FB pixel

Belgian watchdog ruling on consent sets employee biometrics use against GDPR

Belgian watchdog ruling on consent sets employee biometrics use against GDPR
 

A Belgian company has been fined 45,000 euros (US$48,185) for using a fingerprint-based employee time tracking system with the country’s data watchdog ruling that the firm did not obtain valid consent from its employees, putting it in violation of GDPR rules.

The Belgian Data Protection Authority (DPA) issued the ruling in September after receiving a complaint from a former employee of the unnamed company. The data watchdog concluded that the company relied on employee consent as a legal ground for processing data. However, the firm is unlikely to have obtained valid consent to the processing due to the imbalance of power between the employer and the workers, the agency ruled. The employer also did not provide an alternative method for time registration.

The decision could dampen the use of biometric systems for time recording or protecting company assets, according to PwC Legal in Belgium.

“We imagine that this decision, although justifiable in view of the prohibition of biometric data, will come as a thunderbolt for many companies that use this type of security to protect their critical infrastructure or trade secrets,” the law firm says in its case study.

In 2020, the company introduced a time registration system using fingerprints for around 200 of its employees. The system was procured from an unnamed subsidiary of an international group with headquarters in Japan.

The employee submitted the complaint against the company to the Belgian DPA in March 2022, claiming he was not informed about where or how long his biometric data was being stored or whether it was transferred to third parties.

The Belgian DPA also stated that the company failed to respect data minimization rules as collecting biometric data was unnecessary for time registration –  less intrusive measures could have sufficed. In addition, the employer did not conduct a mandatory data protection impact assessment nor implement GDPR-compliant measures.

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Liquid identity verifications surge past 60M as Japan leans into chip-scanning

Liquid has reached the 60 million digital identity verification milestone with its online KYC service, with a surge in verifications…

 

Car dealerships rev up digital ID verification to counter rise in identity fraud

Whether it’s a fake credit history, a phony license or a test driver with a stolen identity who makes tracks…

 

GovTech to deliver $10 trillion in value by 2034, says WEF

At the meeting of the World Economic Forum (WEF) in Davos this week, tech is front and center – and…

 

Davos discusses digital wallets, AI economy

This year’s Davos World Economic Forum (WEF) is bringing not only tense trade talks between the U.S. and Europe but…

 

ASEAN updates guidance on deepfakes

The threat of deepfakes is entering high-level discussions from Southeast Asia to Davos. The Association of Southeast Asian Nations (ASEAN)…

 

Philippines faces 36 million backlog in ID cards

The Philippines are still facing a 36 million backlog in distributing the country’s national ID cards which will need additional…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events