Work time recording using fingerprint?
The work time recording by a time recording system by means of fingerprint is normally not necessary within the meaning of Section 26 (1) BDSG and thus not permitted without the consent of the data subject ( Labor Court Berlin from October 16, 2019 - 29 CA 5451/19 ).
Facts
The plaintiff refused to take part in the time recording newly introduced by his employer using his fingerprint ("fingerprint"). For this he was warned. He complained to remove the warnings.
The newly introduced time recording fingerprint provided for the employee to announce and indent in the time recording program by comparing his fingerprint with the data stored in the time recording terminal. For this purpose, so -called minutia (individual, non -inheritable finger line branches) were initially extracted from the employee's fingerprint using a special algorithm. The minute data set was then saved in the time recording terminal and used to compare the employee's fingerprint when you deregistered and deregister.
The employee's fingerprint was basically saved. The employee's fingerprint could not be generated again from the stored minute data set.
The labor court gave the lawsuit. The appeal is pending in front of the LAG Berlin-Brandenburg.
Decision
The warnings must be removed from the personnel file. The plaintiff is not obliged to use the fingerprint time recording system.
In terms of data protection law, the minute data set is biometric data according to Art. 9 Para. 1 GDPR. These represent a special category of personal data within the meaning of Section 26 (3) BDSG. Processing such data can violate the privacy of the employee and thus the right to informational self -determination in particular. That is why the processing of biometric data - and thus also from minute data sets - is generally prohibited in accordance with Art. 9 Para. 1 GDPR.
According to the legal opinion of the Berlin Labor Court, the permission listed in Art. 9 Para. 2 GDPR were not fulfilled. According to the court, it could not be determined that the interests of the defendant employer outweigh the interests of the plaintiff's protection worthy of protection to exclude the processing of biometric data. Accordingly, the warnings must be removed from the personnel file.
Tip
The digital world of work 4.0 is not a future fantasy, but a reality. The associated opportunities and risks must be weighed up responsibly against each other. This only succeeds if the practitioner also knows and pays attention to the legal framework.
Most of the principle, every principle is also correct. Basically, the processing of biometric data is prohibited in accordance with Art. 9 Para. 1 GDPR. However, Art. 9 Para. 2 GDPR contains several permits, in the event of processing (exceptionally) is permitted. In particular, the permission of "necessity", "voluntary consent" and "collective agreement" are relevant in terms of labor law.
Without voluntary consent or without a corresponding collective agreement, the employer may only process biometric features of an employee in accordance with Section 26 (3) BDSG if this is necessary for the reason, implementation or termination of the employment relationship.
meet the following requirements
as part of the three -stage examination 1. The biometric process must be suitable for the purposes of the employment relationship, i.e. the purpose related to the employment relationship must actually be funded.
2. There may be no other, equally effective, the right of personal rights.
3. As a result of a comprehensive consideration of the interests and fundamental rights of the employee and the employer that is worthy of protection, the impairment of the employee's right of personal rights must be in an appropriate relationship to the intended purpose of data use by the biometric procedure. It is often due to the legal user whether he actually reaches his goal. That is why the following also applies here: a look at the law makes legal finding easier and in doubt a specialist.
