinated by then. The domestic use of the passport is currently uncertain: each EU Member State may decide which concrete measures and lifted restrictions are linked to the vaccine passport. The EU also is committed to address any concerns about anti-discrimination, as well as about the data privacy and security issues relating to the adoption of such a digital vaccine passport system.
In Asia, China, for example, is considering a similar approach. Based on the speeches given by the Foreign Minister (Wang, Yi) and spokesperson (Zhao, Lijian) on March 7th and 8th, 2021, the Chinese government is planning to implement later this year a “health certificate for international travel” program which will include information relating to nucleic acid test results and inoculation status of individuals departing from China. This program is intended to have a mutual recognition component between countries for safer international travel, provided that personal privacy data will be fully protected. China is also promoting this program to many countries and the relevant international organizations. Implementation details are scarce at this point, but it is important to point out that China has had a relatively mature and effective domestic health management program for COVID-19 implemented on a regional basis for about one year (the first regional health management program of “green code” was implemented in Wuhan on February 23, 2020).
In the United States, President Biden has asked government agencies, such as the Department of Transportation, to study COVID-19 vaccine certificates and linking them with other vaccination documents. Senior governmental officials have publicly expressed that any such programs should, among other things, prioritize data security, be accessible at no cost, and based on open source technology.
Alongside governmental efforts, private companies have explored options for digital travel passes. For example, several airlines are developing or have implemented policies surrounding the use of digital travel pass to help passengers manage travel plans and provide information to governments about COVID-19 vaccines or test results. Moreover, IATA, an airline industry organization, recently launched its Travel Pass Initiative, encompassing both vaccination and testing, in partnership with several global airlines.
For the COVID-19 passport and certification programs to work for international travel, governments will need to address issues relating to data privacy and security, accuracy of the information, the sharing and transfer of information between governments and at immigration checkpoints as well as with private app developers, etc. There may be multiple programs in place internationally with different registration requirements and information requested that a traveler may need to register for depending on the destinations. As such, a fragmented approach may indeed hinder the objectives of implementing these programs. Because COVID-19 vaccine passports may contain sensitive personal and medical information, the security of the data and the sharing and storing of such data (with governments and private companies) will need to be ensured.
For global employers, as governments resolve the structural issues inherent in such system, the prevalent use of such vaccine passports or certificates in relation to international travel and the resumption of business travel and postings will present additional legal challenges. For example, could employees be required to obtain a vaccine or share information on the vaccine passports with the employers before traveling or accessing third party sites? Could employees be taken off projects that require international travel for failure to disclose immunization status or infection history to employers? Could disciplinary actions be taken when an employee refuses to provide COVID-19 vaccination or other COVID-19 related health information? Could employers create a two-tier system between those who have been vaccinated and those who have not or refuse to provide inoculation status, and assign them different work?
While governments begin to implement COVID-19 vaccine passports and certifications, multinational employers will need to consider legal implications such as:
- Data privacy. Information relating to COVID-19 may be regarded as personal or sensitive health/medical information protected under data privacy laws, particularly with respect to potential underlying health conditions that may be revealed in requesting COVID-19 inoculation status. Some governments have issued clarifications or guidelines on the treatment of health information related to COVID-19 to address the tension between existing data privacy laws and the employers’ need to ensure workplace health and safety and to implement contact-tracing and reporting requirements for COVID-19. However, in most cases, no such guidelines exist or even if they do, the guidelines do not address vaccines or other contexts where government reporting is not required. Therefore, employers will still need to follow local data privacy requirements, particularly for those companies with employer-issued mobile devices where the passport app may be installed and information stored, including obtaining specific consents (as appropriate) from employees or other owners of the personal data, retaining information for a period of time that is no longer than necessary for the purpose, restricting who may have access to the information, and not sharing information without permission unless legally required.
- Discrimination and harassment. A country may have laws in place that prohibit discrimination between employees who are otherwise similar and/or workplace harassment. Employers should be careful about treating unvaccinated employees or employees who have tested positive for COVID-19 differently from those who have been vaccinated or have never tested positive for COVID-19, or employees who do not disclose their vaccination status to the employer. Employers should also ensure the employees are not being harassed for prior infection of the coronavirus or COVID-19 inoculation status. Employers will need to consider these discrimination and harassment issues as business travel resumes.
- Employee disciplinary actions. Given the data privacy issues mentioned above and the current uncertainties around the availability of COVID-19 vaccines on a global basis, employers should avoid taking actions to discipline employees that may be seen as punishment for refusing to disclose inoculation status or other health information related to COVID-19 when the disclosure of such information is not legally mandated. Many countries have strict rules on imposing disciplinary actions, such as requiring violations and the associated disciplinary actions to be specifically spelled out in company policies or work rules and ensuring that the disciplinary actions are reasonable. Employers will need to make sure that any disciplinary action taken, such as against those who refuse to travel, is linked to specific performance issues or violations specified in company policies or work rules, and review and revise policies and work rules as necessary to take into account violations of reasonable COVID-19 health and safety measures.
- Collective Bargaining Obligations. Additional legal obligations apply to employers with a unionized workforce. In the United States, for example, adoption of a vaccine passport would typically require negotiations with the labor union representing affected employees; similar obligations, including consultation with Works Councils, apply to companies operating in the EU
- Country-specific legal restrictions. Employers will have to consider legal restrictions imposed within particular countries. In the United States, several state legislatures are considering legislation that would prohibit employers from mandating COVID-19 vaccinations.
- Access to overseas third-party facilities. Travel to overseas third-party facilities may have stopped during the pandemic, and COVID-19 vaccine passports would allow activities normally conducted at those third-party sites, such as supply chain audits, after-sale services, or quality control, to resume. In addition to travel requirements, third party customers or vendors, particularly those in essential infrastructure or national security sectors, may use the COVID-19 vaccine passports as a condition to gain physical access to their facilities. This may have consequences for employees’ ability to carry out their work if travel and physical access to those third-party sites are conditioned on inoculation status. Employees may also see such travels to international third-party sites as benefits, particularly if payment of per diem is involved, which again is an issue that employers will need to consider. Companies should review their contracts with customers or vendors and discuss the requirements with employees to gauge their ability to continue to perform under the contract. If an employee’s ability to continue to perform is compromised, companies should consider alternative arrangements with the employee. As mentioned above, an employer will need to be wary of discrimination issues and may be restricted from disciplining employees under the circumstances, and dismissals may not be justifiable under local laws.
While COVID-19 vaccine passports may help with the efficacy of mobility across borders, many legal issues will need to be considered by global employers and how best to issue policies tailored to the local and regional jurisdictions in which they operate. Particularly given the fragmented landscape to date across both public and private initiatives, it will be increasingly important to develop a nuanced understanding of how variations impact employers’ policy development in the near term.
Contacts
Insights
Client Alert | 7 min read | 11.27.24
On Monday, November 18, 2024, the Committee on Foreign Investment in the United States (“CFIUS” or the “Committee”) announced that it had finalized the regulatory changes previewed in April that will enhance certain CFIUS procedures and sharpen its penalty and enforcement authorities.[1] The changes go into effect on December 26, 2024 and as described in more detail below: (a) expand the types of information that CFIUS can require transaction parties and other persons (i.e., third-parties) submit when engaging with them on transactions that were not filed with CFIUS; (b) broaden the instances in which CFIUS may use its subpoena authority, including when seeking to obtain information from third persons not party to a transaction notified to CFIUS and in connection with assessing national security risk associated with non-notified transactions; and (c) substantially increase monetary penalties for violations of CFIUS regulations from a maximum of U.S. $250,000 to U.S. $5 million per violation, or the value of the transaction, whichever is greater.
Client Alert | 2 min read | 11.26.24
Commercial-Item Contractors Take Note: Federal Circuit to Rehear Percipient.ai En-Banc
Client Alert | 5 min read | 11.25.24
Circuit Courts Appear to Differ Regarding Constitutional Challenges to the NLRB
Client Alert | 5 min read | 11.25.24
Clean Energy Tax Credits and After the Election - What to Expect?