FB pixel

More than consent needed for legal biometric data use: Spanish regulator

Spain’s Data Protection Agency issues guidance
More than consent needed for legal biometric data use: Spanish regulator
 

The Spanish Data Protection Agency (AEPD) has published a guide outlining how biometric data should be used for access control, according to an announcement translated from Spanish using Google Translate.

The document outlines criteria for the use of biometrics both inside and outside of the workplace. The document’s criteria complies with the GDPR and other regulatory frameworks.

The agency describes the processing of biometric data as high-risk and finds it necessary to establish a guide for its use as it grows progressively easier to gather larger volumes of biometric data, sometimes without their knowledge.

The guide notes that there must be a law authorizing the use of biometric data for access control for work purposes in order for it to be lawful for an entity to use an individual’s data for that purpose.

Obtaining consent alone does not automatically make it lawful for an entity to collect a person’s data, either. This would create an imbalance of power between the entity and the individual whose data is being used, the release notes. This rule is based on article 9.2.b of the GDPR.

Because biometric data is considered high-risk, an entity collecting the data needs to assess whether the purpose of collecting the data is necessary enough to warrant taking on such a risk. This rule is based on article 35.7.b of the GDPR.

In cases where it is lawful to collect biometric data, entities are still required to inform people about the risks associated with collecting biometric data. They are also required to implement data protection by design.

The AEPD fined Mobile World Congress earlier this year for violating GDPR with its deployment of face biometrics for attendee registration.

Related Posts

Article Topics

 |   |   |   |   |   |   | 

Latest Biometrics News

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read From This Week

Featured Company

Biometrics Insight, Opinion

Biometrics White Papers

Biometrics Events

Explaining Biometrics