Biometrics technologies have been developed to help employers accurately track employee attendance and hours, track and promote productivity, and even monitor employee stress. However, as is so often the case, the trade-off for these benefits is increased biometric data flow – which means that biometrics in the workplace come with significant risk to both the employee and employer.
Biometrics refers to technologies that recognise individual based on certain physical or behavioural characteristics. The characteristics most commonly associated with biometrics technologies include human faces, fingerprints, iris scanning, palm prints, signature, gait, or voice recognition.
Biometrics are used for authentication and identification. In the workplace, they are also often used to monitor employees.
For more information, we discussed biometrics in these earlier resources:
CCTV surveillance with facial recognition technologies and fingerprint scanning are two of the most common biometrics technologies we see used in the workplace in Australia.
Anecdotally, we’ve also heard about increased use of productivity technologies that rely on biometrics throughout the pandemic – such as video sensors.
The significant risk that comes with the use of biometrics has led to European privacy authorities taking steps to curtail their use. An Italian health authority, for instance, was fined 30,000 Euros for its unlawful employee fingerprinting system. The privacy authority noted that it would be difficult, if not impossible, to obtain consent to collect biometrics in the employee-employer relationship given the power differential.
When it comes to CCTV and facial recognition, the bloc is seriously considering an outright ban. You can read the European Parliament report on Regulating facial recognition in the EU for more detail.
Evidently, the collection and storing of biometrics comes with significant risks. Two of the greatest risks (in order of significance) are:
Data breaches that result in biometric data being stolen represents a significant risk to the individuals who have provided their biometric data. Unlike driver’s license and passport identifiers and telephone numbers or email addresses, biometric data cannot (easily) be changed.
This means that individuals whose biometric data is stolen may face issues for the rest of their lives with securely using their biometrics for identification or authentication purposes.
Biometrics are considered sensitive information under Australia’s federal Privacy Act. Employers who are covered by this legislation must consider the law before implementing any biometrics technologies.
Where the biometrics are used for surveillance, there are state laws that apply. You can read our overview of CCTV surveillance privacy issues for more information.
Given the legal risks, we urge employers to take the following steps before implementing any workplace technologies that collect, store, and use biometric data:
If your organisation needs help navigating the legal or practical aspects of biometrics in the workplace, reach out. Our privacy team would love to help.
"*" indicates required fields
"*" indicates required fields
Privacy 108 collects your name and email to send you our newsletter. If you do not provide this information, we will be unable to send it to you. We may use third-party service providers (such as email marketing platforms) to distribute our communications. Some providers may store information overseas, including in the United States. For more information about how we handle your personal information, including how to access or correct it or make a complaint, please see our Privacy Policy or contact us at hello@privacy108.com.au. You can unsubscribe at any time using the link in our emails or by contacting hello@privacy108.com.au.
