Netherlands fines firm for processing employee fingerprints
06 May 2020 18:06 GMT

The Dutch Data Protection Authority has concluded that a company should not have processed employee fingerprints and fined it 725,000 euros.

Monique Verdier, vice-president of the AP: 'This category of personal data is extra protected by law. If these data get into the wrong hands, this could potentially lead to irreparable damage. Such as blackmail or identity fraud. A fingerprint cannot be replaced, such as a password. If things go wrong, the impact can be huge and have a lifelong negative effect on someone. "

An employer must consider whether buildings and information systems must be so well secured that this can only be done by using (only) biometrics. There will often not be a need, because there are good alternatives.

The Decision outlines that the organisation cannot rely on exceptions to process personal data when processing this special category of personal data and should not have collected, stored, or used biometric data.

Furthermore, the AP highlighted that the company did not demonstrate that the employees had given their explicit consent to the processing and that appropriate alternatives to the use of biometric data were available.

Industry Events

connect:ID 5-6 Oct 21