Another interesting case. Each new case is helping us to understand better how to implement and be compliant with GDPR in our organisations.
So this is a fine of €725k by the Dutch DPA to an organisation which started using biometrics, i.e. fingerprint authentication. If you’ve checked the link above with an explanation provided by DLA Piper blog, there are 2 factors which really surface.
Firstly, consent cannot be used as a legal basis if there is an imbalance in relationship, and in the case of employer/employee, this is always the case. If fingerprinting is to be used then the employee needs to have a choice to use another method, e.g. access cards. In this example, there was a lack of choice, employees were forced to provide consent. Consent was not freely given.
Secondly, it seems that the Dutch law gives a second alternative on the using of biometrics for authentication and security purposes. However, this is only if it can be proved that it is proportionate to the purpose. For example, to use as a means to access high security facilities is proportionate, not access to office space.
Why I love this case is that it really emphasises on the use of consent in the employer/employee relationship.
Nice development in Holland! Bill proposal that basically states a need to request permission before downloading a cookie on you machine their is more to, read more here https://zoek.officielebekendmakingen.nl/kst-32549-3.pdf.
This is basically what the revised EU directive on data privacy demands.
Oh dear, Google is in trouble…. they have been -surprise, surprise- criticized by privacy commissioners around the world on their privacy, or lack of privacy practices 😉
Read more at The New York Times. btw. I need to thank Jack for his tweet on this 🙂
Following a previous post on the use of body scans at airports, I have come across the PI statement on proposed deployments of these body scanners in airports.
This is taken from their website….
PI feels that the technology raises a number of troubling issues:
First, the scanners produce strikingly graphic images of passengers’ bodies. Those images reveal not only our private body parts, but also intimate medical details such as colostomy bags. That degree of examination amounts to a significant – and for some people humiliating – assault on the essential dignity of passengers that citizens in a free nation should not have to tolerate. Deployment of the technology was recently halted at Manchester Airport in Britain in part because the scanners violated child protection laws by electronically strip searching children and young people. There have also been calls in the European Parliament for a Europe-wide ban on the technology.
Second, Privacy International is skeptical about the privacy safeguards that the US Transportation Safety Administration (TSA) is touting. The TSA say that the technology is capable of obscuring faces, but this claimed protection is just a software fix that can be undone as easily as it is applied. And obscuring faces does not hide the fact that rest of the body will be vividly displayed. This is the equivalent of asking passengers to parade their bodies in front of the screeners, but with bags over their heads.
Read more at Privacy International…
I have been watching with some interest the activity on body scanning at the airports that basically creates images as you pass through of your naked body… all in the name of security. Jack made a posting on this and has linked through a video describing what it is.. also I saw that bbc news have something today.
I guess when it comes to security at airports we are all a little jumpy, wanting safety over everything else, even at the cost of our time and inconvenience. However to know that you will be seen naked at airport barriers …..
Will be interesting to see what rules are created concerning their use. Terri Dowty has something to say here on the potential abuse of these images, i.e. child pornography. These and all images need to be removed as soon as they are deemed as not dangerous to national security… i.e. some minutes or specified time after the scan.