Ikawe ṣẹ ni GDPR

Ni ọjọ ori ode oni ti a n gbe ni oni, o jẹ wọpọ wọpọ lati lo awọn ika ọwọ bi ọna idanimọ, fun apẹẹrẹ: Ṣi i fonutologbolori kan pẹlu ọlọka ika. Ṣugbọn kini nipa aṣiri nigba ti ko to gun waye ni ọrọ ikọkọ nibiti ẹmi atinuwa mimọ wa? Njẹ idanimọ ika ika iṣẹ ni o le jẹ ọranyan ni ọgangan aabo? Njẹ agbari le fi ọranyan kan le lori awọn oṣiṣẹ rẹ lati fi ọwọ ara wọn, fun apẹẹrẹ, iwọle si eto aabo? Ati bawo ni iru ọranyan ṣe ni ibatan si awọn ofin ikọkọ?

Ikawe ṣẹ ni GDPR

Awọn ika ọwọ bi data ti ara ẹni pataki

The question we should ask ourselves here, is whether a finger scan applies as personal data within the meaning of the General Data Protection Regulation. A fingerprint is a biometric personal data that is the result of specific technical processing of a person’s physical, physiological or behavioral characteristics.[1] Awọn data biometric le ni imọran bi alaye ti o jọmọ eniyan ti ara, bi wọn ṣe jẹ data eyiti, nipa iseda wọn, pese alaye lori eniyan kan pato. Nipasẹ awọn data biometric gẹgẹbi ika ọwọ, eniyan jẹ idanimọ ati pe a le ṣe iyatọ si eniyan miiran. Ninu Abala 4 GDPR eyi tun jẹ alaye ni gbangba nipasẹ awọn ipese asọye.[2]

Idanimọ ami itẹka jẹ eyiti o ṣẹ asiri?

Ẹjọ Subdistrict Court Amsterdam ti ṣe idajọ laipẹ lori itẹlera ti ọlọjẹ ika kan gẹgẹbi eto idanimọ da lori ipele ilana aabo.

Ẹwọn itaja itaja bata Manfield ti lo eto aṣẹ ọlọjẹ afọwọsi ika, ti o fun awọn oṣiṣẹ ni iraye si iforukọsilẹ owo.

According to Manfield, the use of finger identification was the only way to gain access to the cash register system. It was necessary, among other things, to protect employees’ financial information and personal data. Other methods were no longer qualified and susceptible to fraud. One of the employees of the organization objected to the use of her fingerprint. She took this authorization method as a violation of her privacy, referring to article 9 of the GDPR. According to this article, the processing of biometric data for the purpose of the unique identification of a person is prohibited.

Pataki

This prohibition does not apply where the processing is necessary for authentication or security purposes. Manfield’s business interest was to prevent loss of revenue due to fraudulent personnel. The Subdistrict Court rejected the employer’s appeal. Manfield’s business interests did not make the system ‘necessary for authentication or security purposes’, as stipulated in Section 29 of the GDPR Implementation Act. Of course, Manfield is free to act against fraud, but this may not be done in violation of the provisions of the GDPR. Furthermore, the employer had not provided its company with any other form of security. Insufficient research had been carried out into alternative authorization methods; think of the use of an access pass or numerical code, whether or not a combination of both.  The employer had not carefully measured the advantages and disadvantages of different types of security systems and could not sufficiently motivate why he preferred a specific finger scan system. Mainly because of this reason, the employer did not have the legal right to require the use of the fingerprint scanning authorization system on his staff on the basis of the GDPR Implementation Act.

Ti o ba nifẹ lati ṣafihan eto aabo tuntun kan, yoo ni lati ṣe ayẹwo boya iru awọn eto yii yọọda labẹ GDPR ati Ofin Iṣe. Ti awọn ibeere ba wa, jọwọ kan si awọn agbẹjọro ni Law & More. A yoo dahun awọn ibeere rẹ ati pese iranlọwọ ti ofin ati alaye fun ọ.

[1] https://autoriteitpersoonsgegevens.nl/nl/onderwerpen/identificatie/biometrie

[2] ECLI: NL: RBAMS: 2019: 6005

Share