Privacy Guarantor fines company for improper use of the video surveillance system
Biometric video surveillance system and continuous monitoring of the position of accused employees
The Privacy Guarantor has fined a company for the improper use of the video surveillance system, which included fingerprinting and geographical tracking of employees. The company processed worker data without authorization and used biometric data without legal basis, violating the GDPR.
The Privacy Guarantor has sanctioned a company for the improper use of the video surveillance system at its headquarters. The company was fined 20,000 euros following the discovery of various violations relating to the processing of employees' personal data.
Violations relating to the video surveillance system
The company's video surveillance system had several violations. In addition to recording live images, the system was able to detect employees' fingerprints and track their geographical position via an application installed on cell phones. Furthermore, the system could capture audio and make recordings. Access to this system was allowed to the legal representative of the company and his family via a smartphone, and the user could verbally warn the interested parties through the system's cash registers.
Unauthorized processing of worker data
During the inspection it emerged that the company was using an application that continuously tracked the location of employees via GPS, without their consent or the adequate information required by the Workers' Statute. Furthermore, the data processing carried out through the video surveillance and localization systems did not comply with the required guarantee procedures, such as the signing of a trade union agreement or the authorization of the Labor Inspectorate. It was also noted that there were no information signs on site regarding video surveillance.
Prohibited processing of biometric data
The company had installed an alarm system that required the use of fingerprints to arm and disarm the system. However, the processing of biometric data without a legal basis was in violation of the GDPR. The Guarantor noted that this form of biometric data processing is only permitted in specific circumstances, provided for in Article 9 of the GDPR, which were not present in the company's case. In addition to the financial penalty, a ban was imposed on the processing of data collected through the video surveillance system and the continuous monitoring of the position of employees.
Follow us on Threads for more pills like this09/04/2023 17:58
Marco Verro