Serco Leisure, a private company managing British leisure centers, has been instructed to halt the use of facial recognition and fingerprint scanning for employee tracking. The UK’s Information Commissioner’s Office (ICO) found Serco and seven associated trusts unlawfully processing biometric data of over 2,000 employees across 38 leisure facilities. This violation of the UK General Data Protection Regulation prompted the ICO to issue an enforcement notice, compelling Serco to cease biometric data processing.
The use of biometric technology by Serco, aimed at monitoring staff attendance, was deemed unnecessary and disproportionate by the ICO. Despite Serco’s argument that the technology was introduced to combat abuses like “buddy punching” and falsified time cards, the ICO found insufficient evidence to justify the intrusive measures. The ICO’s investigation highlighted a lack of understanding of data protection requirements by Serco, emphasizing the need for less intrusive alternatives such as ID cards or fobs.
Serco Leisure faces no monetary fines but must adhere to the enforcement notice and discontinue the use of biometric data processing immediately. The ICO’s decision underscores the importance of respecting employees’ privacy rights and employing less intrusive methods for attendance monitoring. Moving forward, companies must prioritize data protection compliance and consider alternative solutions to mitigate privacy risks associated with biometric technology use.
Reference:
