French data authority takes legal stance on employers' use of biometrics
08 April 2019 16:52 GMT

France’s data protection authority has adopted the model regulation "biometrics in the workplace."

The CNIL’s has developed a model regulation that states companies can install “biometric access control devices” as long as they comply with the agency’s rules, reports IAPP. 

Companies must be able to justify their use of biometric data and also follow obligations listed out in the EU General Data Protection Regulation.

Employers must document any decisions they make with biometric devices, while data controllers are mandated to conduct a data protection impact assessment. The CNIL has set up a frequently asked questions page to help companies 

Industry Events