FB pixel

Biometric time and attendance systems restricted by European data protection rules, Dutch authority issues fine

Biometric time and attendance systems restricted by European data protection rules, Dutch authority issues fine
 

Biometric time and attendance tracking of employees through a fingerprint-based system has been ruled illegal in Germany unless exceptional circumstances make it necessary, according to a court decision covered by Lexology.

The court ordered a pair of warnings issued to an employee who refused to use the biometric system be struck from the person’s employment file, as the system was not being used in compliance with the relevant data protection law. As the employee had not given consent or signed a contract specifying the use of the system, the labor court reviewed the system’s legality under the European Union’s General Data Protection Rule (GDPR) and the German Federal Data Protection Act.

The criteria established by the court for the use of a biometric employee tracking system includes a history of misuse of a previous manual system at the workplace, a significant risk of misuse of a different type of system if introduced, and past misrepresentations by the employee of his or her working hours. As a general rule, the more past time recording abuse there has been, and the less effective other measures of preventing future abuses would be, the stronger the legal case for special circumstances becomes.

The article also notes that consent by employees could be challenged on the grounds that it does not meet the standard for being truly voluntary.

Dutch authority issues fine

The Dutch Data Protection Authority, meanwhile, has levied a €725,000 (roughly US$791,000) fine against a company for scanning its employee’s biometrics with a fingerprint time and attendance system.

The Autoriteit Persoonsgegevens ruled that the company did not establish the exceptional grounds for the system’s implementation which would have provided a legal basis for its use.

Exceptions to the prohibition against the use of fingerprints or other biometrics for employee tracking are cases of explicit consent, or necessity for security purposes, according to the authority’s announcement. The latter reason is only acceptable if biometrics collection is necessitated by the inadequacy of other measures, and the authority notes that good alternatives will be available in many cases.

“This category of personal data is extra protected by law. If these data get into the wrong hands, this could potentially lead to irreparable damage. Such as blackmail or identity fraud,” comments AP Vice President Monique Verdier, per Google translation. “A fingerprint cannot be replaced, such as a password. If things go wrong, the impact can be huge and have a lifelong negative effect on someone.”

The relationship between employers and employees also generally prevents legal consent, which “must be unambiguous, specific, informed and free.”

The organization fined has not been identified by the regulator.

France’s CNIL set rules for biometric time and attendance systems for employees a year ago.

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

 

Passkey adoption by Australian govt, banks drives wider passwordless authentication

It’s high noon for passwords. Across the Authentication Corral, an inscrutable stranger saunters up and puts their hand on the…

 

‘New era in travel’: airports, airlines continue to be sweet spot for biometrics

A fascinating experiment in biometrics would be to find a privacy conscious person who would generally avoid facial recognition, put…

 

Limitations of FRT apparent in search for United Healthcare CEO’s killer

The murder of United Healthcare CEO Brian Thompson in Midtown Manhattan involved the use of facial recognition technology (FRT) to…

 

OpenID, BIO-key, RSA, SecureAuth showcase at Gartner IAM Summit

The 2024 Gartner Identity & Access Management Summit, running from December 9-11 in Grapevine, Texas, is playing host to names…

 

Aboriginal digital ID offers Indigenous Australians pathway to essential services

There are more than 200,000 Aboriginal and Torres Strait Islanders in Australia who lack a birth certificate. Without this vital…

 

Australia piloting myGov app and Trust Exchange for sharing medical data

The Australian government has launched a pilot of its myGov public services app and Services Australia’s Trust Exchange (TEx) proof-of-concept…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events