First GDPR fine issued for illegal facial recognition activity

10th September 2019

With the uprise of smart technology, such as facial recognition software, more companies need to be aware of any potential growing gaps in their GDPR policies and procedures.

Regulations apply to each organisation in different ways, depending on the software and systems they have in place, and failure to comply can lead to large fines, as a school in Sweden recently discovered:

A school in Sweden had implemented a facial recognition system to monitor the presence of students in classrooms.

The GDPR legislation:

The Swedish GDPR act stated special safeguards and obligations for data controllers who process biometric data used for facial recognition, including, for example, the obligation to appoint a Data Protection Officer and to carry out a data protection impact assessment.

The software and how it didn’t follow GDPR:

Facial recognition technologies use biometric data to identify each individual in the classroom. The trial lasted three weeks and involved 22 students, and when the Datainspektionen examined the use of the system, it concluded that the high school board of the school in Sweden processed sensitive personal data in violation of the GDPR.

As a consequence, it issued a fine of 200,000 SEK, which is approximately €20,000.

Would student consent make this okay?

The high school board actually did have consent from the students in attendance of the trial, but it was decided that students are in a position of dependence on the board, therefore their consent could not be deemed valid under the GDPR. Consent was deemed as “not freely made”.

What can be done to avoid these fines?

A cultural shift is expected to take place in future, where trends may change along with the rise of smart technologies, but until then, all available alternatives should be considered.

If you’re worried about any of your systems, processes, software or equipment, please get in touch with our GDPR specialists and we’ll help to protect your company and your assets.

Call us on 01673 885533 for more information.

GDPR and ‘Right of Access’ – How much information are your customers entitled to?

Let us ease your mind

If you have any queries, questions or requests then please get in touch. We’re always very happy to talk, you’ll find a friendly voice on the end of the line or simply fill out the form below.

    Your Contact Details

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.