First GDPR fine issued for illegal facial recognition activity
With the uprise of smart technology, such as facial recognition software, more companies need to be aware of any potential growing gaps in their GDPR policies and procedures.
Regulations apply to each organisation in different ways, depending on the software and systems they have in place, and failure to comply can lead to large fines, as a school in Sweden recently discovered:
A school in Sweden had implemented a facial recognition system to monitor the presence of students in classrooms.
The GDPR legislation:
The software and how it didn’t follow GDPR:
Facial recognition technologies use biometric data to identify each individual in the classroom. The trial lasted three weeks and involved 22 students, and when the Datainspektionen examined the use of the system, it concluded that the high school board of the school in Sweden processed sensitive personal data in violation of the GDPR.
As a consequence, it issued a fine of 200,000 SEK, which is approximately €20,000.
Would student consent make this okay?
The high school board actually did have consent from the students in attendance of the trial, but it was decided that students are in a position of dependence on the board, therefore their consent could not be deemed valid under the GDPR. Consent was deemed as “not freely made”.
What can be done to avoid these fines?
A cultural shift is expected to take place in future, where trends may change along with the rise of smart technologies, but until then, all available alternatives should be considered.
If you’re worried about any of your systems, processes, software or equipment, please get in touch with our GDPR specialists and we’ll help to protect your company and your assets.
Call us on 01673 885533 for more information.GDPR and ‘Right of Access’ – How much information are your customers entitled to?