FB pixel

Belgian watchdog ruling on consent sets employee biometrics use against GDPR

| Masha Borak
Categories Biometrics News  |  Workforce Management
Belgian watchdog ruling on consent sets employee biometrics use against GDPR
 

A Belgian company has been fined 45,000 euros (US$48,185) for using a fingerprint-based employee time tracking system with the country’s data watchdog ruling that the firm did not obtain valid consent from its employees, putting it in violation of GDPR rules.

The Belgian Data Protection Authority (DPA) issued the ruling in September after receiving a complaint from a former employee of the unnamed company. The data watchdog concluded that the company relied on employee consent as a legal ground for processing data. However, the firm is unlikely to have obtained valid consent to the processing due to the imbalance of power between the employer and the workers, the agency ruled. The employer also did not provide an alternative method for time registration.

The decision could dampen the use of biometric systems for time recording or protecting company assets, according to PwC Legal in Belgium.

“We imagine that this decision, although justifiable in view of the prohibition of biometric data, will come as a thunderbolt for many companies that use this type of security to protect their critical infrastructure or trade secrets,” the law firm says in its case study.

In 2020, the company introduced a time registration system using fingerprints for around 200 of its employees. The system was procured from an unnamed subsidiary of an international group with headquarters in Japan.

The employee submitted the complaint against the company to the Belgian DPA in March 2022, claiming he was not informed about where or how long his biometric data was being stored or whether it was transferred to third parties.

The Belgian DPA also stated that the company failed to respect data minimization rules as collecting biometric data was unnecessary for time registration –  less intrusive measures could have sufficed. In addition, the employer did not conduct a mandatory data protection impact assessment nor implement GDPR-compliant measures.

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Financial fraud prompts $14M digital identity intelligence investment, calls for action

Financial institutions and regulators continue to invest in anti-fraud and identity verification. Barclays has invested in anti-fraud platform Heka as…

 

Age estimation at the shop, age verification online: France laws tested with questions

In France, age assurance tools are showing up online and at retail vendors selling age restricted products, prompting questions from…

 

Ofcom planning more safety measures to tackle addictive design

It has been noted previously in these pages that the UK is looking to be taken seriously in pursuing its…

 

OFIQ community reviews early results of biometric quality assessment tool

The standardization of image quality for face biometrics is a major step towards making population-scale biometric systems functional, and as…

 

New binocular iris scanner from IriTech designed for high volume use cases

Iris recognition provider IriTech, Inc. has announced the launch of the IriAegis-BK, a binocular iris scanner designed for high-throughput biometric…

 

Laos begins integrating digital ID cards into public agencies

Government agencies in Laos have received the order to begin integrating the country’s chip-enabled identity cards and citizen databases. Ministries,…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events