FB pixel

Biometric worker monitoring: new draft guidance for the UK

Biometric worker monitoring: new draft guidance for the UK
 

An overhaul of worker monitoring has been released, in draft form, by the UK’s data protection regulator, the Information Commissioner’s Office (ICO), to address the significant changes to the way we work since its current employment practices code was published in 2011. The Covid-19 was a further acceleration, seeing more analytics and biometric tracking of workers.

The draft guidance is presented for feedback by 11 January 2023 and aims to provide practical advice as well as help employers conducting monitoring to comply with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018, both of which are facing significant reform. Neither prevents worker monitoring.

The guidance covers general principles such as balancing intrusion against the needs of the employer, workers and public; workers must be made aware of monitoring (except exceptional circumstances for covert approaches); data cannot be used for other purposes and data protection impact assessments (DPIA) must be carried out.

Biometric worker monitoring guidance

The draft guidance comes from a position of encouraging employers to question their own reasons for wanting to use biometrics in the first place, and whether such use would be deemed proportionate: employers must “document the evidential basis for choosing to rely on biometric data, including any consideration of other less intrusive means and why they are inadequate.”

Employers must also identify a lawful basis for their implementation of biometrics (there is a choice of six bases). As special category data, the collection of biometrics requires the identification of a special category, with guidance provided.

UK GDPR further protects workers if any automated decision-making has legal or other significant effects on workers. Explicit worker consent is required.

“This is the most likely gateway for using biometric data for access control but it may be difficult to get true consent due to the power imbalance between workers and employers,” states the draft guidance. “You must offer an alternative to workers who do not want to give consent so they have free choice. The alternative must not be a detriment to workers choosing to use it, you must consider whether explicit consent can be genuine where a manual option takes longer.”

Systems such as facial recognition require specific consent and a system that scans all workers regardless of whether or not they have consented would be unlawful.

DPIAs are compulsory and must contain the justifications already worked out. Data must be kept more securely, with further advice available.

Once operational for access, manual reviews of false negatives from biometric sensors must be available and must not be of detriment to the workers.

Elsewhere the draft guidance notes that “If you are monitoring workers remotely, keep in mind that workers’ expectations of privacy are likely to be higher at home than in the workplace. The risks of capturing family and private life information are higher, so you should factor this risk into your planning.”

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

MFA and passwordless authentication effective against growing identity threats

A new identity security trends report from the Identity Defined Security Alliance (IDSA) highlights the challenges companies continue to face…

 

Zighra behavioral biometrics contracted for Canadian government cybersecurity testing

Zighra has won a contract with Shared Services Canada (SSC) to protect digital identities with threat detection and Zero Trust…

 

Klick Labs develops deepfake detection method focusing on vocal biomarkers

The rise in deepfake audio technology has significant threats in various domains, such as personal privacy, political manipulation, and national…

 

Ford Motor patent filing for facial recognition vehicle entry system published

A patent filing from the Ford Motor Company for a facial recognition vehicle entry system has been published by the…

 

Real ID requirement finally set to take effect on May 7, 2025

Real ID is about to get real. As of May 2025, adults will no longer be able to use traditional…

 

MOSIP launches QR code spec for interoperable offline biometrics, ID authentication

MOSIP, the Modular Open Source Identity Platform, has introduced a standardized, interoperable QR code that enables offline authentication with face…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events