Recent guidelines from the European Data Protection Committee (CEPD) and the guidance provided by the Spanish Data Protection Agency (AEPD) regarding the use of biometric data changed some laws. Fingerprint signing at work is no longer a legal practice.
Regulatory changes in the use of biometric data
The evolution of privacy and data protection regulations has led to a review of biometric identification practices. Following these new criteria, they determined that fingerprint registration no longer meets legal standards.
The basis for this decision to prohibit fingerprint signing are several legal and ethical considerations. Among them, the concern for privacy and the protection of personal data stands out. Using fingerprints for time tracking can entail a significant risk of breaching employee privacy, as this type of biometric data is considered especially sensitive.
Mandatory registration of working hours for companies
In accordance with current regulations, companies have the obligation to document the work hours of their collaborators. This registration is crucial to ensure compliance with labor laws and protect your rights.
However, entities can meet this legal requirement effectively by applying different methods. Given the prohibition of fingerprint signing, companies must explore legal and ethical alternatives to carry out this control. Among the allowed options are methods that do not involve the collection of biometric data:
- NFC cards: offer an effective alternative to biometric signing-in.
- Clocking application on mobile devices or computers: it is a convenient option and compatible with data protection regulations.
- QR reading from mobile devices: Provides a quick and secure way to record attendance.
- Registration of TAGs from mobile devices: it is another viable and effective alternative.
Companies cannot force their employees to carry out this practice.
The new guideline, dated November 23, 2023, prohibits the widespread use of biometric data, such as fingerprint or facial recognition, for job signing, except in specific cases contemplated in the General Data Protection Regulation (GDPR). ).
Failure to respect this law entails sanctions and the lack of a specific period to stop using these systems aggravates the situation. It is crucial to attend to these modifications to avoid negative consequences.
The change in regulations regarding the use of biometric data is already a reality. It is essential that organizations adapt to these new regulations and seek recording methods that comply with legal standards that respect employee privacy.