The Swedish Data Protection Authority has fined a municipality 200 000 SEK (approximately 20,000 euros) for flouting a privacy law by using facial recognition technology to keep track of the students’ attendance, the BBC reported.
This is the first fine issued by the Swedish DPA under the General Data Protection Regulation.
The school was charged for tracking 22 students over the period of three weeks and monitoring when each entered a classroom. The school claims the monitoring was based on consent. The Swedish DPA, however doesn’t consider consent a valid legal basis based on the irregularity that exists between the data subject and controller.
The GDPR which came into force last year classifies the use of facial images and other biometric information as being a special category of data, with “added restrictions” to its use.
The Swedish authority opened an investigation about Anderstorp’s High School’s trial after media reports. It discovered during the probe that teachers at the school had employed the manual process of tracking attendance, spending 17,000 hours a year to achieve this. In order to speed up the process, the authority had decided to employ the use of facial-recognition technology.
Facial recognition technology, this month flagged 26 Californian lawmakers as criminals. The faces of the lawmakers were screened against a database of 25000 publicly available booking photos. The software erroneously matched 26 legislators with mug shots. A bill was passed afterwards for its ban. The facial recognition technology has been flagged by many people because of its unreliability. Its errors could cause embarrassments.
The trial happened during Autumn and was considered successful, much that the local authority considered an extension.
Jorgen Malm who oversees the high school told SVT that the technology was safe and argued that they had received consent from the parents of the students. The regulator, however, did not think that consent was not a legally adequate reason to harvest such sensitive information from the students.
It said there were other less intrusive measures to use; it didn’t have to be a surveillance camera to monitor attendance of students in a school. The regulator noted that the students, even though they are still minors have a right to certain level of privacy when entering a classroom.
As a result, the ruling ended in disfavour of the high school. It was concluded that the local authority was guilty of unlawfully processing sensitive biometric data.
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behaviour or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
