Post Covid-19, should we regulate biometric data?
The Westminster e-Forum policy conference discussed how to avoid the trap of illegal collection of biometric data, and what future regulation should look like. By Laura Linkomies.
Biometrics in the workplace is requiring many DPOs’ attention these days. In April, the Netherlands’ DPA announced that it intends to issue a fine of €725,000 on a company for unlawfully processing the biometric data of its employees.(1) And in the UK, the ICO last year issued an enforcement notice against Her Majesty’s Revenue and Customs (HMRC) for processing biometric data in breach of the data protection law. The HMRC had, in 2017, adopted a voice authentication system which asked callers to some of its helplines to record their voice as their password. There was no explanation that the service could be used without having to do this. The ICO ordered HMRC to delete any data it had obtained without consent.(2)