School Fined for Unlawful Biometric Data Processing

An Italian high school was fined by the data protection authority for using a fingerprint-based attendance system for administrative staff. The authority found the system lacked a legal basis and that employee consent was not a valid justification due to the power imbalance between employer and employee.


Following a complaint, the Italian Supervisory Authority (SA) - Garante found out that a high school adopted a biometric recognition system that, in order to detect presence in office and prevent damage and vandalism, required the use of administrative staff's fingerprints. The workers involved were those who had given their consent and did not wish to use traditional methods of attesting their presence at the office.

The Italian SA recalled that, according to the GDPR and the Italian Data Protection Code, the use of biometric data in the workplace requires a clear legal provision and specific guarantees for the rights of the data subjects. But the national provisions that provided for the introduction of biometric presence detection systems in the public sector were repealed in 2020. 

Regarding the consent given by the workers to the school, the Italian SA considered that, in the light of the asymmetry between employees and employers, consent is not a valid legal basis for the lawfulness of the processing of personal data in the employment context, both in the public and private sector.

The Italian SA fined the high school 4 000 EUR.

(source: edpb.europa.eu/ photo freepik.com)

Comments

Post a Comment

Popular posts from this blog

Greek Administrative Court rules state liable for Covid-19 vaccine side effects due to "excessive sacrifice"

Image
Greece: The Administrative Court of First Instance of Athens, in its decision no. 4202/2025, has ruled that the Greek State is liable for damages sustained by an individual due to side effects following a preventive "COVID-19" vaccination. This landmark decision was issued in a compensation lawsuit filed against the Hellenic Republic. The Case: Seeking Compensation for Vaccine-Related Harm The lawsuit was brought by a plaintiff seeking compensation for material damage and moral harm (non-pecuniary damage), alleging that they suffered severe side effects after their preventive COVID-19 vaccination with a specific vaccine. The initial claim was for €461,835.26, but this amount was subsequently restricted during the proceedings. The plaintiff based their claim on two legal grounds: Article 105 of the Introductory Law of the Civil Code (EισNAK): This article concerns the State's liability for compensation arising from illegal acts or omissions of its organs in the exe...
Read more

Annual Report on the execution of the European Court's judgments and decisions

Image
The Secretary General of the Council of Europe, Alain Berset, has called for further efforts to implement judgments from the European Court of Human Rights. Commenting on the  annual report for 2024  on the execution of the Court’s rulings, published today, the Secretary General said: “ This report shows what a concrete, positive impact judgments from the European Court of Human Rights have on the daily lives of the people of Europe. While a lot has been achieved, more needs to be done. The efficient execution of the Court's judgments is essential for the rule of law and democratic accountability in Europe .” The annual report from the Council of Europe’s Committee of Ministers shows that 992 cases were transferred from the European Court of Human Rights to Committee, which supervises their implementation by member states, in 2024. Of those 992 new cases, 194 were “leading” cases – often requiring action to be taken by states to prevent the same violations happ...
Read more

Cyprus Family Law: Spouse's claim for contribution in post-marital acquisitions

Image
by Giorgos Kazoleas, Lawyer* The regulation of property issues between spouses after divorce or separation is one of the main problems and is most commonly related with the issue of the contribution of one spouse to the increase in the other’s property. According to Cypriot Family Law, in the event that the marriage is dissolved or annulled, or in the event of separation of the spouses, in case the property of one spouse has increased, the other spouse, if he/she contributed in any way to this increase, is entitled to bring an action before the Court and demand the return of the part of the increase that comes from his/her own contribution.[1] The contribution of one spouse to the increase in the property of the other is presumed to amount to one third of the increase, unless a greater or lesser contribution is proven.[2] “Contribution” means any form of contribution by the spouses to the acquisition or creation of property and includes the care of the family home and family memb...
Read more

Alleged bullying of whistle-blowing prison guard - Violation of right to respect for private life (ECtHR)

Image
In its Chamber judgment in the case of Špadijer v. Montenegro (application no. 31549/18) the European Court of Human Rights held, unanimously, that there had been a violation of Article 8 (right to respect for private life) of the European Convention on Human Rights. The case concerned the alleged bullying of a prison guard following her reporting an incident involving male prison guards coming into the women’s prison where she worked and their inappropriate contact with female prisoners, and her attempts to address this with the authorities. The Court found in particular that the manner in which the legal mechanisms had been implemented in the applicant’s case had been inadequate, constituting a violation of the obligation on the State to protect her rights. Facts of the case The applicant, Daliborka Špadijer, is a Montenegrin national who was born in 1978 and lives in Podgorica. In 2013 Ms Špadijer, then head-of-shift prison guard in a women’s prison, reported five colleagues for an ...
Read more

First judgment of the ECHR: Lawless v. Ireland

Image
60 years ago, on 14 November 1960, the Court delivered its first judgment, Lawless v. Ireland, with René Cassin as its President. The judgment concerned preliminary objections and procedural questions regarding the application, on which a judgment on the merits was delivered the following year. Since its inauguration the Court has delivered 23,291 judgments on just over 51,650 applications. The case was filed by Gerard Richard Lawless, who had been an IRA member, although he claimed to have left the IRA. He was arrested on 11 July 1957, as he was about to travel to Great Britain from Ireland, and subsequently detained under the special powers of indefinite detention without trial under the Offences against the State (Amendment) Act 1940. The case was filed by Lawless for violation, by the Irish Government, of Articles 5, 6 and 7 of the European Convention of Human Rights, providing rights to liberty and security, fair trial and the principle of 'no pu...
Read more

The Delivery Delay Clause in Residential Construction Contracts: Consumer Protection in Cyprus and Europe

Image
By Giorgos Kazoleas, LL.M., Lawyer, Managing Partner at Legal Experts Cyprus The purchase or construction of a new residence is one of the most significant financial and personal decisions a consumer can make. Residential construction contracts or agreements for the sale of property under construction are a crucial and defining element of the entire process, as certain terms they may contain can be detrimental to the buyer. One of the most critical aspects is the contractual delivery time of the project and the provision for delay, through the so-called delivery delay clause. The Delivery Delay Clause: Its Role and Legal Nature The delivery delay clause (also known as a penalty clause in the event of default) is a term usually included in the contract that specifies a predetermined compensation amount that the contractor or seller must pay to the buyer for every day, week, or month of delay beyond the agreed delivery date. The purpose of the clause is twofold: -Compensatory: ...
Read more

ECtHR Judgement against Greece: Disclosure of the identities and medical data of prostitutes diagnosed with HIV was a breach of their right to private life

Image
The case of O.G. and Others v. Greece (applications nos. 71555/12 and 48256/13) concerned the publication, by decision of the domestic authorities, of medical data concerning prostitutes who had been diagnosed as HIV-positive, and media coverage of them. It also concerned the circumstances in which they were required to undergo a blood test.  In Chamber 's judgment(23.1.2024) in this case the European Court of Human Rights held, unanimously, that there had been two violations:  -A violation of Article 8 (right to respect for private life) of the European Convention on Human Rights, with regard to two applicants, on account of the blood tests they had been required to undertake.  The Court considered that the blood samples imposed on two applicants had amounted to an interference with their private life and noted that this had not been in accordance with the law within the meaning of Article 8 of the Convention, given that the provisions of domestic law in issue ought to h...
Read more