Earlier this month the UK privacy office put a stop to several related entities’ use of facial recognition technologies and fingerprint monitors for their employees. The UK Information Commissioner’s Office found that the companies were using the tools to monitor attendance. However, the ICO felt that the companies could have used “less intrusive technologies” -like fobs or ID cards- to accomplish the same goals. In reaching its conclusion the ICO noted that employees were allegedly not given a meaningful choice, given the “imbalance of power” between the employer and the employee. And as such employees were made to feel, the ICO believed, that clocking in and out with facial recognition/fingerprint scanning was “a requirement in order to get paid.”
This decision against Serco Leisure, Serco Jersey and its related entities shows a trend with data protection authorities in the employment monitoring space. The UK ICO, like many of its European counterparts, has issued a guidance on use of biometric recognition, which was released on the same day as the decision. In its guidance, the ICO outlines when and how companies can collect biometric information in compliance with UK privacy laws (and when they should not).
Putting It Into Practice: We anticipate that there will be more decisions of this nature coming from other data protection authorities, if not the UK as well. Companies who are engaging in these practices will want to review guidance like that issued by the ICO to ensure that it is collecting and using biometric information appropriately.