CASES, SANCTIONS AND CLAIMS

  • (2019, Aug) The Court of Amsterdam heard a case concerning the use of employee fingerprints for a system requiring finger scans for cash registers.
  • (2020, Mar) A school in Poland has been fined EUR 4,600 for using a biometric reader at the cafeteria entrance and processing student’s fingerprint data to verify whether they had paid for school lunch.
  • (2020, May) The Dutch Data Protection Authority imposed a €750,000 fine on a company for unlawful processing of employees’ fingerprints for attendance taking and time registration purposes.
  • (2020, Jul) The Danish DPA ruled that the processing of biometric data carried out by a trade union on behalf of one of the association’s members for access control purposes complies with the GDPR (text available in Danish).
  • (2020, Aug) The French DPA (‘CNIL’) announced that it had issued formal warnings to certain public and private organisations in order to ensure their photo reader devices which automatically capture entry into the workplace comply with the GDPR within three months (the press release is available only in French here).

REPORTS AND ARTICLES FROM OTHER ORGANISATIONS

OFFICIAL GUIDELINES, REPORTS AND STATEMENTS

  • (2020, Jun) The Spanish Data Protection Authority in collaboration with EDPS paper:”14 misunderstandings with regard to biometric identification and authentication”.
  • (2020, Apr) Legitimate interests and consent could not be used for fingerprint-based authorization system set up to monitor employee time and attendance in the SPA centers, found the Lithuanian Supreme Administrative Court.